Commit Graph

288 Commits

Author SHA1 Message Date
Tad
86ed884251
More verification
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 23:14:15 -04:00
Tad
3618774d9f
GPG verification for all platform repositories
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 22:40:27 -04:00
Tad
c97f8a1b6a
Only enable CONFIG_DEBUG_NOTIFIERS on kernels <=4.9
OnePlus 9 failed boot kernel log points to this.
GrapheneOS noted this as an inherent issue on the Pixel 4 and 5 too.

Signed-off-by: Tad <tad@spotco.us>
2022-08-25 15:20:28 -04:00
Tad
4bfedbc42d
Fixup and enable GPG verification
Signed-off-by: Tad <tad@spotco.us>
2022-08-24 15:52:55 -04:00
Tad
162f4f450a 19.1: add FP4
Signed-off-by: Tad <tad@spotco.us>
2022-08-03 12:45:26 -04:00
Tad
717caac5c6 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-07-11 18:17:51 -04:00
Tad
c092b13a44 Restore star*lte
Signed-off-by: Tad <tad@spotco.us>
2022-06-08 22:55:00 -04:00
Tad
5df4058a15 Chrun
Signed-off-by: Tad <tad@spotco.us>
2022-06-03 15:14:35 -04:00
Tad
92c66447f8 Drop slub_debug
What is lost?
- sanity checks and redzoning on all devices
  - redzoning reportedly however causes issues on some devices such as the Pixel 3/4 and OnePlus 7
- slub sanization on 3.0, 3.4, 4.4 (except google/wahoo), xiaomi/sm6150, and oneplus/sm7250

Note: all 3.4+ devices still have page sanization

Signed-off-by: Tad <tad@spotco.us>
2022-06-03 13:58:17 -04:00
Tad
d3cb12b41b Skip adding slub_debug=P where not needed
Signed-off-by: Tad <tad@spotco.us>
2022-06-03 13:39:08 -04:00
Tad
aa61367ace Tweaks
- Disable slub_debug=P for devices with INIT_ON_ALLOC/FREE_DEFAULT_ON
- Disable slub_debug=Z due to known breakage
- Disable many debug options on Linux 4.x and up
- 19.1: fixup missing manifests for vayu :\

Signed-off-by: Tad <tad@spotco.us>
2022-06-02 17:13:20 -04:00
Tad
0eaca57fa6 19.1: Add OnePlus 8 and 9 series
Signed-off-by: Tad <tad@spotco.us>
2022-06-02 11:52:58 -04:00
Tad
735c9e0de8 Revert 5d57bf13
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices

Signed-off-by: Tad <tad@spotco.us>
2022-05-27 23:46:57 -04:00
Tad
5d57bf13c4 Compile fixes
The backported fix for CVE-2021-39713 requires CONFIG_MODULES=y
MODULES is default enabled, but some kernels are mutilated and break with it on

Signed-off-by: Tad <tad@spotco.us>
2022-05-26 22:36:22 -04:00
Tad
1ffaf7fe51 Fix
Signed-off-by: Tad <tad@spotco.us>
2022-05-20 17:16:51 -04:00
Tad
e5b0a6a429 Make ZRAM great again
Signed-off-by: Tad <tad@spotco.us>
2022-05-18 23:04:01 -04:00
Tad
df398fd6f5 Various
Signed-off-by: Tad <tad@spotco.us>
2022-05-07 20:22:49 -04:00
Tad
65883d9bc4 2022
Signed-off-by: Tad <tad@spotco.us>
2022-05-01 01:13:49 -04:00
Tad
0086d97848 Put back slub_debug=Z
Was removed for testing purposes in bfa18cb1

Signed-off-by: Tad <tad@spotco.us>
2022-04-30 14:35:27 -04:00
Tad
52c3a55140 Another kernel compile fix
Signed-off-by: Tad <tad@spotco.us>
2022-04-29 19:34:34 -04:00
Tad
1b6f6909ad Fix compile on some kernels
Signed-off-by: Tad <tad@spotco.us>
2022-04-29 17:25:23 -04:00
Tad
bfa18cb176 defconfig tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-04-29 14:02:29 -04:00
Tad
36fabeca42 Deblob manifest.xml
Reverts 766219aa
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/55

Signed-off-by: Tad <tad@spotco.us>
2022-04-29 09:44:36 -04:00
Tad
3457fd4151 Device cleanup
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo

Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)

Signed-off-by: Tad <tad@spotco.us>
2022-04-26 15:19:57 -04:00
Tad
e666a4a891 Update CVE patchers
TODO: maybe split CVE-2022-23960/4.9 to get back?

