mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 06:59:27 -05:00
Build fixes + new blob blocker
This commit is contained in:
parent
d3d924bd91
commit
e344b17a36
@ -74,6 +74,7 @@
|
||||
<!-- START OF DEVICE REPOS -->
|
||||
<!-- Common -->
|
||||
<project path="packages/resources/devicesettings" name="LineageOS/android_packages_resources_devicesettings" remote="github" />
|
||||
<project path="system/qcom" name="LineageOS/android_system_qcom" remote="github" />
|
||||
<project path="external/bson" name="LineageOS/android_external_bson" remote="github" />
|
||||
<project path="external/sony/boringssl-compat" name="LineageOS/android_external_sony_boringssl-compat" remote="github" />
|
||||
<project path="hardware/sony/thermanager" name="LineageOS/android_hardware_sony_thermanager" remote="github" />
|
||||
|
94
Patches/Common/android_vendor_divested/blob_blocker.mk
Normal file
94
Patches/Common/android_vendor_divested/blob_blocker.mk
Normal file
@ -0,0 +1,94 @@
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
# vendor makefiles often end up with these not being removed from Android.mk
|
||||
# which causes build failures since their files were deleted
|
||||
# override here to prevent breakage
|
||||
|
||||
LOCAL_MODULE := BlobBlocker
|
||||
|
||||
LOCAL_OVERRIDES_PACKAGES := \
|
||||
a4wpservice \
|
||||
appdirectedsmspermission \
|
||||
AppDirectedSMSProxy \
|
||||
ApplicationBar \
|
||||
aptxui \
|
||||
atfwd \
|
||||
AtvRemoteService \
|
||||
BuaContactAdapter \
|
||||
CABLService \
|
||||
CanvasPackageInstaller \
|
||||
CarrierServices \
|
||||
CNEService \
|
||||
colorservice \
|
||||
ConnMO \
|
||||
CQATest \
|
||||
DCMO \
|
||||
DiagMon \
|
||||
DMConfigUpdate \
|
||||
DMService \
|
||||
DolbyVisionService \
|
||||
dpmserviceapp \
|
||||
DragonKeyboardFirmwareUpdater \
|
||||
DTVPlayer \
|
||||
DTVService \
|
||||
EasyAccessService \
|
||||
embms \
|
||||
FMRadioGooogle \
|
||||
FmRadioTrampoline2 \
|
||||
GamepadPairingService \
|
||||
GCS \
|
||||
GeminiInputDevices \
|
||||
Gemini_Keyboard \
|
||||
GlobalkeyInteceptor \
|
||||
HiddenMenu \
|
||||
HotwordEnrollment \
|
||||
HWSarControlService \
|
||||
imssettings \
|
||||
LeanbackIme \
|
||||
LeanbackLauncher \
|
||||
LifetimeData \
|
||||
LifeTimerService \
|
||||
ModFmwkProxyService \
|
||||
ModService \
|
||||
MotCameraMod \
|
||||
MotoDisplayFWProxy \
|
||||
MotoSignatureApp \
|
||||
MyVerizonServices \
|
||||
OBDM_Permissions \
|
||||
obdm_stub \
|
||||
Overscan \
|
||||
Perfdump \
|
||||
PowerOffAlarm \
|
||||
PPPreference \
|
||||
ProjecterApp \
|
||||
QtiTetherService \
|
||||
QuickBoot \
|
||||
RCSBootstraputil \
|
||||
RcsImsBootstraputil \
|
||||
RemoteControlService \
|
||||
SDM \
|
||||
SecPhone \
|
||||
SecProtect \
|
||||
SprintDM \
|
||||
SprintHM \
|
||||
SprintMenu \
|
||||
SyncMLSvc \
|
||||
SystemUpdateUI \
|
||||
TriggerEnroll \
|
||||
TriggerTrainingService \
|
||||
Tycho \
|
||||
uceShimService \
|
||||
VerizonAuthDialog \
|
||||
VerizonSSOEngine \
|
||||
VerizonUnifiedSettings \
|
||||
VZWAPNLib \
|
||||
vzwapnpermission \
|
||||
VZWAPNService \
|
||||
VZWAVS \
|
||||
VzwLcSilent \
|
||||
vzw_msdc_api \
|
||||
VzwOmaTrigger \
|
||||
WfcActivation \
|
||||
WfdService
|
||||
|
||||
include $(BUILD_PREBUILT)
|
@ -16,8 +16,9 @@ PRODUCT_PROPERTY_OVERRIDES += \
|
||||
ro.config.alarm_alert=Alarm_Buzzer.ogg \
|
||||
keyguard.no_require_sim=true \
|
||||
ro.build.selinux=1 \
|
||||
ro.storage_manager.enabled=false \
|
||||
ro.control_privapp_permissions=log
|
||||
ro.storage_manager.enabled=false
|
||||
# ro.control_privapp_permissions=log
|
||||
# ro.control_privapp_permissions=enforce
|
||||
|
||||
#Copy extra files
|
||||
PRODUCT_COPY_FILES += \
|
||||
@ -25,5 +26,6 @@ PRODUCT_COPY_FILES += \
|
||||
vendor/divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml:system/etc/permissions/permissions_org.fdroid.fdroid.privileged.xml
|
||||
|
||||
#Include packages
|
||||
#PRODUCT_PACKAGES += ModuleBlocker
|
||||
PRODUCT_PACKAGES += BlobBlocker
|
||||
PRODUCT_PACKAGES += ModuleBlocker
|
||||
include vendor/divested/packages.mk
|
||||
|
@ -116,7 +116,7 @@ echo "Deblobbing..."
