diff --git a/Manifests/Manifest_LAOS-16.0.xml b/Manifests/Manifest_LAOS-16.0.xml
index c6a7332a..9078008f 100644
--- a/Manifests/Manifest_LAOS-16.0.xml
+++ b/Manifests/Manifest_LAOS-16.0.xml
@@ -74,6 +74,7 @@
 <!-- START OF DEVICE REPOS -->
 	<!-- Common -->
 	<project path="packages/resources/devicesettings" name="LineageOS/android_packages_resources_devicesettings" remote="github" />
+	<project path="system/qcom" name="LineageOS/android_system_qcom" remote="github" />
 	<project path="external/bson" name="LineageOS/android_external_bson" remote="github" />
 	<project path="external/sony/boringssl-compat" name="LineageOS/android_external_sony_boringssl-compat" remote="github" />
 	<project path="hardware/sony/thermanager" name="LineageOS/android_hardware_sony_thermanager" remote="github" />
diff --git a/Patches/Common/android_vendor_divested/blob_blocker.mk b/Patches/Common/android_vendor_divested/blob_blocker.mk
new file mode 100644
index 00000000..3dd68f01
--- /dev/null
+++ b/Patches/Common/android_vendor_divested/blob_blocker.mk
@@ -0,0 +1,94 @@
+include $(CLEAR_VARS)
+
+# vendor makefiles often end up with these not being removed from Android.mk
+# which causes build failures since their files were deleted
+# override here to prevent breakage
+
+LOCAL_MODULE := BlobBlocker
+
+LOCAL_OVERRIDES_PACKAGES := \
+    a4wpservice \
+    appdirectedsmspermission \
+    AppDirectedSMSProxy \
+    ApplicationBar \
+    aptxui \
+    atfwd \
+    AtvRemoteService \
+    BuaContactAdapter \
+    CABLService \
+    CanvasPackageInstaller \
+    CarrierServices \
+    CNEService \
+    colorservice \
+    ConnMO \
+    CQATest \
+    DCMO \
+    DiagMon \
+    DMConfigUpdate \
+    DMService \
+    DolbyVisionService \
+    dpmserviceapp \
+    DragonKeyboardFirmwareUpdater \
+    DTVPlayer \
+    DTVService \
+    EasyAccessService \
+    embms \
+    FMRadioGooogle \
+    FmRadioTrampoline2 \
+    GamepadPairingService \
+    GCS \
+    GeminiInputDevices \
+    Gemini_Keyboard \
+    GlobalkeyInteceptor \
+    HiddenMenu \
+    HotwordEnrollment \
+    HWSarControlService \
+    imssettings \
+    LeanbackIme \
+    LeanbackLauncher \
+    LifetimeData \
+    LifeTimerService \
+    ModFmwkProxyService \
+    ModService \
+    MotCameraMod \
+    MotoDisplayFWProxy \
+    MotoSignatureApp \
+    MyVerizonServices \
+    OBDM_Permissions \
+    obdm_stub \
+    Overscan \
+    Perfdump \
+    PowerOffAlarm \
+    PPPreference \
+    ProjecterApp \
+    QtiTetherService \
+    QuickBoot \
+    RCSBootstraputil \
+    RcsImsBootstraputil \
+    RemoteControlService \
+    SDM \
+    SecPhone \
+    SecProtect \
+    SprintDM \
+    SprintHM \
+    SprintMenu \
+    SyncMLSvc \
+    SystemUpdateUI \
+    TriggerEnroll \
+    TriggerTrainingService \
+    Tycho \
+    uceShimService \
+    VerizonAuthDialog \
+    VerizonSSOEngine \
+    VerizonUnifiedSettings \
+    VZWAPNLib \
+    vzwapnpermission \
+    VZWAPNService \
+    VZWAVS \
+    VzwLcSilent \
+    vzw_msdc_api \
+    VzwOmaTrigger \
+    WfcActivation \
+    WfdService
+
+include $(BUILD_PREBUILT)
diff --git a/Patches/Common/android_vendor_divested/divestos.mk b/Patches/Common/android_vendor_divested/divestos.mk
index c7869cae..b66460c5 100644
--- a/Patches/Common/android_vendor_divested/divestos.mk
+++ b/Patches/Common/android_vendor_divested/divestos.mk
@@ -16,8 +16,9 @@ PRODUCT_PROPERTY_OVERRIDES += \
     ro.config.alarm_alert=Alarm_Buzzer.ogg \
     keyguard.no_require_sim=true \
     ro.build.selinux=1 \
-    ro.storage_manager.enabled=false \
-    ro.control_privapp_permissions=log
+    ro.storage_manager.enabled=false
+#    ro.control_privapp_permissions=log
+#    ro.control_privapp_permissions=enforce
 
