Small tweaks

Sad churn from git version.
Will be removed next build cycle.

Signed-off-by: Tad <tad@spotco.us>

Patches/LineageOS-18.1/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch

@@ -37,5 +37,5 @@ index 5b7ef524..513f43df 100644
  
    if (ota_type == OtaType::AB) {
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_build/0001-Enable_fwrapv.patch

@@ -22,5 +22,5 @@ index efb21e7c6a..41d7fe5dbf 100644
 +  endif
 +endif
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_build/0002-OTA_Keys.patch

@@ -68,5 +68,5 @@ index d6a8b5378d..8bc882d621 100644
  	$(SOONG_ZIP) -o $@ -j \
  	    $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file))
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_build_soong/0001-Enable_fwrapv.patch

@@ -48,5 +48,5 @@ index 463a02ac2..7c92b41dc 100644
  		if ctx.Arch().ArchType == android.Arm {
  			// Frame pointer based unwinder in ASan requires ARM frame setup.
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_device_lge_mako/0001-LTE.patch

@@ -66,5 +66,5 @@ index 6398872..81ca1bb 100644
      ro.telephony.call_ring.multiple=0
  
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch

@@ -30,5 +30,5 @@ index 1108551e..6b925655 100755
  r_dir_file(mediaserver, sysfs_esoc)
  #allow mediaserver system_app_data_file:file rw_file_perms;
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_base/0003-SUPL_No_IMSI.patch

@@ -34,5 +34,5 @@ index 8d1d3afab5c5..7c72a2016d15 100644
          native_agps_set_id(type, (setId == null) ? "" : setId);
      }
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_base/0004-Fingerprint_Lockout.patch

@@ -21,5 +21,5 @@ index 5b51aa6e72ac..79451e535e45 100644
      private static final String KEY_LOCKOUT_RESET_USER = "lockout_reset_user";
  
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_base/0006-Disable_Analytics.patch

@@ -35,5 +35,5 @@ index 70e4e6cbf622..f79a52c7d827 100644
  
          String name = sa.getNonConfigurationString(
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_base/0007-Always_Restict_Serial.patch

@@ -28,5 +28,5 @@ index 0ae9cc279e68..6c99f8d8525e 100644
              // Check if this is a secondary process that should be incorporated into some
              // currently active instrumentation.  (Note we do this AFTER all of the profiling
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_base/0008-Browser_No_Location.patch

@@ -54,5 +54,5 @@ index cd53fb9ba52f..a08cbb5ceecd 100644
  
      private String getDefaultSystemHandlerActivityPackage(PackageManagerWrapper pm,
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch

@@ -22,5 +22,5 @@ index 6bee19745c87..ac231c5fafbe 100644
      <uses-permission android:name="android.permission.MANAGE_USB" />
      <uses-permission android:name="android.permission.CONTROL_DISPLAY_BRIGHTNESS" />
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_base/0010-Sensors.patch

@@ -103,5 +103,5 @@ index 6baabb69e028..fb685b57e0a6 100644
  
      /**
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_base/0011-Restore_SensorsOff.patch

@@ -260,5 +260,5 @@ index 000000000000..941e1d44e145
 +    }
 +}
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_base/0012-Private_DNS.patch

@@ -227,5 +227,5 @@ index cf6a7f6e8d70..5d3de9edc930 100644
      }
  
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_frameworks_native/0001-Sensors.patch

@@ -72,5 +72,5 @@ index 3ca34bba1b..8a62b2bb9c 100644
          // Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
          if (opCode < 0 || appOpAllowed) {
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_hardware_qcom_audio/0001-Unused-8996.patch

@@ -57,5 +57,5 @@ index cd788542f..10f1eb216 100644
  }
 +#endif
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_hardware_qcom_audio/0001-Unused-8998.patch

@@ -59,5 +59,5 @@ index 4675fc39c..4a5d91a97 100644
  int audio_extn_utils_get_license_params(
          const struct audio_device *adev,
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_hardware_qcom_audio/0001-Unused-sdm845.patch

@@ -59,5 +59,5 @@ index 0ba2f4f82..d179f4f03 100644
  int audio_extn_utils_get_license_params(
          const struct audio_device *adev,
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_hardware_qcom_audio/0001-Unused-sm8150.patch

@@ -57,5 +57,5 @@ index fa826f57f..473511fb5 100644
  int audio_extn_utils_get_license_params(
          const struct audio_device *adev,
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_kernel_oneplus_sdm845/4.9.277-qc.patch

@@ -121837,5 +121837,5 @@ index 4e4bb5dd2dcd..db859b595dba 100644
  	synchronize_srcu_expedited(&kvm->srcu);
  	kfree(bus);
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_apps_Dialer/0001-Not_Private_Banner.patch

@@ -184,5 +184,5 @@ index 5b65cc3d9..19e7fdc4f 100644
      <item name="android:windowDrawsSystemBarBackgrounds">true</item>
      <item name="android:colorPrimaryDark">@color/dialer_theme_color_dark</item>
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_apps_LineageParts/0001-Remove_Analytics.patch

@@ -139,5 +139,5 @@ index bdb1aa7..0097a52 100644
              android:key="sms_security_check_limit"
              android:defaultValue="30"
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch

@@ -343,5 +343,5 @@ index db704ae850..f4c5363d80 100644
      public void showMobilePlanMessageDialog() {
          showDialog(MANAGE_MOBILE_PLAN_DIALOG_ID);
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_apps_Settings/0002-Sensors.patch

@@ -256,5 +256,5 @@ index 0000000000..2c29f3abfd
 +    }
 +}
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch

@@ -95,5 +95,5 @@ index 916c6c9291..fd92d17a60 100644
       * Tile to control the "Wireless debugging" developer setting
       */
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_apps_Settings/0004-Private_DNS.patch

@@ -317,5 +317,5 @@ index 84cae88f85..4d62f64947 100644
                  return dnsesResolved ? res.getString(R.string.private_dns_mode_on)
                          : res.getString(R.string.private_dns_mode_opportunistic);
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch

@@ -176,5 +176,5 @@ index b1755c7..c299457 100644
      public static final String ENABLE_RECOVERY_UPDATE = "enable_recovery_update";
      public static final String UPDATE_RECOVERY_PROP = "persist.vendor.recovery_update";
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_apps_Updater/0001-Server.patch

@@ -32,5 +32,5 @@ index 0aa5fd5..0b41c25 100644
  
      public static String getUpgradeBlockedURL(Context context) {
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_apps_Updater/0002-Tor_Support.patch

@@ -396,5 +396,5 @@ index 0b41c25..022f549 100644
          return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion;
      }
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_providers_TelephonyProvider/304614.patch

@@ -133,5 +133,5 @@ index 3cb4abeb..b1b3146d 100644
                              throw new XmlPullParserException("Expected 'apn' tag", parser, null);
                          }
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_packages_providers_TelephonyProvider/312102.patch

@@ -105,5 +105,5 @@ index b1b3146d..6bddde93 100644
      }
  
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_system_core/0001-Harden.patch

@@ -57,5 +57,5 @@ index a9af0b094..f19b7484d 100644
      write /proc/sys/vm/mmap_min_addr 32768
      write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
 -- 
-2.31.1
+2.32.0
 

Patches/LineageOS-18.1/android_system_extras/0001-ext4_pad_filenames.patch

@@ -34,5 +34,5 @@ index a52ed90c..7852349f 100644
      // Use DIRECT_KEY for Adiantum, since it's much more efficient but just as
      // secure since Android doesn't reuse the same master key for multiple
 -- 
-2.31.1
+2.32.0
 

PrebuiltApps

@@ -1 +1 @@
-Subproject commit 66d69d990bc8a3c4a0bdec87e5d693b002412382
+Subproject commit 88e8f72710ce3b3c3f9f12c048e6546fd839ca91

Scripts/Common/Fix_CVE_Patchers.sh

@@ -49,6 +49,7 @@ commentPatches android_kernel_google_marlin.sh "0001-LinuxIncrementals/3.18/3.18
 commentPatches android_kernel_google_msm.sh "CVE-2017-11015/prima" "CVE-2021-Misc2/ANY/0031.patch";
 commentPatches android_kernel_google_msm-4.9.sh "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-1749" "CVE-2020-8992";
 commentPatches android_kernel_google_redbull.sh "CVE-2018-5873" "CVE-2021-3444" "CVE-2021-3600";
+commentPatches android_kernel_google_sunfish.sh "CVE-2021-20317";
 commentPatches android_kernel_google_wahoo.sh "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-14047/ANY/0002.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992" "CVE-2020-16166";
 commentPatches android_kernel_google_yellowstone.sh "0001-LinuxIncrementals/3.10/3.10.0098-0099.patch" "CVE-2018-9514";
 commentPatches android_kernel_huawei_angler.sh "CVE-2014-8559";

Scripts/Common/Functions.sh

@@ -61,7 +61,7 @@ applyPatchReal() {
 		if git am "$@"; then
 			if [ "$DOS_REFRESH_PATCHES" = true ]; then
 				if [[ "$currentWorkingPatch" == $DOS_PATCHES* ]]; then
-					git format-patch -1 HEAD --zero-commit --output="$currentWorkingPatch";
+					git format-patch -1 HEAD --zero-commit --no-signature --output="$currentWorkingPatch";
 				fi;
 			fi;
 		fi;

Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_sunfish.sh

@@ -121,7 +121,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3679/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3732/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3744/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3753/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20317/4.14/0004.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20317/4.14/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20320/^5.15/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20321/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-21781/4.14/0002.patch

Scripts/LineageOS-18.1/Patch.sh

@@ -358,11 +358,17 @@ fi;
 
 if enterAndClear "device/lge/g2-common"; then
 sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+echo "allow hwaddrs self:capability { fowner };" >> sepolicy/hwaddrs.te;
+echo "allow hwaddrs block_device:lnk_file { open };" >> sepolicy/hwaddrs.te;
+echo "allow hwaddrs misc_block_device:blk_file { open read };" >> sepolicy/hwaddrs.te;
 awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools
 fi;
 
 if enterAndClear "device/lge/g3-common"; then
 sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+echo "allow hwaddrs self:capability { fowner };" >> sepolicy/hwaddrs.te;
+echo "allow hwaddrs block_device:lnk_file { open };" >> sepolicy/hwaddrs.te;
+echo "allow hwaddrs misc_block_device:blk_file { open read };" >> sepolicy/hwaddrs.te;
 sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
 fi;
 
@@ -378,6 +384,8 @@ fi;
 
 if enterAndClear "device/lge/msm8996-common"; then
 sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+echo "allow hwaddrs self:capability { fowner };" >> sepolicy/hwaddrs.te;
+echo "allow hwaddrs block_device:lnk_file { open };" >> sepolicy/hwaddrs.te;
 awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage
 echo "type sensors_data_file, file_type, data_file_type, core_data_file_type;" >> sepolicy/file.te; #only included in -userdebug
 fi;