Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity

20.0: fixes + r11 churn

Browse Source 
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2022-10-16 11:06:48 -04:00
parent 4524eb43d3
commit e8248e4938
No known key found for this signature in database
GPG Key ID: B286E9F57A07424B
26 changed files with 410 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Patches/LineageOS-20.0/android_frameworks_base/0003-SUPL_No_IMSI.patch
View File

@ -9,10 +9,10 @@ Change-Id: I5ccc4d61e52ac11ef33f44618d0e610089885b87
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/location/gnss/GnssLocationProvider.java b/services/core/java/com/android/server/location/gnss/GnssLocationProvider.java
index f5c2bbc8d5a2..8fddc9168eed 100644
index a6a3db11b729..6ddd57c1ff11 100644
--- a/services/core/java/com/android/server/location/gnss/GnssLocationProvider.java
+++ b/services/core/java/com/android/server/location/gnss/GnssLocationProvider.java
@@ -1694,6 +1694,11 @@ public class GnssLocationProvider extends AbstractLocationProvider implements
@@ -1721,6 +1721,11 @@ public class GnssLocationProvider extends AbstractLocationProvider implements
int type = AGPS_SETID_TYPE_NONE;
String setId = null;
@ -21,10 +21,10 @@ index f5c2bbc8d5a2..8fddc9168eed 100644
+ * As devices w/o SIM card also have working GPS, providing this data does
+ * not seem to add a lot of value, at least not for the device holder
+ *
int ddSubId = SubscriptionManager.getDefaultDataSubscriptionId();
if (SubscriptionManager.isValidSubscriptionId(ddSubId)) {
phone = phone.createForSubscriptionId(ddSubId);
@@ -1710,7 +1715,7 @@ public class GnssLocationProvider extends AbstractLocationProvider implements
int subId = SubscriptionManager.getDefaultDataSubscriptionId();
if (mNIHandler.getInEmergency() && mNetworkConnectivityHandler.getActiveSubId() >= 0) {
subId = mNetworkConnectivityHandler.getActiveSubId();
@@ -1740,7 +1745,7 @@ public class GnssLocationProvider extends AbstractLocationProvider implements
// This means the framework has the SIM card.
type = AGPS_SETID_TYPE_MSISDN;
}

2
Patches/LineageOS-20.0/android_frameworks_base/0014-Automatic_Reboot.patch
View File

@ -58,7 +58,7 @@ index 6755e6bee975..b89bdf3991d8 100644
<protected-broadcast android:name="com.android.settingslib.action.UNREGISTER_SLICE_RECEIVER" />
<protected-broadcast android:name="com.android.settings.flashlight.action.FLASHLIGHT_CHANGED" />
diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
index 38970f21f325..61d758b0e0fd 100644
index 368d6f5df584..a5f89bcb7482 100644
--- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
+++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
@@ -194,6 +194,8 @@ public class KeyguardViewMediator extends CoreStartable implements Dumpable,

4
Patches/LineageOS-20.0/android_frameworks_base/0023-Skip_Screen_Animation.patch
View File

@ -12,10 +12,10 @@ sensors.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java b/packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java
index 000f268cba69..d779bb216328 100644
index 269944d78c5f..e95270b6e880 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java
@@ -4058,7 +4058,7 @@ public class CentralSurfacesImpl extends CoreStartable implements
@@ -4042,7 +4042,7 @@ public class CentralSurfacesImpl extends CoreStartable implements
boolean launchingAffordanceWithPreview =
mNotificationPanelViewController.isLaunchingAffordanceWithPreview();

