Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-06-29 08:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,313 Commits 1 Branch 0 Tags 89 MiB
master
Commit Graph

1357 Commits

Author SHA1 Message Date
Tad
38626e1b0c
Picks + Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-14 16:58:27 -04:00
Tad
162b40a39d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-13 18:13:54 -04:00
Tad
0b294c1601
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-08 16:01:49 -05:00
Tad
7e3bbc174a
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-06 22:57:45 -05:00
Tad
9c6087f4a8
Update commons 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-06 20:39:36 -05:00
Tad
804786aa23
Update CVE patchers 
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/193

Signed-off-by: Tad <tad@spotco.us>
 2023-03-06 19:54:15 -05:00
danielk43
11039a156d Update LOS20 hardened_malloc patches 2023-02-27 10:10:41 -05:00
Tad
b8f39716f1
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-26 12:21:36 -05:00
Tad
2706fc9d59
Missing pick 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-19 15:37:16 -05:00
Tad
b2913e8170
15.1 February ASB work + Picks 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-19 13:07:11 -05:00
Tad
2993b459f0
Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-18 23:53:28 -05:00
Tad
b08bf0356f
Small additions + churn 
- 18.1+: Disable NTP fully when automatic time is off, credit GrapheneOS
- 20.0: Handle Tor-over-Orbot when killswitch enabled, credit CalyxOS, BROKEN

Signed-off-by: Tad <tad@spotco.us>
 2023-02-18 13:52:46 -05:00
Tad
9f82763c53
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-17 23:57:04 -05:00
Tad
742a2fb7e2
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-13 10:32:56 -05:00
Tad
e9f58cfd3c
VPN fixes 
Some devices still don't have these in 2023
https://gitlab.com/LineageOS/issues/android/-/issues/2193

Note, the following still aren't patched:
15.1
kernel/google/msm
kernel/lge/hammerhead

16.0
kernel/cyanogen/msm8974
kernel/lge/hammerhead

18.1
kernel/motorola/msm8974

Signed-off-by: Tad <tad@spotco.us>
 2023-02-12 21:34:23 -05:00
Tad
a845f59546
Fixup persistent IPv6 privacy address issue + churn 
Backports of rfc4941bis from Google/Linaro
and workaround for legacy kernels from GrapheneOS

already has rfc4941bis patch:
fairphone_sdm632
google_gs101
google_gs201
google_msm-4.14
google_msm-4.9
google_redbull
oneplus_sdm845
razer_sdm845
xiaomi_sdm845

Signed-off-by: Tad <tad@spotco.us>
 2023-02-11 20:26:24 -05:00
Tad
62b2318078 Backports + Picks 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-11 19:20:28 -05:00
Tad
49f5f1c674
19.1+: Add the SUPL toggle setting from GrapheneOS 
Will need some work to apply on 17.1/18.1

Signed-off-by: Tad <tad@spotco.us>
 2023-02-10 23:57:04 -05:00
Tad
046f35c66c
Picks 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-08 15:00:42 -05:00
Tad
9c2c5a444e
Update CVE patchers 
no actual changes

Signed-off-by: Tad <tad@spotco.us>
 2023-02-07 20:12:03 -05:00
Tad
fa067a3f89
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-06 23:06:34 -05:00
Tad
ef51b5e5af
Updated strict package check patches from GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-03 17:57:15 -05:00
Tad
6e75c0dbd3
Fix boot failure after WebView signature changes 
Tested working on:
- 14.1: toroplus
- 15.1: bullhead, hammerhead
- 17.1: clark

This is the same issue which resulted in e61e288b being reverted.
Still unclear why this happens.

Signed-off-by: Tad <tad@spotco.us>
 2023-02-03 00:02:44 -05:00
Tad
dc853bfdae
WebView: Switch to dedicated package name 
And remove the F-Droid repo for it, will be moved to the 'DivestOS Official' repo
This simplifies release management and also allows other systems to benefit from the repo

Downside is users who don't update to this build won't receive any updates for it anymore

Signed-off-by: Tad <tad@spotco.us>
 2023-02-02 17:17:30 -05:00
Tad
48ce0ad7d9 Fixup + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-01 21:36:47 -05:00
Tad
1511176a07
Update CVE patchers 
Maybe some breakage

Signed-off-by: Tad <tad@spotco.us>
 2023-01-28 20:33:44 -05:00
Tad
3231979ef4
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-24 20:55:42 -05:00
Tad
fb7bf503b1
Pull in the special permissions reset bugfix from GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-24 19:20:00 -05:00
Tad
b1da856762
Cleanup 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-24 19:14:26 -05:00
Tad
8abf9a0031
Finish e81cd558 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-24 19:12:05 -05:00
Tad
da1df44c8f
GrapheneOS kernel hardening patches update 
Maybe some compile breakage

Signed-off-by: Tad <tad@spotco.us>
 2023-01-24 19:03:01 -05:00
Tad
e81cd5586d
Add even more captive portal servers + sorting 
TODO: apply to other branches

Signed-off-by: Tad <tad@spotco.us>
 2023-01-23 16:42:00 -05:00
Tad
2529515b33
19.1+: Fixup DHCP hostname handling 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-22 15:52:20 -05:00
Tad
a96d2221cd
Fix off-by one 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-22 00:09:02 -05:00
Tad
9558a7d0e9 Switch to the Broadcom PSDS server for Pixel 6/7 series 
Instead of agnss.goog cache
Based off of a patch from GrapheneOS

Signed-off-by: Tad <tad@spotco.us>
 2023-01-21 04:08:26 -05:00
Tad
ad466bd3e4
Various changes 
- 17.1: Add more captive portal server options like 18.1+, disabled: needs fixes
- 17.1: Add the hosts toggle like 18.1+
- 18.1: fix junk in patch
- 17.1+: hosts toggle: bugfix: fixup localhost handling by switching to strcmp
- 15.1: fixes to get hmalloc to compile, does NOT boot

Signed-off-by: Tad <tad@spotco.us>
 2023-01-20 18:59:02 -05:00
Tad
84a9a1326c
18.1+: add multiple captive potal server options 
This also switches 18.1 from @MSe1969's patch to the GrapheneOS patch
Can maybe port to 17.1 too

Signed-off-by: Tad <tad@spotco.us>
 2023-01-20 00:21:30 -05:00
Tad
5ce2d33162
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-18 14:13:33 -05:00
Tad
b01e902988 m8: boost microphone volume patch from @Ke1i 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-14 14:01:30 -05:00
Tad
2153422bb0
Potentially unbreak video playback on vayu, davinci, guacamole*, and hotdog*. 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-13 21:27:18 -05:00
Tad
14f40e024f
Update CVE patchers 
This adds loose versioning applying 4.14 patches to 4.9

Signed-off-by: Tad <tad@spotco.us>
 2023-01-13 13:23:12 -05:00
Tad
207bdd2406
Strict versionCode checks for system apps from GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-11 12:19:41 -05:00
Tad
7dbdcdf751 Tweak Aperture defaults 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-08 21:20:36 -05:00
Tad
c92c084ca1
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-08 20:49:57 -05:00
Tad
b143ffcd8b
15.1 January ASB work 
+ a missing patch from 2019-08

Signed-off-by: Tad <tad@spotco.us>
 2023-01-08 16:31:54 -05:00
Tad
57d951ccb5
Missing patches for 16.0 + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-08 13:22:50 -05:00
Tad
10c1d825c2
Revert e10d4b17 
17.1 is plagued with the same issue, no reason to use it

Signed-off-by: Tad <tad@spotco.us>
 2023-01-07 11:17:21 -05:00
Tad
efa31534a9
Picks 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-07 10:52:03 -05:00
Tad
f2d87b1e81
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-03 20:18:40 -05:00
Tad
06eed1fba9
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-31 21:41:46 -05:00
Tad
e10d4b1799
17.1: restore m8 
18.1 has some display artifacting issues and hangs

Signed-off-by: Tad <tad@spotco.us>
 2022-12-28 14:38:05 -05:00
Tad
06254708be
Many fixes to get bluejay booting & working proper 
- Enable APEX for Pixel 6/7, necessary for camera and pKVM
  - Also drop hack removing pKVM for Pixel 6/7
  - patch from GrapheneOS

- Extend hmalloc workaround to /apex

- Deblobber:
  - actually handle wildcard f/w/b overlays
  - move some stuff around
  - remove some more Pixel blobs
  - flag and disable removal of camera extensions, being able to use the second camera is nice

- Adjust what hardenDefconfig disables, caused boot issues
  minimal impact as most of these are already default-disabled
  can be narrowed down in future

- Disable some of the bionic hardening patches, causing more boot issues
  annoying to lose, but having a phone that boots is more important

- Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS

- Remove Pixel 2 ramdisk compression reverts, fixed upstream

And yes, I know I should've split up this commit...

