Commit Graph

1448 Commits

Author SHA1 Message Date
Tad
12c56938cb Improve CVE-2021-1048 patching on 3.x kernels
It is still actively being used by malware.

This largely handles 3.0, 3.4, and 3.10 kernels.
It works for select 3.18 kernels too.

TODO: need alternate get_file_rcu backport for the following:
15.1/lge_msm8996
15.1/zte_msm8996
16.0/xiaomi_msm8937
17.1/motorola_msm8996
18.1/google_marlin
18.1/lge_msm8996
18.1/oneplus_msm8996

Signed-off-by: Tad <tad@spotco.us>
2022-08-09 21:39:25 -04:00
Tad
b4f17b39cd Make available some additional scripts
Signed-off-by: Tad <tad@spotco.us>
2022-08-09 18:50:49 -04:00
Tad
c69d8aec8b Add the wallpaper resize script
Should probably be moved into a separate branding repo later

Signed-off-by: Tad <tad@spotco.us>
2022-08-09 13:42:08 -04:00
Tad
4d9a110970 Pick
Signed-off-by: Tad <tad@spotco.us>
2022-08-08 18:47:17 -04:00
Tad
0ffbe79e1a FP4 + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-08-08 15:02:14 -04:00
Tad
e0b57197ea Churn
Signed-off-by: Tad <tad@spotco.us>
2022-08-06 11:30:49 -04:00
Tad
31a67f054d Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-04 11:12:40 -04:00
Tad
933f33ba6b Cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2022-08-04 09:57:11 -04:00
Tad
162f4f450a 19.1: add FP4
Signed-off-by: Tad <tad@spotco.us>
2022-08-03 12:45:26 -04:00
Tad
0d8ab187e3 Revert past two commits
Disabling extended sizes classes does not appear to have the savings it does on desktop.
Disabling the quarantine isn't acceptable given that default scudo implements it
2022-08-03 00:24:39 -04:00
Tad
005ef7882a Fixup a00fa234
This variant passess all tests instead of failing six tests

Signed-off-by: Tad <tad@spotco.us>
2022-08-02 22:52:42 -04:00
Tad
a00fa2349e Switch to a memory efficient hardened_malloc variant
This should help 64-bit devices with <4GB RAM substantially, at reduced hardening.

clark for example only has 2.5GB of usable memory and idles at 1.6GB used.
After this change, idle usage drops to 1.1GB!

Signed-off-by: Tad <tad@spotco.us>
2022-08-02 20:29:10 -04:00
Tad
178f01958d Cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2022-08-02 19:39:09 -04:00
Tad
2b299c1aff Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-07-21 21:28:26 -04:00
Tad
a9d90a06b9 Pick
Signed-off-by: Tad <tad@spotco.us>
2022-07-15 11:03:41 -04:00
Tad
c08ce75b03 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-07-13 10:01:32 -04:00
Tad
717caac5c6 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-07-11 18:17:51 -04:00
Tad
1d64c759a5 Fixes
Signed-off-by: Tad <tad@spotco.us>
2022-07-10 00:31:44 -04:00
Tad
d3632c25ce Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-07-07 21:47:59 -04:00
Tad
22f915cc3e Cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2022-07-07 18:59:37 -04:00
Tad
1165450d18 Fixup
Signed-off-by: Tad <tad@spotco.us>
2022-07-07 01:53:45 -04:00
Tad
f07f288e3a Add a toggle for Monet themeing, credit GrapheneOS
Signed-off-by: Tad <tad@spotco.us>
2022-07-06 21:13:40 -04:00
Tad
2c27a88a24 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-07-06 19:22:21 -04:00
Tad
7b8ef09540 Update CVE patchers
Effectively no changes

Signed-off-by: Tad <tad@spotco.us>
2022-07-04 18:30:09 -04:00
Tad
d79d1fcba3 19.1: More promotions
Signed-off-by: Tad <tad@spotco.us>
2022-07-01 14:17:18 -04:00
Tad
ac645dd62e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-06-28 11:32:05 -04:00
Tad
519a474173 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-06-19 22:44:05 -04:00
Tad
4e09464e86 Pick
Signed-off-by: Tad <tad@spotco.us>
2022-06-15 17:17:47 -04:00
Tad
11b9ae5bc4 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-06-13 21:24:08 -04:00
Tad
d58279e054 Update wireless-regdb to 2022.06.06 release
Signed-off-by: Tad <tad@spotco.us>
2022-06-11 10:17:25 -04:00
Tad
70b8485695 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-06-09 17:59:48 -04:00
Tad
c092b13a44 Restore star*lte
Signed-off-by: Tad <tad@spotco.us>
2022-06-08 22:55:00 -04:00
Tad
2bf84a7643 Increase default max password length to 64, credit GrapheneOS
Closes https://github.com/Divested-Mobile/DivestOS-Build/pull/119
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/27

