mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-25 07:29:24 -05:00
tuna fixes + fdroid priv changes
This commit is contained in:
parent
b9ff7a74e6
commit
fccc124868
@ -219,8 +219,11 @@
|
||||
<project path="kernel/samsung/smdk4412" name="LineageOS/android_kernel_samsung_smdk4412" remote="github" />
|
||||
<project path="packages/apps/SamsungServiceMode" name="LineageOS/android_packages_apps_SamsungServiceMode" remote="github" />
|
||||
|
||||
<!-- Samsung Galaxy Nexus Unified (maguro) -->
|
||||
<!-- Samsung Galaxy Nexus (maguro/toro(plus)) -->
|
||||
<project path="prebuilts/gcc/linux-x86/arm/arm-eabi-4.7" name="platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.7" remote="aosp" revision="refs/tags/android-4.4.4_r2" />
|
||||
<project path="device/samsung/maguro" name="Galaxy-Nexus/android_device_samsung_maguro" remote="github" />
|
||||
<project path="device/samsung/toro" name="LineageOS/android_device_samsung_toro" remote="github" revision="cm-13.0" />
|
||||
<project path="device/samsung/toroplus" name="LineageOS/android_device_samsung_toroplus" remote="github" revision="cm-13.0" />
|
||||
<project path="device/samsung/tuna" name="Galaxy-Nexus/android_device_samsung_tuna" remote="github" />
|
||||
<project path="kernel/samsung/tuna" name="Galaxy-Nexus/android_kernel_samsung_tuna" remote="github" />
|
||||
|
||||
|
@ -16,11 +16,13 @@ PRODUCT_PROPERTY_OVERRIDES += \
|
||||
ro.config.alarm_alert=Alarm_Buzzer.ogg \
|
||||
keyguard.no_require_sim=true \
|
||||
ro.build.selinux=1 \
|
||||
ro.storage_manager.enabled=true
|
||||
ro.storage_manager.enabled=true \
|
||||
ro.control_privapp_permissions=log
|
||||
|
||||
#Copy extra files
|
||||
PRODUCT_COPY_FILES += \
|
||||
vendor/divested/prebuilts/etc/additional_fdroid_repos.xml:system/etc/org.fdroid.fdroid/additional_repos.xml
|
||||
vendor/divested/prebuilts/etc/additional_fdroid_repos.xml:system/etc/org.fdroid.fdroid/additional_repos.xml \
|
||||
vendor/divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml:system/etc/permissions/permissions_org.fdroid.fdroid.privileged.xml
|
||||
|
||||
#Include packages
|
||||
#PRODUCT_PACKAGES += ModuleBlocker
|
||||
|
@ -0,0 +1,7 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<permissions>
|
||||
<privapp-permissions package="org.fdroid.fdroid.privileged">
|
||||
<permission name="android.permission.DELETE_PACKAGES"/>
|
||||
<permission name="android.permission.INSTALL_PACKAGES"/>
|
||||
</privapp-permissions>
|
||||
</permissions>
|
@ -0,0 +1,84 @@
|
||||
From c11a7f1d4f05a13cacb8c6ebbaeee0400b6654e6 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Wed, 13 Feb 2019 21:14:04 -0500
|
||||
Subject: [PATCH] audit2allow sepolicies
|
||||
|
||||
Change-Id: I8a43008d22b302ed54838251e328619de5c1f890
|
||||
---
|
||||
sepolicy/init.te | 3 +++
|
||||
sepolicy/logd.te | 1 +
|
||||
sepolicy/netd.te | 1 +
|
||||
sepolicy/platform_app.te | 1 +
|
||||
sepolicy/rild.te | 5 +++++
|
||||
sepolicy/sysinit.te | 1 +
|
||||
sepolicy/system_server.te | 2 ++
|
||||
7 files changed, 14 insertions(+)
|
||||
create mode 100644 sepolicy/logd.te
|
||||
create mode 100644 sepolicy/netd.te
|
||||
create mode 100644 sepolicy/sysinit.te
|
||||
|
||||
diff --git a/sepolicy/init.te b/sepolicy/init.te
|
||||
index 13c8bd4..c0980a6 100644
|
||||
--- a/sepolicy/init.te
|
||||
+++ b/sepolicy/init.te
|
||||
@@ -7,3 +7,6 @@ allow init tmpfs:lnk_file create;
|
||||
|
||||
# For 'cpuset' module requests
|
||||
allow init kernel:system module_request;