Signed-off-by: Tad <tad@spotco.us>
 2022-12-25 13:21:37 -05:00
Tad
751d1e8d72
Misc patches 
- 20.0: updated and enabled burnIn patch
- 19.1: fixup apps having data restrictions wrongly applied

Signed-off-by: Tad <tad@spotco.us>
 2022-12-23 10:09:37 -05:00
Tad
7d6b8e3aeb
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-22 11:33:47 -05:00
Tad
b5bc269743
SBC dualchannel picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-18 21:47:22 -05:00
Tad
03293f6b52
Fixup 
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels

Signed-off-by: Tad <tad@spotco.us>
 2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-16 22:06:13 -05:00
Tad
ad5de60266
More Pixel 6/7 work 
compiles, but fails to generate release due to pvmfw failure

Signed-off-by: Tad <tad@spotco.us>
 2022-12-15 20:49:30 -05:00
Tad
4f1c1b343c
Update commons 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-15 17:45:18 -05:00
Tad
1eb373d1e0
15.1 December ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-12 21:01:34 -05:00
Tad
5e918c5506
Picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-12 19:30:56 -05:00
Tad
29c9826c11
20.0: QPR1 churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-10 20:57:17 -05:00
Tad
b78f573eb9
Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-10 20:30:22 -05:00
Tad
63cbd1f483
14.1 December ASB, thanks to @syphyr 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-10 20:17:48 -05:00
Tad
abb616d2f3
Updates 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-09 17:23:20 -05:00
Tad
ce47fdae34
Small updates + Picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-07 18:41:50 -05:00
Tad
a62922e72d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-06 15:00:40 -05:00
Tad
0aa4fd0fc3
Update CVE patchers 
Appears I skipped 20.0 by accident last update

Signed-off-by: Tad <tad@spotco.us>
 2022-12-05 14:23:06 -05:00
Tad
3c8c235758
Ugly workaround 
For bug exposed after:
https://review.lineageos.org/c/LineageOS/android_frameworks_base/+/344890

Signed-off-by: Tad <tad@spotco.us>
 2022-12-03 23:58:36 -05:00
Tad
178e127338
Small tweaks + churn 
Fixes recovery not booting on 20.0

Signed-off-by: Tad <tad@spotco.us>
 2022-12-03 16:19:31 -05:00
Tad
038fca449b
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-30 08:28:40 -05:00
Tad
680bf51e05
Ugly hack 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-22 07:24:21 -05:00
Tad
fd0e3e8117
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-22 07:11:30 -05:00
Tad
c4fe56a307
Update CVE patchers 
This fixes CVE-2018-9422 which was primarily added via b56fabac

May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937

Signed-off-by: Tad <tad@spotco.us>
 2022-11-21 08:39:10 -05:00
Tad
7f24df22f7 Small updates 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-21 06:09:29 -05:00
Tad
9d1efb33c3
More 14.1 picks + 15.1 November ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-13 23:21:41 -05:00
Tad
14f7f1db32
Updates + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-13 02:06:05 -05:00
Tad
decf46084c
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-12 10:26:28 -05:00
Tad
b81d39c969
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-11 16:05:22 -05:00
Tad
27395374e1
Fixup + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-11 13:54:57 -05:00
Tad
8bfedda18b
14/15/16: Fix compile failure with modern kernels 
https://android-review.googlesource.com/c/platform/art/+/2226578
https://groups.google.com/g/Android-building/c/ZfUQQWt_ABI

Signed-off-by: Tad <tad@spotco.us>
 2022-11-10 18:26:36 -05:00
Tad
8d4d73d65c
Picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-09 18:11:48 -05:00
Tad
807a08210a
Tweaks 
- 20.0: pick fixes for the deny usb toggle
- 20.0: pull in a patch from GrapheneOS removing a package list leak

Signed-off-by: Tad <tad@spotco.us>
 2022-11-07 20:30:36 -05:00
Tad
ac3dc319c7
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-07 15:51:17 -05:00
Tad
b9f4074226 20.0: disable the broken monet toggle patch 
Has some weird inconsistencies

Signed-off-by: Tad <tad@spotco.us>
 2022-11-03 14:49:28 -04:00
Tad
7fb334d825
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-03 13:25:38 -04:00
Tad
aa4ffdb014
20.0: add taimen/walleye 
not stable yet, ims crashes invoking rescueparty

Signed-off-by: Tad <tad@spotco.us>
 2022-10-31 18:31:55 -04:00
Tad
11780d890f Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-24 22:53:41 -04:00
Tad
c051cb282d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-22 21:39:01 -04:00
Tad
94d7ea9bb3
20.0: fixup exec spawning toggle and also default disable it like 42c9d22d 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-22 18:04:44 -04:00
Tad
dfcbf14c17
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-19 22:13:14 -04:00
Tad
006f128fc5
15.1: October 2022 ASB picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-19 16:08:18 -04:00
Tad
8ddbd86d44
20.0: more devices 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-19 15:22:20 -04:00
Tad
148df59b7e
Cleanup: Drop UnifiedNlp, FDroidPrivExt, and Silence 
These haven't been included for a while

+remove some old cruft from 20.0

Signed-off-by: Tad <tad@spotco.us>
 2022-10-19 12:15:24 -04:00
Tad
d2096c86d9
Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-18 22:44:01 -04:00
Tad
0c4db149e1
20.0: Network & Sensors permission from GrapheneOS 
This revokes the permissions to all user installed apps on update.
Likely an expected quirk of being on 20.0 without the permission.
19.1 upgrades and new 20.0 installs should be fine.

TODO: update 19.1 with the SpecialRuntimePermAppUtils too

Signed-off-by: Tad <tad@spotco.us>
 2022-10-18 22:14:56 -04:00
Tad
91b908a78a
20.0: more fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-17 06:39:55 -04:00
Tad
e8248e4938
20.0: fixes + r11 churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-16 17:18:06 -04:00
Tad
4524eb43d3
20.0: It boots! 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-16 08:54:04 -04:00
Tad
5b114cacf8
20.0: More fixes 
It compiles, but fails to sign:
> TypeError: cannot use a string pattern on a bytes-like object

Signed-off-by: Tad <tad@spotco.us>
 2022-10-15 17:20:41 -04:00
Tad
5cada3a769
20.0: Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-15 15:53:17 -04:00
Tad
055ed9bfad
20.0: Initial bringup 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-15 10:39:48 -04:00
Tad
2acd454f13
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-13 23:42:20 -04:00
Tad
820c47caea
Update Carrier Configs 
CarrierConfig@6563341442262a4b79a4a2674679615f010b9837
TelephonyProvider@20a6228381b3e89e8c0972d115d422c08e0c9adb

Signed-off-by: Tad <tad@spotco.us>
 2022-10-12 21:41:08 -04:00
Tad
e3125dd7de
Update VVM and MMS configs from GrapheneOS 
VVM: 2637686af5
MMS: 0c7e979f05

Signed-off-by: Tad <tad@spotco.us>
 2022-10-12 21:33:47 -04:00
Tad
9b6b9e7090
Fixup 75abc8b9 
Copy/paste error

Signed-off-by: Tad <tad@spotco.us>
 2022-10-12 19:30:19 -04:00
Tad
2166491d5d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-12 17:11:06 -04:00
Tad
75abc8b9ec
19.1: add a modified patch from GrapheneOS to disable connectivity checks 
This removes their option for their servers

Signed-off-by: Tad <tad@spotco.us>
 2022-10-12 16:14:41 -04:00
Tad
fe95f700d8 Remove the CNE and DPM blobs + churn 
Just say no!