Signed-off-by: Tad <tad@spotco.us>
2022-04-19 14:38:44 -04:00
Tad
d4dceffa60 Update supported kernels to latest wireless regulations database
Applies for ~43 kernel trees

Source: wireless-regdb-2022.04.08

Signed-off-by: Tad <tad@spotco.us>
2022-04-19 11:30:57 -04:00
Tad
163a162568 Fix boot animation + churn
Signed-off-by: Tad <tad@spotco.us>
2022-04-18 23:04:24 -04:00
Tad
4b6a86a473 Add missing device variants
Signed-off-by: Tad <tad@spotco.us>
2022-04-14 19:47:21 -04:00
Tad
42c9d22de9 Default disable exec spawning
Change the property too, so it takes effect next update.
Since 16.0 lacks a toggle, this effectively disables the feature for it.
Even devices with 4GB of RAM have usability severely impacted.

Plus some other tweaks/churn

Signed-off-by: Tad <tad@spotco.us>
2022-04-12 17:58:04 -04:00
Tad
a9e250afd9 Cleanup
Signed-off-by: Tad <tad@spotco.us>
2022-04-07 00:37:20 -04:00
Tad
75f3bfd5d0 19.1: More work
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 17:09:14 -04:00
Tad
c5477f31dc FIX
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 16:30:04 -04:00
Tad
18c840222b Simplify: always nochain
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 15:45:20 -04:00
Tad
b026a7811c Actually enforce AVB + signing fixes
- Turns out AVB was set permissive this entire time :(
  --flags 2 == VERIFICATION_DISABLED
- APEX support from GrapheneOS
- Disable vbmeta chaining like GrapheneOS
  and optionally handle it like CalyxOS

taimen 19.1 boots with locked bootloader successfully after this

Signed-off-by: Tad <tad@spotco.us>
2022-04-06 15:16:12 -04:00
Tad
3a0659b9d8 19.1: more work, it compiles and boots!
- Add the manifest
- Add Pixel 2 series
- Add some missing patches
- More DNS files
- Drop Silence in 19.1

Signed-off-by: Tad <tad@spotco.us>
2022-04-05 23:44:15 -04:00
Tad
1705545d22 19.1: Initial bringup
TODO:
- manifest
- devices
- a few small patches to rebase

Signed-off-by: Tad <tad@spotco.us>
2022-04-05 00:44:19 -04:00
Tad
1b83b96807 Simplify
Signed-off-by: Tad <tad@spotco.us>
2022-04-02 15:15:30 -04:00
Tad
6c5a65622c Page sanitization improvements
This ensures init_on_alloc/free is used instead of page poisioning where available.

3.4 through 3.18 have a patch without a toggle for page sanitization.

Signed-off-by: Tad <tad@spotco.us>
2022-04-02 12:57:17 -04:00
Tad
e1f5d99e51 Fixes
Signed-off-by: Tad <tad@spotco.us>
2022-04-01 08:16:28 -04:00
Tad
e2c499dd24 Enable Clang's -ftrivial-auto-var-init=zero on supported kernels
Signed-off-by: Tad <tad@spotco.us>
2022-03-31 21:00:31 -04:00
Tad
90420610f0 Tiny tweak
Signed-off-by: Tad <tad@spotco.us>
2022-03-30 10:46:37 -04:00
Tad
09834b568f Disable USAP when exec_spawning patchset is enabled
It seems to increase memory usage and its interactions are unknown

Signed-off-by: Tad <tad@spotco.us>
2022-03-29 22:26:23 -04:00
Tad
1bbb6f9b4e Fix and enable exec_spawning feature
This is the missing puzzle piece :)

Signed-off-by: Tad <tad@spotco.us>
2022-03-28 22:02:52 -04:00
Tad
f65c7a4ccd Tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-03-12 11:48:23 -05:00
Tad
a8cfa8157c Fixup last commit
Signed-off-by: Tad <tad@spotco.us>
2022-02-23 14:52:29 -05:00
Tad
21c97c6967 Tweak
Signed-off-by: Tad <tad@spotco.us>
2022-02-21 23:30:45 -05:00
Tad
51003bff5a Add an option to clobber after every run
Signed-off-by: Tad <tad@spotco.us>
2022-01-24 18:01:21 -05:00
Tad
8a45dc4696 18.1: Device additions
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c

