Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,615 Commits 1 Branch 0 Tags 101 MiB
162f4f450a
Commit Graph

1440 Commits

Author SHA1 Message Date
Tad
1603092c50 Not all kernels have (working) getrandom support 
hammerhead 16.0 was reported not booting
and shamu 18.1 was reported to take ~15+ minutes to boot

hammerhead does not have getrandom so it failed immediately

shamu does have getrandom BUT it blocks during init
meaning it'll wait until the entropy pool slowly fills

In tested I did not discovery this
I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita
All the newer ones have working getrandom
All the older ones included a patch to make getrandom non blocking on init

Signed-off-by: Tad <tad@spotco.us>
 2022-03-17 13:21:52 -04:00
Tad
352705fbf7 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-16 11:43:51 -04:00
Tad
a9f6672fed hardened_malloc fixes for broken devices 
- enable the patchset for 18.1
- add an ugly patch that extends the Pixel 3* camera workaround to all camera executables

Signed-off-by: Tad <tad@spotco.us>
 2022-03-16 02:01:19 -04:00
Tad
e002154486 Typo 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 20:59:43 -04:00
Tad
1df7c7f1d4 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 19:16:19 -04:00
Tad
181519cf38 Add bionic hardening patchsets from GrapheneOS 
11 b3a0c2c5db
11 5412c37195 #explicit zero
11 31456ac632 #brk
11 58ebc243ea #random
11 5323b39f7e #undefined
11 6a91d9dddb #merge
11 a042b5a0ba #vla formatting
11 9ec639de1b #pthread
11 49571a0a49 #read only
11 149cc5ccb8 #zero
11 2e613ccbe7 #fork mmap
11 e239c7dff8 #memprot pthread
11 0b03d92b7f #xor
11 de08419b82 #junk
11 897d4903e2 #guard
11 648cd68ca3 #ptrhread guard
11 0bc4dbcbd2 #stack rand
10 aa9cc05d07
10 a8cdbb6352 #explicit zero
10 b28302c668 #brk
10 9f8be7d07c #random
10 cb91a7ee3a #undefined
10 08279e2fdd #merge
10 6a18bd565d #vla formatting
10 2f392c2d08 #pthread
10 8bbce1bc50 #read only
10 725f61db82 #zero
10 4cd257135f #fork mmap
10 9220cf622b #memprot pthread
10 8ef71d1ffd #memprot exit
10 0eaef1abbd #xor
10 64f1cc2148 #junk
10 5c42a527cf #guard
10 5cc8c34e60 #pthread guard
10 7f61cc8a1c #stack rand
9  abdf523d26
9  e4b9b31e6f #explicit zero
9  a3a22a63d2 #brk
9  7444dbc3cf #random
9  dcd3b72ac9 #undefined
9  543e1df342 #merge
9  611e5691f7 #vla formatting
9  8de97ce864 #pthread
9  a475717042 #read only
9  7f0947cc0e #zero
9  e9751d3370 #fork mmap
9  83cd86d0d5 #memprot pthread
9  1ebb165455 #memprot exit
9  488ba483cf #xor
9  f9351d884b #junk
9  85e5bca0a5 #move

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 16:56:46 -04:00
Tad
1878cd19ab Fix/Add hardened malloc patchsets from GrapheneOS 
11 8c0f3c0e04
11 4e6320c247
11 108754debb
10 818be3fc1d
10 010949662f
10 ede5e38f5b
9 80754c93bf
9 20160b8161

