diff --git a/Patches/Common/android_frameworks_base/0002-Disable_usage_stats.patch b/Patches/Common/android_frameworks_base/0002-Disable_usage_stats.patch deleted file mode 100644 index 63997bca..00000000 --- a/Patches/Common/android_frameworks_base/0002-Disable_usage_stats.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 20a90f9fcf1bfd3da10210cc06f1428edbe92389 Mon Sep 17 00:00:00 2001 -From: MSe1969 -Date: Thu, 20 Dec 2018 22:12:35 +0100 -Subject: [PATCH] AppOps: Default GET_USAGE_STATS to MODE_IGNORED - -The AppOp OP_GET_USAGE_STATS is defaulted with MODE_DEFAULT and this is -resolved to default to ALLOW, if the permission PACKAGE_USAGE_STATS is -requested. This can be switched off in a specific settings menu, hence -an opt-out is implemented in AOSP. - -Letting 3rd parties analyze the behavior does not really add any value -for the device holder, hence an opt-in makes more sense. Usage stats -collection is now disabled by default for apps requesting that permission. - -If the user wants to allow stats collection, he can enter the respective -menu in settings and allow the app to collect usage data. - -Change-Id: I9e08822851cf660277e45f3023aa80d8918f45ae ---- - core/java/android/app/AppOpsManager.java | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java -index e13947335d2a..19287b3c13a4 100644 ---- a/core/java/android/app/AppOpsManager.java -+++ b/core/java/android/app/AppOpsManager.java -@@ -930,7 +930,7 @@ - AppOpsManager.MODE_ALLOWED, - AppOpsManager.MODE_ALLOWED, - AppOpsManager.MODE_ALLOWED, -- AppOpsManager.MODE_DEFAULT, // OP_GET_USAGE_STATS -+ AppOpsManager.MODE_IGNORED, // OP_GET_USAGE_STATS - AppOpsManager.MODE_ALLOWED, - AppOpsManager.MODE_ALLOWED, - AppOpsManager.MODE_IGNORED, // OP_PROJECT_MEDIA -@@ -1007,7 +1007,7 @@ - AppOpsManager.MODE_ALLOWED, // OP_WAKE_LOCK - AppOpsManager.MODE_ALLOWED, // OP_MONITOR_LOCATION - AppOpsManager.MODE_ASK, // OP_MONITOR_HIGH_POWER_LOCATION -- AppOpsManager.MODE_DEFAULT, // OP_GET_USAGE_STATS -+ AppOpsManager.MODE_IGNORED, // OP_GET_USAGE_STATS - AppOpsManager.MODE_ALLOWED, // OP_MUTE_MICROPHONE - AppOpsManager.MODE_ALLOWED, // OP_TOAST_WINDOW - AppOpsManager.MODE_IGNORED, // OP_PROJECT_MEDIA diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 27da480c..df8da5d0 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -94,7 +94,6 @@ changeDefaultDNS; #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers -patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0002-Disable_usage_stats.patch"; #don't grant usage stats permission to apps by default patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 506f9a6e..35e8d6d9 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -98,7 +98,6 @@ changeDefaultDNS; #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers -#patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0002-Disable_usage_stats.patch"; #don't grant usage stats permission to apps by default XXX: breaks stuff patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh index 5160d6dc..e4065908 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh @@ -1,6 +1,5 @@ #!/bin/bash cd "$DOS_BUILD_BASE""kernel/lge/mako" -git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0008.patch git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0009.patch git apply $DOS_PATCHES_LINUX_CVES/0005-Copperhead-Deny_USB/3.4/3.4-Backport.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch @@ -28,11 +27,9 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/^4.5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/^4.5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2384/^4.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2544/^4.4.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/^4.5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch @@ -40,24 +37,16 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5829/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6753/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6791/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6828/^4.7.5/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7910/^4.7.1/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7915/^4.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8399/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8406/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8463/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8650/^4.8.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/^4.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9793/^4.8.14/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9794/^4.7/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0403/3.0-^3.18/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch @@ -65,15 +54,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16525/^4.13.8/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13.10/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch @@ -82,19 +67,13 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2671/^4.10.8/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6074/^4.9.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6951/^3.14.79/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/^4.10.6/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/^4.10.6/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7308/^4.10.6/0003.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/^4.11.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch @@ -102,14 +81,12 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8247/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8890/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch @@ -131,7 +108,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch @@ -139,13 +116,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0004/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-5d89eb01c93d8a62998e3bdccae28a7732e3bd51.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-7be3e08d7a523207486701b2d34607137558066f.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch -editKernelLocalversion "-dos.p147" +editKernelLocalversion "-dos.p122" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 2a62e3b0..80495c9f 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -100,7 +100,6 @@ changeDefaultDNS; patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers -patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0002-Disable_usage_stats.patch"; #don't grant usage stats permission to apps by default patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps @@ -209,9 +208,6 @@ echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/syste sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 75M free awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk; -enterAndClear "device/oneplus/bacon"; -sed -i 's/android.hardware.nfc@1.0-impl/android.hardware.nfc@1.0-impl.so/' device-proprietary-files.txt; - enterAndClear "device/oppo/msm8974-common"; sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/