mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-25 07:29:24 -05:00
Build fixes + new blob blocker
This commit is contained in:
parent
d3d924bd91
commit
e344b17a36
@ -74,6 +74,7 @@
|
|||||||
<!-- START OF DEVICE REPOS -->
|
<!-- START OF DEVICE REPOS -->
|
||||||
<!-- Common -->
|
<!-- Common -->
|
||||||
<project path="packages/resources/devicesettings" name="LineageOS/android_packages_resources_devicesettings" remote="github" />
|
<project path="packages/resources/devicesettings" name="LineageOS/android_packages_resources_devicesettings" remote="github" />
|
||||||
|
<project path="system/qcom" name="LineageOS/android_system_qcom" remote="github" />
|
||||||
<project path="external/bson" name="LineageOS/android_external_bson" remote="github" />
|
<project path="external/bson" name="LineageOS/android_external_bson" remote="github" />
|
||||||
<project path="external/sony/boringssl-compat" name="LineageOS/android_external_sony_boringssl-compat" remote="github" />
|
<project path="external/sony/boringssl-compat" name="LineageOS/android_external_sony_boringssl-compat" remote="github" />
|
||||||
<project path="hardware/sony/thermanager" name="LineageOS/android_hardware_sony_thermanager" remote="github" />
|
<project path="hardware/sony/thermanager" name="LineageOS/android_hardware_sony_thermanager" remote="github" />
|
||||||
|
94
Patches/Common/android_vendor_divested/blob_blocker.mk
Normal file
94
Patches/Common/android_vendor_divested/blob_blocker.mk
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
include $(CLEAR_VARS)
|
||||||
|
|
||||||
|
# vendor makefiles often end up with these not being removed from Android.mk
|
||||||
|
# which causes build failures since their files were deleted
|
||||||
|
# override here to prevent breakage
|
||||||
|
|
||||||
|
LOCAL_MODULE := BlobBlocker
|
||||||
|
|
||||||
|
LOCAL_OVERRIDES_PACKAGES := \
|
||||||
|
a4wpservice \
|
||||||
|
appdirectedsmspermission \
|
||||||
|
AppDirectedSMSProxy \
|
||||||
|
ApplicationBar \
|
||||||
|
aptxui \
|
||||||
|
atfwd \
|
||||||
|
AtvRemoteService \
|
||||||
|
BuaContactAdapter \
|
||||||
|
CABLService \
|
||||||
|
CanvasPackageInstaller \
|
||||||
|
CarrierServices \
|
||||||
|
CNEService \
|
||||||
|
colorservice \
|
||||||
|
ConnMO \
|
||||||
|
CQATest \
|
||||||
|
DCMO \
|
||||||
|
DiagMon \
|
||||||
|
DMConfigUpdate \
|
||||||
|
DMService \
|
||||||
|
DolbyVisionService \
|
||||||
|
dpmserviceapp \
|
||||||
|
DragonKeyboardFirmwareUpdater \
|
||||||
|
DTVPlayer \
|
||||||
|
DTVService \
|
||||||
|
EasyAccessService \
|
||||||
|
embms \
|
||||||
|
FMRadioGooogle \
|
||||||
|
FmRadioTrampoline2 \
|
||||||
|
GamepadPairingService \
|
||||||
|
GCS \
|
||||||
|
GeminiInputDevices \
|
||||||
|
Gemini_Keyboard \
|
||||||
|
GlobalkeyInteceptor \
|
||||||
|
HiddenMenu \
|
||||||
|
HotwordEnrollment \
|
||||||
|
HWSarControlService \
|
||||||
|
imssettings \
|
||||||
|
LeanbackIme \
|
||||||
|
LeanbackLauncher \
|
||||||
|
LifetimeData \
|
||||||
|
LifeTimerService \
|
||||||
|
ModFmwkProxyService \
|
||||||
|
ModService \
|
||||||
|
MotCameraMod \
|
||||||
|
MotoDisplayFWProxy \
|
||||||
|
MotoSignatureApp \
|
||||||
|
MyVerizonServices \
|
||||||
|
OBDM_Permissions \
|
||||||
|
obdm_stub \
|
||||||
|
Overscan \
|
||||||
|
Perfdump \
|
||||||
|
PowerOffAlarm \
|
||||||
|
PPPreference \
|
||||||
|
ProjecterApp \
|
||||||
|
QtiTetherService \
|
||||||
|
QuickBoot \