 #Copy extra files
 PRODUCT_COPY_FILES += \
@@ -25,5 +26,6 @@ PRODUCT_COPY_FILES += \
     vendor/divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml:system/etc/permissions/permissions_org.fdroid.fdroid.privileged.xml
 
 #Include packages
-#PRODUCT_PACKAGES += ModuleBlocker
+PRODUCT_PACKAGES += BlobBlocker
+PRODUCT_PACKAGES += ModuleBlocker
 include vendor/divested/packages.mk
diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
index c76f3e6a..1fe17075 100644
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@@ -116,7 +116,7 @@ echo "Deblobbing..."
 	sepolicy=$sepolicy" hal_drm_default.te hal_drm.te hal_drm_widevine.te";
 
 	#eMBMS [Qualcomm]
-	blobs=$blobs"|embms.apk";
+	blobs=$blobs"|embms.apk|embmslibrary.jar";
 
 	#External Accessories
 	if [ "$DOS_DEBLOBBER_REMOVE_ACCESSORIES" = true ]; then
@@ -180,7 +180,7 @@ echo "Deblobbing..."
 
 	#IMS (VoLTE/Wi-Fi Calling) [Qualcomm]
 	blobs=$blobs"|imscmlibrary.jar|imscmservice|imscm.xml|imsdatadaemon|imsqmidaemon|imssettings.apk|lib-imsdpl.so|lib-imscamera.so|libimscamera_jni.so|lib-imsqimf.so|lib-imsSDP.so|lib-imss.so|lib-imsvt.so|lib-imsxml.so"; #IMS
-	blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so|vendor.qti.imsrtpservice.*.so"; #RTP
+	blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so|vendor.qti.imsrtpservice.*"; #RTP
 	blobs=$blobs"|lib-dplmedia.so|librcc.so|libvcel.so|libvoice-svc.so|qti_permissions.xml"; #Misc.
 	if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then #IMS (Core) (To support carriers that have phased out 2G)
 		blobs=$blobs"|ims.apk|ims.xml|libimsmedia_jni.so";
@@ -254,7 +254,7 @@ echo "Deblobbing..."
 	blobs=$blobs"|libQtiTether.so|QtiTetherService.apk";
 
 	#RCS (Proprietary messaging protocol)
-	blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk|uceShimService.apk|CarrierServices.apk"; #RCS
+	blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk|uceShimService.apk|CarrierServices.apk|vendor.qti.ims.rcsconfig.*"; #RCS
 	makes=$makes"|rcs_service.*";
 	ipcSec=$ipcSec"|18:4294967295:1001:3004";
 
@@ -268,7 +268,7 @@ echo "Deblobbing..."
 	blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
 
 	#[Sprint]
-	blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk|SDM.apk|SecPhone.apk|SprintMenu.apk";
+	blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk|SDM.apk|SecPhone.apk|SprintMenu.apk|com.android.sdm.plugins.connmo.xml|com.android.sdm.plugins.sprintdm.xml";
 	ipcSec=$ipcSec"|238:4294967295:1001:3004";
 