|
||||
sepolicy=$sepolicy" hal_drm_default.te hal_drm.te hal_drm_widevine.te";
|
||||
|
||||
#eMBMS [Qualcomm]
|
||||
blobs=$blobs"|embms.apk";
|
||||
blobs=$blobs"|embms.apk|embmslibrary.jar";
|
||||
|
||||
#External Accessories
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_ACCESSORIES" = true ]; then
|
||||
@ -180,7 +180,7 @@ echo "Deblobbing..."
|
||||
|
||||
#IMS (VoLTE/Wi-Fi Calling) [Qualcomm]
|
||||
blobs=$blobs"|imscmlibrary.jar|imscmservice|imscm.xml|imsdatadaemon|imsqmidaemon|imssettings.apk|lib-imsdpl.so|lib-imscamera.so|libimscamera_jni.so|lib-imsqimf.so|lib-imsSDP.so|lib-imss.so|lib-imsvt.so|lib-imsxml.so"; #IMS
|
||||
blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so|vendor.qti.imsrtpservice.*.so"; #RTP
|
||||
blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so|vendor.qti.imsrtpservice.*"; #RTP
|
||||
blobs=$blobs"|lib-dplmedia.so|librcc.so|libvcel.so|libvoice-svc.so|qti_permissions.xml"; #Misc.
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then #IMS (Core) (To support carriers that have phased out 2G)
|
||||
blobs=$blobs"|ims.apk|ims.xml|libimsmedia_jni.so";
|
||||
@ -254,7 +254,7 @@ echo "Deblobbing..."
|
||||
blobs=$blobs"|libQtiTether.so|QtiTetherService.apk";
|
||||
|
||||
#RCS (Proprietary messaging protocol)
|
||||
blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk|uceShimService.apk|CarrierServices.apk"; #RCS
|
||||
blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk|uceShimService.apk|CarrierServices.apk|vendor.qti.ims.rcsconfig.*"; #RCS
|
||||
makes=$makes"|rcs_service.*";
|
||||
ipcSec=$ipcSec"|18:4294967295:1001:3004";
|
||||
|
||||
@ -268,7 +268,7 @@ echo "Deblobbing..."
|
||||
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
|
||||
|
||||
#[Sprint]
|
||||
blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk|SDM.apk|SecPhone.apk|SprintMenu.apk";
|
||||
blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk|SDM.apk|SecPhone.apk|SprintMenu.apk|com.android.sdm.plugins.connmo.xml|com.android.sdm.plugins.sprintdm.xml";
|
||||
ipcSec=$ipcSec"|238:4294967295:1001:3004";
|
||||
|
||||
#SyncML
|
||||
@ -451,6 +451,7 @@ deblobDevice() {
|
||||
rm -rf board/qcom-wipower.mk product/qcom-wipower.mk; #Remove WiPower makefiles
|
||||
awk -i inplace '!/'$ipcSec'/' configs/sec_config &>/dev/null || true; #Remove all IPC security exceptions from sec_config
|
||||
awk -i inplace '!/'$blobs'/' ./*proprietary*.txt &>/dev/null || true; #Remove all blob references from blob manifest
|
||||
awk -i inplace '!/'$blobs'/' ./*/*proprietary*.txt &>/dev/null || true; #Remove all blob references from blob manifest location in subdirectory
|
||||
if [ -f setup-makefiles.sh ]; then
|
||||
bash -c "cd $DOS_BUILD_BASE$devicePath && ./setup-makefiles.sh"; #Update the makefiles
|
||||
fi;
|
||||
|
@ -380,6 +380,7 @@ hardenDefconfig() {
|
||||
#Enable supported options
|
||||
#Disabled: CONFIG_DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
|
||||
declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_STACKPROTECTOR" "CONFIG_STACKPROTECTOR_STRONG" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_KAISER" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PAGE_TABLE_ISOLATION" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_RETPOLINE" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP" "CONFIG_SECCOMP_FILTER" "CONFIG_SECURITY" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_UNMAP_KERNEL_AT_EL0" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_DMESG_RESTRICT" "CONFIG_SLAB_FREELIST_HARDENED" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_IPV6_PRIVACY" "CONFIG_HARDEN_BRANCH_PREDICTOR" "CONFIG_IOMMU_API" "CONFIG_IOMMU_SUPPORT" "CONFIG_IOMMU_HELPER" "CONFIG_INTEL_IOMMU_DEFAULT_ON" "CONFIG_ARM_SMMU" "CONFIG_QCOM_IOMMU" "CONFIG_MSM_IOMMU" "CONFIG_MSM_TZ_SMMU" "CONFIG_KGSL_PER_PROCESS_PAGE_TABLE" "CONFIG_MSM_KGSL_MMU_PAGE_FAULT" "CONFIG_IOMMU_PGTABLES_L2" "CONFIG_TEGRA_IOMMU_SMMU" "CONFIG_TEGRA_IOMMU_GART" "CONFIG_MTK_IOMMU" "CONFIG_EXYNOS_IOMMU" "CONFIG_OMAP_IOMMU" "CONFIG_OF_IOMMU")