15
Patches/LineageOS-20.0/android_frameworks_base/0026-Crash_Details.patch
View File

@ -110,10 +110,10 @@ index c3b149a1e295..a47b82018377 100644
<Button
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index e5d90f00f327..055ba19fb30f 100644
index c6b60f586047..9b5916a91280 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -6314,4 +6314,7 @@ ul.</string>
@@ -6326,4 +6326,7 @@ ul.</string>
<!-- Title for preference of the system default locale. [CHAR LIMIT=50]-->
<string name="system_locale_title">System default</string>
@ -122,10 +122,10 @@ index e5d90f00f327..055ba19fb30f 100644
+ <string name="aerr_show_details">Show details</string>
</resources>
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index 6bb35facca7b..c4241414164f 100644
index 5aecc53bac78..37358f38aaef 100644
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -4798,5 +4798,8 @@
@@ -4803,6 +4803,9 @@
<java-symbol type="id" name="language_picker_item" />
<java-symbol type="id" name="language_picker_header" />
@ -133,7 +133,8 @@ index 6bb35facca7b..c4241414164f 100644
+ <java-symbol type="string" name="aerr_show_details" />
+
<java-symbol type="dimen" name="status_bar_height_default" />
</resources>
<java-symbol type="bool" name="system_server_plays_face_haptics" />
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
index b89bdf3991d8..0803cfae3ad5 100644
--- a/packages/SystemUI/AndroidManifest.xml
@ -157,10 +158,10 @@ index b89bdf3991d8..0803cfae3ad5 100644
</application>
</manifest>
diff --git a/packages/SystemUI/res/values/strings.xml b/packages/SystemUI/res/values/strings.xml
index af8d7ed22ed3..ea4409b20f2b 100644
index e144b43294c6..2ac23ad4e433 100644
--- a/packages/SystemUI/res/values/strings.xml
+++ b/packages/SystemUI/res/values/strings.xml
@@ -2539,4 +2539,9 @@
@@ -2552,4 +2552,9 @@
=1 {# notification}
other {# notifications}
}</string>

4
Patches/LineageOS-20.0/android_packages_apps_Settings/0005-Automatic_Reboot.patch
View File

@ -55,10 +55,10 @@ index 0632f72eb0..35e3247663 100644
<item msgid="6490061470416867723">Small</item>
<item msgid="3579015730662088893">Default</item>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 02a145b188..b8cfb4a71b 100644
index 04b2de208b..5d4879d123 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -696,6 +696,9 @@
@@ -701,6 +701,9 @@
<!-- Summary for settings checkbox to disable widgets when the setting has been disabled by an installed device admin [CHAR LIMIT=50] -->
<string name="security_enable_widgets_disabled_summary">Disabled by admin</string>

2
Patches/LineageOS-20.0/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch
View File

@ -67,7 +67,7 @@ index 35e3247663..5adc98d256 100644
<string-array name="screen_timeout_entries">
<item>15 seconds</item>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index b8cfb4a71b..a81f271aa3 100644
index 5d4879d123..6163398746 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -27,6 +27,25 @@

2
Patches/LineageOS-20.0/android_packages_apps_Settings/0007-WiFi_Timeout.patch
View File

@ -67,7 +67,7 @@ index 5adc98d256..9cac9fbee2 100644
<string-array name="screen_timeout_entries">
<item>15 seconds</item>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index a81f271aa3..bc13f31367 100644
index 6163398746..124473edde 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -46,6 +46,25 @@

4
Patches/LineageOS-20.0/android_packages_apps_Settings/0008-ptrace_scope.patch
View File

@ -12,10 +12,10 @@ Subject: [PATCH] add native debugging setting
create mode 100644 src/com/android/settings/security/NativeDebugPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index bc13f31367..dbc4e491f4 100644
index 124473edde..446fa056cd 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -737,6 +737,9 @@
@@ -742,6 +742,9 @@
<string name="auto_reboot_title">Auto reboot</string>
<string name="auto_reboot_summary">Automatically reboot the device, if the phone hasn\'t been unlocked within the selected number of hours.</string>

4
Patches/LineageOS-20.0/android_packages_apps_Settings/0009-Install_Restrictions.patch
View File

@ -10,10 +10,10 @@ Subject: [PATCH] UserManager app installation restrictions
3 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 7f05a40666..cad27ff267 100644
index 34cc6ff884..c1f4b6fcde 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -7778,6 +7778,8 @@
@@ -7799,6 +7799,8 @@
<string name="user_enable_calling">Turn on phone calls</string>
<!-- Title of preference to enable calling and SMS [CHAR LIMIT=45] -->
<string name="user_enable_calling_sms">Turn on phone calls &amp; SMS</string>

4
Patches/LineageOS-20.0/android_packages_apps_Settings/0010-exec_spawning_toggle.patch
View File

@ -12,10 +12,10 @@ Subject: [PATCH] add exec spawning toggle
create mode 100644 src/com/android/settings/security/ExecSpawnPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index dbc4e491f4..7f05a40666 100644
index 446fa056cd..34cc6ff884 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -737,6 +737,9 @@
@@ -742,6 +742,9 @@
<string name="auto_reboot_title">Auto reboot</string>
<string name="auto_reboot_summary">Automatically reboot the device, if the phone hasn\'t been unlocked within the selected number of hours.</string>