 	#SyncML
@@ -451,6 +451,7 @@ deblobDevice() {
 	rm -rf board/qcom-wipower.mk product/qcom-wipower.mk; #Remove WiPower makefiles
 	awk -i inplace '!/'$ipcSec'/' configs/sec_config &>/dev/null || true; #Remove all IPC security exceptions from sec_config
 	awk -i inplace '!/'$blobs'/' ./*proprietary*.txt &>/dev/null || true; #Remove all blob references from blob manifest
+	awk -i inplace '!/'$blobs'/' ./*/*proprietary*.txt &>/dev/null || true; #Remove all blob references from blob manifest location in subdirectory
 	if [ -f setup-makefiles.sh ]; then
 		bash -c "cd $DOS_BUILD_BASE$devicePath && ./setup-makefiles.sh"; #Update the makefiles
 	fi;
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index a5399490..425140f8 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -380,6 +380,7 @@ hardenDefconfig() {
 	#Enable supported options
 	#Disabled: CONFIG_DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
 	declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_STACKPROTECTOR" "CONFIG_STACKPROTECTOR_STRONG" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_KAISER" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PAGE_TABLE_ISOLATION" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_RETPOLINE" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP" "CONFIG_SECCOMP_FILTER" "CONFIG_SECURITY" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_UNMAP_KERNEL_AT_EL0" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_DMESG_RESTRICT" "CONFIG_SLAB_FREELIST_HARDENED" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_IPV6_PRIVACY" "CONFIG_HARDEN_BRANCH_PREDICTOR" "CONFIG_IOMMU_API" "CONFIG_IOMMU_SUPPORT" "CONFIG_IOMMU_HELPER" "CONFIG_INTEL_IOMMU_DEFAULT_ON" "CONFIG_ARM_SMMU" "CONFIG_QCOM_IOMMU" "CONFIG_MSM_IOMMU" "CONFIG_MSM_TZ_SMMU" "CONFIG_KGSL_PER_PROCESS_PAGE_TABLE" "CONFIG_MSM_KGSL_MMU_PAGE_FAULT" "CONFIG_IOMMU_PGTABLES_L2" "CONFIG_TEGRA_IOMMU_SMMU" "CONFIG_TEGRA_IOMMU_GART" "CONFIG_MTK_IOMMU" "CONFIG_EXYNOS_IOMMU" "CONFIG_OMAP_IOMMU" "CONFIG_OF_IOMMU")
+	#if [ "$DOS_DEBLOBBER_REPLACE_TIME" = true ]; then optionsYes+=("CONFIG_RTC_DRV_MSM" "CONFIG_RTC_DRV_PM8XXX" "CONFIG_RTC_DRV_MSM7X00A" "CONFIG_RTC_DRV_QPNP"); fi;
 	for option in "${optionsYes[@]}"
 	do
 		sed -i 's/# '"$option"' is not set/'"$option"'=y/' $defconfigPath &>/dev/null || true;
diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh
index 83b27ace..9b40a2e8 100644
--- a/Scripts/LineageOS-15.1/Functions.sh
+++ b/Scripts/LineageOS-15.1/Functions.sh
@@ -60,10 +60,8 @@ buildAll() {
 	brunch lineage_fugu-user;
 	brunch lineage_h850-user;
 	brunch lineage_hammerhead-user;
-	brunch lineage_klte-user; #broken
 	brunch lineage_m8-user;
 	brunch lineage_mata-user;
-	brunch lineage_shamu-user;
 	brunch lineage_starlte-user; #broken - device/samsung/universal9810-common/audio: MODULE.TARGET.SHARED_LIBRARIES.libshim_audio_32 already defined by device/samsung/star-common/audio
 	brunch lineage_us996-user;
 	brunch lineage_us997-user;
@@ -73,9 +71,11 @@ buildAll() {
 	#brunch lineage_bacon-user;
 	#brunch lineage_ether-user;
 	#brunch lineage_griffin-user;
+	#brunch lineage_klte-user;
 	#brunch lineage_mako-user;
 	#brunch lineage_marlin-user;
 	#brunch lineage_sailfish-user;
+	#brunch lineage_shamu-user;
 }
 export -f buildAll;
 
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh
index 913dae67..248dc665 100644
--- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh
@@ -69,7 +69,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0866/3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11034/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11036/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11039/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15827/3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh
index 31c291b1..913c1691 100644
--- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh
@@ -47,7 +47,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.18/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh
index 483de84e..68ed151b 100644
--- a/Scripts/LineageOS-16.0/Functions.sh
+++ b/Scripts/LineageOS-16.0/Functions.sh
@@ -55,7 +55,7 @@ buildAll() {
 	brunch lineage_klte-user;
 	brunch lineage_marlin-user;
 	brunch lineage_sailfish-user;
-	brunch lineage_shamu-user; #broken - needs synced proprietary-files.txt
+	brunch lineage_shamu-user;
 }
 export -f buildAll;
 
@@ -73,6 +73,11 @@ patchWorkspace() {
 	source "$DOS_SCRIPTS_COMMON/Deblob.sh";
 	source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
 	source build/envsetup.sh;
+
+	#Deblobbing fixes
+	##setup-makefiles doesn't execute properly for some devices, running it twice seems to fix whatever is wrong
+	cd device/google/marlin/marlin && ./setup-makefiles.sh && cd "$DOS_BUILD_BASE";
+	cd device/google/marlin/sailfish && ./setup-makefiles.sh && cd "$DOS_BUILD_BASE";
 }
 export -f patchWorkspace;
 
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index 813165f4..63a31b97 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -152,6 +152,7 @@ if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/h
 patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
 
 enterAndClear "system/sepolicy";
+git revert 4c9031e4e2f45db3531d0bc602b2d9c9407a2d16; #neverallow
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
 awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
 
@@ -182,7 +183,7 @@ git revert 218f7442874f7b7d494f265286a2151e2f81bb6e 31a1cb251d5e35d8954cec6f3738
 echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
 echo "allow system_server sensors_data_file:dir search;" >> sepolicy/system_server.te; #Fix qcom_sensors log spam
 echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/system_server.te;
-sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 60M free
+sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 75M free
 awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk;
 
 enterAndClear "device/oneplus/bacon";