Signed-off-by: Tad <tad@spotco.us>
 2022-10-12 01:23:45 -04:00
Tad
e7968e1269
Picks + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-09 16:35:12 -04:00
Tad
bf66d5db45
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 20:59:55 -04:00
Tad
348b392f03
Picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 10:24:04 -04:00
Tad
d78121a1c0
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 10:22:17 -04:00
Tad
da2e44c5f3
Add back the CNE and DPM blobs + churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-02 11:47:58 -04:00
Tad
598d78bb61
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-25 13:49:45 -04:00
Tad
25568706e1
Various 
- Add back the SIM ToolKit app
- 17.1: CarrierConfig testing
- 19.1: Enable op5 firmware inclusion, needs testing
- Don't disable coresight bits on op8, breaks compile
- 19.1: Add a patch from GrapheneOS to display/share logs when a crash happens

Signed-off-by: Tad <tad@spotco.us>
 2022-09-23 22:53:12 -04:00
Tad
411fcc08e1
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-15 14:11:58 -04:00
Tad
eb200546ea
17.1+: Update carrier configs for improved compatibility 
CarrierConfig@c2819f8
TelephonyProvider@af5c1386

Signed-off-by: Tad <tad@spotco.us>
 2022-09-14 14:58:01 -04:00
Tad
b6b698966c
Fixup 
Stray files

Signed-off-by: Tad <tad@spotco.us>
 2022-09-13 23:29:13 -04:00
Tad
4573f6d7c3
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-13 22:41:48 -04:00
Tad
ec42acceb6
Various fixes from GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-13 10:24:26 -04:00
Tad
3b0c05fe7c
Pull VVM config from GrapheneOS instead of LineageOS 
79.0.438914483 instead of 72.0.407683083

Signed-off-by: Tad <tad@spotco.us>
 2022-09-13 10:14:05 -04:00
Tad
115edfe2a4
Update MMS database for Messaging app 
This is a squashed import of these two commits from GrapheneOS:
2d95f1ee9e
c297a079e4

Signed-off-by: Tad <tad@spotco.us>
 2022-09-13 10:13:50 -04:00
Tad
202033c013
Pull in old cherrypicks + 5 missing patches from syphyr 
This adds 3 expat patches for n-asb-2022-09
from https://github.com/syphyr/android_external_expat/commits/cm-14.1
and also applies 2 of them to 15.1

Signed-off-by: Tad <tad@spotco.us>
 2022-09-11 14:02:35 -04:00
Tad
df3db92d5a
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-10 22:09:18 -04:00
Tad
e2b314da3c
15.1+16.0: September 2022 ASB picks 
16.0 backports thanks to MSe1969 as usual:
https://github.com/lin16-microg/android_system_bt/commits/lineage-16.0 - last 3 commits
https://github.com/lin16-microg/android_frameworks_base/commits/lineage-16.0 - last 4 commits
https://github.com/lin16-microg/android_external_expat/commits/lineage-16.0 - last 4 commits

Signed-off-by: Tad <tad@spotco.us>
 2022-09-10 18:32:25 -04:00
Tad
2bc43f195c
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-07 10:04:28 -04:00
Tad
b6e9f50cb5
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-04 14:05:36 -04:00
Tad
5fe5a4f898
Compile fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-29 14:26:47 -04:00
Tad
da15dc05d5
Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 14:00:52 -04:00
Tad
adb61b0fb2
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 12:15:45 -04:00
Tad
4973d22c3a
Updates 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-22 17:20:23 -04:00
Tad
d8d8e457a1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-21 10:44:12 -04:00
Tad
7918347d1c Updates 
- Add a script to update commons like APNs, VVM configs, and contributors cloud
- Add the latest contributors cloud to all branches
- Update wireless-regdb to 2022.08.12 release
- Add some shell opts to some scripts

Signed-off-by: Tad <tad@spotco.us>
 2022-08-15 16:37:42 -04:00
Tad
ebdf629cbc 15.1 ASB work 
Compile tested

Signed-off-by: Tad <tad@spotco.us>
 2022-08-12 21:10:31 -04:00
Tad
8b67d5c41e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-10 22:02:37 -04:00
Tad
12c56938cb Improve CVE-2021-1048 patching on 3.x kernels 
It is still actively being used by malware.

This largely handles 3.0, 3.4, and 3.10 kernels.
It works for select 3.18 kernels too.

TODO: need alternate get_file_rcu backport for the following:
15.1/lge_msm8996
15.1/zte_msm8996
16.0/xiaomi_msm8937
17.1/motorola_msm8996
18.1/google_marlin
18.1/lge_msm8996
18.1/oneplus_msm8996

Signed-off-by: Tad <tad@spotco.us>
 2022-08-09 21:39:25 -04:00
Tad
0ffbe79e1a FP4 + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-08 15:02:14 -04:00
Tad
e0b57197ea Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-06 11:30:49 -04:00
Tad
31a67f054d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-04 11:12:40 -04:00
Tad
162f4f450a 19.1: add FP4 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-03 12:45:26 -04:00
Tad
2b299c1aff Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-21 21:28:26 -04:00
Tad
c08ce75b03 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-13 10:01:32 -04:00
Tad
717caac5c6 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-11 18:17:51 -04:00
Tad
49cf5020e7 Don't disable Monet by default 
As it is already enabled, without this leaves upgrading users in an inconsistent state.

Signed-off-by: Tad <tad@spotco.us>
 2022-07-08 13:30:56 -04:00
Tad
d3632c25ce Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-07 21:47:59 -04:00
Tad
1165450d18 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-07 01:53:45 -04:00
Tad
f07f288e3a Add a toggle for Monet themeing, credit GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-06 21:13:40 -04:00
Tad
2c27a88a24 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-06 19:22:21 -04:00
Tad
7b8ef09540 Update CVE patchers 
Effectively no changes

Signed-off-by: Tad <tad@spotco.us>
 2022-07-04 18:30:09 -04:00
Tad
ac645dd62e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-28 11:32:05 -04:00
Tad
8dfb572fce Sync APN list from 19.1 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-20 02:47:34 -04:00
Tad
519a474173 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-19 22:44:05 -04:00
Tad
4e09464e86 Pick 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-15 17:17:47 -04:00
Tad
11b9ae5bc4 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-13 21:24:08 -04:00
Tad
2e2eb42abd Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-12 17:07:46 -04:00
Tad
89a28654d4 Exclude emergency alerts from location indicators (GrapheneOS) 
5eaf7e31ea

Signed-off-by: Tad <tad@spotco.us>
 2022-06-12 13:23:21 -04:00
Tad
65df2c1a53 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-12 10:38:06 -04:00
Tad
d58279e054 Update wireless-regdb to 2022.06.06 release 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-11 10:17:25 -04:00
Tad
70b8485695 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-09 17:59:48 -04:00
Tad
c092b13a44 Restore star*lte 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-08 22:55:00 -04:00
Tad
492b6ba291 Tweaks 
Exempt the Fused Location Provider:
5f19508083

Bring the hardened malloc camera workaround in tree, it was dropped upstream

Signed-off-by: Tad <tad@spotco.us>
 2022-06-07 15:06:25 -04:00
Tad
697bed18fb 17.1+18.1: Drop all devices working on 19.1 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-04 14:26:44 -04:00
Tad
1f41b1c498 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-04 12:55:32 -04:00
Tad
899ea17d4e Add the missing page sanitization to 3.18 kernels 
All along they only had slub sanization :(