4
Patches/LineageOS-20.0/android_packages_apps_Settings/0012-hosts_toggle.patch
View File

@ -16,10 +16,10 @@ Change-Id: Ic01a142722372d9d57f52947025cd9db23e58ef4
create mode 100644 src/com/android/settings/security/HostsPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index cad27ff267..baed6e68f5 100644
index c1f4b6fcde..d9f4a37f2d 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -743,6 +743,9 @@
@@ -748,6 +748,9 @@
<string name="native_debug_title">Enable native code debugging</string>
<string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>

4
Patches/LineageOS-20.0/android_packages_apps_Settings/0013-Captive_Portal_Toggle.patch
View File

@ -46,10 +46,10 @@ index cfc7671652..7fac175770 100644
These are shown in a list dialog. -->
<string-array name="lock_after_timeout_entries">
diff --git a/res/values/strings.xml b/res/values/strings.xml
index baed6e68f5..f692139c80 100644
index d9f4a37f2d..bba0900122 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -14233,4 +14233,7 @@
@@ -14254,4 +14254,7 @@
<!-- [CHAR LIMIT=NONE] Hint for QR code process failure -->
<string name="bt_le_audio_qr_code_is_not_valid_format">QR code isn\u0027t a valid format</string>

2
Patches/LineageOS-20.0/android_system_core/0001-Harden.patch
View File

@ -37,7 +37,7 @@ index d050ed783..e828916d6 100644
CHECKCALL(mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)));
diff --git a/rootdir/init.rc b/rootdir/init.rc
index cd71aa8aa..96117071e 100644
index 870a97b55..cf3b6de8c 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -330,6 +330,17 @@ on init

4
Patches/LineageOS-20.0/android_system_core/0002-ptrace_scope.patch
View File

@ -9,10 +9,10 @@ Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
1 file changed, 6 insertions(+)
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 96117071e..e33ba79a3 100644
index cf3b6de8c..20c734f9f 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -1213,6 +1213,12 @@ on property:perf.drop_caches=3
@@ -1219,6 +1219,12 @@ on property:perf.drop_caches=3
on property:net.tcp_def_init_rwnd=*
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${net.tcp_def_init_rwnd}

4
Patches/LineageOS-20.0/android_system_core/0003-HM-Increase_vm_mmc.patch
View File

@ -9,10 +9,10 @@ Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
1 file changed, 2 insertions(+)
diff --git a/rootdir/init.rc b/rootdir/init.rc
index e33ba79a3..06fde2a63 100644
index 20c734f9f..1f428c6dc 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -1098,6 +1098,8 @@ on boot
@@ -1104,6 +1104,8 @@ on boot
symlink /sys/class/block/${dev.mnt.dev.data} /dev/sys/block/by-name/userdata
symlink /sys/class/block/${dev.mnt.rootdisk.data} /dev/sys/block/by-name/rootdisk

81
Patches/LineageOS-20.0/android_system_sepolicy/0002-protected_files.patch
View File

@ -4,11 +4,90 @@ Date: Thu, 18 Jul 2019 21:21:40 -0400
Subject: [PATCH] label protected_{fifos,regular} as proc_security
This is needed for init to override the default values.
[tad@spotco.us]: added to older targets to match
Change-Id: I76d0f3111de85be83489443bb9aec77599f4f371
---
prebuilts/api/28.0/private/genfs_contexts | 2 ++
prebuilts/api/29.0/private/genfs_contexts | 2 ++
prebuilts/api/30.0/private/genfs_contexts | 2 ++
prebuilts/api/31.0/private/genfs_contexts | 2 ++
prebuilts/api/32.0/private/genfs_contexts | 2 ++
prebuilts/api/33.0/private/genfs_contexts | 2 ++
private/genfs_contexts | 2 ++
2 files changed, 4 insertions(+)
7 files changed, 14 insertions(+)
diff --git a/prebuilts/api/28.0/private/genfs_contexts b/prebuilts/api/28.0/private/genfs_contexts
index 7e2ea5092..44ca95fd5 100644
--- a/prebuilts/api/28.0/private/genfs_contexts
+++ b/prebuilts/api/28.0/private/genfs_contexts
@@ -27,7 +27,9 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
index 380d4a050..804996685 100644
--- a/prebuilts/api/29.0/private/genfs_contexts
+++ b/prebuilts/api/29.0/private/genfs_contexts
@@ -34,7 +34,9 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts
index 89232bc01..53d7ffa9e 100644
--- a/prebuilts/api/30.0/private/genfs_contexts
+++ b/prebuilts/api/30.0/private/genfs_contexts
@@ -36,7 +36,9 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
diff --git a/prebuilts/api/31.0/private/genfs_contexts b/prebuilts/api/31.0/private/genfs_contexts
index 13bfb46e1..30f3496e6 100644
--- a/prebuilts/api/31.0/private/genfs_contexts
+++ b/prebuilts/api/31.0/private/genfs_contexts
@@ -39,7 +39,9 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
diff --git a/prebuilts/api/32.0/private/genfs_contexts b/prebuilts/api/32.0/private/genfs_contexts
index 13bfb46e1..30f3496e6 100644
--- a/prebuilts/api/32.0/private/genfs_contexts
+++ b/prebuilts/api/32.0/private/genfs_contexts
@@ -39,7 +39,9 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
diff --git a/prebuilts/api/33.0/private/genfs_contexts b/prebuilts/api/33.0/private/genfs_contexts
index 65784709c..6c4bf98eb 100644
--- a/prebuilts/api/33.0/private/genfs_contexts