|
||||||
|
RCSBootstraputil \
|
||||||
|
RcsImsBootstraputil \
|
||||||
|
RemoteControlService \
|
||||||
|
SDM \
|
||||||
|
SecPhone \
|
||||||
|
SecProtect \
|
||||||
|
SprintDM \
|
||||||
|
SprintHM \
|
||||||
|
SprintMenu \
|
||||||
|
SyncMLSvc \
|
||||||
|
SystemUpdateUI \
|
||||||
|
TriggerEnroll \
|
||||||
|
TriggerTrainingService \
|
||||||
|
Tycho \
|
||||||
|
uceShimService \
|
||||||
|
VerizonAuthDialog \
|
||||||
|
VerizonSSOEngine \
|
||||||
|
VerizonUnifiedSettings \
|
||||||
|
VZWAPNLib \
|
||||||
|
vzwapnpermission \
|
||||||
|
VZWAPNService \
|
||||||
|
VZWAVS \
|
||||||
|
VzwLcSilent \
|
||||||
|
vzw_msdc_api \
|
||||||
|
VzwOmaTrigger \
|
||||||
|
WfcActivation \
|
||||||
|
WfdService
|
||||||
|
|
||||||
|
include $(BUILD_PREBUILT)
|
@ -16,8 +16,9 @@ PRODUCT_PROPERTY_OVERRIDES += \
|
|||||||
ro.config.alarm_alert=Alarm_Buzzer.ogg \
|
ro.config.alarm_alert=Alarm_Buzzer.ogg \
|
||||||
keyguard.no_require_sim=true \
|
keyguard.no_require_sim=true \
|
||||||
ro.build.selinux=1 \
|
ro.build.selinux=1 \
|
||||||
ro.storage_manager.enabled=false \
|
ro.storage_manager.enabled=false
|
||||||
ro.control_privapp_permissions=log
|
# ro.control_privapp_permissions=log
|
||||||
|
# ro.control_privapp_permissions=enforce
|
||||||
|
|
||||||
#Copy extra files
|
#Copy extra files
|
||||||
PRODUCT_COPY_FILES += \
|
PRODUCT_COPY_FILES += \
|
||||||
@ -25,5 +26,6 @@ PRODUCT_COPY_FILES += \
|
|||||||
vendor/divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml:system/etc/permissions/permissions_org.fdroid.fdroid.privileged.xml
|
vendor/divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml:system/etc/permissions/permissions_org.fdroid.fdroid.privileged.xml
|
||||||
|
|
||||||
#Include packages
|
#Include packages
|
||||||
#PRODUCT_PACKAGES += ModuleBlocker
|
PRODUCT_PACKAGES += BlobBlocker
|
||||||
|
PRODUCT_PACKAGES += ModuleBlocker
|
||||||
include vendor/divested/packages.mk
|
include vendor/divested/packages.mk
|
||||||
|
@ -116,7 +116,7 @@ echo "Deblobbing..."
|
|||||||
sepolicy=$sepolicy" hal_drm_default.te hal_drm.te hal_drm_widevine.te";
|
sepolicy=$sepolicy" hal_drm_default.te hal_drm.te hal_drm_widevine.te";
|
||||||
|
|
||||||
#eMBMS [Qualcomm]
|
#eMBMS [Qualcomm]
|
||||||
blobs=$blobs"|embms.apk";
|
blobs=$blobs"|embms.apk|embmslibrary.jar";
|
||||||
|
|
||||||
#External Accessories
|
#External Accessories
|
||||||
if [ "$DOS_DEBLOBBER_REMOVE_ACCESSORIES" = true ]; then
|
if [ "$DOS_DEBLOBBER_REMOVE_ACCESSORIES" = true ]; then
|
||||||
@ -180,7 +180,7 @@ echo "Deblobbing..."
|
|||||||
|
|
||||||
#IMS (VoLTE/Wi-Fi Calling) [Qualcomm]
|
#IMS (VoLTE/Wi-Fi Calling) [Qualcomm]
|
||||||
blobs=$blobs"|imscmlibrary.jar|imscmservice|imscm.xml|imsdatadaemon|imsqmidaemon|imssettings.apk|lib-imsdpl.so|lib-imscamera.so|libimscamera_jni.so|lib-imsqimf.so|lib-imsSDP.so|lib-imss.so|lib-imsvt.so|lib-imsxml.so"; #IMS
|
blobs=$blobs"|imscmlibrary.jar|imscmservice|imscm.xml|imsdatadaemon|imsqmidaemon|imssettings.apk|lib-imsdpl.so|lib-imscamera.so|libimscamera_jni.so|lib-imsqimf.so|lib-imsSDP.so|lib-imss.so|lib-imsvt.so|lib-imsxml.so"; #IMS
|
||||||
blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so|vendor.qti.imsrtpservice.*.so"; #RTP
|
blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so|vendor.qti.imsrtpservice.*"; #RTP
|
||||||
blobs=$blobs"|lib-dplmedia.so|librcc.so|libvcel.so|libvoice-svc.so|qti_permissions.xml"; #Misc.
