From fe66b008c027f5dbecb33251ac76250977d0121c Mon Sep 17 00:00:00 2001 From: Tad Date: Wed, 23 May 2018 06:25:41 -0400 Subject: [PATCH] Changes --- Misc/audit2allow-mako.txt | 16 +++- Scripts/Common/Deblob.sh | 4 +- .../android_kernel_nextbit_msm8992.sh | 74 ------------------- TODO | 14 ++-- 4 files changed, 22 insertions(+), 86 deletions(-) delete mode 100644 Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh diff --git a/Misc/audit2allow-mako.txt b/Misc/audit2allow-mako.txt index 0c088a7c..8262ba9e 100644 --- a/Misc/audit2allow-mako.txt +++ b/Misc/audit2allow-mako.txt @@ -1,6 +1,16 @@ +#============= install_recovery ============== +allow install_recovery unlabeled:dir search; + +#============= priv_app ============== +allow priv_app unlabeled:dir search; + +#============= storaged ============== +allow storaged debugfs_mmc:dir search; +allow storaged debugfs_mmc:file read; + + +OLD + #============= install_recovery ============== allow install_recovery unlabeled:dir { add_name remove_name write }; allow install_recovery unlabeled:file { create open setattr unlink write }; - -#============= vold ============== -allow vold persist_file:dir { ioctl open read }; diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh index 8d6e7a9d..9e674bf0 100755 --- a/Scripts/Common/Deblob.sh +++ b/Scripts/Common/Deblob.sh @@ -135,7 +135,7 @@ echo "Deblobbing..." #blobs=$blobs"|tzapps.*"; #Location (gpsOne/gpsOneXTRA/IZat/Lumicast/QUIP) [Qualcomm] - blobs=$blobs"|cacert_location.pem|com.qti.location.sdk.jar|com.qti.location.sdk.xml|com.qualcomm.location.apk|com.qualcomm.location.xml|com.qualcomm.services.location.apk|gpsone_daemon|izat.conf|izat.xt.srv.jar|izat.xt.srv.xml|libalarmservice_jni.so|libasn1cper.so|libasn1crt.so|libasn1crtx.so|libdataitems.so|libdrplugin_client.so|libDRPlugin.so|libevent_observer.so|libgdtap.so|libgeofence.so|libizat_core.so|liblbs_core.so|liblocationservice_glue.so|liblocationservice.so|libloc_ext.so|libloc_xtra.so|liblowi_client.so|liblowi_wifihal_nl.so|liblowi_wifihal.so|libquipc_os_api.so|libquipc_ulp_adapter.so|libulp2.so|libxtadapter.so|libxt_native.so|libxtwifi_ulp_adaptor.so|libxtwifi_zpp_adaptor.so|location-mq|loc_launcher|lowi.conf|lowi-server|slim_ap_daemon|slim_daemon|xtra_root_cert.pem|xtra_t_app.apk|xtwifi.conf|xtwifi-client|xtwifi-inet-agent"; + blobs=$blobs"|cacert_location.pem|com.qti.location.sdk.jar|com.qti.location.sdk.xml|com.qualcomm.location.apk|com.qualcomm.location.xml|com.qualcomm.services.location.apk|gpsone_daemon|izat.conf|izat.xt.srv|izat.xt.srv.jar|izat.xt.srv.xml|libalarmservice_jni.so|libasn1cper.so|libasn1crt.so|libasn1crtx.so|libdataitems.so|libdrplugin_client.so|libDRPlugin.so|libevent_observer.so|libgdtap.so|libgeofence.so|libizat_core.so|liblbs_core.so|liblocationservice_glue.so|liblocationservice.so|libloc_ext.so|libloc_xtra.so|liblowi_client.so|liblowi_wifihal_nl.so|liblowi_wifihal.so|libquipc_os_api.so|libquipc_ulp_adapter.so|libulp2.so|libxtadapter.so|libxt_native.so|libxtwifi_ulp_adaptor.so|libxtwifi_zpp_adaptor.so|location-mq|loc_launcher|lowi.conf|lowi-server|slim_ap_daemon|slim_daemon|xtra_root_cert.pem|xtra_t_app.apk|xtwifi.conf|xtwifi-client|xtwifi-inet-agent"; overlay=$overlay"config_comboNetworkLocationProvider|config_enableFusedLocationOverlay|config_enableNetworkLocationOverlay|config_fusedLocationProviderPackageName|config_enableNetworkLocationOverlay|config_networkLocationProviderPackageName|com.qualcomm.location"; #Misc @@ -191,7 +191,7 @@ echo "Deblobbing..." #blobs=$blobs"|venus.b00|venus.b01|venus.b02|venus.b03|venus.b04|venus.mbn|venus.mdt"; #[Verizon] - blobs=$blobs"|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonUnifiedSettings.jar|VZWAPNLib.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml"; + blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml"; #Voice Recognition blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.msm8916.so|sound_trigger.primary.msm8996.so"; diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh deleted file mode 100644 index 9c32665d..00000000 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash -cd $base"kernel/nextbit/msm8992" -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0004-No_dir-relax.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0005.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0006.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0007.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0008.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0009.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0010.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0011.