Denial fixes for clark, osprey, surnia, and g3-common

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2021-10-27 22:35:33 -04:00
parent ec043e961e
commit ecc4688ce0
36 changed files with 17 additions and 111 deletions

View File

@ -179,6 +179,3 @@ index 2176e634d..e2c1910d2 100644
#endif
--
2.31.1

View File

@ -20,6 +20,3 @@ index e7ca82f92..6c753091b 100644
}
genrule {
--
2.31.1

View File

@ -36,6 +36,3 @@ index 762c4572..6dd26123 100644
}
if (ota_type == OtaType::AB) {
--
2.31.1

View File

@ -54,6 +54,3 @@ index e5771cc941..6d2bc7c8a1 100644
PrintRecommendationService \
PrintSpooler \
ProxyHandler \
--
2.31.1

View File

@ -40,6 +40,3 @@ index 9460357ca1..be4bfec75e 100644
# Resolve and setup per-module dex-preopt configs.
DEXPREOPT_DISABLED_MODULES :=
# If a module has multiple setups, the first takes precedence.
--
2.31.1

View File

@ -21,6 +21,3 @@ index d3adee5ae2..83988bb603 100644
+ my_cflags += -fwrapv
+ endif
+endif
--
2.31.1

View File

@ -47,6 +47,3 @@ index c1b055afe..147ee2d88 100644
if Bool(sanitize.Properties.Sanitize.Address) {
if ctx.Arch().ArchType == android.Arm {
// Frame pointer based unwinder in ASan requires ARM frame setup.
--
2.31.1

View File

@ -29,6 +29,3 @@ index 1108551e..6b925655 100755
r_dir_file(mediaserver, sysfs_esoc)
#allow mediaserver system_app_data_file:file rw_file_perms;
--
2.31.1

View File

@ -36,6 +36,3 @@ index 33e506f1b7..5f9f8b558c 100644
private:
void refreshTypes();
audio_devices_t mDeviceTypes;
--
2.31.1

View File

@ -35,6 +35,3 @@ index 491bba2272ad..71fb465e8806 100644
native_agps_set_id(type, (setId == null) ? "" : setId);
}
--
2.31.1

View File

@ -20,6 +20,3 @@ index 2159f6f2f861..4e06c591a896 100644
private static final long FAIL_LOCKOUT_TIMEOUT_MS = 30 * 1000;
private static final String KEY_LOCKOUT_RESET_USER = "lockout_reset_user";
--
2.31.1

View File

@ -34,6 +34,3 @@ index 861b0d922d32..a9ad5aac0f0d 100644
}
String name = sa.getNonConfigurationString(
--
2.31.1

View File

@ -27,6 +27,3 @@ index f3c2777208ab..0560b7306a4e 100644
// Check if this is a secondary process that should be incorporated into some
// currently active instrumentation. (Note we do this AFTER all of the profiling
--
2.31.1

View File

@ -49,6 +49,3 @@ index ecf66861a401..b4576b0b6827 100644
}
private String getDefaultSystemHandlerActivityPackage(String intentAction, int userId) {
--
2.31.1

View File

@ -21,6 +21,3 @@ index 4df7d4902338..55104b4e0ee2 100644
<!-- Physical hardware -->
<uses-permission android:name="android.permission.MANAGE_USB" />
<uses-permission android:name="android.permission.CONTROL_DISPLAY_BRIGHTNESS" />
--
2.31.1

View File

@ -101,6 +101,3 @@ index 77875354d732..af535f62c10b 100644
};
/**
--
2.31.1

View File

@ -259,6 +259,3 @@ index 000000000000..941e1d44e145
+ refreshState(enabled);
+ }
+}
--
2.31.1

View File

@ -1,4 +1,4 @@
From ea55dc9108da5a0e24606a39e791d7f7905ed3c8 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Thu, 21 Oct 2021 20:54:37 -0400
Subject: [PATCH] Add more 'Private DNS' options
@ -21,7 +21,7 @@ Change-Id: Id75a774ce1ed109a83c6a5bf512536c643165d71
2 files changed, 170 insertions(+)
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
index 111a8c48a46c..09b445a57756 100644
index 111a8c48a46c..12102a140947 100644
--- a/core/java/android/net/ConnectivityManager.java
+++ b/core/java/android/net/ConnectivityManager.java
@@ -757,6 +757,58 @@ public class ConnectivityManager {
@ -226,6 +226,3 @@ index 2321afb7df43..85b5596ae688 100644
return new PrivateDnsConfig(useTls);
}
--
2.31.1

View File

@ -79,6 +79,3 @@ index 6bb250e7bb..58297122a5 100644
// Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
if (opCode < 0 || appOpAllowed) {
canAccess = true;
--
2.31.1

View File

@ -56,6 +56,3 @@ index cd788542f..10f1eb216 100644
LISTEN_EVENT_SND_DEVICE_FREE);
}
+#endif
--
2.31.1

View File

@ -58,6 +58,3 @@ index 4675fc39c..4a5d91a97 100644
int audio_extn_utils_get_license_params(
const struct audio_device *adev,
--
2.31.1

View File

@ -56,6 +56,3 @@ index 4675fc39c..4a5d91a97 100644
int audio_extn_utils_get_license_params(
const struct audio_device *adev,
--
2.31.1

View File

@ -183,6 +183,3 @@ index 5b65cc3d9..19e7fdc4f 100644
<item name="android:navigationBarColor">@android:color/transparent</item>
<item name="android:windowDrawsSystemBarBackgrounds">true</item>
<item name="android:colorPrimaryDark">@color/dialer_theme_color_dark</item>
--
2.31.1

