Git-Mirrors
/
DivestOS
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changes

This commit is contained in:
Tad 2018-05-23 06:25:41 -04:00
parent b650e7a07f
commit fe66b008c0
4 changed files with 22 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Misc/audit2allow-mako.txt
View File

@ -1,6 +1,16 @@
#============= install_recovery ==============
allow install_recovery unlabeled:dir search;
#============= priv_app ==============
allow priv_app unlabeled:dir search;
#============= storaged ==============
allow storaged debugfs_mmc:dir search;
allow storaged debugfs_mmc:file read;
OLD
#============= install_recovery ==============
allow install_recovery unlabeled:dir { add_name remove_name write };
allow install_recovery unlabeled:file { create open setattr unlink write };
#============= vold ==============
allow vold persist_file:dir { ioctl open read };

4
Scripts/Common/Deblob.sh
View File

@ -135,7 +135,7 @@ echo "Deblobbing..."
#blobs=$blobs"|tzapps.*";
#Location (gpsOne/gpsOneXTRA/IZat/Lumicast/QUIP) [Qualcomm]
blobs=$blobs"|cacert_location.pem|com.qti.location.sdk.jar|com.qti.location.sdk.xml|com.qualcomm.location.apk|com.qualcomm.location.xml|com.qualcomm.services.location.apk|gpsone_daemon|izat.conf|izat.xt.srv.jar|izat.xt.srv.xml|libalarmservice_jni.so|libasn1cper.so|libasn1crt.so|libasn1crtx.so|libdataitems.so|libdrplugin_client.so|libDRPlugin.so|libevent_observer.so|libgdtap.so|libgeofence.so|libizat_core.so|liblbs_core.so|liblocationservice_glue.so|liblocationservice.so|libloc_ext.so|libloc_xtra.so|liblowi_client.so|liblowi_wifihal_nl.so|liblowi_wifihal.so|libquipc_os_api.so|libquipc_ulp_adapter.so|libulp2.so|libxtadapter.so|libxt_native.so|libxtwifi_ulp_adaptor.so|libxtwifi_zpp_adaptor.so|location-mq|loc_launcher|lowi.conf|lowi-server|slim_ap_daemon|slim_daemon|xtra_root_cert.pem|xtra_t_app.apk|xtwifi.conf|xtwifi-client|xtwifi-inet-agent";
blobs=$blobs"|cacert_location.pem|com.qti.location.sdk.jar|com.qti.location.sdk.xml|com.qualcomm.location.apk|com.qualcomm.location.xml|com.qualcomm.services.location.apk|gpsone_daemon|izat.conf|izat.xt.srv|izat.xt.srv.jar|izat.xt.srv.xml|libalarmservice_jni.so|libasn1cper.so|libasn1crt.so|libasn1crtx.so|libdataitems.so|libdrplugin_client.so|libDRPlugin.so|libevent_observer.so|libgdtap.so|libgeofence.so|libizat_core.so|liblbs_core.so|liblocationservice_glue.so|liblocationservice.so|libloc_ext.so|libloc_xtra.so|liblowi_client.so|liblowi_wifihal_nl.so|liblowi_wifihal.so|libquipc_os_api.so|libquipc_ulp_adapter.so|libulp2.so|libxtadapter.so|libxt_native.so|libxtwifi_ulp_adaptor.so|libxtwifi_zpp_adaptor.so|location-mq|loc_launcher|lowi.conf|lowi-server|slim_ap_daemon|slim_daemon|xtra_root_cert.pem|xtra_t_app.apk|xtwifi.conf|xtwifi-client|xtwifi-inet-agent";
overlay=$overlay"config_comboNetworkLocationProvider|config_enableFusedLocationOverlay|config_enableNetworkLocationOverlay|config_fusedLocationProviderPackageName|config_enableNetworkLocationOverlay|config_networkLocationProviderPackageName|com.qualcomm.location";
#Misc
@ -191,7 +191,7 @@ echo "Deblobbing..."
#blobs=$blobs"|venus.b00|venus.b01|venus.b02|venus.b03|venus.b04|venus.mbn|venus.mdt";
#[Verizon]
blobs=$blobs"|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonUnifiedSettings.jar|VZWAPNLib.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml";
blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml";
#Voice Recognition
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.msm8916.so|sound_trigger.primary.msm8996.so";

74
Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh
View File

@ -1,74 +0,0 @@
#!/bin/bash
cd $base"kernel/nextbit/msm8992"
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0004-No_dir-relax.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0005.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0006.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0007.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0008.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0009.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0010.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0011.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0012.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0013.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0014.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0015.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0016.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0017.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0018.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2014-9904/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6672/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0648/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0861/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-0862/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-1000410/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-11473/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-11600/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-13163/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-13168/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-13216/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-13218/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-13218/3.10/0002.patch
git apply $cvePatchesLinux/CVE-2017-13218/3.10/0003.patch
git apply $cvePatchesLinux/CVE-2017-13218/3.10/0004.patch
git apply $cvePatchesLinux/CVE-2017-13245/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-13246/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16526/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16531/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16532/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16533/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16534/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16535/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16537/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch
git apply $cvePatchesLinux/CVE-2017-16643/3.5+/0001.patch
git apply $cvePatchesLinux/CVE-2017-16645/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16650/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16939/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0003.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-17762/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-18161/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-6345/^4.9/0001.patch
git apply $cvePatchesLinux/CVE-2017-7533/3.10/0002.patch
git apply $cvePatchesLinux/CVE-2017-7533/3.10/0003.patch
git apply $cvePatchesLinux/CVE-2017-8243/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-8281/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2017-8281/3.10/0003.patch
git apply $cvePatchesLinux/CVE-2017-9723/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2018-3563/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2018-3584/ANY/0001.patch
#git apply $cvePatchesLinux/CVE-2018-3585/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2018-5825/3.10/0001.patch
git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
editKernelLocalversion "-dos.p70"
cd $base

14
TODO
View File

@ -1,4 +1,4 @@
Last updated: 2018-05-20
Last updated: 2018-05-23
High Priority (Release blockers)
Build
@ -9,11 +9,12 @@ High Priority (Release blockers)
- Create cryptocurrency addresses
- Setup Stripe
Servers
- Gitea/GitLab server on a Kimsufi dedicated ($14 setup + $22/mo)
- Website server on an OVH VPS ($4.50/mo)
- Mirrorbits server on an OVH VPS ($4.50/mo)
- 3x Mirror slaves on an OVH VPS (3x$4.50 = $13.50/mo)
- Gitea/GitLab on a Kimsufi dedicated (KS-3C: $14 setup + $22/mo)
- Apache on an OVH VPS (SSD1: $4.50/mo)
- Mirrorbits on an OVH VPS (SSD1: $4.50/mo)
- 2x Mirror slaves on an OVH VPS (SSD2: 2x$7.80 = $15.60/mo)
- 1x Mirror slave on a 1/10Gbps server for high-speed incrementals
Website
- Update cryptocurrency addresses
Medium Priority
@ -30,11 +31,10 @@ Medium Priority
- Investigate GDPR compliance
Servers
- Dedicated build servers
- XMPP Server
- Ejabberd on an OVH VPS (SSD1: $4.50/mo)
Signoffs
- Get signoff from Copperhead on inclusion of disabled patches
Website
- Cache updater and device page outputs using (PHP)Redis
- Switch from Shadow to Piwik and update Privacy Policy
Low Priority