|
||||
+
|
||||
+allow init block_device:lnk_file relabelfrom;
|
||||
+allow init perfprofd_exec:file getattr;
|
||||
diff --git a/sepolicy/logd.te b/sepolicy/logd.te
|
||||
new file mode 100644
|
||||
index 0000000..2e9f1eb
|
||||
--- /dev/null
|
||||
+++ b/sepolicy/logd.te
|
||||
@@ -0,0 +1 @@
|
||||
+allow logd unlabeled:dir search;
|
||||
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
|
||||
new file mode 100644
|
||||
index 0000000..af9fbc1
|
||||
--- /dev/null
|
||||
+++ b/sepolicy/netd.te
|
||||
@@ -0,0 +1 @@
|
||||
+allow netd kernel:system module_request;
|
||||
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
|
||||
index 4d92e6b..dadb55e 100644
|
||||
--- a/sepolicy/platform_app.te
|
||||
+++ b/sepolicy/platform_app.te
|
||||
@@ -1 +1,2 @@
|
||||
allow platform_app nfc_service:service_manager find;
|
||||
+allow platform_app system_app_data_file:dir getattr;
|
||||
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
|
||||
index 7c72874..5e35cf9 100644
|
||||
--- a/sepolicy/rild.te
|
||||
+++ b/sepolicy/rild.te
|
||||
@@ -19,3 +19,8 @@ allow rild logcat_exec:file { getattr read open execute execute_no_trans };
|
||||
# Device-specific calls could be moved into their respective device trees
|
||||
# in the future.
|
||||
allowxperm rild self:unix_stream_socket ioctl { 0x89a0 0x89a2 0x89a3 0x89f0 };
|
||||
+allow rild system_file:file execmod;
|
||||
+allow rild toolbox_exec:file getattr;
|
||||
+allow rild toolbox_exec:file execute;
|
||||
+allow rild toolbox_exec:file { open read };
|
||||
+allow rild toolbox_exec:file execute_no_trans;
|
||||
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
|
||||
new file mode 100644
|
||||
index 0000000..5cd8eb3
|
||||
--- /dev/null
|
||||
+++ b/sepolicy/sysinit.te
|
||||
@@ -0,0 +1 @@
|
||||
+allow sysinit userinit_exec:file execute;
|
||||
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
|
||||
index e59d7c6..d78ffbb 100644
|
||||
--- a/sepolicy/system_server.te
|
||||
+++ b/sepolicy/system_server.te
|
||||
@@ -1,3 +1,5 @@
|
||||
# system_server
|
||||
|
||||
# Needed for /system/vendor/lib/hw/gps.omap4.so
|
||||
+
|
||||
+allow system_server wifi_log_prop:property_service set;
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit 0add8d90b47dce0fc13356146666405a9459ee89
|
||||
Subproject commit c36aabfba7d338166ea996167f24acb3d839f94c
|
@ -251,9 +251,12 @@ echo "Deblobbing..."
|
||||
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
|
||||
|
||||
#[Sprint]
|
||||
blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk";
|
||||
blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk|SDM.apk|SecPhone.apk";
|
||||
ipcSec=$ipcSec"|238:4294967295:1001:3004";
|
||||
|
||||
#SyncML
|
||||
blobs=$blobs"|SyncMLSvc.apk|libsyncml_core.so|libsyncml_port.so";
|
||||
|
||||
#Thermal Throttling [Qualcomm]
|
||||
#blobs=$blobs"|libthermalclient.so|libthermalioctl.so|thermal-engine";
|
||||
|
||||
@ -269,7 +272,7 @@ echo "Deblobbing..."
|
||||
#blobs=$blobs"|venus.b00|venus.b01|venus.b02|venus.b03|venus.b04|venus.mbn|venus.mdt";
|
||||
|
||||
#[Verizon]
|
||||
blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml|VerizonAuthDialog.apk";
|
||||
blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml|VerizonAuthDialog.apk|com.vzw.hardware.lte.xml|com.vzw.hardware.ehrpd.xml";
|
||||
|
||||
#Voice Recognition
|
||||
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.*.so|libgcs.*.so|vendor.qti.voiceprint.*";
|
||||
@ -280,6 +283,7 @@ echo "Deblobbing..."