View File

@ -138,6 +138,3 @@ index bdb1aa7..0097a52 100644
<ListPreference
android:key="sms_security_check_limit"
android:defaultValue="30"
--
2.31.1

View File

@ -357,6 +357,3 @@ index 8c686a54aa..f16d489331 100644
@Override
public void showMobilePlanMessageDialog() {
showDialog(MANAGE_MOBILE_PLAN_DIALOG_ID);
--
2.31.1

View File

@ -257,6 +257,3 @@ index 0000000000..2c29f3abfd
+ }
+ }
+}
--
2.31.1

View File

@ -90,6 +90,3 @@ index bb791abef8..2fdb410150 100644
- }
- }
}
--
2.31.1

View File

@ -1,4 +1,4 @@
From 2598236b073cab92b0766296467ab12005547a45 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Thu, 21 Oct 2021 21:09:38 -0400
Subject: [PATCH] Add more 'Private DNS' options
@ -136,7 +136,7 @@ index 641905dc01..3614dd7cd8 100644
android:id="@+id/private_dns_mode_opportunistic"
android:text="@string/private_dns_mode_opportunistic"
diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
index 12ad48e683..9ed50db5ad 100644
index 44fad8e762..fb2c7377cd 100644
--- a/res/values/cm_strings.xml
+++ b/res/values/cm_strings.xml
@@ -104,6 +104,21 @@
@ -252,7 +252,7 @@ index 1655c69cea..0beef5fc13 100644
mMode = PRIVATE_DNS_MODE_OPPORTUNISTIC;
break;
diff --git a/src/com/android/settings/network/PrivateDnsPreferenceController.java b/src/com/android/settings/network/PrivateDnsPreferenceController.java
index 47c3a95c9f..1ab3293cfb 100644
index 47c3a95c9f..5f4e0937c2 100644
--- a/src/com/android/settings/network/PrivateDnsPreferenceController.java
+++ b/src/com/android/settings/network/PrivateDnsPreferenceController.java
@@ -17,6 +17,19 @@
@ -334,6 +334,3 @@ index 47c3a95c9f..1ab3293cfb 100644
case PRIVATE_DNS_MODE_OPPORTUNISTIC:
// TODO (b/79122154) : create a string specifically for this, instead of
// hijacking a string from notifications. This is necessary at this time
--
2.31.1

View File

@ -181,6 +181,3 @@ index 5b32720..acb5018 100644
public static final String DISABLE_NAV_KEYS = "disable_nav_keys";
public static final String KEY_BUTTON_BACKLIGHT = "pre_navbar_button_backlight";
--
2.31.1

View File

@ -31,6 +31,3 @@ index caf80c9..048d865 100644
}
public static String getUpgradeBlockedURL(Context context) {
--
2.31.1

View File

@ -379,6 +379,3 @@ index 048d865..d1b5a74 100644
return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion;
}
--
2.31.1

View File

@ -54,6 +54,3 @@ index c80acdf51..e9fba7989 100644
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
--
2.31.1

View File

@ -20,6 +20,3 @@ index e9fba7989..c175bc4ac 100644
# F2FS tuning. Set cp_interval larger than dirty_expire_centisecs, 30 secs,
# to avoid power consumption when system becomes mostly idle. Be careful
# to make it too large, since it may bring userdata loss, if they
--
2.31.1

View File

@ -67,6 +67,3 @@ index adeb66aa..7b707b9f 100644
LOG(ERROR) << "Failed to find matching encryption policy for " << directory;
return false;
}
--
2.31.1

View File

@ -315,11 +315,18 @@ fi;
if enterAndClear "device/motorola/clark"; then
echo "recovery_only('" >> sepolicy/recovery.te; #304224: Allow recovery to unzip and chmod modem firmware
echo " allow firmware_file labeledfs:filesystem associate;" >> sepolicy/recovery.te;
echo " allow recovery firmware_file:dir search;" >> sepolicy/recovery.te;
echo " allow recovery firmware_file:file { open write };" >> sepolicy/recovery.te;
echo " allow recovery firmware_file:dir rw_dir_perms;" >> sepolicy/recovery.te;
echo " allow recovery firmware_file:file create_file_perms;" >> sepolicy/recovery.te;
echo "')" >> sepolicy/recovery.te;
fi;
if enterAndClear "device/motorola/msm8916-common"; then
rm sepolicy/recovery.te;
echo "recovery_only('" >> sepolicy/recovery.te; #304224: Allow recovery to unzip and chmod modem firmware
echo " allow firmware_file labeledfs:filesystem associate;" >> sepolicy/recovery.te;
echo " allow recovery firmware_file:dir rw_dir_perms;" >> sepolicy/recovery.te;
echo " allow recovery firmware_file:file create_file_perms;" >> sepolicy/recovery.te;
echo "')" >> sepolicy/recovery.te;
#sed -i '2isetenforce 0' releasetools/extract_firmware.sh;
#echo "setenforce 1" >> releasetools/extract_firmware.sh;
fi;
if enterAndClear "device/oneplus/avicii"; then

View File

@ -370,6 +370,7 @@ echo "allow hwaddrs self:capability { fowner };" >> sepolicy/hwaddrs.te;
echo "allow hwaddrs block_device:lnk_file { open };" >> sepolicy/hwaddrs.te;
echo "allow hwaddrs misc_block_device:blk_file { open read };" >> sepolicy/hwaddrs.te;
sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
echo "/sys/devices/qpnp-rtc-[a-f0-9]+/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0" >> sepolicy/file_contexts; #https://gitlab.com/LineageOS/issues/android/-/issues/3889
fi;
if enterAndClear "device/lge/mako"; then