Signed-off-by: Tad <tad@spotco.us>
2022-01-06 21:04:17 -05:00
Tad
ebab5c9407 17.1: add harpia and merlin
Signed-off-by: Tad <tad@spotco.us>
2021-11-11 10:22:00 -05:00
Tad
fdd549ee98 16.0: add kccat6 and lentislte
Signed-off-by: Tad <tad@spotco.us>
2021-11-05 14:16:18 -04:00
Tad
809e03833e Verity enablement overhaul
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita

Signed-off-by: Tad <tad@spotco.us>
2021-11-02 10:24:07 -04:00
Tad
e6beba4b15 Small tweaks
Sad churn from git version.
Will be removed next build cycle.

Signed-off-by: Tad <tad@spotco.us>
2021-10-27 14:16:37 -04:00
Tad
fbd97dd24a Extend changeDefaultDNS to additional files
Signed-off-by: Tad <tad@spotco.us>
2021-10-22 00:55:50 -04:00
Tad
fe8e8201a9 Add more 'Private DNS' options
Based off of patches from CalyxOS as noted in each included patch.

Tested and verified working on klte and mata 18.1

Signed-off-by: Tad <tad@spotco.us>
2021-10-21 23:39:46 -04:00
Tad
bc443ffee3 14.1: Add apollo
Signed-off-by: Tad <tad@spotco.us>
2021-10-17 14:01:31 -04:00
Tad
b78944933c More fixes
Ensure new shells have the correct settings too.

Signed-off-by: Tad <tad@spotco.us>
2021-10-16 22:57:43 -04:00
Tad
042b9063d1 More fixes
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 17:12:13 -04:00
Tad
4ce35a3c60 Refresh most branch specific patches
Fixed up:
LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch
LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch

Must review again:
LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch

Signed-off-by: Tad <tad@spotco.us>
2021-10-16 15:19:55 -04:00
Tad
f296ec0346 Support refreshing patches
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 13:51:54 -04:00
Tad
7ba42f052a Small changes
Signed-off-by: Tad <tad@spotco.us>
2021-10-14 15:58:22 -04:00
Tad
dd2e8b4b5c Tiny tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-10-08 21:26:11 -04:00
Tad
c753abf1b2 Small update
Signed-off-by: Tad <tad@spotco.us>
2021-09-20 12:12:58 -04:00
Tad
e7dd0af4b6 hardenDefconfig: pull in some more options
Signed-off-by: Tad <tad@spotco.us>
2021-09-19 01:20:41 -04:00
Tad
ba07cfb300 Optimize hardenDefconfig 2021-09-18 21:53:03 -04:00
Tad
7e093e0500 Ensure all used defconfigs are altered 2021-09-18 21:28:13 -04:00
Tad
038ab89982 More kernel cmdline work
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 11:48:07 -04:00
Tad
cf3a12cb5a Move some changes into a new Post.sh
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:26:37 -04:00
Tad
083e2048f8 Don't disable slub/slab merging via kernel command line, but by default
I have a sneaking suspicion that the length of some device command lines is
causing boot issues.
eg. with the recent additions, klte boots fine, but recovery doesn't, maybe
bootloader is adding more flags, exceeding a limit?

Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:17:27 -04:00
Tad
bf5d9bc778 Small tweaks
- disable disablement of PROC_PAGE_MONITOR to fix memory stats calculation
- enable slub_nomerge, similar to slab_nomerge for pre 3.18 kernels
  slub_nomerge was already default enabled on many 3.10 devices via:
  0006-AndroidHardening-Kernel_Hardening/3.10/0010.patch

Signed-off-by: Tad <tad@spotco.us>
2021-09-13 10:39:33 -04:00
Tad
f77971d38f Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-08-31 20:53:17 -04:00
Tad
4ae1402229 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 23:54:19 -04:00
Tad
441a66bbb0 Breakup hardenDefconfig for readbility and debugging purposes
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 22:55:21 -04:00
Tad
79132fddef Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 11:07:07 -04:00
Tad
0b4ad0e7cc 18.1: add raphael, lmi, alioth
+ verity fixes
+ 16.0: drop beryllium, 18.1 builds now
+ deblob: better handle device makefiles