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 16:24:56 -04:00
Tad
209481c53e Fix/Add exec based spawning patchsets from GrapheneOS 
11 14c3c1d4cd
   ac1943345e
   1abb805041
   2e07ab8c24
   0044836677
   c561811fad
   7a848373ef
   89646bdeb1
   2a70bbac4a
   d414dcaa35
   b4cd877e3a
   98634286bb
11 4c2635390c
11 add34a4bc6
11 a2b51906de
10 527787f3c8
   ffde474ad7
   aa87e487c4
   c906fe9722
   c69c3eecd4
   b2303adccc
   5bb05db6f7
   536b497688
   24802a832b
   ce6dcc2368
   3d3d5c4d38
   2eda592b79
10 29f28b53c0
10 13a992c716
9  750efbf6bc
   ed563b6f26
   aad3c7d750
   da3180f9a8
   68773a29b7
   283b3fa09c
   f133136b65
   01a01ce5f6
   17c309c098
   8806ec3ef1

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 15:55:13 -04:00
Tad
f015dd348f Add the JNINativeMethod table constification patchsets from GrapheneOS 
11 63b9f96a12
11 d8a62b5156
11 e3a4d64f29
11 e41f1d7f8e
11 c34b037486
11 dce2d0f64f
11 c99c35cb2a
10 07071814db
10 a48ba29b98
10 157fa78115
10 b914409e05
10 20a51f508b
10 b8afb8af37
10 e1b6653db7
9 ff688b68a7
9 866f0df315
9 77c9fa981a
9 fbf620e59c
9 ceaf63c790
9 253247fc39
9 76bf4c46f0

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 15:26:48 -04:00
Tad
ad579b6681 Misc hardening from GrapheneOS 
11 62f81c237b

11 1f05db99ab

11 f242089d3f
10 abcf485dcf
9x c5db5a9f9e

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 14:40:05 -04:00
Tad
844227a4f4 18.1: add the ptrace_scope patchset from GrapheneOS 
ad017fba58
3b89605581
8b0419ac04
52ea603339

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 14:29:34 -04:00
Tad
07bd5a3a0e Automatic reboot and Bluetooth/Wi-Fi shutoff from GrapheneOS and CalyxOS 
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/59
Tested on 18.1
Untested on 17.1

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 01:27:08 -04:00
Tad
e61e288b4a Optionally allow the official Bromite WebView to be used, credit @MSe1969 
This also replaces the overrides for all versions
And should allow the Google WebView on 14/15/16
And lastly only leaves the bundled version as default

This is a merge of the LineageOS 14/15/16 and 17/18 overlay
With the addition of the Bromite signature from @MSe1969

Signed-off-by: Tad <tad@spotco.us>
 2022-03-14 22:59:40 -04:00
Tad
9ba3a061c6 Tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-14 11:57:34 -04:00
Tad
f65c7a4ccd Tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-12 11:48:23 -05:00
Tad
015799737e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-09 17:16:47 -05:00
Tad
4f75a8272a Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-09 11:59:30 -05:00
Tad
902239e2b5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-08 23:20:43 -05:00
Tad
de764885b3 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-08 12:56:52 -05:00
Tad
54dbcd9e43 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-07 19:12:10 -05:00
Tad
bda848a0a1 Fixup 057bedb6 
Sadly this means the option was never enabled :(
Note: these options are only available on 4.4+ kernels

Signed-off-by: Tad <tad@spotco.us>
 2022-03-06 23:05:13 -05:00
Tad
ac1e89f0c8 Update CVE patchers [the big fixup] 
This removes many duplicately or wrongly applied patches.

Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely

Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once	to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev

Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
  then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
  This was seemingly fixed with a hand merged patch in patch repo.

Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames

Signed-off-by: Tad <tad@spotco.us>
 2022-03-04 00:42:28 -05:00
Tad
927b9bfbc5 Fix random reboots on broken kernels when an app has data restricted 
I don't like this

Reading:
- 24b3bdcf71
- https://review.lineageos.org/c/LineageOS/android_kernel_essential_msm8998/+/320470
- https://review.lineageos.org/c/LineageOS/android_system_bpf/+/264702
- https://gitlab.com/LineageOS/issues/android/-/issues/2514
- https://gitlab.com/LineageOS/issues/android/-/issues/3144
- https://gitlab.com/LineageOS/issues/android/-/issues/3287

Test:
- restrict mobile data for an app
- toggle wifi on and off a few times
- watch systemui crash and soft-reboot

Tested working on cheeseburger

Signed-off-by: Tad <tad@spotco.us>
 2022-03-03 17:51:46 -05:00
Tad
0d0104b4bb Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-02 22:57:34 -05:00
Tad
893e425321 Add the script to generate vbhashes.txt 
Output has been verified as correct on mata, cheeseburger, fajita, and guacamole

Signed-off-by: Tad <tad@spotco.us>
 2022-02-28 01:32:24 -05:00
Tad
0d59c18c85 Enable the NETWORK permission patchset for 16.0 too 
Likely has issues with secondary users.
As in the permission affects all copies of the same app.

Signed-off-by: Tad <tad@spotco.us>
 2022-02-28 01:27:38 -05:00
Tad
5e1521700f Port the GrapheneOS NETWORK permission to 17.1 and 18.1 
Some patches were ported from 12 to 10/11
Some patches from 11 were ported to 10
This 10/11 port should be very close to 12

BOUNS: 16.0 patches, disabled

Signed-off-by: Tad <tad@spotco.us>
 2022-02-25 16:52:51 -05:00
Tad
f4fbe65756 Various changes 
- 15.1: asb picks
- 17.1: drop marlin, sailfish, z2_plus, m8
- 4.9 loose versioning fixes
 2022-02-24 19:51:44 -05:00
Tad
a8cfa8157c Fixup last commit 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-23 14:52:29 -05:00
Tad
512673d97d Bump marlin/sailfish to 18.1 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-23 13:33:28 -05:00
Tad
8b39498b1c Initial loose versioning work for 4.9 
This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL

Untested, but looks mild

Signed-off-by: Tad <tad@spotco.us>
 2022-02-22 13:44:47 -05:00
Tad
21c97c6967 Tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-21 23:30:45 -05:00
Tad
5245109cc1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-19 23:22:19 -05:00
Tad
5283db6f05 Drop the broken PDB patch 
Why'd past me write this trash?

Signed-off-by: Tad <tad@spotco.us>
 2022-02-14 07:43:45 -05:00
Tad
143b6fa164 18.1: Refresh for recent upstream Updater changes 
Untested, should work

Signed-off-by: Tad <tad@spotco.us>
 2022-02-14 03:05:32 -05:00
Tad
2eda5086fc Tiny tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-13 23:57:59 -05:00
Tad
a38d544f8b 18.1: small fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-12 07:32:29 -05:00
Tad
48b009a02e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-12 06:56:28 -05:00
Tad
a23bae5cd5 Tiny tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-11 23:35:22 -05:00
Tad
b6da59d24f Drop FairEmail, Vanilla, and their AOSP equivalents 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-11 14:25:30 -05:00
Tad
55cdea3c9b 17.1: small fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-11 14:05:14 -05:00
Tad
f767a8ea87 Hopefully fix the broken radio on Pixels 
Thank you Google for all these great proprietary apps.

Signed-off-by: Tad <tad@spotco.us>
 2022-02-10 15:36:44 -05:00
Tad
bc3a9cddba Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-09 00:22:02 -05:00
Tad
65584e96ce Switch to official Etar 
The Lineage forks have fallen behind

Signed-off-by: Tad <tad@spotco.us>
 2022-02-08 14:10:04 -05:00
Tad
ee0bd8625f Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-07 14:43:05 -05:00
Tad
0a664cc22c Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-03 21:12:02 -05:00
Tad
c0aac415aa Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-29 09:35:59 -05:00
Tad
82cc1bc979 Tiny update 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-28 09:09:10 -05:00
Tad
51003bff5a Add an option to clobber after every run 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-24 18:01:21 -05:00
Tad
58b53de17a Multi user tweaks from GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-24 06:30:39 -05:00
Tad
2400cf0964 App updates 
- Drops Calendar, Eleven, and Email
- Adds a variable for Silence inclusion
- Adds a NONE option for microG inclusion flag to disable NLP inclusion

