Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-06-26 14:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

tuna fixes + fdroid priv changes

Browse Source
This commit is contained in:
Tad 2019-02-13 21:48:57 -05:00
parent b9ff7a74e6
commit fccc124868
9 changed files with 123 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Manifests/Manifest_LAOS-14.1.xml
View File

@ -219,8 +219,11 @@
<project path="kernel/samsung/smdk4412" name="LineageOS/android_kernel_samsung_smdk4412" remote="github" />
<project path="packages/apps/SamsungServiceMode" name="LineageOS/android_packages_apps_SamsungServiceMode" remote="github" />
<!-- Samsung Galaxy Nexus Unified (maguro) -->
<!-- Samsung Galaxy Nexus (maguro/toro(plus)) -->
<project path="prebuilts/gcc/linux-x86/arm/arm-eabi-4.7" name="platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.7" remote="aosp" revision="refs/tags/android-4.4.4_r2" />
<project path="device/samsung/maguro" name="Galaxy-Nexus/android_device_samsung_maguro" remote="github" />
<project path="device/samsung/toro" name="LineageOS/android_device_samsung_toro" remote="github" revision="cm-13.0" />
<project path="device/samsung/toroplus" name="LineageOS/android_device_samsung_toroplus" remote="github" revision="cm-13.0" />
<project path="device/samsung/tuna" name="Galaxy-Nexus/android_device_samsung_tuna" remote="github" />
<project path="kernel/samsung/tuna" name="Galaxy-Nexus/android_kernel_samsung_tuna" remote="github" />

6
Patches/Common/android_vendor_divested/divestos.mk
View File

@ -16,11 +16,13 @@ PRODUCT_PROPERTY_OVERRIDES += \
ro.config.alarm_alert=Alarm_Buzzer.ogg \
keyguard.no_require_sim=true \
ro.build.selinux=1 \
ro.storage_manager.enabled=true
ro.storage_manager.enabled=true \
ro.control_privapp_permissions=log
#Copy extra files
PRODUCT_COPY_FILES += \
vendor/divested/prebuilts/etc/additional_fdroid_repos.xml:system/etc/org.fdroid.fdroid/additional_repos.xml
vendor/divested/prebuilts/etc/additional_fdroid_repos.xml:system/etc/org.fdroid.fdroid/additional_repos.xml \
vendor/divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml:system/etc/permissions/permissions_org.fdroid.fdroid.privileged.xml
#Include packages
#PRODUCT_PACKAGES += ModuleBlocker

7
Patches/Common/android_vendor_divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<permissions>
<privapp-permissions package="org.fdroid.fdroid.privileged">
<permission name="android.permission.DELETE_PACKAGES"/>
<permission name="android.permission.INSTALL_PACKAGES"/>
</privapp-permissions>
</permissions>

84
Patches/LineageOS-14.1/android_device_samsung_tuna/0005-fix_denial.patch Normal file
View File

@ -0,0 +1,84 @@
From c11a7f1d4f05a13cacb8c6ebbaeee0400b6654e6 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 13 Feb 2019 21:14:04 -0500
Subject: [PATCH] audit2allow sepolicies
Change-Id: I8a43008d22b302ed54838251e328619de5c1f890
---
sepolicy/init.te | 3 +++
sepolicy/logd.te | 1 +
sepolicy/netd.te | 1 +
sepolicy/platform_app.te | 1 +
sepolicy/rild.te | 5 +++++
sepolicy/sysinit.te | 1 +
sepolicy/system_server.te | 2 ++
7 files changed, 14 insertions(+)
create mode 100644 sepolicy/logd.te
create mode 100644 sepolicy/netd.te
create mode 100644 sepolicy/sysinit.te
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 13c8bd4..c0980a6 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -7,3 +7,6 @@ allow init tmpfs:lnk_file create;
# For 'cpuset' module requests
allow init kernel:system module_request;
+
+allow init block_device:lnk_file relabelfrom;
+allow init perfprofd_exec:file getattr;
diff --git a/sepolicy/logd.te b/sepolicy/logd.te
new file mode 100644
index 0000000..2e9f1eb
--- /dev/null
+++ b/sepolicy/logd.te
@@ -0,0 +1 @@
+allow logd unlabeled:dir search;
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
new file mode 100644
index 0000000..af9fbc1
--- /dev/null
+++ b/sepolicy/netd.te
@@ -0,0 +1 @@
+allow netd kernel:system module_request;
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index 4d92e6b..dadb55e 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -1 +1,2 @@
allow platform_app nfc_service:service_manager find;
+allow platform_app system_app_data_file:dir getattr;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 7c72874..5e35cf9 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -19,3 +19,8 @@ allow rild logcat_exec:file { getattr read open execute execute_no_trans };
# Device-specific calls could be moved into their respective device trees
# in the future.
allowxperm rild self:unix_stream_socket ioctl { 0x89a0 0x89a2 0x89a3 0x89f0 };
+allow rild system_file:file execmod;
+allow rild toolbox_exec:file getattr;
+allow rild toolbox_exec:file execute;
+allow rild toolbox_exec:file { open read };
+allow rild toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
new file mode 100644
index 0000000..5cd8eb3
--- /dev/null
+++ b/sepolicy/sysinit.te
@@ -0,0 +1 @@
+allow sysinit userinit_exec:file execute;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index e59d7c6..d78ffbb 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,3 +1,5 @@
# system_server
# Needed for /system/vendor/lib/hw/gps.omap4.so
+
+allow system_server wifi_log_prop:property_service set;
--
2.20.1