210
Patches/LineageOS-20.0/android_system_sepolicy/0003-ptrace_scope-1.patch
View File

@ -3,15 +3,223 @@ From: flawedworld <flawedworld@flawed.world>
Date: Mon, 11 Oct 2021 02:33:31 +0100
Subject: [PATCH] allow init to control kernel.yama.ptrace_scope
[tad@spotco.us]: added to older targets to match
Change-Id: Idfbb70acab59a551bdb1f0e1a99b843d87d4362d
---
prebuilts/api/28.0/private/domain.te | 1 +
prebuilts/api/28.0/private/genfs_contexts | 1 +
prebuilts/api/28.0/public/init.te | 3 +++
prebuilts/api/29.0/private/domain.te | 1 +
prebuilts/api/29.0/private/genfs_contexts | 1 +
prebuilts/api/29.0/public/init.te | 3 +++
prebuilts/api/30.0/private/domain.te | 1 +
prebuilts/api/30.0/private/genfs_contexts | 1 +
prebuilts/api/30.0/public/init.te | 3 +++
prebuilts/api/31.0/private/domain.te | 1 +
prebuilts/api/31.0/private/genfs_contexts | 1 +
prebuilts/api/31.0/public/init.te | 3 +++
prebuilts/api/32.0/private/domain.te | 1 +
prebuilts/api/32.0/private/genfs_contexts | 1 +
prebuilts/api/32.0/public/init.te | 3 +++
prebuilts/api/33.0/private/domain.te | 1 +
prebuilts/api/33.0/private/genfs_contexts | 1 +
prebuilts/api/33.0/public/init.te | 3 +++
private/domain.te | 1 +
private/genfs_contexts | 1 +
public/init.te | 3 +++
6 files changed, 10 insertions(+)
21 files changed, 35 insertions(+)
diff --git a/prebuilts/api/28.0/private/domain.te b/prebuilts/api/28.0/private/domain.te
index 5053c287b..4d5cd4796 100644
--- a/prebuilts/api/28.0/private/domain.te
+++ b/prebuilts/api/28.0/private/domain.te
@@ -7,6 +7,7 @@ allow domain crash_dump:process sigchld;
# with other UIDs to these allowlisted domains.
neverallow {
domain
+ -init
-vold
-dumpstate
userdebug_or_eng(`-incidentd')
diff --git a/prebuilts/api/28.0/private/genfs_contexts b/prebuilts/api/28.0/private/genfs_contexts
index 44ca95fd5..89b55b28d 100644
--- a/prebuilts/api/28.0/private/genfs_contexts
+++ b/prebuilts/api/28.0/private/genfs_contexts
@@ -58,6 +58,7 @@ genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/yama/ptrace_scope u:object_r:proc_security:s0
genfscon proc /sys/net u:object_r:proc_net:s0
genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
diff --git a/prebuilts/api/28.0/public/init.te b/prebuilts/api/28.0/public/init.te
index dafc06f99..bc38c7760 100644
--- a/prebuilts/api/28.0/public/init.te
+++ b/prebuilts/api/28.0/public/init.te
@@ -112,6 +112,9 @@ allow init self:global_capability_class_set sys_time;
allow init self:global_capability_class_set { sys_rawio mknod };
+# Set /proc/sys/kernel/yama/ptrace_scope
+allow init self:capability { sys_ptrace };
+
# Mounting filesystems from block devices.
allow init dev_type:blk_file r_file_perms;
diff --git a/prebuilts/api/29.0/private/domain.te b/prebuilts/api/29.0/private/domain.te
index 447176ed0..74541b1be 100644
--- a/prebuilts/api/29.0/private/domain.te
+++ b/prebuilts/api/29.0/private/domain.te
@@ -86,6 +86,7 @@ userdebug_or_eng(`
# with other UIDs to these allowlisted domains.
neverallow {
domain
+ -init
-vold
userdebug_or_eng(`-llkd')
-dumpstate
diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
index 804996685..22a1ebf8d 100644
--- a/prebuilts/api/29.0/private/genfs_contexts
+++ b/prebuilts/api/29.0/private/genfs_contexts
@@ -68,6 +68,7 @@ genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/yama/ptrace_scope u:object_r:proc_security:s0
genfscon proc /sys/net u:object_r:proc_net:s0
genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
diff --git a/prebuilts/api/29.0/public/init.te b/prebuilts/api/29.0/public/init.te
index 2d52f5966..aa0036f1b 100644
--- a/prebuilts/api/29.0/public/init.te
+++ b/prebuilts/api/29.0/public/init.te
@@ -121,6 +121,9 @@ allow init self:global_capability_class_set sys_time;
allow init self:global_capability_class_set { sys_rawio mknod };
+# Set /proc/sys/kernel/yama/ptrace_scope
+allow init self:capability { sys_ptrace };
+
# Mounting filesystems from block devices.
allow init dev_type:blk_file r_file_perms;
allowxperm init dev_type:blk_file ioctl BLKROSET;
diff --git a/prebuilts/api/30.0/private/domain.te b/prebuilts/api/30.0/private/domain.te
index 430cb3f09..0b2c6ef25 100644
--- a/prebuilts/api/30.0/private/domain.te
+++ b/prebuilts/api/30.0/private/domain.te
@@ -125,6 +125,7 @@ allow domain boringssl_self_test_marker:dir search;
