Minor tweaks

This commit is contained in:
Tad 2020-05-13 17:25:52 -04:00
parent 2aa65e6b16
commit f5462dd23c
7 changed files with 26 additions and 20 deletions

View File

@ -75,7 +75,7 @@
<project path="external/bson" name="LineageOS/android_external_bson" remote="github" /> <project path="external/bson" name="LineageOS/android_external_bson" remote="github" />
<project path="external/sony/boringssl-compat" name="LineageOS/android_external_sony_boringssl-compat" remote="github" /> <project path="external/sony/boringssl-compat" name="LineageOS/android_external_sony_boringssl-compat" remote="github" />
<project path="hardware/sony/thermanager" name="LineageOS/android_hardware_sony_thermanager" remote="github" /> <project path="hardware/sony/thermanager" name="LineageOS/android_hardware_sony_thermanager" remote="github" />
<project path="hardware/sony/timekeep" name="LineageOS/android_hardware_sony_timekeep" remote="github" /> <!--<project path="hardware/sony/timekeep" name="LineageOS/android_hardware_sony_timekeep" remote="github" />-->
<project path="kernel/google/msm" name="LineageOS/android_kernel_google_msm" remote="github" /> <project path="kernel/google/msm" name="LineageOS/android_kernel_google_msm" remote="github" />
<!-- Essential PH-1 (mata) --> <!-- Essential PH-1 (mata) -->

View File

@ -27,22 +27,24 @@ index 7a370596e..35bf44a7b 100755
} }
// We must have some place other than / to create the device nodes for // We must have some place other than / to create the device nodes for
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 498203c83..4875ff54b 100644
--- a/rootdir/init.rc --- a/rootdir/init.rc
+++ b/rootdir/init.rc +++ b/rootdir/init.rc
@@ -126,6 +126,14 @@ on init @@ -126,7 +126,18 @@ on init
write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/kernel/randomize_va_space 2
+ write /proc/sys/kernel/dmesg_restrict 1
+ write /proc/sys/fs/protected_hardlinks 1 + write /proc/sys/fs/protected_hardlinks 1
+ write /proc/sys/fs/protected_symlinks 1 + write /proc/sys/fs/protected_symlinks 1
+ write /proc/sys/fs/protected_fifos 1 + write /proc/sys/fs/protected_fifos 1
+ write /proc/sys/fs/protected_regular 1 + write /proc/sys/fs/protected_regular 1
+ write /proc/sys/net/ipv4/tcp_sack 0 + write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2 + write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/all/max_addresses 128
+ write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2 + write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
+ write /proc/sys/kernel/dmesg_restrict 1 + write /proc/sys/net/ipv6/conf/default/max_addresses 128
+ write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
write /proc/sys/kernel/kptr_restrict 2 write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647" write /proc/sys/net/ipv4/ping_group_range "0 2147483647"

View File

@ -31,23 +31,24 @@ index 35fc442d0..b65686f93 100644
mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL); mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL);
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)); mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8)); mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8));
diff --git a/rootdir/init.rc b/rootdir/init.rc
index f9cb4a3ef..c3cea4eb6 100644
--- a/rootdir/init.rc --- a/rootdir/init.rc
+++ b/rootdir/init.rc +++ b/rootdir/init.rc
@@ -124,6 +124,15 @@ on init @@ -124,6 +124,18 @@ on init
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/sched_child_runs_first 0
+ write /proc/sys/kernel/dmesg_restrict 1 + write /proc/sys/kernel/dmesg_restrict 1
+ write /proc/sys/kernel/kptr_restrict 2
+ write /proc/sys/fs/protected_hardlinks 1 + write /proc/sys/fs/protected_hardlinks 1
+ write /proc/sys/fs/protected_symlinks 1 + write /proc/sys/fs/protected_symlinks 1
+ write /proc/sys/fs/protected_fifos 1 + write /proc/sys/fs/protected_fifos 1
+ write /proc/sys/fs/protected_regular 1 + write /proc/sys/fs/protected_regular 1
+ write /proc/sys/net/ipv4/tcp_sack 0 + write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2 + write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/all/max_addresses 128
+ write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2 + write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/default/max_addresses 128
+ write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647" write /proc/sys/net/ipv4/ping_group_range "0 2147483647"

View File

@ -31,23 +31,24 @@ index eb9dd755b..504a6d13e 100644
mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL); mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL);
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)); mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 4a8a60a96..acd1d06d1 100644
--- a/rootdir/init.rc --- a/rootdir/init.rc
+++ b/rootdir/init.rc +++ b/rootdir/init.rc
@@ -121,6 +121,15 @@ on init @@ -121,6 +121,18 @@ on init
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/sched_child_runs_first 0
+ write /proc/sys/kernel/dmesg_restrict 1 + write /proc/sys/kernel/dmesg_restrict 1
+ write /proc/sys/kernel/kptr_restrict 2
+ write /proc/sys/fs/protected_hardlinks 1 + write /proc/sys/fs/protected_hardlinks 1
+ write /proc/sys/fs/protected_symlinks 1 + write /proc/sys/fs/protected_symlinks 1
+ write /proc/sys/fs/protected_fifos 1 + write /proc/sys/fs/protected_fifos 1
+ write /proc/sys/fs/protected_regular 1 + write /proc/sys/fs/protected_regular 1
+ write /proc/sys/net/ipv4/tcp_sack 0 + write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2 + write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/all/max_addresses 128
+ write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2 + write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/default/max_addresses 128
+ write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647" write /proc/sys/net/ipv4/ping_group_range "0 2147483647"

View File

@ -32,23 +32,24 @@ index 2b899408a..84c2735c2 100644
CHECKCALL(mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL)); CHECKCALL(mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL));
CHECKCALL(mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11))); CHECKCALL(mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)));
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 58a83e091..a28db476b 100644
--- a/rootdir/init.rc --- a/rootdir/init.rc
+++ b/rootdir/init.rc +++ b/rootdir/init.rc
@@ -140,6 +140,15 @@ on init @@ -140,6 +140,18 @@ on init
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/sched_child_runs_first 0
+ write /proc/sys/kernel/dmesg_restrict 1 + write /proc/sys/kernel/dmesg_restrict 1
+ write /proc/sys/kernel/kptr_restrict 2
+ write /proc/sys/fs/protected_hardlinks 1 + write /proc/sys/fs/protected_hardlinks 1
+ write /proc/sys/fs/protected_symlinks 1 + write /proc/sys/fs/protected_symlinks 1
+ write /proc/sys/fs/protected_fifos 1 + write /proc/sys/fs/protected_fifos 1
+ write /proc/sys/fs/protected_regular 1 + write /proc/sys/fs/protected_regular 1
+ write /proc/sys/net/ipv4/tcp_sack 0 + write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2 + write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/all/max_addresses 128
+ write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2 + write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/default/max_addresses 128
+ write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647" write /proc/sys/net/ipv4/ping_group_range "0 2147483647"

View File

@ -24,6 +24,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9919/^4.8.12/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
@ -76,7 +77,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10614/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14038/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
@ -89,10 +89,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2264/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2333/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2333/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2341/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2341/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8992/^5.5.3/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch
editKernelLocalversion "-dos.p94" editKernelLocalversion "-dos.p95"
cd "$DOS_BUILD_BASE" cd "$DOS_BUILD_BASE"

View File

@ -79,7 +79,7 @@ buildAll() {
buildDevice cheryl; buildDevice cheryl;
buildDevice mata verity; buildDevice mata verity;
#SD660 #SD660
buildDevice Amber verity; #TimeKeep error buildDevice Amber verity;
} }
export -f buildAll; export -f buildAll;