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0012.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0013.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0014.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0015.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0016.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0017.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0018.patch -git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2014-9904/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2016-6672/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-0648/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-0861/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-0862/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-1000410/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-11473/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-11600/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-13163/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-13168/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-13216/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-13218/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-13218/3.10/0002.patch -git apply $cvePatchesLinux/CVE-2017-13218/3.10/0003.patch -git apply $cvePatchesLinux/CVE-2017-13218/3.10/0004.patch -git apply $cvePatchesLinux/CVE-2017-13245/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-13246/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-16526/^4.13/0001.patch -git apply $cvePatchesLinux/CVE-2017-16531/^4.13/0001.patch -git apply $cvePatchesLinux/CVE-2017-16532/^4.13/0001.patch -git apply $cvePatchesLinux/CVE-2017-16533/^4.13/0001.patch -git apply $cvePatchesLinux/CVE-2017-16534/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-16535/^4.13/0001.patch -git apply $cvePatchesLinux/CVE-2017-16537/^4.13/0001.patch -git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0001.patch -git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch -git apply $cvePatchesLinux/CVE-2017-16643/3.5+/0001.patch -git apply $cvePatchesLinux/CVE-2017-16645/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-16650/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-16939/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0003.patch -git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch -git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-17762/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-18161/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-6345/^4.9/0001.patch -git apply $cvePatchesLinux/CVE-2017-7533/3.10/0002.patch -git apply $cvePatchesLinux/CVE-2017-7533/3.10/0003.patch -git apply $cvePatchesLinux/CVE-2017-8243/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-8281/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2017-8281/3.10/0003.patch -git apply $cvePatchesLinux/CVE-2017-9723/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2018-3563/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2018-3584/ANY/0001.patch -#git apply $cvePatchesLinux/CVE-2018-3585/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2018-5825/3.10/0001.patch -git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch -git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch -git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch -editKernelLocalversion "-dos.p70" -cd $base diff --git a/TODO b/TODO index 150a6252..5c20ef7b 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,4 @@ -Last updated: 2018-05-20 +Last updated: 2018-05-23 High Priority (Release blockers) Build @@ -9,11 +9,12 @@ High Priority (Release blockers) - Create cryptocurrency addresses - Setup Stripe Servers - - Gitea/GitLab server on a Kimsufi dedicated ($14 setup + $22/mo) - - Website server on an OVH VPS ($4.50/mo) - - Mirrorbits server on an OVH VPS ($4.50/mo) - - 3x Mirror slaves on an OVH VPS (3x$4.50 = $13.50/mo) + - Gitea/GitLab on a Kimsufi dedicated (KS-3C: $14 setup + $22/mo) + - Apache on an OVH VPS (SSD1: $4.50/mo) + - Mirrorbits on an OVH VPS (SSD1: $4.50/mo) + - 2x Mirror slaves on an OVH VPS (SSD2: 2x$7.80 = $15.60/mo) - 1x Mirror slave on a 1/10Gbps server for high-speed incrementals + Website - Update cryptocurrency addresses Medium Priority @@ -30,11 +31,10 @@ Medium Priority - Investigate GDPR compliance Servers - Dedicated build servers - - XMPP Server + - Ejabberd on an OVH VPS (SSD1: $4.50/mo) Signoffs - Get signoff from Copperhead on inclusion of disabled patches Website - - Cache updater and device page outputs using (PHP)Redis - Switch from Shadow to Piwik and update Privacy Policy Low Priority