Many changes

- Disable patches with restrictive licenses by default
- Update LICENSE
- Fixup the fix for F-Droid building
- 15.1: Fix forceencrypt on mako
- 15.1: Fix crashes when accessing factory reset and development settings menus
 on devices without support for factory reset protection or oem unlocking

LICENSE

@@ -2,17 +2,20 @@ Copyright (c) 2017-2018 Spot Communications, Inc.
 
 Below are the license mappings for all of the files found in this repository. All attempts have been made to ensure accuracy of the corresponding license files. If you've found an issue please file an issue or pull request.
 
-Changelogs - GPLv3
 Manifests - GPLv3
 Misc - GPLv3
-Patches/Android - Apache-2.0
-Patches/LineageOS-*/
-	android_packages_apps_FDroid* - GPLv2
-	android_packages_apps_Silence - GPLv2
-	android_kernel_* - GPLv2
-	[Everything Else] - Apache-2.0
-Patches/Linux - GPLv2
-Patches/Wallpapers - Unsplash License https://unsplash.com/license
+Patches/
+	Android - Apache-2.0
+	LineageOS-*/
+		android_packages_apps_FDroid* - GPLv2
+		android_kernel_* - GPLv2
+		*/Copperhead/* - Copperhead CC BY-NC-SA, Only enabled via NON_COMMERCIAL_USE_PATCHES option
+		[Everything Else] - Apache-2.0
+	Linux - GPLv2
+	Wallpapers - Unsplash License https://unsplash.com/license
+PrebuiltApps/
+	android_vendor_FDroid_PrebuiltApps/Packages - Dependent on app
+	[Everything Else] - GPLv3
 Scripts - GPLv3
 
 

Misc/audit2allow-mako.txt

@@ -2,8 +2,5 @@
 allow install_recovery unlabeled:dir { add_name remove_name write };
 allow install_recovery unlabeled:file { create open setattr unlink write };
 
-#============= kickstart ==============
-allow kickstart usbfs:dir search;
-
 #============= vold ==============
 allow vold persist_file:dir { ioctl open read };

Patches/LineageOS-15.1/android_packages_apps_Settings/0004-PDB_Fixes.patch

@@ -0,0 +1,67 @@
+From e297ea5bd7bf902d6ed606c24cc0ab902dc6943b Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Mon, 23 Apr 2018 15:40:11 -0400
+Subject: [PATCH] Fix crashes when the PersistentDataBlockManager service isn't
+ available
+
+Change-Id: I58b82270ed052526004889deb8a2ede072e2da3b
+---
+ .../android/settings/MasterClearConfirm.java    | 17 ++++++++++++-----
+ .../development/DevelopmentSettings.java        |  5 ++++-
+ 2 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/src/com/android/settings/MasterClearConfirm.java b/src/com/android/settings/MasterClearConfirm.java
+index 39bf01a0d9..8be58e8c85 100644
+--- a/src/com/android/settings/MasterClearConfirm.java
++++ b/src/com/android/settings/MasterClearConfirm.java
+@@ -22,6 +22,7 @@ import android.content.Intent;
+ import android.content.pm.ActivityInfo;
+ import android.os.AsyncTask;
+ import android.os.Bundle;
++import android.os.SystemProperties;
+ import android.os.UserHandle;
+ import android.os.UserManager;
+ import android.service.oemlock.OemLockManager;
+@@ -65,12 +66,18 @@ public class MasterClearConfirm extends OptionsMenuFragment {
+                 return;
+             }
+ 
+-            final PersistentDataBlockManager pdbManager = (PersistentDataBlockManager)
+-                    getActivity().getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
+-            final OemLockManager oemLockManager = (OemLockManager)
+-                    getActivity().getSystemService(Context.OEM_LOCK_SERVICE);
++            PersistentDataBlockManager pdbManagerTmp = null;
++            OemLockManager oemLockManager = null;
++            if (!SystemProperties.get("ro.frp.pst").equals("")) {
++                pdbManagerTmp = (PersistentDataBlockManager)
++                        getActivity().getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
++                oemLockManager = (OemLockManager)
++                        getActivity().getSystemService(Context.OEM_LOCK_SERVICE);
++            }
++
++            final PersistentDataBlockManager pdbManager = pdbManagerTmp;
+ 
+-            if (pdbManager != null && !oemLockManager.isOemUnlockAllowed() &&
++            if (pdbManager != null && oemLockManager != null && !oemLockManager.isOemUnlockAllowed() &&
+                     Utils.isDeviceProvisioned(getActivity())) {
+                 // if OEM unlock is allowed, the persistent data block will be wiped during FR
+                 // process. If disabled, it will be wiped here, unless the device is still being
+diff --git a/src/com/android/settings/development/DevelopmentSettings.java b/src/com/android/settings/development/DevelopmentSettings.java
+index b29add1aa7..ac3d8a3273 100644
+--- a/src/com/android/settings/development/DevelopmentSettings.java
++++ b/src/com/android/settings/development/DevelopmentSettings.java
+@@ -420,7 +420,10 @@ public class DevelopmentSettings extends RestrictedSettingsFragment
+         mBackupManager = IBackupManager.Stub.asInterface(
+                 ServiceManager.getService(Context.BACKUP_SERVICE));
+         mWebViewUpdateService = WebViewFactory.getUpdateService();
+-        mOemLockManager = (OemLockManager) getSystemService(Context.OEM_LOCK_SERVICE);
++        mOemLockManager = null;
++        if(SystemProperties.getBoolean("ro.oem_unlock_supported", false)) {
++            mOemLockManager = (OemLockManager) getSystemService(Context.OEM_LOCK_SERVICE);
++        }
+         mTelephonyManager = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
+ 
+         mUm = (UserManager) getSystemService(Context.USER_SERVICE);
+-- 
+2.17.0
+