Signed-off-by: Tad <tad@spotco.us>
 2022-06-04 12:00:01 -04:00
Tad
3da5613dfc Add unconditional burnin protection on 18.1 and 19.1, credit @arter97 
Also skip the power on animation on 19.1, credit @kdrag0n

Signed-off-by: Tad <tad@spotco.us>
 2022-06-04 10:54:11 -04:00
Tad
5df4058a15 Chrun 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-03 15:14:35 -04:00
Tad
da63c9e571 Various small patches 
7408144e1b
> extend Network/Sensors permission handling for legacy apps not targeting Android 6
> or above (API 23) to resolve a UI issue where the user choosing to grant the
> Network/Sensors permissions via the legacy permission review interface doesn't
> appear in the Settings app info page

22d32cb61b
suppresses https://github.com/Divested-Mobile/DivestOS-Build/discussions/112

66f406b979
3f69205d06
nice to have

Signed-off-by: Tad <tad@spotco.us>
 2022-06-02 23:17:05 -04:00
Tad
e6a7cd6a14 Tiny fix 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-02 21:48:48 -04:00
Tad
0b4c829b74 Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-01 07:45:19 -04:00
Tad
6d95c231bc Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-31 21:29:22 -04:00
Tad
8a59c7948f Partially revert 59c28bc0 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-27 23:38:31 -04:00
Tad
28724c4a6e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-25 22:52:22 -04:00
Tad
ffcd397894 19.1: Exempt the print service too from location indicators (GrapheneOS) 
6f17aee67e

Signed-off-by: Tad <tad@spotco.us>
 2022-05-25 15:43:57 -04:00
Tad
2c4caa30a1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-24 00:36:49 -04:00
Tad
de781e9921 Tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-23 23:15:27 -04:00
Tad
e8bc36af04 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-20 17:16:29 -04:00
Tad
e5b0a6a429 Make ZRAM great again 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-18 23:04:01 -04:00
Tad
1ea1ce9bc2 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-18 12:49:54 -04:00
Tad
21971ab66b Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-14 23:17:50 -04:00
Tad
3114ca7157 19.1: Add the Private DNS presets 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-14 22:34:17 -04:00
Tad
05930af014 Various changes 2022-05-14 21:40:50 -04:00
Tad
7a168302cf 19.1: Location indicator exemptions 
Credit/References:
26ddac7988
7370657f85
37e2a4e0bc
a5d43c0157
ac60a2117e

Signed-off-by: Tad <tad@spotco.us>
 2022-05-12 23:25:21 -04:00
Tad
bf7c06105c Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-12 22:13:06 -04:00
Tad
59c28bc022 Better ensure extra keys are included 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-12 10:15:03 -04:00
Tad
4dbab20c06 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-10 15:32:13 -04:00
Tad
9286bdd258 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-10 15:02:03 -04:00
Tad
675b1a5da0 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-09 12:56:03 -04:00
Tad
df398fd6f5 Various 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-07 20:22:49 -04:00
Tad
bf422f638d Fix the default homescreen layout 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-04 14:15:00 -04:00
Tad
4edfa56f1a Tiny tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-04 11:52:22 -04:00
Tad
b2eb3c01b4 Update CVE patchers 
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375

Signed-off-by: Tad <tad@spotco.us>
 2022-05-03 23:33:17 -04:00
Tad
b5224f0c79 Remove the Google carrier blobs 
These were previously removed, and added back after a false report of breakage.

Data and VoLTE tested working on taimen

Signed-off-by: Tad <tad@spotco.us>
 2022-05-03 14:28:51 -04:00
Tad
e38aff581e Small tweaks 
- Remove some more blobs
- 19.1: disable FP animation (jesec)
- 18.1: mata: allow major upgrades (to 19.1) (Updater patch by erfanoabdi)
- mata: disable Vulkan, it doesn't work

Signed-off-by: Tad <tad@spotco.us>
 2022-05-02 15:04:12 -04:00
Tad
9875334547 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-28 20:17:13 -04:00
Tad
3316cc4824 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-27 07:46:22 -04:00
Tad
13a9997a0c 19.1: aura and beryllium + some fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-26 11:41:28 -04:00
Tad
fe816c691e Bring NTP inline with init.sh 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-24 17:36:47 -04:00
Tad
4f64f7538c 19.1: Add toggle for /etc/hosts 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-20 22:45:12 -04:00
Tad
879256139f Ensure localhost has a correct response when hosts_disable is set 
To prevent a bad response from a malicious DNS upstream

Signed-off-by: Tad <tad@spotco.us>
 2022-04-20 21:09:29 -04:00
Tad
c2e60b94bb Siplify 9a6c7a26 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-20 20:57:13 -04:00
Tad
9a6c7a2684 18.1: Add toggle for /etc/hosts 
TODO: 19.1 and maybe 17.1

Tested working on klte/18.1

Signed-off-by: Tad <tad@spotco.us>
 2022-04-20 16:40:22 -04:00
Tad
18e97c565d 19.1: missed hosts work 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 23:28:05 -04:00
Tad
c5b1cc9a35 Simplify 8e3f0438 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 20:23:53 -04:00
Tad
e666a4a891 Update CVE patchers 
TODO: maybe split CVE-2022-23960/4.9 to get back?

Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 14:38:44 -04:00
Tad
8e3f043820 Warn when running activity from 32 bit app on ARM64 devices. 
https://android-review.googlesource.com/c/platform/frameworks/base/+/2003790/
https://github.com/GrapheneOS/platform_frameworks_base/pull/182

Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 12:00:22 -04:00
Tad
d4dceffa60 Update supported kernels to latest wireless regulations database 
Applies for ~43 kernel trees

Source: wireless-regdb-2022.04.08

Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 11:30:57 -04:00
Tad
163a162568 Fix boot animation + churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-18 23:04:24 -04:00
Tad
be6b03fe96 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-13 14:54:08 -04:00
Tad
96e3fc507c Disable FDroidPrivExt 
It is broken by the sensors permission patchset:
org.fdroid.fdroid.installer.ApkVerifier$ApkPermissionUnequalException: Permissions in APK and index.xml do not match!
PackageParsing: ws.xsoh.etar: compat added android.permission.OTHER_SENSORS

Signed-off-by: Tad <tad@spotco.us>
 2022-04-12 18:06:34 -04:00
Tad
42c9d22de9 Default disable exec spawning 
Change the property too, so it takes effect next update.
Since 16.0 lacks a toggle, this effectively disables the feature for it.
Even devices with 4GB of RAM have usability severely impacted.

Plus some other tweaks/churn

Signed-off-by: Tad <tad@spotco.us>
 2022-04-12 17:58:04 -04:00
Tad
30de608a61 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-12 02:51:44 -04:00
Tad
d078b24ddb lowram tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-11 23:40:26 -04:00
Tad
293a4d12f4 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-10 21:20:55 -04:00
Tad
d50a3a043b Switch 16.0/17.1/18.1 to the more robust GrapheneOS sensors permission patchset 
Like done for 19.1

Signed-off-by: Tad <tad@spotco.us>
 2022-04-10 21:12:03 -04:00
Tad
0895190ffa Icon cache fix 
Lineage overhauled icons and old ones are still showing

Signed-off-by: Tad <tad@spotco.us>
 2022-04-10 18:40:12 -04:00
Tad
f747fb36e5 Various 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-08 16:55:30 -04:00
Tad
a9e250afd9 Cleanup 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-07 00:37:20 -04:00
Tad
258fe8389b Adjust quick tiles for 12 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-06 22:30:56 -04:00
Tad
fd835ca492 Fixup 5a3c64c1 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-06 21:46:49 -04:00
Tad
5a3c64c178 19.1: oneplus/sdm845: 4.9.227 -> 4.9.282 
Just like 18.1

also .282 is the latest qc/4.9 sadly
AOSP/4.9 can be merged but has charging related tweaks that might break things

Broken:
drivers/char/diag/diagmem.c:184:11: error: cast to smaller integer type 'int' from 'void *'