Signed-off-by: Tad <tad@spotco.us>
2021-08-09 20:54:44 -04:00
Tad
3f311f84ad Changes
- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes

Signed-off-by: Tad <tad@spotco.us>
2021-08-06 18:36:57 -04:00
Tad
e9b730d83a USB enablement
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 14:21:50 -04:00
Tad
c13672b9b7 Update CVE patchers 2021-07-07 15:14:20 -04:00
Tad
12283124b5 Fixup last commit 2021-07-04 17:05:27 -04:00
Tad
c2ce9572fa umask 0022 all the things
umask 0077 breaks things in subtle ways
2021-06-27 14:14:34 -04:00
Tad
d6dca6e66d Small tweaks 2021-06-26 14:13:03 -04:00
Tad
47ca4c5954 Tiny tweaks 2021-06-12 17:17:11 -04:00
Tad
50c670c477 Small tweaks
- June ASB cherrypicks
- Change default NTP. only 2*.pool.ntp.org supports IPv6
2021-06-10 22:45:32 -04:00
Tad
1cde58eaa4 Tiny tweaks 2021-05-12 03:15:41 -04:00
Tad
4bbc70d5a8 17.1: drop support for all devices compiling on 18.1 2021-05-10 09:12:58 -04:00
Tad
3770bf469d Add a list of potentially bad commits from umn.edu addresses 2021-04-21 21:40:40 -04:00
Tad
83fe8f0434 More small tweaks
- Really fix yylloc sed line
- Drop merged ASB cherrypicks
- Edit vendor gps.conf files too
2021-04-16 20:31:57 -04:00
Tad
bdf990a638 Small tweaks
- Remove some changes that have been commented for a while
- Don't remove the QCOM VR repos
- Adjust the default quick tiles
- Don't force hardware layers for recents
- Only generate deltas for update_engine devices
- Cherrypick: Update WebView to 90.0.4430.66
- Adjust yylloc sed line
- Add comments to 17.1 devices explaining why they aren't removed for 18.1 yet
2021-04-14 21:29:12 -04:00
Tad
4bc2c66124 Small updates 2021-04-14 11:34:51 -04:00
Tad
2f2d94c9b5 Small tweaks 2021-04-13 11:59:08 -04:00
Tad
4d31a97c3f Set forceencrypt for devices using footer 2021-04-06 15:36:20 -04:00
Tad
d9238f8385 18.1: fix recovery signing
friendly reminder to take a break when dealing with the same issue for extended periods of time
2021-04-06 05:56:47 -04:00
Tad
f3e672fb18 Failed attempt at fixing signing
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.

Override it at the source and set it explicitely as well.

This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.

11.0 signing is ignored.

This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.

--

After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
2021-04-06 04:07:18 -04:00
Tad
ad178961e4 Improvements and fixes
- 18.1: disable m8, thermanager is not yet ready
- 17.1: drop cheeseburger/dumpling, it is absolutely broken
- deblobber: remove euicc + others
- deblobber: hack to remove vintf fragments
2021-04-05 18:09:22 -04:00
Tad
9db9215d6b Small changes
- Disable generation of unused OTA to reduce compile time
- 17.1+: Disable APEX, breaks signing, and is also useless since no Play Store.
- 18.1: Fixup signing
2021-03-31 01:30:17 -04:00
Tad
529b47039c 18.1: Initial bringup
- Functionality tested on mako and klte
- In-place upgrade from 17.1 tested working on klte
- Compile tested on bacon and klte
- Recovery OTA key patch missing, unsure if still needed.
- Deblobber needs support for removing vintf manifest paths from vendor Android.bp
- Launcher needs more default_workspace grid variants (eg. 4x5)
2021-03-23 12:36:31 -04:00
Tad
62cba6a878 More cleanup 2021-03-20 16:15:01 -04:00
Tad
caeb3d5199 Add FP3 to 16.0 and 17.1
Untested
2021-03-19 21:53:28 -04:00
Tad
f8416a1083 Legal goodies 2021-03-01 21:05:42 -05:00
Tad
41a04ebd36 Update CVE patchers 2021-02-10 15:55:51 -05:00
Tad
bac552732f Small tweaks 2021-01-30 21:34:50 -05:00