PrebuiltApps

@@ -1 +1 @@
-Subproject commit 571ea024b15791864430510819efb3d11446668e
+Subproject commit 6ae6550c9237c43257f67078d31899f484f0b396

Scripts/Common/Functions.sh

@@ -96,10 +96,8 @@ export -f enableZram;
 
 enableForcedEncryption() {
 	cd $base$1;
-	if [[ $1 != "device/lge/mako" ]]; then #Forced encryption seems to prevent some devices from booting
-		sed -i 's|encryptable=/|forceencrypt=/|' fstab.* root/fstab.* rootdir/fstab.* rootdir/etc/fstab.* &>/dev/null || true;
-		echo "Enabled forceencrypt for $1";
-	fi;
+	sed -i 's|encryptable=/|forceencrypt=/|' fstab.* root/fstab.* rootdir/fstab.* rootdir/etc/fstab.* &>/dev/null || true;
+	echo "Enabled forceencrypt for $1";
 	cd $base;
 }
 export -f enableForcedEncryption;

Scripts/LineageOS-14.1/00init.sh

@@ -43,7 +43,7 @@ export JACK_SERVER_VM_ARGUMENTS="${ANDROID_JACK_VM_ARGS}";
 
 export GRADLE_OPTS="-Xmx2048m";
 
-export NON_COMMERCIAL_USE_PATCHES=true; #Switch to false to prevent inclusion of non-commercial use patches
+export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches
 
 source $scriptsCommon"/Functions.sh";
 source $scripts"/Functions.sh";

Scripts/LineageOS-14.1/Patch.sh

@@ -62,14 +62,14 @@ enterAndClear "bootable/recovery";
 patch -p1 < $patches"android_bootable_recovery/0001-Squash_Menus.patch"; #What's a back button?
 
 enterAndClear "build";
-patch -p1 < $patches"android_build/0001-Automated_Build_Signing.patch" #Automated build signing. Disclaimer: From CopperheadOS 13.0
+patch -p1 < $patches"android_build/0001-Automated_Build_Signing.patch" #Automated build signing (CopperheadOS-13.0)
 sed -i 's/messaging/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence
 
 enterAndClear "device/qcom/sepolicy";
 patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #Fix camera on user builds XXX: REMOVE THIS TRASH
 
 enterAndClear "external/sqlite";
-patch -p1 < $patches"android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default. Disclaimer: From CopperheadOS 13.0
+patch -p1 < $patches"android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0)
 
 enterAndClear "frameworks/base";
 git revert 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #re-enable doze on devices without gms
@@ -108,7 +108,7 @@ sed -i 's/ext.androidBuildVersionTools = "24.0.3"/ext.androidBuildVersionTools =
 
 enterAndClear "packages/apps/FDroid";
 cp $patches"android_packages_apps_FDroid/default_repos.xml" app/src/main/res/values/default_repos.xml; #Add extra repos
-sed -i 's|outputs/apk/|outputs/apk/release/' Android.mk;
+sed -i 's|outputs/apk/|outputs/apk/release/|' Android.mk;
 sed -i 's|gradle|./gradlew|' Android.mk; #Gradle 4.0 fix
 sed -i 's|/$(fdroid_dir) \&\&| \&\&|' Android.mk; #One line wouldn't work... no matter what I tried.
 #TODO: Change the package ID until https://gitlab.com/fdroid/fdroidclient/issues/843 is implemented
@@ -129,7 +129,7 @@ enterAndClear "packages/apps/PackageInstaller";
 patch -p1 < $patches"android_packages_apps_PackageInstaller/64d8b44.diff"; #Fix an issue with Permission Review
 