# with other UIDs to these allowlisted domains.
neverallow {
domain
+ -init
-vold
userdebug_or_eng(`-llkd')
-dumpstate
diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts
index 53d7ffa9e..e9c80fe8b 100644
--- a/prebuilts/api/30.0/private/genfs_contexts
+++ b/prebuilts/api/30.0/private/genfs_contexts
@@ -70,6 +70,7 @@ genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/yama/ptrace_scope u:object_r:proc_security:s0
genfscon proc /sys/net u:object_r:proc_net:s0
genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
diff --git a/prebuilts/api/30.0/public/init.te b/prebuilts/api/30.0/public/init.te
index 403b4c5e6..e7630cd98 100644
--- a/prebuilts/api/30.0/public/init.te
+++ b/prebuilts/api/30.0/public/init.te
@@ -144,6 +144,9 @@ allow init self:global_capability_class_set sys_time;
allow init self:global_capability_class_set { sys_rawio mknod };
+# Set /proc/sys/kernel/yama/ptrace_scope
+allow init self:capability { sys_ptrace };
+
# Mounting filesystems from block devices.
allow init dev_type:blk_file r_file_perms;
allowxperm init dev_type:blk_file ioctl BLKROSET;
diff --git a/prebuilts/api/31.0/private/domain.te b/prebuilts/api/31.0/private/domain.te
index b91d36d85..d4ca398de 100644
--- a/prebuilts/api/31.0/private/domain.te
+++ b/prebuilts/api/31.0/private/domain.te
@@ -116,6 +116,7 @@ allow domain boringssl_self_test_marker:dir search;
# with other UIDs to these allowlisted domains.
neverallow {
domain
+ -init
-vold
userdebug_or_eng(`-llkd')
-dumpstate
diff --git a/prebuilts/api/31.0/private/genfs_contexts b/prebuilts/api/31.0/private/genfs_contexts
index 30f3496e6..5c3332f1a 100644
--- a/prebuilts/api/31.0/private/genfs_contexts
+++ b/prebuilts/api/31.0/private/genfs_contexts
@@ -76,6 +76,7 @@ genfscon proc /sys/kernel/sched_util_clamp_min_rt_default u:object_r:proc_sched:
genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/yama/ptrace_scope u:object_r:proc_security:s0
genfscon proc /sys/net u:object_r:proc_net:s0
genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
diff --git a/prebuilts/api/31.0/public/init.te b/prebuilts/api/31.0/public/init.te
index ea5a9793d..49b23ee61 100644
--- a/prebuilts/api/31.0/public/init.te
+++ b/prebuilts/api/31.0/public/init.te
@@ -153,6 +153,9 @@ allow init self:global_capability_class_set sys_time;
allow init self:global_capability_class_set { sys_rawio mknod };
+# Set /proc/sys/kernel/yama/ptrace_scope
+allow init self:capability { sys_ptrace };
+
# Mounting filesystems from block devices.
allow init dev_type:blk_file r_file_perms;
allowxperm init dev_type:blk_file ioctl BLKROSET;
diff --git a/prebuilts/api/32.0/private/domain.te b/prebuilts/api/32.0/private/domain.te
index b91d36d85..d4ca398de 100644
--- a/prebuilts/api/32.0/private/domain.te
+++ b/prebuilts/api/32.0/private/domain.te
@@ -116,6 +116,7 @@ allow domain boringssl_self_test_marker:dir search;
# with other UIDs to these allowlisted domains.
neverallow {
domain
+ -init
-vold
userdebug_or_eng(`-llkd')
-dumpstate
diff --git a/prebuilts/api/32.0/private/genfs_contexts b/prebuilts/api/32.0/private/genfs_contexts
index 30f3496e6..5c3332f1a 100644
--- a/prebuilts/api/32.0/private/genfs_contexts
+++ b/prebuilts/api/32.0/private/genfs_contexts
@@ -76,6 +76,7 @@ genfscon proc /sys/kernel/sched_util_clamp_min_rt_default u:object_r:proc_sched:
genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/yama/ptrace_scope u:object_r:proc_security:s0
genfscon proc /sys/net u:object_r:proc_net:s0
genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
diff --git a/prebuilts/api/32.0/public/init.te b/prebuilts/api/32.0/public/init.te
index ea5a9793d..49b23ee61 100644
--- a/prebuilts/api/32.0/public/init.te
+++ b/prebuilts/api/32.0/public/init.te
@@ -153,6 +153,9 @@ allow init self:global_capability_class_set sys_time;
allow init self:global_capability_class_set { sys_rawio mknod };
+# Set /proc/sys/kernel/yama/ptrace_scope
+allow init self:capability { sys_ptrace };
+
# Mounting filesystems from block devices.
allow init dev_type:blk_file r_file_perms;
allowxperm init dev_type:blk_file ioctl BLKROSET;
diff --git a/prebuilts/api/33.0/private/domain.te b/prebuilts/api/33.0/private/domain.te
index 2ef688c39..2ff442563 100644
--- a/prebuilts/api/33.0/private/domain.te