Signed-off-by: Tad <tad@spotco.us>
 2022-04-06 21:09:43 -04:00
Tad
d1e441e4cb 19.1: More work 
- Adds hosts cache and wildcard support back
- Fixes broken hardened malloc enablement patch
- Drops FDroidPrivExt, non-functional
- Disables captive portal toggle patch, crashes Settings, needs rework
- Rebranding work
- Attempts to fix no boot animation

Signed-off-by: Tad <tad@spotco.us>
 2022-04-06 02:32:33 -04:00
Tad
3a0659b9d8 19.1: more work, it compiles and boots! 
- Add the manifest
- Add Pixel 2 series
- Add some missing patches
- More DNS files
- Drop Silence in 19.1

Signed-off-by: Tad <tad@spotco.us>
 2022-04-05 23:44:15 -04:00
Tad
1705545d22 19.1: Initial bringup 
TODO:
- manifest
- devices
- a few small patches to rebase

Signed-off-by: Tad <tad@spotco.us>
 2022-04-05 00:44:19 -04:00
Tad
b464106cc5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-04 15:51:23 -04:00
Tad
01900ca1c6 Reverts 
WebView overlay is breaking boot on 15.1???

This reverts commit e61e288b4a.
 2022-04-01 17:07:27 -04:00
Tad
3f9b346345 Fix boot breakage 
On devices with quota enabled and impacted by this patch

Signed-off-by: Tad <tad@spotco.us>
 2022-04-01 10:30:30 -04:00
Tad
e1f5d99e51 Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-01 08:16:28 -04:00
Tad
987122f99e Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-01 02:12:34 -04:00
Tad
8dbdc0f31e Enable Clang's -ftrivial-auto-var-init=zero on 17.1 
Just like Android 11+

Signed-off-by: Tad <tad@spotco.us>
 2022-03-31 22:04:50 -04:00
Tad
e26908b9e0 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-31 21:30:56 -04:00
Tad
e2c499dd24 Enable Clang's -ftrivial-auto-var-init=zero on supported kernels 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-31 21:00:31 -04:00
Tad
7d9da91f38 Sync APN and VVM configs from 19.1 
https://github.com/LineageOS/android_vendor_lineage/raw/lineage-19.1/prebuilt/common/etc/apns-conf.xml
https://raw.githubusercontent.com/LineageOS/android_vendor_lineage/lineage-19.1/overlay/common/packages/apps/Dialer/java/com/android/voicemail/impl/res/xml/vvm_config.xml

Signed-off-by: Tad <tad@spotco.us>
 2022-03-29 22:58:20 -04:00
Tad
f481055ae9 Add the GrapheneOS always randomize MAC option to 17.1 and 18.1 
The DHCP state patch was backported to 17.1

Signed-off-by: Tad <tad@spotco.us>
 2022-03-29 22:27:09 -04:00
Tad
19b03c9ff4 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-28 17:43:48 -04:00
Tad
8a03e46c7e Add the exec-spawning toggle from GrapheneOS 
Tested working on 18.1/klte

TODO: backport to 16.0

Signed-off-by: Tad <tad@spotco.us>
 2022-03-28 16:14:37 -04:00
Tad
a53062ca0b Backports 
Adds ptrace_scope and timeout options to 17.1, tested working

Also adds hardened_malloc to 15.1, but failing to compile:
external/hardened_malloc/h_malloc.c:1688:18: error: use of undeclared identifier 'M_PURGE'
    if (param == M_PURGE) {
                 ^
external/hardened_malloc/h_malloc.c:1743:30: error: missing field 'ordblks' initializer [-Werror,-Wmissing-field-initializers]
    struct mallinfo info = {0};
                             ^

Signed-off-by: Tad <tad@spotco.us>
 2022-03-21 18:06:49 -04:00
Tad
a56e3a3016 Disable the bionic hardening patchset to fix boot issues 
10+4 devices tested working with bionic hardening patches enabled
but hammerhead and shamu do not boot...

2 of the patches were already found to have issues and disabled
3 other patches were ruled out:
- Stop implicitly marking mappings as mergeable
- Make __stack_chk_guard read-only at runtime
- On 64-bit, zero the leading stack canary byte
Leaves 11+1 patches remaining that need to be tested
But I don't have either of the two known impacted devices.

Signed-off-by: Tad <tad@spotco.us>
 2022-03-19 16:19:00 -04:00
Tad
09353cdcd2 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-18 00:07:18 -04:00
Tad
1603092c50 Not all kernels have (working) getrandom support 
hammerhead 16.0 was reported not booting
and shamu 18.1 was reported to take ~15+ minutes to boot

hammerhead does not have getrandom so it failed immediately

shamu does have getrandom BUT it blocks during init
meaning it'll wait until the entropy pool slowly fills

In tested I did not discovery this
I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita
All the newer ones have working getrandom
All the older ones included a patch to make getrandom non blocking on init

Signed-off-by: Tad <tad@spotco.us>
 2022-03-17 13:21:52 -04:00
Tad
c9765fc883 Tweak tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-16 18:38:30 -04:00
Tad
a28f43c6a7 Tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-16 12:11:41 -04:00
Tad
352705fbf7 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-16 11:43:51 -04:00
Tad
a9f6672fed hardened_malloc fixes for broken devices 
- enable the patchset for 18.1
- add an ugly patch that extends the Pixel 3* camera workaround to all camera executables

Signed-off-by: Tad <tad@spotco.us>
 2022-03-16 02:01:19 -04:00
Tad
1df7c7f1d4 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 19:16:19 -04:00
Tad
181519cf38 Add bionic hardening patchsets from GrapheneOS 
11 b3a0c2c5db
11 5412c37195 #explicit zero
11 31456ac632 #brk
11 58ebc243ea #random
11 5323b39f7e #undefined
11 6a91d9dddb #merge
11 a042b5a0ba #vla formatting
11 9ec639de1b #pthread
11 49571a0a49 #read only
11 149cc5ccb8 #zero
11 2e613ccbe7 #fork mmap
11 e239c7dff8 #memprot pthread
11 0b03d92b7f #xor
11 de08419b82 #junk
11 897d4903e2 #guard
11 648cd68ca3 #ptrhread guard
11 0bc4dbcbd2 #stack rand
10 aa9cc05d07
10 a8cdbb6352 #explicit zero
10 b28302c668 #brk
10 9f8be7d07c #random
10 cb91a7ee3a #undefined
10 08279e2fdd #merge
10 6a18bd565d #vla formatting
10 2f392c2d08 #pthread
10 8bbce1bc50 #read only
10 725f61db82 #zero
10 4cd257135f #fork mmap
10 9220cf622b #memprot pthread
10 8ef71d1ffd #memprot exit
10 0eaef1abbd #xor
10 64f1cc2148 #junk
10 5c42a527cf #guard
10 5cc8c34e60 #pthread guard
10 7f61cc8a1c #stack rand
9  abdf523d26
9  e4b9b31e6f #explicit zero
9  a3a22a63d2 #brk
9  7444dbc3cf #random
9  dcd3b72ac9 #undefined
9  543e1df342 #merge
9  611e5691f7 #vla formatting
9  8de97ce864 #pthread
9  a475717042 #read only
9  7f0947cc0e #zero
9  e9751d3370 #fork mmap
9  83cd86d0d5 #memprot pthread
9  1ebb165455 #memprot exit
9  488ba483cf #xor
9  f9351d884b #junk
9  85e5bca0a5 #move

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 16:56:46 -04:00
Tad
1878cd19ab Fix/Add hardened malloc patchsets from GrapheneOS 
11 8c0f3c0e04
11 4e6320c247
11 108754debb
10 818be3fc1d
10 010949662f
10 ede5e38f5b
9 80754c93bf
9 20160b8161