|
||||
|
||||
#Widevine (DRM) [Google]
|
||||
blobs=$blobs"|com.google.widevine.software.drm.jar|com.google.widevine.software.drm.xml|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvhidl.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so|libdrmmtkutil.so";
|
||||
#blobs=$blobs"|smc_pa_wvdrm.ift"; breaks toro boot
|
||||
blobs=$blobs"|tzwidevine.*|tzwvcpybuf.*|widevine.*";
|
||||
makes=$makes"|libshim_wvm";
|
||||
|
||||
|
@ -50,7 +50,6 @@ buildAll() {
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
#Select devices are userdebug due to SELinux policy issues
|
||||
brunch lineage_clark-user;
|
||||
brunch lineage_maguro-user; #deprecated
|
||||
brunch lineage_thor-userdebug; #deprecated
|
||||
brunch lineage_grouper-user; #deprecated and needs manual patching (one-repo vendor blob patch)
|
||||
brunch lineage_h815-user; #deprecated
|
||||
@ -59,9 +58,12 @@ buildAll() {
|
||||
brunch lineage_i9100-userdebug;
|
||||
brunch lineage_i9305-user; #deprecated?
|
||||
brunch lineage_jfltexx-user;
|
||||
brunch lineage_maguro-user; #deprecated
|
||||
brunch lineage_manta-user; #deprecated
|
||||
brunch lineage_n5110-user;
|
||||
brunch lineage_osprey-user;
|
||||
#brunch lineage_toro-user; #deprecated
|
||||
#brunch lineage_toroplus-user; #deprecated
|
||||
brunch lineage_Z00T-user; #deprecated
|
||||
|
||||
#The following are all superseded, and should only be enabled if the newer version is broken (not building/booting/etc.)
|
||||
@ -117,7 +119,8 @@ export -f patchWorkspace;
|
||||
|
||||
enableDexPreOpt() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then #Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
|
||||
#Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
|
||||
if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
|
||||
if [ -f BoardConfig.mk ]; then
|
||||
echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
|
||||
echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
|
||||
|
@ -220,16 +220,18 @@ rm board-info.txt; #Never restrict installation
|
||||
enterAndClear "device/oneplus/bacon";
|
||||
sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
|
||||
|
||||
enterAndClear "device/samsung/toroplus";
|
||||
awk -i inplace '!/additional_system_update/' overlay/packages/apps/Settings/res/values/config.xml;
|
||||
|
||||
enableLowRam "device/samsung/tuna";
|
||||
enterAndClear "device/samsung/tuna";
|
||||
rm setup-makefiles.sh; #broken, deblobber will still function
|
||||
sed -i 's/arm-eabi-4.7/arm-eabi-4.8/' BoardConfig.mk; #fix toolchain
|
||||
#See: https://review.lineageos.org/q/topic:%22tuna-sepolicies
|
||||
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0001-fix_denial.patch";
|
||||
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0002-fix_denial.patch";
|
||||
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0003-fix_denial.patch";
|
||||
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0004-fix_denial.patch";
|
||||
echo "allow rild system_file:file execmod;" >> sepolicy/rild.te;
|
||||
echo "allow rild toolbox_exec:file getattr;" >> sepolicy/rild.te;
|
||||
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0005-fix_denial.patch";
|
||||
|
||||
enter "vendor/google";
|
||||
echo "" > atv/atv-common.mk;
|
||||
@ -252,6 +254,11 @@ sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google
|
||||
sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
|
||||
sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/motorola/msm8974/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
|
||||
sed -i "s/CONFIG_ARM_SMMU=y/# CONFIG_ARM_SMMU is not set/" kernel/motorola/msm8992/arch/arm64/configs/*defconfig; #Breaks on compile
|
||||
#tuna fixes
|
||||
awk -i inplace '!/nfc_enhanced.mk/' device/samsung/toro*/lineage.mk;
|
||||
awk -i inplace '!/TARGET_RECOVERY_UPDATER_LIBS/' device/samsung/toro*/BoardConfig.mk;
|
||||
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' device/samsung/toro*/BoardConfig.mk;
|
||||
sed -i "s/forceencrypt/encryptable/" device/samsung/tuna/rootdir/fstab.tuna; #first-boot encryption doesn't work
|
||||
#
|
||||
#END OF DEVICE CHANGES
|
||||
#
|
||||
|
@ -101,7 +101,8 @@ export -f patchWorkspace;
|
||||
|
||||
enableDexPreOpt() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ]; then #Some devices won't compile, or have too small of a /system partition
|
||||
#Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
|
||||
if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
|
||||
if [ -f BoardConfig.mk ]; then
|
||||
echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
|
||||
echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
|
||||
|
Loading…
Reference in New Issue
Block a user