70
Patches/LineageOS-20.0/android_system_sepolicy/0003-ptrace_scope-2.patch
View File

@ -3,11 +3,79 @@ From: flawedworld <flawedworld@flawed.world>
Date: Mon, 11 Oct 2021 02:35:13 +0100
Subject: [PATCH] allow system to use persist.native_debug
[tad@spotco.us]: added to older targets to match
Change-Id: I16c9a17fb5d48dd1e95b55579bbf287d499b5bcc
---
prebuilts/api/28.0/private/property_contexts | 1 +
prebuilts/api/29.0/private/property_contexts | 1 +
prebuilts/api/30.0/private/property_contexts | 1 +
prebuilts/api/31.0/private/property_contexts | 1 +
prebuilts/api/32.0/private/property_contexts | 1 +
prebuilts/api/33.0/private/property_contexts | 1 +
private/property_contexts | 1 +
2 files changed, 2 insertions(+)
7 files changed, 7 insertions(+)
diff --git a/prebuilts/api/28.0/private/property_contexts b/prebuilts/api/28.0/private/property_contexts
index 32be0b377..afe0f70fe 100644
--- a/prebuilts/api/28.0/private/property_contexts
+++ b/prebuilts/api/28.0/private/property_contexts
@@ -44,6 +44,7 @@ service.adb.tcp.port u:object_r:shell_prop:s0
persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
+persist.native_debug u:object_r:system_prop:s0
persist.logd. u:object_r:logd_prop:s0
ro.logd. u:object_r:logd_prop:s0
persist.logd.security u:object_r:device_logging_prop:s0
diff --git a/prebuilts/api/29.0/private/property_contexts b/prebuilts/api/29.0/private/property_contexts
index cb81ba693..f1fbfebd0 100644
--- a/prebuilts/api/29.0/private/property_contexts
+++ b/prebuilts/api/29.0/private/property_contexts
@@ -49,6 +49,7 @@ service.adb.tcp.port u:object_r:shell_prop:s0
persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
+persist.native_debug u:object_r:system_prop:s0
persist.logd. u:object_r:logd_prop:s0
ro.logd. u:object_r:logd_prop:s0
persist.logd.security u:object_r:device_logging_prop:s0
diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts
index 7908bb107..5f2dae1e5 100644
--- a/prebuilts/api/30.0/private/property_contexts
+++ b/prebuilts/api/30.0/private/property_contexts
@@ -57,6 +57,7 @@ persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
persist.nfc_cfg. u:object_r:nfc_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
+persist.native_debug u:object_r:system_prop:s0
persist.logd. u:object_r:logd_prop:s0
ro.logd. u:object_r:logd_prop:s0
persist.logd.security u:object_r:device_logging_prop:s0
diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts
index e0700fe0a..3a5ca4db1 100644
--- a/prebuilts/api/31.0/private/property_contexts
+++ b/prebuilts/api/31.0/private/property_contexts
@@ -54,6 +54,7 @@ persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
persist.nfc_cfg. u:object_r:nfc_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
+persist.native_debug u:object_r:system_prop:s0
logd. u:object_r:logd_prop:s0
