Minor tweaks

Patches/LineageOS-14.1/android_system_core/0001-Harden.patch

@@ -27,22 +27,24 @@ index 7a370596e..35bf44a7b 100755
      }
  
      // We must have some place other than / to create the device nodes for
-diff --git a/rootdir/init.rc b/rootdir/init.rc
-index 498203c83..4875ff54b 100644
 --- a/rootdir/init.rc
 +++ b/rootdir/init.rc
-@@ -126,6 +126,14 @@ on init
+@@ -126,7 +126,18 @@ on init
      write /proc/sys/kernel/sched_child_runs_first 0
  
      write /proc/sys/kernel/randomize_va_space 2
++    write /proc/sys/kernel/dmesg_restrict 1
 +    write /proc/sys/fs/protected_hardlinks 1
 +    write /proc/sys/fs/protected_symlinks 1
 +    write /proc/sys/fs/protected_fifos 1
 +    write /proc/sys/fs/protected_regular 1
 +    write /proc/sys/net/ipv4/tcp_sack 0
 +    write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++    write /proc/sys/net/ipv6/conf/all/max_addresses 128
++    write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
 +    write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
-+    write /proc/sys/kernel/dmesg_restrict 1
++    write /proc/sys/net/ipv6/conf/default/max_addresses 128
++    write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
      write /proc/sys/kernel/kptr_restrict 2
      write /proc/sys/vm/mmap_min_addr 32768
      write /proc/sys/net/ipv4/ping_group_range "0 2147483647"

Patches/LineageOS-15.1/android_system_core/0001-Harden.patch

@@ -31,23 +31,24 @@ index 35fc442d0..b65686f93 100644
          mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL);
          mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
          mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8));
-diff --git a/rootdir/init.rc b/rootdir/init.rc
-index f9cb4a3ef..c3cea4eb6 100644
 --- a/rootdir/init.rc
 +++ b/rootdir/init.rc
-@@ -124,6 +124,15 @@ on init
+@@ -124,6 +124,18 @@ on init
      write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
      write /proc/sys/kernel/sched_child_runs_first 0
  
 +    write /proc/sys/kernel/dmesg_restrict 1
-+    write /proc/sys/kernel/kptr_restrict 2
 +    write /proc/sys/fs/protected_hardlinks 1
 +    write /proc/sys/fs/protected_symlinks 1
 +    write /proc/sys/fs/protected_fifos 1
 +    write /proc/sys/fs/protected_regular 1
 +    write /proc/sys/net/ipv4/tcp_sack 0
 +    write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++    write /proc/sys/net/ipv6/conf/all/max_addresses 128
++    write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
 +    write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
++    write /proc/sys/net/ipv6/conf/default/max_addresses 128
++    write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
      write /proc/sys/kernel/randomize_va_space 2
      write /proc/sys/vm/mmap_min_addr 32768
      write /proc/sys/net/ipv4/ping_group_range "0 2147483647"

Patches/LineageOS-16.0/android_system_core/0001-Harden.patch

@@ -31,23 +31,24 @@ index eb9dd755b..504a6d13e 100644
          mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL);
  
          mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
-diff --git a/rootdir/init.rc b/rootdir/init.rc
-index 4a8a60a96..acd1d06d1 100644
 --- a/rootdir/init.rc
 +++ b/rootdir/init.rc
-@@ -121,6 +121,15 @@ on init
+@@ -121,6 +121,18 @@ on init
      write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
      write /proc/sys/kernel/sched_child_runs_first 0
  
 +    write /proc/sys/kernel/dmesg_restrict 1
-+    write /proc/sys/kernel/kptr_restrict 2
 +    write /proc/sys/fs/protected_hardlinks 1
 +    write /proc/sys/fs/protected_symlinks 1
 +    write /proc/sys/fs/protected_fifos 1
 +    write /proc/sys/fs/protected_regular 1
 +    write /proc/sys/net/ipv4/tcp_sack 0
 +    write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++    write /proc/sys/net/ipv6/conf/all/max_addresses 128
++    write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
 +    write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
++    write /proc/sys/net/ipv6/conf/default/max_addresses 128
++    write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
      write /proc/sys/kernel/randomize_va_space 2
      write /proc/sys/vm/mmap_min_addr 32768
      write /proc/sys/net/ipv4/ping_group_range "0 2147483647"

Patches/LineageOS-17.1/android_system_core/0001-Harden.patch

@@ -32,23 +32,24 @@ index 2b899408a..84c2735c2 100644
      CHECKCALL(mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL));
  
      CHECKCALL(mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)));
-diff --git a/rootdir/init.rc b/rootdir/init.rc
-index 58a83e091..a28db476b 100644
 --- a/rootdir/init.rc
 +++ b/rootdir/init.rc
-@@ -140,6 +140,15 @@ on init
+@@ -140,6 +140,18 @@ on init
      write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
      write /proc/sys/kernel/sched_child_runs_first 0
  
 +    write /proc/sys/kernel/dmesg_restrict 1
-+    write /proc/sys/kernel/kptr_restrict 2
 +    write /proc/sys/fs/protected_hardlinks 1
 +    write /proc/sys/fs/protected_symlinks 1
 +    write /proc/sys/fs/protected_fifos 1
 +    write /proc/sys/fs/protected_regular 1
 +    write /proc/sys/net/ipv4/tcp_sack 0
 +    write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++    write /proc/sys/net/ipv6/conf/all/max_addresses 128
++    write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
 +    write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
++    write /proc/sys/net/ipv6/conf/default/max_addresses 128
++    write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
      write /proc/sys/kernel/randomize_va_space 2
      write /proc/sys/vm/mmap_min_addr 32768
      write /proc/sys/net/ipv4/ping_group_range "0 2147483647"