 enterAndClear "packages/apps/Settings";
-git revert 2ebe6058c546194a301c1fd22963d6be4adbf961;
+git revert 2ebe6058c546194a301c1fd22963d6be4adbf961; #don't hide oem unlock
 sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length
 sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; #MicroG doesn't support Backup, hide the options
 
@@ -156,12 +156,12 @@ enterAndClear "packages/inputmethods/LatinIME";
 patch -p1 < $patches"android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
 
 enterAndClear "packages/services/Telephony";
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_packages_services_Telephony/0001-LTE_Only.patch"; fi; #LTE only preferred network mode choice. XXX: NEEDS SIGNOFF FROM COPPERHEAD
+if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_packages_services_Telephony/Copperhead/0001-LTE_Only.patch"; fi; #LTE only preferred network mode choice (Copperhead CC BY-NC-SA)
 
 enterAndClear "system/core";
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then cat /tmp/ar/hosts >> rootdir/etc/hosts; fi; #Merge in our HOSTS file XXX: Switch to /hsc for release
+then cat /tmp/ar/hosts >> rootdir/etc/hosts; #Merge in our HOSTS file
 git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
-patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid. Disclaimer: From CopperheadOS 13.0
+patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
 
 enterAndClear "system/keymaster";
 patch -p1 < $patches"android_system_keymaster/0001-Backport_Fixes.patch"; #Fixes from 8.1, appears to fix https://jira.lineageos.org/browse/BUGBASH-590

Scripts/LineageOS-15.1/00init.sh

@@ -43,7 +43,7 @@ export JACK_SERVER_VM_ARGUMENTS="${ANDROID_JACK_VM_ARGS}";
 
 export GRADLE_OPTS="-Xmx2048m";
 
-export NON_COMMERCIAL_USE_PATCHES=true; #Switch to false to prevent inclusion of non-commercial use patches
+export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches
 
 source $scriptsCommon"/Functions.sh";
 source $scripts"/Functions.sh";

Scripts/LineageOS-15.1/Patch.sh

@@ -59,8 +59,8 @@ cp -r $prebuiltApps"Fennec_DOS-Shim" $base"packages/apps/"; #Add a shim to insta
 cp -r $prebuiltApps"android_vendor_FDroid_PrebuiltApps/." $base"vendor/fdroid_prebuilt/"; #Add the prebuilt apps
 
 enterAndClear "build/make";
-patch -p1 < $patches"android_build/0001-Automated_Build_Signing.patch"; #Automated build signing. Disclaimer: From CopperheadOS 13.0
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_build/0002-Deny_USB.patch"; fi; #Deny USB support XXX: NEEDS SIGNOFF FROM COPPERHEAD
+patch -p1 < $patches"android_build/0001-Automated_Build_Signing.patch"; #Automated build signing (CopperheadOS-13.0)
+if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_build/Copperhead/0002-Deny_USB.patch"; fi; #Deny USB support (Copperhead CC BY-NC-SA)
 awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
 sed -i 's/messaging/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence
 
@@ -78,7 +78,7 @@ sed -i 's|config_permissionReviewRequired">false|config_permissionReviewRequired
 patch -p1 < $patches"android_frameworks_base/0002-Signature_Spoofing.patch"; #Allow packages to spoof their signature (microG)
 patch -p1 < $patches"android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; #Restrict signature spoofing to system apps signed with the platform key
 patch -p1 < $patches"android_frameworks_base/0004-OpenNIC.patch"; #Change fallback and tethering DNS servers to OpenNIC AnyCast
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_frameworks_base/0005-Deny_USB.patch"; fi; #Deny USB support XXX: NEEDS SIGNOFF FROM COPPERHEAD
+if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_frameworks_base/Copperhead/0005-Deny_USB.patch"; fi; #Deny USB support (Copperhead CC BY-NC-SA)
 rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
 rm core/res/res/values/config.xml.orig core/res/res/values/strings.xml.orig;
 