|
blobs=$blobs"|lib-dplmedia.so|librcc.so|libvcel.so|libvoice-svc.so|qti_permissions.xml"; #Misc.
|
||||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then #IMS (Core) (To support carriers that have phased out 2G)
|
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then #IMS (Core) (To support carriers that have phased out 2G)
|
||||||
blobs=$blobs"|ims.apk|ims.xml|libimsmedia_jni.so";
|
blobs=$blobs"|ims.apk|ims.xml|libimsmedia_jni.so";
|
||||||
@ -254,7 +254,7 @@ echo "Deblobbing..."
|
|||||||
blobs=$blobs"|libQtiTether.so|QtiTetherService.apk";
|
blobs=$blobs"|libQtiTether.so|QtiTetherService.apk";
|
||||||
|
|
||||||
#RCS (Proprietary messaging protocol)
|
#RCS (Proprietary messaging protocol)
|
||||||
blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk|uceShimService.apk|CarrierServices.apk"; #RCS
|
blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk|uceShimService.apk|CarrierServices.apk|vendor.qti.ims.rcsconfig.*"; #RCS
|
||||||
makes=$makes"|rcs_service.*";
|
makes=$makes"|rcs_service.*";
|
||||||
ipcSec=$ipcSec"|18:4294967295:1001:3004";
|
ipcSec=$ipcSec"|18:4294967295:1001:3004";
|
||||||
|
|
||||||
@ -268,7 +268,7 @@ echo "Deblobbing..."
|
|||||||
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
|
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
|
||||||
|
|
||||||
#[Sprint]
|
#[Sprint]
|
||||||
blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk|SDM.apk|SecPhone.apk|SprintMenu.apk";
|
blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk|SDM.apk|SecPhone.apk|SprintMenu.apk|com.android.sdm.plugins.connmo.xml|com.android.sdm.plugins.sprintdm.xml";
|
||||||
ipcSec=$ipcSec"|238:4294967295:1001:3004";
|
ipcSec=$ipcSec"|238:4294967295:1001:3004";
|
||||||
|
|
||||||
#SyncML
|
#SyncML
|
||||||
@ -451,6 +451,7 @@ deblobDevice() {
|
|||||||
rm -rf board/qcom-wipower.mk product/qcom-wipower.mk; #Remove WiPower makefiles
|
rm -rf board/qcom-wipower.mk product/qcom-wipower.mk; #Remove WiPower makefiles
|
||||||
awk -i inplace '!/'$ipcSec'/' configs/sec_config &>/dev/null || true; #Remove all IPC security exceptions from sec_config
|
awk -i inplace '!/'$ipcSec'/' configs/sec_config &>/dev/null || true; #Remove all IPC security exceptions from sec_config
|
||||||
awk -i inplace '!/'$blobs'/' ./*proprietary*.txt &>/dev/null || true; #Remove all blob references from blob manifest
|
awk -i inplace '!/'$blobs'/' ./*proprietary*.txt &>/dev/null || true; #Remove all blob references from blob manifest
|
||||||
|
awk -i inplace '!/'$blobs'/' ./*/*proprietary*.txt &>/dev/null || true; #Remove all blob references from blob manifest location in subdirectory
|
||||||
if [ -f setup-makefiles.sh ]; then
|
if [ -f setup-makefiles.sh ]; then
|
||||||
bash -c "cd $DOS_BUILD_BASE$devicePath && ./setup-makefiles.sh"; #Update the makefiles
|
bash -c "cd $DOS_BUILD_BASE$devicePath && ./setup-makefiles.sh"; #Update the makefiles
|
||||||
fi;
|
fi;
|
||||||
|
@ -380,6 +380,7 @@ hardenDefconfig() {
|
|||||||
#Enable supported options
|
#Enable supported options
|
||||||
#Disabled: CONFIG_DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
|
#Disabled: CONFIG_DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
|
||||||
declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_STACKPROTECTOR" "CONFIG_STACKPROTECTOR_STRONG" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_KAISER" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PAGE_TABLE_ISOLATION" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_RETPOLINE" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP" "CONFIG_SECCOMP_FILTER" "CONFIG_SECURITY" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_UNMAP_KERNEL_AT_EL0" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_DMESG_RESTRICT" "CONFIG_SLAB_FREELIST_HARDENED" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_IPV6_PRIVACY" "CONFIG_HARDEN_BRANCH_PREDICTOR" "CONFIG_IOMMU_API" "CONFIG_IOMMU_SUPPORT" "CONFIG_IOMMU_HELPER" "CONFIG_INTEL_IOMMU_DEFAULT_ON" "CONFIG_ARM_SMMU" "CONFIG_QCOM_IOMMU" "CONFIG_MSM_IOMMU" "CONFIG_MSM_TZ_SMMU" "CONFIG_KGSL_PER_PROCESS_PAGE_TABLE" "CONFIG_MSM_KGSL_MMU_PAGE_FAULT" "CONFIG_IOMMU_PGTABLES_L2" "CONFIG_TEGRA_IOMMU_SMMU" "CONFIG_TEGRA_IOMMU_GART" "CONFIG_MTK_IOMMU" "CONFIG_EXYNOS_IOMMU" "CONFIG_OMAP_IOMMU" "CONFIG_OF_IOMMU")
|
declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_STACKPROTECTOR" "CONFIG_STACKPROTECTOR_STRONG" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_KAISER" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PAGE_TABLE_ISOLATION" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_RETPOLINE" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP" "CONFIG_SECCOMP_FILTER" "CONFIG_SECURITY" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_UNMAP_KERNEL_AT_EL0" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_DMESG_RESTRICT" "CONFIG_SLAB_FREELIST_HARDENED" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_IPV6_PRIVACY" "CONFIG_HARDEN_BRANCH_PREDICTOR" "CONFIG_IOMMU_API" "CONFIG_IOMMU_SUPPORT" "CONFIG_IOMMU_HELPER" "CONFIG_INTEL_IOMMU_DEFAULT_ON" "CONFIG_ARM_SMMU" "CONFIG_QCOM_IOMMU" "CONFIG_MSM_IOMMU" "CONFIG_MSM_TZ_SMMU" "CONFIG_KGSL_PER_PROCESS_PAGE_TABLE" "CONFIG_MSM_KGSL_MMU_PAGE_FAULT" "CONFIG_IOMMU_PGTABLES_L2" "CONFIG_TEGRA_IOMMU_SMMU" "CONFIG_TEGRA_IOMMU_GART" "CONFIG_MTK_IOMMU" "CONFIG_EXYNOS_IOMMU" "CONFIG_OMAP_IOMMU" "CONFIG_OF_IOMMU")
|
||||||
|
#if [ "$DOS_DEBLOBBER_REPLACE_TIME" = true ]; then optionsYes+=("CONFIG_RTC_DRV_MSM" "CONFIG_RTC_DRV_PM8XXX" "CONFIG_RTC_DRV_MSM7X00A" "CONFIG_RTC_DRV_QPNP"); fi;
|
||||||
for option in "${optionsYes[@]}"
|
for option in "${optionsYes[@]}"
|
||||||
do
|
do
|
||||||
sed -i 's/# '"$option"' is not set/'"$option"'=y/' $defconfigPath &>/dev/null || true;
|
sed -i 's/# '"$option"' is not set/'"$option"'=y/' $defconfigPath &>/dev/null || true;
|
||||||
|
@ -60,10 +60,8 @@ buildAll() {
|
|||||||
brunch lineage_fugu-user;
|
brunch lineage_fugu-user;
|
||||||
brunch lineage_h850-user;
|
brunch lineage_h850-user;
|
||||||
brunch lineage_hammerhead-user;
|
brunch lineage_hammerhead-user;
|
||||||
brunch lineage_klte-user; #broken
|
|
||||||
brunch lineage_m8-user;
|
brunch lineage_m8-user;
|
||||||
brunch lineage_mata-user;
|
brunch lineage_mata-user;
|
||||||
brunch lineage_shamu-user;
|
|
||||||
brunch lineage_starlte-user; #broken - device/samsung/universal9810-common/audio: MODULE.TARGET.SHARED_LIBRARIES.libshim_audio_32 already defined by device/samsung/star-common/audio
|
brunch lineage_starlte-user; #broken - device/samsung/universal9810-common/audio: MODULE.TARGET.SHARED_LIBRARIES.libshim_audio_32 already defined by device/samsung/star-common/audio
|
||||||
brunch lineage_us996-user;
|
brunch lineage_us996-user;
|
||||||
brunch lineage_us997-user;
|
brunch lineage_us997-user;
|
||||||
@ -73,9 +71,11 @@ buildAll() {
|
|||||||
#brunch lineage_bacon-user;
|
#brunch lineage_bacon-user;
|
||||||
#brunch lineage_ether-user;
|
#brunch lineage_ether-user;
|
||||||
#brunch lineage_griffin-user;
|
#brunch lineage_griffin-user;
|
||||||
|
#brunch lineage_klte-user;
|
||||||
#brunch lineage_mako-user;
|
#brunch lineage_mako-user;
|
||||||
#brunch lineage_marlin-user;
|
#brunch lineage_marlin-user;
|
||||||
#brunch lineage_sailfish-user;
|
#brunch lineage_sailfish-user;
|
||||||
|
#brunch lineage_shamu-user;
|
||||||
}
|
}
|
||||||
export -f buildAll;
|
export -f buildAll;
|
||||||
|
|
||||||
|