|
||||
#if [ "$DOS_DEBLOBBER_REPLACE_TIME" = true ]; then optionsYes+=("CONFIG_RTC_DRV_MSM" "CONFIG_RTC_DRV_PM8XXX" "CONFIG_RTC_DRV_MSM7X00A" "CONFIG_RTC_DRV_QPNP"); fi;
|
||||
for option in "${optionsYes[@]}"
|
||||
do
|
||||
sed -i 's/# '"$option"' is not set/'"$option"'=y/' $defconfigPath &>/dev/null || true;
|
||||
|
@ -60,10 +60,8 @@ buildAll() {
|
||||
brunch lineage_fugu-user;
|
||||
brunch lineage_h850-user;
|
||||
brunch lineage_hammerhead-user;
|
||||
brunch lineage_klte-user; #broken
|
||||
brunch lineage_m8-user;
|
||||
brunch lineage_mata-user;
|
||||
brunch lineage_shamu-user;
|
||||
brunch lineage_starlte-user; #broken - device/samsung/universal9810-common/audio: MODULE.TARGET.SHARED_LIBRARIES.libshim_audio_32 already defined by device/samsung/star-common/audio
|
||||
brunch lineage_us996-user;
|
||||
brunch lineage_us997-user;
|
||||
@ -73,9 +71,11 @@ buildAll() {
|
||||
#brunch lineage_bacon-user;
|
||||
#brunch lineage_ether-user;
|
||||
#brunch lineage_griffin-user;
|
||||
#brunch lineage_klte-user;
|
||||
#brunch lineage_mako-user;
|
||||
#brunch lineage_marlin-user;
|
||||
#brunch lineage_sailfish-user;
|
||||
#brunch lineage_shamu-user;
|
||||
}
|
||||
export -f buildAll;
|
||||
|
||||
|
@ -69,7 +69,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0866/3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11034/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11036/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11039/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15827/3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
|
||||
|
@ -47,7 +47,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.18/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
|
||||
|
@ -55,7 +55,7 @@ buildAll() {
|
||||
brunch lineage_klte-user;
|
||||
brunch lineage_marlin-user;
|
||||
brunch lineage_sailfish-user;
|
||||
brunch lineage_shamu-user; #broken - needs synced proprietary-files.txt
|
||||
brunch lineage_shamu-user;
|
||||
}
|
||||
export -f buildAll;
|
||||
|
||||
@ -73,6 +73,11 @@ patchWorkspace() {
|
||||
source "$DOS_SCRIPTS_COMMON/Deblob.sh";
|
||||
source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
|
||||
source build/envsetup.sh;
|
||||
|
||||
#Deblobbing fixes
|
||||
##setup-makefiles doesn't execute properly for some devices, running it twice seems to fix whatever is wrong
|
||||
cd device/google/marlin/marlin && ./setup-makefiles.sh && cd "$DOS_BUILD_BASE";
|
||||
cd device/google/marlin/sailfish && ./setup-makefiles.sh && cd "$DOS_BUILD_BASE";
|
||||
}
|
||||
export -f patchWorkspace;
|
||||
|
||||
|
@ -152,6 +152,7 @@ if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/h
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
|
||||
|
||||
enterAndClear "system/sepolicy";
|
||||
git revert 4c9031e4e2f45db3531d0bc602b2d9c9407a2d16; #neverallow
|
||||
patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
|
||||
awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
|
||||
|
||||
@ -182,7 +183,7 @@ git revert 218f7442874f7b7d494f265286a2151e2f81bb6e 31a1cb251d5e35d8954cec6f3738
|
||||
echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
|
||||
echo "allow system_server sensors_data_file:dir search;" >> sepolicy/system_server.te; #Fix qcom_sensors log spam
|
||||
echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/system_server.te;
|
||||
sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 60M free
|
||||
sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 75M free
|
||||
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk;
|
||||
|
||||
enterAndClear "device/oneplus/bacon";
|
||||
|
Loading…
Reference in New Issue
Block a user