@@ -104,10 +104,11 @@ sed -i 's/ext.androidBuildVersionTools = "24.0.3"/ext.androidBuildVersionTools =
 
 enterAndClear "packages/apps/FDroid";
 cp $patches"android_packages_apps_FDroid/default_repos.xml" app/src/main/res/values/default_repos.xml; #Add extra repos
-sed -i 's|outputs/apk/|outputs/apk/release/' Android.mk;
+sed -i 's|outputs/apk/|outputs/apk/release/|' Android.mk;
 sed -i 's|gradle|./gradlew|' Android.mk; #Gradle 4.0 fix
 sed -i 's|/$(fdroid_dir) \&\&| \&\&|' Android.mk; #One line wouldn't work... no matter what I tried.
 #TODO: Change the package ID until https://gitlab.com/fdroid/fdroidclient/issues/843 is implemented
+#TODO: WifiPermissionsUtil: Denied: no location permission
 
 enterAndClear "packages/apps/FDroidPrivilegedExtension";
 patch -p1 < $patches"android_packages_apps_FDroidPrivilegedExtension/0001-Release_Key.patch"; #Change to release key
@@ -128,8 +129,10 @@ patch -p1 < $patches"android_packages_apps_LineageParts/0001-Remove_Analytics-Pr
 rm AndroidManifest.xml.orig res/values/*.xml.orig;
 
 enterAndClear "packages/apps/Settings";
+git revert a96df110e84123fe1273bff54feca3b4ca484dcd; #don't hide oem unlock
 patch -p1 < $patches"android_packages_apps_Settings/0002-Remove_Analytics.patch"; #Remove analytics
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_packages_apps_Settings/0003-Deny_USB.patch"; fi; #Deny USB support XXX: NEEDS SIGNOFF FROM COPPERHEAD
+if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_packages_apps_Settings/Copperhead/0003-Deny_USB.patch"; fi; #Deny USB support (Copperhead CC BY-NC-SA)
+patch -p1 < $patches"android_packages_apps_Settings/0004-PDB_Fixes.patch"; #Fix crashes when the PersistentDataBlockManager service isn't available
 sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length
 sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; #MicroG doesn't support Backup, hide the options
 rm res/values/strings.xml.orig;
@@ -154,18 +157,18 @@ enterAndClear "packages/inputmethods/LatinIME";
 patch -p1 < $patches"android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
 
 enterAndClear "packages/services/Telephony";
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_packages_services_Telephony/0001-LTE_Only.patch"; fi; #LTE only preferred network mode choice. XXX: NEEDS SIGNOFF FROM COPPERHEAD
+if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_packages_services_Telephony/Copperhead/0001-LTE_Only.patch"; fi; #LTE only preferred network mode choice. (Copperhead CC BY-NC-SA)
 
 enterAndClear "system/core";
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then cat /tmp/ar/hosts >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
+cat /tmp/ar/hosts >> rootdir/etc/hosts; #Merge in our HOSTS file
 git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
-patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid. Disclaimer: From CopperheadOS 13.0
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_system_core/0002-Deny_USB.patch"; fi; #Deny USB support XXX: NEEDS SIGNOFF FROM COPPERHEAD
+patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
+if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_system_core/Copperhead/0002-Deny_USB.patch"; fi; #Deny USB support (Copperhead CC BY-NC-SA)
+#if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_system_core/0003-Deny_USB-Aggressive.patch"; fi; #Deny USB on boot, may break things
 
 enterAndClear "system/sepolicy";
 patch -p1 < $patches"android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_system_sepolicy/0002-Deny_USB.patch"; fi; #Deny USB support XXX: NEEDS SIGNOFF FROM COPPERHEAD
-if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_system_sepolicy/0003-Deny_USB-Aggressive.patch"; fi; #Deny USB on boot
+if [ "$NON_COMMERCIAL_USE_PATCHES" = true ]; then patch -p1 < $patches"android_system_sepolicy/Copperhead/0002-Deny_USB.patch"; fi; #Deny USB support (Copperhead CC BY-NC-SA)
 
 enterAndClear "system/vold";
 patch -p1 < $patches"android_system_vold/0001-AES256.patch"; #Add a variable for enabling AES-256 bit encryption
@@ -199,6 +202,7 @@ echo "/dev/block/platform/msm_sdcc\.1/by-name/pad     u:object_r:misc_block_devi
 
 enterAndClear "device/lge/mako";
 cp $patches"android_device_lge_mako/proprietary-blobs.txt" proprietary-blobs.txt; #update that? nah
+echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
 
 enterAndClear "device/oppo/msm8974-common";
 sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/