persist.logd. u:object_r:logd_prop:s0
ro.logd. u:object_r:logd_prop:s0
diff --git a/prebuilts/api/32.0/private/property_contexts b/prebuilts/api/32.0/private/property_contexts
index f235b35b7..895b8f1df 100644
--- a/prebuilts/api/32.0/private/property_contexts
+++ b/prebuilts/api/32.0/private/property_contexts
@@ -54,6 +54,7 @@ persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
persist.nfc_cfg. u:object_r:nfc_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
+persist.native_debug u:object_r:system_prop:s0
logd. u:object_r:logd_prop:s0
persist.logd. u:object_r:logd_prop:s0
ro.logd. u:object_r:logd_prop:s0
diff --git a/prebuilts/api/33.0/private/property_contexts b/prebuilts/api/33.0/private/property_contexts
index 1b2360d18..061f7fb59 100644
--- a/prebuilts/api/33.0/private/property_contexts

2
PrebuiltApps

@ -1 +1 @@
Subproject commit 06ac85aa9a84680b22721786f596d2721ef9048e
Subproject commit 12aecd89a51e26d965a841592f00fa883c04c724

4
Scripts/Common/Fix_CVE_Patchers.sh
View File

@ -76,8 +76,8 @@ commentPatches android_kernel_oneplus_msm8994.sh "CVE-2018-3585/3.10/0001.patch"
commentPatches android_kernel_oneplus_msm8996.sh "CVE-2017-13162/3.18/0001.patch" "CVE-2017-15951" "CVE-2017-16939" "CVE-2018-17972" "CVE-2019-2214" "CVE-2019-14070/ANY/0006.patch" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166";
commentPatches android_kernel_oneplus_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-11599" "CVE-2019-19319" "CVE-2020-0305" "CVE-2020-8992" "CVE-2020-16166";
commentPatches android_kernel_oneplus_sm7250.sh "CVE-2018-5873" "CVE-2020-1749" "CVE-2021-3444" "CVE-2021-3600" "CVE-2021-30324" "CVE-2021-45469";
commentPatches android_kernel_oneplus_sm8150.sh "CVE-2019-16746" "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-8992" "CVE-2020-24588/4.14/0018.patch" "CVE-2021-30324" "CVE-2021-45469" "CVE-2022-1184/^5.18/0001.patch";
commentPatches android_kernel_oneplus_sm8250.sh "CVE-2018-5873" "CVE-2020-1749" "CVE-2021-3444" "CVE-2021-3600" "CVE-2022-1184/^5.18/0001.patch";
commentPatches android_kernel_oneplus_sm8150.sh "CVE-2019-16746" "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-8992" "CVE-2020-24588/4.14/0018.patch" "CVE-2021-30324" "CVE-2021-45469" "CVE-2022-1184/^5.18/0001.patch" "CVE-2022-42703/4.14/0002.patch";
commentPatches android_kernel_oneplus_sm8250.sh "CVE-2018-5873" "CVE-2020-1749" "CVE-2021-3444" "CVE-2021-3600" "CVE-2022-1184/^5.18/0001.patch" "CVE-2022-42703/4.19/0003.patch";
commentPatches android_kernel_oneplus_sm8350.sh "CVE-2018-5873" "CVE-2022-1184/^5.18/0001.patch";
commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-14070/ANY/0005.patch" "CVE-2020-16166";
commentPatches android_kernel_samsung_apq8084.sh "0006-AndroidHardening-Kernel_Hardening/3.10/0009.patch";