Signed-off-by: Tad <tad@spotco.us>
2022-06-07 15:33:38 -04:00
Tad
492b6ba291 Tweaks
Exempt the Fused Location Provider:
5f19508083

Bring the hardened malloc camera workaround in tree, it was dropped upstream

Signed-off-by: Tad <tad@spotco.us>
2022-06-07 15:06:25 -04:00
Tad
27f8663b00 Tweak
Signed-off-by: Tad <tad@spotco.us>
2022-06-06 16:58:55 -04:00
Tad
697bed18fb 17.1+18.1: Drop all devices working on 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 14:26:44 -04:00
Tad
1f41b1c498 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 12:55:32 -04:00
Tad
899ea17d4e Add the missing page sanitization to 3.18 kernels
All along they only had slub sanization :(

Signed-off-by: Tad <tad@spotco.us>
2022-06-04 12:00:01 -04:00
Tad
3da5613dfc Add unconditional burnin protection on 18.1 and 19.1, credit @arter97
Also skip the power on animation on 19.1, credit @kdrag0n

Signed-off-by: Tad <tad@spotco.us>
2022-06-04 10:54:11 -04:00
Tad
5df4058a15 Chrun
Signed-off-by: Tad <tad@spotco.us>
2022-06-03 15:14:35 -04:00
Tad
92c66447f8 Drop slub_debug
What is lost?
- sanity checks and redzoning on all devices
  - redzoning reportedly however causes issues on some devices such as the Pixel 3/4 and OnePlus 7
- slub sanization on 3.0, 3.4, 4.4 (except google/wahoo), xiaomi/sm6150, and oneplus/sm7250

Note: all 3.4+ devices still have page sanization

Signed-off-by: Tad <tad@spotco.us>
2022-06-03 13:58:17 -04:00
Tad
d3cb12b41b Skip adding slub_debug=P where not needed
Signed-off-by: Tad <tad@spotco.us>
2022-06-03 13:39:08 -04:00
Tad
da63c9e571 Various small patches
7408144e1b
> extend Network/Sensors permission handling for legacy apps not targeting Android 6
> or above (API 23) to resolve a UI issue where the user choosing to grant the
> Network/Sensors permissions via the legacy permission review interface doesn't
> appear in the Settings app info page

22d32cb61b
suppresses https://github.com/Divested-Mobile/DivestOS-Build/discussions/112

66f406b979
3f69205d06
nice to have

Signed-off-by: Tad <tad@spotco.us>
2022-06-02 23:17:05 -04:00
Tad
e6a7cd6a14 Tiny fix
Signed-off-by: Tad <tad@spotco.us>
2022-06-02 21:48:48 -04:00
Tad
aa61367ace Tweaks
- Disable slub_debug=P for devices with INIT_ON_ALLOC/FREE_DEFAULT_ON
- Disable slub_debug=Z due to known breakage
- Disable many debug options on Linux 4.x and up
- 19.1: fixup missing manifests for vayu :\

Signed-off-by: Tad <tad@spotco.us>
2022-06-02 17:13:20 -04:00
Tad
0eaca57fa6 19.1: Add OnePlus 8 and 9 series
Signed-off-by: Tad <tad@spotco.us>
2022-06-02 11:52:58 -04:00
Tad
0b4c829b74 Fixes
Signed-off-by: Tad <tad@spotco.us>
2022-06-01 07:45:19 -04:00
Tad
6d95c231bc Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-31 21:29:22 -04:00
Tad
1132b40666 19.1: add alioth, lmi, and vayu
Signed-off-by: Tad <tad@spotco.us>
2022-05-31 19:45:44 -04:00
Tad
735c9e0de8 Revert 5d57bf13
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices

Signed-off-by: Tad <tad@spotco.us>
2022-05-27 23:46:57 -04:00