2
PrebuiltApps

@ -1 +1 @@
Subproject commit 0add8d90b47dce0fc13356146666405a9459ee89
Subproject commit c36aabfba7d338166ea996167f24acb3d839f94c

8
Scripts/Common/Deblob.sh
View File

@ -251,9 +251,12 @@ echo "Deblobbing..."
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
#[Sprint]
blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk";
blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk|SDM.apk|SecPhone.apk";
ipcSec=$ipcSec"|238:4294967295:1001:3004";
#SyncML
blobs=$blobs"|SyncMLSvc.apk|libsyncml_core.so|libsyncml_port.so";
#Thermal Throttling [Qualcomm]
#blobs=$blobs"|libthermalclient.so|libthermalioctl.so|thermal-engine";
@ -269,7 +272,7 @@ echo "Deblobbing..."
#blobs=$blobs"|venus.b00|venus.b01|venus.b02|venus.b03|venus.b04|venus.mbn|venus.mdt";
#[Verizon]
blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml|VerizonAuthDialog.apk";
blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml|VerizonAuthDialog.apk|com.vzw.hardware.lte.xml|com.vzw.hardware.ehrpd.xml";
#Voice Recognition
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.*.so|libgcs.*.so|vendor.qti.voiceprint.*";
@ -280,6 +283,7 @@ echo "Deblobbing..."
#Widevine (DRM) [Google]
blobs=$blobs"|com.google.widevine.software.drm.jar|com.google.widevine.software.drm.xml|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvhidl.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so|libdrmmtkutil.so";
#blobs=$blobs"|smc_pa_wvdrm.ift"; breaks toro boot
blobs=$blobs"|tzwidevine.*|tzwvcpybuf.*|widevine.*";
makes=$makes"|libshim_wvm";

7
Scripts/LineageOS-14.1/Functions.sh
View File

@ -50,7 +50,6 @@ buildAll() {
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
#Select devices are userdebug due to SELinux policy issues
brunch lineage_clark-user;
brunch lineage_maguro-user; #deprecated
brunch lineage_thor-userdebug; #deprecated
brunch lineage_grouper-user; #deprecated and needs manual patching (one-repo vendor blob patch)
brunch lineage_h815-user; #deprecated
@ -59,9 +58,12 @@ buildAll() {
brunch lineage_i9100-userdebug;
brunch lineage_i9305-user; #deprecated?
brunch lineage_jfltexx-user;
brunch lineage_maguro-user; #deprecated
brunch lineage_manta-user; #deprecated
brunch lineage_n5110-user;
brunch lineage_osprey-user;
#brunch lineage_toro-user; #deprecated
#brunch lineage_toroplus-user; #deprecated
brunch lineage_Z00T-user; #deprecated
#The following are all superseded, and should only be enabled if the newer version is broken (not building/booting/etc.)
@ -117,7 +119,8 @@ export -f patchWorkspace;
enableDexPreOpt() {
cd "$DOS_BUILD_BASE$1";
if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then #Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
#Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
if [ -f BoardConfig.mk ]; then
echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;

13
Scripts/LineageOS-14.1/Patch.sh
View File

@ -220,16 +220,18 @@ rm board-info.txt; #Never restrict installation
enterAndClear "device/oneplus/bacon";
sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
enterAndClear "device/samsung/toroplus";
awk -i inplace '!/additional_system_update/' overlay/packages/apps/Settings/res/values/config.xml;
enableLowRam "device/samsung/tuna";
enterAndClear "device/samsung/tuna";
rm setup-makefiles.sh; #broken, deblobber will still function
sed -i 's/arm-eabi-4.7/arm-eabi-4.8/' BoardConfig.mk; #fix toolchain
#See: https://review.lineageos.org/q/topic:%22tuna-sepolicies
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0001-fix_denial.patch";
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0002-fix_denial.patch";
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0003-fix_denial.patch";
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0004-fix_denial.patch";
echo "allow rild system_file:file execmod;" >> sepolicy/rild.te;
echo "allow rild toolbox_exec:file getattr;" >> sepolicy/rild.te;
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0005-fix_denial.patch";
enter "vendor/google";
echo "" > atv/atv-common.mk;
@ -252,6 +254,11 @@ sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google
sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/motorola/msm8974/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
sed -i "s/CONFIG_ARM_SMMU=y/# CONFIG_ARM_SMMU is not set/" kernel/motorola/msm8992/arch/arm64/configs/*defconfig; #Breaks on compile
#tuna fixes
awk -i inplace '!/nfc_enhanced.mk/' device/samsung/toro*/lineage.mk;
awk -i inplace '!/TARGET_RECOVERY_UPDATER_LIBS/' device/samsung/toro*/BoardConfig.mk;
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' device/samsung/toro*/BoardConfig.mk;
sed -i "s/forceencrypt/encryptable/" device/samsung/tuna/rootdir/fstab.tuna; #first-boot encryption doesn't work
#
#END OF DEVICE CHANGES
#

3
Scripts/LineageOS-15.1/Functions.sh
View File

@ -101,7 +101,8 @@ export -f patchWorkspace;
enableDexPreOpt() {
cd "$DOS_BUILD_BASE$1";
if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ]; then #Some devices won't compile, or have too small of a /system partition
#Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
if [ -f BoardConfig.mk ]; then
echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;