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 16:24:56 -04:00
Tad
209481c53e Fix/Add exec based spawning patchsets from GrapheneOS 
11 14c3c1d4cd
   ac1943345e
   1abb805041
   2e07ab8c24
   0044836677
   c561811fad
   7a848373ef
   89646bdeb1
   2a70bbac4a
   d414dcaa35
   b4cd877e3a
   98634286bb
11 4c2635390c
11 add34a4bc6
11 a2b51906de
10 527787f3c8
   ffde474ad7
   aa87e487c4
   c906fe9722
   c69c3eecd4
   b2303adccc
   5bb05db6f7
   536b497688
   24802a832b
   ce6dcc2368
   3d3d5c4d38
   2eda592b79
10 29f28b53c0
10 13a992c716
9  750efbf6bc
   ed563b6f26
   aad3c7d750
   da3180f9a8
   68773a29b7
   283b3fa09c
   f133136b65
   01a01ce5f6
   17c309c098
   8806ec3ef1

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 15:55:13 -04:00
Tad
f015dd348f Add the JNINativeMethod table constification patchsets from GrapheneOS 
11 63b9f96a12
11 d8a62b5156
11 e3a4d64f29
11 e41f1d7f8e
11 c34b037486
11 dce2d0f64f
11 c99c35cb2a
10 07071814db
10 a48ba29b98
10 157fa78115
10 b914409e05
10 20a51f508b
10 b8afb8af37
10 e1b6653db7
9 ff688b68a7
9 866f0df315
9 77c9fa981a
9 fbf620e59c
9 ceaf63c790
9 253247fc39
9 76bf4c46f0

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 15:26:48 -04:00
Tad
ad579b6681 Misc hardening from GrapheneOS 
11 62f81c237b

11 1f05db99ab

11 f242089d3f
10 abcf485dcf
9x c5db5a9f9e

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 14:40:05 -04:00
Tad
844227a4f4 18.1: add the ptrace_scope patchset from GrapheneOS 
ad017fba58
3b89605581
8b0419ac04
52ea603339

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 14:29:34 -04:00
Tad
07bd5a3a0e Automatic reboot and Bluetooth/Wi-Fi shutoff from GrapheneOS and CalyxOS 
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/59
Tested on 18.1
Untested on 17.1

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 01:27:08 -04:00
Tad
e61e288b4a Optionally allow the official Bromite WebView to be used, credit @MSe1969 
This also replaces the overrides for all versions
And should allow the Google WebView on 14/15/16
And lastly only leaves the bundled version as default

This is a merge of the LineageOS 14/15/16 and 17/18 overlay
With the addition of the Bromite signature from @MSe1969

Signed-off-by: Tad <tad@spotco.us>
 2022-03-14 22:59:40 -04:00
Tad
9ba3a061c6 Tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-14 11:57:34 -04:00
Tad
015799737e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-09 17:16:47 -05:00
Tad
4f75a8272a Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-09 11:59:30 -05:00
Tad
902239e2b5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-08 23:20:43 -05:00
Tad
de764885b3 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-08 12:56:52 -05:00
Tad
54dbcd9e43 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-07 19:12:10 -05:00
Tad
bda848a0a1 Fixup 057bedb6 
Sadly this means the option was never enabled :(
Note: these options are only available on 4.4+ kernels

Signed-off-by: Tad <tad@spotco.us>
 2022-03-06 23:05:13 -05:00
Tad
9a6c3f99ed Verify authorship and Change-Id of all contained patches 
- No patches were found with incorrect authorship/From: lines
- The older AndroidHardening patch repos are no longer available to verify CID.
- New GrapheneOS patches do not include a CID.
- *Signature_Spoofing.patch CID could not be found.
- Fixed CID of *Harden_Sig_Spoofing.patch to match 14.1
- Fixed CID of *LGE_Fixes.patch to match 14.1
- Fixed CID of *Harden.patch to match 14.1
- Added edit note to *Harden.patch
- Fixed CID of *PREREQ_Handle_All_Modes.patch to match 14.1
- Fixed CID of *More_Preferred_Network_Modes.patch to match 14.1
- Fixed CID of *AES256.patch to match 14.1
- Fixed CID of *0001-OTA_Keys.patch to match 18.1
- Fixed CID of *Camera_Fix.patch to match 15.1
- Fixed CID of *Connectivity.patch to match 14.1
- Fixed CID of *Fix_Calling.patch to match 14.1
- Fixed CID of *Remove_Analytics.patch to match 14.1
- Fixed CID of Unused-*.patch/audio_extn to match original

Signed-off-by: Tad <tad@spotco.us>
 2022-03-05 13:13:30 -05:00
Tad
ac1e89f0c8 Update CVE patchers [the big fixup] 
This removes many duplicately or wrongly applied patches.

Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely

Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once	to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev

Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
  then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
  This was seemingly fixed with a hand merged patch in patch repo.

Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames

Signed-off-by: Tad <tad@spotco.us>
 2022-03-04 00:42:28 -05:00
Tad
927b9bfbc5 Fix random reboots on broken kernels when an app has data restricted 
I don't like this

Reading:
- 24b3bdcf71
- https://review.lineageos.org/c/LineageOS/android_kernel_essential_msm8998/+/320470
- https://review.lineageos.org/c/LineageOS/android_system_bpf/+/264702
- https://gitlab.com/LineageOS/issues/android/-/issues/2514
- https://gitlab.com/LineageOS/issues/android/-/issues/3144
- https://gitlab.com/LineageOS/issues/android/-/issues/3287

Test:
- restrict mobile data for an app
- toggle wifi on and off a few times
- watch systemui crash and soft-reboot

Tested working on cheeseburger

Signed-off-by: Tad <tad@spotco.us>
 2022-03-03 17:51:46 -05:00
Tad
0d0104b4bb Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-02 22:57:34 -05:00
Tad
0d59c18c85 Enable the NETWORK permission patchset for 16.0 too 
Likely has issues with secondary users.
As in the permission affects all copies of the same app.

Signed-off-by: Tad <tad@spotco.us>
 2022-02-28 01:27:38 -05:00
Tad
bbdfcdc2a2 Tiny fix 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-26 11:47:52 -05:00
Tad
5e1521700f Port the GrapheneOS NETWORK permission to 17.1 and 18.1 
Some patches were ported from 12 to 10/11
Some patches from 11 were ported to 10
This 10/11 port should be very close to 12

BOUNS: 16.0 patches, disabled

Signed-off-by: Tad <tad@spotco.us>
 2022-02-25 16:52:51 -05:00
Tad
5245109cc1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-19 23:22:19 -05:00
Tad
5283db6f05 Drop the broken PDB patch 
Why'd past me write this trash?

Signed-off-by: Tad <tad@spotco.us>
 2022-02-14 07:43:45 -05:00
Tad
143b6fa164 18.1: Refresh for recent upstream Updater changes 
Untested, should work

Signed-off-by: Tad <tad@spotco.us>
 2022-02-14 03:05:32 -05:00
Tad
2eda5086fc Tiny tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-13 23:57:59 -05:00
Tad
48b009a02e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-12 06:56:28 -05:00
Tad
b6da59d24f Drop FairEmail, Vanilla, and their AOSP equivalents 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-11 14:25:30 -05:00
Tad
5b783483e6 Cleanup 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-11 14:23:51 -05:00
Tad
bc3a9cddba Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-09 00:22:02 -05:00
Tad
ee0bd8625f Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-07 14:43:05 -05:00
Tad
0a664cc22c Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-03 21:12:02 -05:00
Tad
c0aac415aa Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-29 09:35:59 -05:00
Tad
58b53de17a Multi user tweaks from GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-24 06:30:39 -05:00
Tad
2400cf0964 App updates 
- Drops Calendar, Eleven, and Email
- Adds a variable for Silence inclusion
- Adds a NONE option for microG inclusion flag to disable NLP inclusion

Signed-off-by: Tad <tad@spotco.us>
 2022-01-24 06:30:15 -05:00
Tad
6864156bd6 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-20 22:22:22 -05:00
Tad
dbd2a71722 Update CVE patchers 
Hopefully fixes boot breakage

