20.0: fixes + r11 churn

Signed-off-by: Tad <tad@spotco.us>
2025-05-02 14:36:17 -04:00 · 2022-10-16 11:06:48 -04:00 · 2022-10-16 11:06:48 -04:00 · e8248e4938
commit e8248e4938
parent 4524eb43d3
26 changed files with 410 additions and 55 deletions
--- a/Scripts/Common/Fix_CVE_Patchers.sh
+++ b/Scripts/Common/Fix_CVE_Patchers.sh
@ -76,8 +76,8 @@ commentPatches android_kernel_oneplus_msm8994.sh "CVE-2018-3585/3.10/0001.patch"
 commentPatches android_kernel_oneplus_msm8996.sh "CVE-2017-13162/3.18/0001.patch" "CVE-2017-15951" "CVE-2017-16939" "CVE-2018-17972" "CVE-2019-2214" "CVE-2019-14070/ANY/0006.patch" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166";
 commentPatches android_kernel_oneplus_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-11599" "CVE-2019-19319" "CVE-2020-0305" "CVE-2020-8992" "CVE-2020-16166";
 commentPatches android_kernel_oneplus_sm7250.sh "CVE-2018-5873" "CVE-2020-1749" "CVE-2021-3444" "CVE-2021-3600" "CVE-2021-30324" "CVE-2021-45469";
-commentPatches android_kernel_oneplus_sm8150.sh "CVE-2019-16746" "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-8992" "CVE-2020-24588/4.14/0018.patch" "CVE-2021-30324" "CVE-2021-45469" "CVE-2022-1184/^5.18/0001.patch";
-commentPatches android_kernel_oneplus_sm8250.sh "CVE-2018-5873" "CVE-2020-1749" "CVE-2021-3444" "CVE-2021-3600" "CVE-2022-1184/^5.18/0001.patch";
+commentPatches android_kernel_oneplus_sm8150.sh "CVE-2019-16746" "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-8992" "CVE-2020-24588/4.14/0018.patch" "CVE-2021-30324" "CVE-2021-45469" "CVE-2022-1184/^5.18/0001.patch" "CVE-2022-42703/4.14/0002.patch";
+commentPatches android_kernel_oneplus_sm8250.sh "CVE-2018-5873" "CVE-2020-1749" "CVE-2021-3444" "CVE-2021-3600" "CVE-2022-1184/^5.18/0001.patch" "CVE-2022-42703/4.19/0003.patch";
 commentPatches android_kernel_oneplus_sm8350.sh "CVE-2018-5873" "CVE-2022-1184/^5.18/0001.patch";
 commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-14070/ANY/0005.patch" "CVE-2020-16166";
 commentPatches android_kernel_samsung_apq8084.sh "0006-AndroidHardening-Kernel_Hardening/3.10/0009.patch";
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@ -999,7 +999,7 @@ hardenDefconfig() {
 	optionsNo+=("HARDENED_USERCOPY_FALLBACK");
 	optionsNo+=("SECURITY_SELINUX_DISABLE" "SECURITY_WRITABLE_HOOKS");
 	optionsNo+=("SLAB_MERGE_DEFAULT");
-	optionsNo+=("USERFAULTFD");
+	if [[ "$DOS_VERSION" != "LineageOS-20.0" ]]; then optionsNo+=("USERFAULTFD"); fi;
 	#optionsNo+=("CFI_PERMISSIVE");
 	#???
 	optionsNo+=("FB_MSM_MDSS_XLOG_DEBUG" "MSM_BUSPM_DEV" "MSMB_CAMERA_DEBUG" "MSM_CAMERA_DEBUG" "MSM_SMD_DEBUG");
--- a/Scripts/LineageOS-19.1/Functions.sh
+++ b/Scripts/LineageOS-19.1/Functions.sh
@ -97,7 +97,6 @@ buildAll() {
 	#SD765
 	buildDevice bramble avb; #superseded
 	buildDevice redfin avb; #superseded
-	#TODO: barbet
 	#SD670
 	buildDevice bonito avb;
 	buildDevice sargo avb;
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh
@ -371,7 +371,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-36946/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39188/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39842/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-40307/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.14/0002.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.14/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8250.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8250.sh
@ -347,7 +347,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39188/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39188/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39842/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-40307/4.19/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.19/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.19/0003.patch
 #git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3444/^5.11/0001.patch
--- a/Scripts/LineageOS-20.0/Functions.sh
+++ b/Scripts/LineageOS-20.0/Functions.sh
@ -55,21 +55,21 @@ buildAll() {
 	#buildDevice beryllium avb; #pending vendor
 	buildDevice enchilada avb;
 	buildDevice fajita avb;
-	#SD730
-	buildDevice sunfish avb;
 	#SD750
 	buildDevice FP4 avb;
 	#SD855
-	buildDevice guacamole avb;
-	buildDevice guacamoleb avb;
-	buildDevice hotdog avb;
-	buildDevice hotdogb avb;
+	buildDevice guacamole avb; #FIXME
+	buildDevice guacamoleb avb; #FIXME
+	buildDevice hotdog avb; #FIXME
+	buildDevice hotdogb avb; #FIXME
 	buildDevice coral avb;
 	buildDevice flame avb;
+	#SD730
+	buildDevice sunfish avb;
 	#SD865
-	buildDevice instantnoodle avb;
-	buildDevice instantnoodlep avb;
-	buildDevice kebab avb;
+	buildDevice instantnoodle avb; #FIXME
+	buildDevice instantnoodlep avb; #FIXME
+	buildDevice kebab avb; #FIXME
 	#SD888
 	buildDevice lemonade avb;
 	buildDevice lemonadep avb;
--- a/Scripts/LineageOS-20.0/Patch.sh
+++ b/Scripts/LineageOS-20.0/Patch.sh
@ -372,7 +372,6 @@ if enter "vendor/divested"; then
 awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides
 if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
 if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
-echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
 echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
 sed -i 's/OpenCamera/SecureCamera/' packages.mk #Use the GrapheneOS camera app
 awk -i inplace '!/speed-profile/' build/target/product/lowram.mk; #breaks compile on some dexpreopt devices
@ -418,6 +417,7 @@ cd "$DOS_BUILD_BASE";
 #rm -rfv device/*/*/overlay/CarrierConfigResCommon device/*/*/rro_overlays/CarrierConfigOverlay device/*/*/overlay/packages/apps/CarrierConfig/res/xml/vendor.xml;

 #Fix broken options enabled by hardenDefconfig()
+sed -i "s/CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y/# CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY is not set/" kernel/google/msm-4.14/arch/arm64/configs/*_defconfig; #impartial backport
 echo -e "\nCONFIG_DEBUG_FS=y" >> kernel/oneplus/sm8150/arch/arm64/configs/vendor/sm8150-perf_defconfig;
 echo -e "\nCONFIG_DEBUG_FS=n" >> kernel/oneplus/sm8250/arch/arm64/configs/vendor/kona-perf_defconfig;