2
Scripts/Common/Functions.sh
View File

@ -999,7 +999,7 @@ hardenDefconfig() {
optionsNo+=("HARDENED_USERCOPY_FALLBACK");
optionsNo+=("SECURITY_SELINUX_DISABLE" "SECURITY_WRITABLE_HOOKS");
optionsNo+=("SLAB_MERGE_DEFAULT");
optionsNo+=("USERFAULTFD");
if [[ "$DOS_VERSION" != "LineageOS-20.0" ]]; then optionsNo+=("USERFAULTFD"); fi;
#optionsNo+=("CFI_PERMISSIVE");
#???
optionsNo+=("FB_MSM_MDSS_XLOG_DEBUG" "MSM_BUSPM_DEV" "MSMB_CAMERA_DEBUG" "MSM_CAMERA_DEBUG" "MSM_SMD_DEBUG");

1
Scripts/LineageOS-19.1/Functions.sh
View File

@ -97,7 +97,6 @@ buildAll() {
#SD765
buildDevice bramble avb; #superseded
buildDevice redfin avb; #superseded
#TODO: barbet
#SD670
buildDevice bonito avb;
buildDevice sargo avb;

2
Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh
View File

@ -371,7 +371,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-36946/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39188/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39842/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-40307/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.14/0002.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.14/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch

2
Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8250.sh
View File

@ -347,7 +347,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39188/4.19/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39188/4.19/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39842/4.19/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-40307/4.19/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.19/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.19/0003.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3444/^5.11/0001.patch

18
Scripts/LineageOS-20.0/Functions.sh
View File

@ -55,21 +55,21 @@ buildAll() {
#buildDevice beryllium avb; #pending vendor
buildDevice enchilada avb;
buildDevice fajita avb;
#SD730
buildDevice sunfish avb;
#SD750
buildDevice FP4 avb;
#SD855
buildDevice guacamole avb;
buildDevice guacamoleb avb;
buildDevice hotdog avb;
buildDevice hotdogb avb;
buildDevice guacamole avb; #FIXME
buildDevice guacamoleb avb; #FIXME
buildDevice hotdog avb; #FIXME
buildDevice hotdogb avb; #FIXME
buildDevice coral avb;
buildDevice flame avb;
#SD730
buildDevice sunfish avb;
#SD865
buildDevice instantnoodle avb;
buildDevice instantnoodlep avb;
buildDevice kebab avb;
buildDevice instantnoodle avb; #FIXME
buildDevice instantnoodlep avb; #FIXME
buildDevice kebab avb; #FIXME
#SD888
buildDevice lemonade avb;
buildDevice lemonadep avb;

2
Scripts/LineageOS-20.0/Patch.sh
View File

@ -372,7 +372,6 @@ if enter "vendor/divested"; then
awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
sed -i 's/OpenCamera/SecureCamera/' packages.mk #Use the GrapheneOS camera app
awk -i inplace '!/speed-profile/' build/target/product/lowram.mk; #breaks compile on some dexpreopt devices
@ -418,6 +417,7 @@ cd "$DOS_BUILD_BASE";
#rm -rfv device/*/*/overlay/CarrierConfigResCommon device/*/*/rro_overlays/CarrierConfigOverlay device/*/*/overlay/packages/apps/CarrierConfig/res/xml/vendor.xml;
#Fix broken options enabled by hardenDefconfig()
sed -i "s/CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y/# CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY is not set/" kernel/google/msm-4.14/arch/arm64/configs/*_defconfig; #impartial backport
echo -e "\nCONFIG_DEBUG_FS=y" >> kernel/oneplus/sm8150/arch/arm64/configs/vendor/sm8150-perf_defconfig;
echo -e "\nCONFIG_DEBUG_FS=n" >> kernel/oneplus/sm8250/arch/arm64/configs/vendor/kona-perf_defconfig;