Signed-off-by: Tad <tad@spotco.us>
 2022-01-17 01:23:10 -05:00
Tad
5e18ec4dfe Tiny tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-16 16:42:26 -05:00
Tad
6ec0c63126 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-13 11:08:22 -05:00
Tad
bfcf6b18b7 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-12 05:57:08 -05:00
Tad
ce6ee9d8e4 Update CVE patchers 
CVE-2021-0961 should be fine now

Signed-off-by: Tad <tad@spotco.us>
 2022-01-11 05:41:26 -05:00
Tad
b9c7839110 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-11 01:19:31 -05:00
Tad
8a45dc4696 18.1: Device additions 
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c

Signed-off-by: Tad <tad@spotco.us>
 2022-01-06 21:04:17 -05:00
Tad
207e45fe6a Update oneplus/sdm845 to 4.9.295 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-06 15:21:00 -05:00
Tad
b05823bb20 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-04 21:00:25 -05:00
Tad
daf98f8197 Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-31 21:39:04 -05:00
Tad
39e520a03f Sync APN list from 18.1 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-31 21:12:24 -05:00
Tad
e08349a202 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-29 11:51:58 -05:00
Tad
68771721d5 Update oneplus/sdm845 to 4.8.282 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-29 11:51:52 -05:00
Tad
8b3beeb9fd More analytics disablement 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-27 23:24:03 -05:00
Tad
ee1f466211 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-27 18:16:42 -05:00
Tad
2c1d8d5e78 Hamper analytics improvements 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-27 17:35:53 -05:00
Tad
3c1931bcc9 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-19 05:15:32 -05:00
Tad
11141d3bc9 Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-17 14:31:13 -05:00
Tad
6c38ece551 Update CVE patchers 
User report confirms fixing wifi on lmi

Signed-off-by: Tad <tad@spotco.us>
 2021-12-15 17:10:35 -05:00
Tad
20e1023627 Small changes 
- 16.0: drop wallpaper optimization patch, questionable source
- deblobber: don't remove libmmparser_lite.so, potentially used by camera
- 17.1: pick Q_asb_2021-12, excluding a broken patch
- clark 17.1: some camera denial fixes
- alioth: unmark broken
- 17.1: switch to upstream glibc fix
- 17.1/18.1: disable per app sensors permission patchset, potential camera issues

Signed-off-by: Tad <tad@spotco.us>
 2021-12-13 20:28:54 -05:00
Tad
8b85bf9719 Small change 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-12 12:10:47 -05:00
Tad
8cf90d055e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-11 01:12:41 -05:00
Tad
359ce4608f Small updates 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-07 20:57:54 -05:00
Tad
ed1c151ce5 Update CVE patchers 
CVE-2021-0961/ANY/0001.patch likely causes breakage

Signed-off-by: Tad <tad@spotco.us>
 2021-12-06 17:43:34 -05:00
Tad
c5c3998593 Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝ 
Tested on 14.1 and 15.1 targets

Signed-off-by: Tad <tad@spotco.us>
 2021-11-29 21:14:00 -05:00
Tad
62166d1ea5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-26 11:54:59 -05:00
Tad
df3b54fa20 Fixup camera on flox 
Camera works in OpenCamera, but it can't actually take pictures.
Switch to Camera2 instead, tested pictures and videos working.

Also fixup compile issue with oneplus/msm8998-common
And refresh some patchers

Signed-off-by: Tad <tad@spotco.us>
 2021-11-15 18:01:27 -05:00
Tad
f950398fa1 glibc 2.34 fix 
Tested working to compile mako on Fedora 35

Signed-off-by: Tad <tad@spotco.us>
 2021-11-14 20:16:48 -05:00
Tad
b8f5d8a510 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-12 11:51:02 -05:00
Tad
c95421b6d2 Fixup 9c105b79 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-08 18:45:29 -05:00
Tad
9c105b799f O_asb_2021-11 
Based off of:
https://review.lineageos.org/q/topic:P_asb_2021-11

Missing:
https://review.lineageos.org/c/LineageOS/android_packages_apps_Settings/+/318655

Maybe missing:
https://review.lineageos.org/c/LineageOS/android_hardware_nxp_nfc/+/318653

Doesn't exist:
https://review.lineageos.org/c/LineageOS/android_frameworks_native/+/318652

Untested

Signed-off-by: Tad <tad@spotco.us>
 2021-11-08 17:19:50 -05:00
Tad
3e62262e88 Small fixup 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-07 13:37:37 -05:00
Tad
e882cf16c7 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-06 18:47:57 -04:00
Tad
f2b9eb8e8b Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-06 11:22:43 -04:00
Tad
fdd549ee98 16.0: add kccat6 and lentislte 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-05 14:16:18 -04:00
Tad
621441349e Fixup the sensors permission patches on 7, 8, and 9. 
Switch these patches to MODE_ALLOWED from MODE_ASK to fix breakage
of system services.

Also remove some code that adds a likely security issue.

Will need some extra regression testing.

Signed-off-by: Tad <tad@spotco.us>
 2021-11-04 10:24:06 -04:00
Tad
f7295a0f74 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 23:50:35 -04:00
Tad
b6575a362e Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 22:47:34 -04:00
Tad
f3277f3c07 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 12:01:36 -04:00
Tad
809e03833e Verity enablement overhaul 
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita

Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 10:24:07 -04:00
Tad
898c040ead More useless churn 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-01 21:04:59 -04:00
Tad
33c2725946 More patch refreshing 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-29 16:08:27 -04:00
Tad
a9f445ad47 16.0: add land and santoni 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-28 19:07:31 -04:00
Tad
ecc4688ce0 Denial fixes for clark, osprey, surnia, and g3-common 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-28 00:47:59 -04:00
Tad
ec043e961e Update CVE patchers 
CVE-2021-20317 might need to be disabled due to QC timer breakage.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-27 15:26:53 -04:00
Tad
e6beba4b15 Small tweaks 
Sad churn from git version.
Will be removed next build cycle.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-27 14:16:37 -04:00
Tad
b77444f84d Deblobber tweaks 
- Put more blobs behind flags for testing purposes
- Potential graphics fix for newer devices
- Removes more Wi-Fi display blobs
- Remove some misc blobs

Signed-off-by: Tad <tad@spotco.us>
 2021-10-23 19:49:27 -04:00
Tad
0c793835da Expand the available Private DNS options 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-22 18:33:06 -04:00
Tad
fe8e8201a9 Add more 'Private DNS' options 
Based off of patches from CalyxOS as noted in each included patch.

Tested and verified working on klte and mata 18.1

Signed-off-by: Tad <tad@spotco.us>
 2021-10-21 23:39:46 -04:00
Tad
70b96aa211 Update oneplus/sdm845 from 4.9.227 to 4.9.277 
Pulls us into August 2021

Tested working:
- boot
- usb mtp
- wifi
- bluetooth
- cameras
- audio
- gps
- brightness

Signed-off-by: Tad <tad@spotco.us>
 2021-10-21 00:12:59 -04:00
Tad
5d7d710076 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-20 15:01:18 -04:00
Tad
042b9063d1 More fixes 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 17:12:13 -04:00
Tad
4ce35a3c60 Refresh most branch specific patches 
Fixed up:
LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch
LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch

Must review again:
LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch

Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 15:19:55 -04:00
Tad
52fd9c9ddb Tiny cleanup 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-15 14:05:14 -04:00
Tad
5b630620f8 Drop 11.0 
It has been over 2,500 days since the last release of 4.4.4.
And over 600 days since I last compiled this.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-14 20:08:44 -04:00
Tad
7ba42f052a Small changes 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-14 15:58:22 -04:00
Tad
df60bfceda Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-13 12:20:44 -04:00
Tad
939c6aa7ed Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-07 20:07:49 -04:00
Tad
f2e1d32eba Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 16:54:45 -04:00
Tad
7b28a193f1 Include the Support app 
This is a very basic app with zero permissions and has quick links to
various related resources.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 06:21:38 -04:00
Tad
0ac035a48e Fixup e4a4e7f8 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 05:31:40 -04:00
Tad
e4a4e7f8de Fix BT on apollo/thor 
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/16

Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 04:52:14 -04:00
Tad
59bd09a807 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-05 14:44:23 -04:00
Tad
5658b56424 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-03 20:00:52 -04:00
Tad
7f98aad299 18.1: Drop DnsResolver patches 
Merged upstream

Signed-off-by: Tad <tad@spotco.us>
 2021-10-01 17:54:54 -04:00
Tad
025ca7df7f compile fixups 
after the CVE-2021-Misc2 import and hardenDefconfig overhaul

also sync 18.1 DnsResovler patches with:
6332b25b87
f8490d024a

Signed-off-by: Tad <tad@spotco.us>
 2021-10-01 12:34:22 -04:00
Tad
27fe558b76 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-29 16:47:50 -04:00
Tad
9f9d418060 18.1: forward port the hosts cache and wildcard support 
These were likely missed when resolv/ moved out of netd into DnsResolver.