@ -69,7 +69,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0866/3.18/0001.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11034/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11034/ANY/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11036/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11036/ANY/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11039/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11039/ANY/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
|
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15827/3.18/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15827/3.18/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
|
||||||
|
@ -47,7 +47,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
|
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.18/0009.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.18/0009.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
|
||||||
|
@ -55,7 +55,7 @@ buildAll() {
|
|||||||
brunch lineage_klte-user;
|
brunch lineage_klte-user;
|
||||||
brunch lineage_marlin-user;
|
brunch lineage_marlin-user;
|
||||||
brunch lineage_sailfish-user;
|
brunch lineage_sailfish-user;
|
||||||
brunch lineage_shamu-user; #broken - needs synced proprietary-files.txt
|
brunch lineage_shamu-user;
|
||||||
}
|
}
|
||||||
export -f buildAll;
|
export -f buildAll;
|
||||||
|
|
||||||
@ -73,6 +73,11 @@ patchWorkspace() {
|
|||||||
source "$DOS_SCRIPTS_COMMON/Deblob.sh";
|
source "$DOS_SCRIPTS_COMMON/Deblob.sh";
|
||||||
source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
|
source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
|
||||||
source build/envsetup.sh;
|
source build/envsetup.sh;
|
||||||
|
|
||||||
|
#Deblobbing fixes
|
||||||
|
##setup-makefiles doesn't execute properly for some devices, running it twice seems to fix whatever is wrong
|
||||||
|
cd device/google/marlin/marlin && ./setup-makefiles.sh && cd "$DOS_BUILD_BASE";
|
||||||
|
cd device/google/marlin/sailfish && ./setup-makefiles.sh && cd "$DOS_BUILD_BASE";
|
||||||
}
|
}
|
||||||
export -f patchWorkspace;
|
export -f patchWorkspace;
|
||||||
|
|
||||||
|
@ -152,6 +152,7 @@ if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/h
|
|||||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
|
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
|
||||||
|
|
||||||
enterAndClear "system/sepolicy";
|
enterAndClear "system/sepolicy";
|
||||||
|
git revert 4c9031e4e2f45db3531d0bc602b2d9c9407a2d16; #neverallow
|
||||||
patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
|
patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
|
||||||
awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
|
awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
|
||||||
|
|
||||||
@ -182,7 +183,7 @@ git revert 218f7442874f7b7d494f265286a2151e2f81bb6e 31a1cb251d5e35d8954cec6f3738
|
|||||||
echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
|
echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
|
||||||
echo "allow system_server sensors_data_file:dir search;" >> sepolicy/system_server.te; #Fix qcom_sensors log spam
|
echo "allow system_server sensors_data_file:dir search;" >> sepolicy/system_server.te; #Fix qcom_sensors log spam
|
||||||
echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/system_server.te;
|
echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/system_server.te;
|
||||||
sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 60M free
|
sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 75M free
|
||||||
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk;
|
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk;
|
||||||
|
|
||||||
enterAndClear "device/oneplus/bacon";
|
enterAndClear "device/oneplus/bacon";
|
||||||
|
Loading…
Reference in New Issue
Block a user