Signed-off-by: Tad <tad@spotco.us>
 2021-09-26 22:41:30 -04:00
Tad
94f342ac37 Tiny tweak 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-26 16:41:48 -04:00
Tad
c6df37ca23 Expose the Sensors Off tile 
This removes the hidden development 'Sensors off' tile from Settings app,
adds it back to SystemUI, and enables it by default.

Tested working on 18.1

Signed-off-by: Tad <tad@spotco.us>
 2021-09-26 16:36:15 -04:00
Tad
84c7d230ab Permission for sensors access patches from @MSe1969 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-24 23:35:33 -04:00
Tad
f5a58bd35f Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-23 20:56:00 -04:00
Tad
83efa5fe7d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-18 13:43:41 -04:00
Tad
083e2048f8 Don't disable slub/slab merging via kernel command line, but by default 
I have a sneaking suspicion that the length of some device command lines is
causing boot issues.
eg. with the recent additions, klte boots fine, but recovery doesn't, maybe
bootloader is adding more flags, exceeding a limit?

Signed-off-by: Tad <tad@spotco.us>
 2021-09-15 10:17:27 -04:00
Tad
a9f44dee41 Fix hamper analytics patches 
These must all be strings.
Sadly meant this likely hasn't worked for years.
:\

Signed-off-by: Tad <tad@spotco.us>
 2021-09-13 15:27:29 -04:00
Tad
2f8550d2ae Sync APN list from 18.1 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-11 16:25:14 -04:00
Tad
907dc0f040 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-11 16:06:57 -04:00
Tad
0ade46cc8e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-07 16:57:15 -04:00
Tad
e84111aaa8 Small changes 
- Include TalkBack
- Fixup hosts inclusion, due to path mismatch
- 14.1: bump patch level to match the picked ASB
- 14.1: m7-common: deblobber fix

Signed-off-by: Tad <tad@spotco.us>
 2021-09-06 14:32:37 -04:00
Tad
56e9a75445 14.1+15.1: Support wildcards in cached hosts file 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-05 16:30:34 -04:00
Tad
809a361e07 Update CVE patchers 
Don't introduce https://gitlab.com/LineageOS/issues/android/-/issues/3916

Will consider adding it as a revert

Signed-off-by: Tad <tad@spotco.us>
 2021-09-04 14:35:24 -04:00
Tad
e0d300a651 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-03 22:52:24 -04:00
Tad
dd4457260f 18.1 Updates 
- Update Settings and SetupWizard patches after the big SetupWizard UI update
- Use the latest captive portal patch, was also previously partially broken
  due to mis-apply

Signed-off-by: Tad <tad@spotco.us>
 2021-09-03 08:57:40 -04:00
Tad
f77971d38f Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-31 20:53:17 -04:00
Tad
bdccb5fb39 Hamper ad_personalization_signals 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-27 13:46:11 -04:00
Tad
27d55efdff Hamper ssaid collection 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-27 13:41:57 -04:00
Tad
31e615f341 Add the WebView repository 
Allows for rapid updates in-between build cycles.
Tested working on many devices.

Signed-off-by: Tad <tad@spotco.us>
 2021-08-27 12:46:54 -04:00
Tad
792cb89ed7 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-26 12:17:46 -04:00
Tad
0dbabac59a Update CVE patchers 
Maybe breakage?

Signed-off-by: Tad <tad@spotco.us>
 2021-08-23 15:27:53 -04:00
Tad
1dc0bce913 Disable removal of display color blobs 
Removal is still breaking boot on some devices

Signed-off-by: Tad <tad@spotco.us>
 2021-08-21 15:34:02 -04:00
Tad
c0debe55c4 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-18 08:54:30 -04:00
Tad
4ae1402229 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-13 23:54:19 -04:00
Tad
79132fddef Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-13 11:07:07 -04:00
Tad
2d468d9da2 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-09 14:44:48 -04:00
Tad
2db8ac7c70 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 14:57:55 -04:00
Tad
9e548cabf5 Fixup 3d69ad87 
Tested to compile bacon, ether, and griffin kernels

Signed-off-by: Tad <tad@spotco.us>
 2021-08-03 18:46:38 -04:00
Tad
3d69ad873e \"\'FIXES\'\" PART 2 
There will likely be some breakage here.
Many of these patches have been here since the start and never used.

Signed-off-by: Tad <tad@spotco.us>
 2021-08-03 15:14:02 -04:00
Tad
4fae8d0445 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-03 12:37:28 -04:00
Tad
2c05482872 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-07-31 09:17:08 -04:00
Tad
914bed8556 Reimplement fe6f8537 
LTE tested working with hybrid 33-107 modem.
Phone calls drop to HSPA as expected.
No issues if using stock modem either compared to without this patch.

In my area, without this patch, my makos are useless cell-wise.

Gives extra life to the Nexus 4.

Signed-off-by: Tad <tad@spotco.us>
 2021-07-29 15:25:05 -04:00
Tad
36331d6d62 Update CVE patchers 2021-07-28 10:08:52 -04:00
Tad
b61264e3b9 Update CVE patchers 2021-07-27 00:17:14 -04:00
Tad
40c356371a Small tweaks 2021-07-25 22:41:56 -04:00
Tad
ca51db0be0 Update CVE patchers 2021-07-21 22:48:29 -04:00
Tad
9a4c02c3dc Tiny tweaks 2021-07-19 12:05:18 -04:00
Tad
3d67f9e25c Update CVE patchers 2021-07-12 06:31:38 -04:00
Tad
c2b2aa5830 16.0+: Add captive portal toggle from @MSe1969 
Source:
0045a97cb4
b483b4e9ab
18.1 is the 17.1 patch rebased

Wording was altered.

Already included in 14.1+15.1
 2021-07-10 22:48:45 -04:00
Tad
a43601e77b Update CVE patchers 
I expect breakage.
 2021-07-10 11:39:14 -04:00
Tad
050da06eba Move n_asb_09-2018-qcom in tree 2021-07-09 21:04:08 -04:00
Tad
c13672b9b7 Update CVE patchers 2021-07-07 15:14:20 -04:00
Tad
12283124b5 Fixup last commit 2021-07-04 17:05:27 -04:00
Tad
f6357512a7 Update CVE patchers 2021-07-04 14:41:44 -04:00
Tad
44003bd2f5 Update CVE patchers 2021-06-30 17:05:59 -04:00
Tad
d7287a6b94 Update CVE patchers 2021-06-27 11:50:15 -04:00
Tad
ef8573b29c Small fixes 2021-06-26 22:59:46 -04:00
Tad
881c24d8b2 Various patches from GrapheneOS 2021-06-26 18:57:46 -04:00
Tad
eb3e51e7e3 Small tweaks 2021-06-23 13:00:43 -04:00
Tad
48f35901c2 Update CVE patchers 2021-06-16 23:17:37 -04:00
Tad
d9d564ebd3 Cherrypick updates 2021-06-16 02:41:22 -04:00