Signed-off-by: Tad <tad@spotco.us>
 2022-01-24 06:30:15 -05:00
Tad
6329922104 Disable the Hamper Analytics patches 
Rely on the HOSTS to do any blocking.
With the last update this causes app crashes, due to boolean/string mismatch.
Need to figure out exactly how string in manifest can become a boolean when wanted.

Signed-off-by: Tad <tad@spotco.us>
 2022-01-23 16:55:24 -05:00
Tad
8004a11c52 Add the OEM unlocking toggle where missing 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-20 23:25:58 -05:00
Tad
6864156bd6 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-20 22:22:22 -05:00
Tad
7ccaecd6d6 Small tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-20 19:13:08 -05:00
Tad
8a60bbc0a6 Silly radio fix 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-18 13:22:57 -05:00
Tad
dbd2a71722 Update CVE patchers 
Hopefully fixes boot breakage

Signed-off-by: Tad <tad@spotco.us>
 2022-01-17 01:23:10 -05:00
Tad
5e18ec4dfe Tiny tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-16 16:42:26 -05:00
Tad
6ec0c63126 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-13 11:08:22 -05:00
Tad
208c7800c8 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-12 17:44:18 -05:00
Tad
bfcf6b18b7 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-12 05:57:08 -05:00
Tad
ce6ee9d8e4 Update CVE patchers 
CVE-2021-0961 should be fine now

Signed-off-by: Tad <tad@spotco.us>
 2022-01-11 05:41:26 -05:00
Tad
b9c7839110 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-11 01:19:31 -05:00
Tad
8a45dc4696 18.1: Device additions 
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c

Signed-off-by: Tad <tad@spotco.us>
 2022-01-06 21:04:17 -05:00
Tad
207e45fe6a Update oneplus/sdm845 to 4.9.295 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-06 15:21:00 -05:00
Tad
b05823bb20 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-04 21:00:25 -05:00
Tad
daf98f8197 Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-31 21:39:04 -05:00
Tad
e08349a202 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-29 11:51:58 -05:00
Tad
68771721d5 Update oneplus/sdm845 to 4.8.282 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-29 11:51:52 -05:00
Tad
567c46fdd1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-27 18:00:43 -05:00
Tad
2c1d8d5e78 Hamper analytics improvements 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-27 17:35:53 -05:00
Tad
3c1931bcc9 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-19 05:15:32 -05:00
Tad
11141d3bc9 Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-17 14:31:13 -05:00
Tad
6c38ece551 Update CVE patchers 
User report confirms fixing wifi on lmi

Signed-off-by: Tad <tad@spotco.us>
 2021-12-15 17:10:35 -05:00
Tad
6e604e8703 Small update 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-13 21:33:04 -05:00
Tad
20e1023627 Small changes 
- 16.0: drop wallpaper optimization patch, questionable source
- deblobber: don't remove libmmparser_lite.so, potentially used by camera
- 17.1: pick Q_asb_2021-12, excluding a broken patch
- clark 17.1: some camera denial fixes
- alioth: unmark broken
- 17.1: switch to upstream glibc fix
- 17.1/18.1: disable per app sensors permission patchset, potential camera issues

Signed-off-by: Tad <tad@spotco.us>
 2021-12-13 20:28:54 -05:00
Tad
8b85bf9719 Small change 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-12 12:10:47 -05:00
Tad
8cf90d055e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-11 01:12:41 -05:00
Tad
9f494c3e1d Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-11 00:23:52 -05:00
Tad
359ce4608f Small updates 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-07 20:57:54 -05:00
Tad
ed1c151ce5 Update CVE patchers 
CVE-2021-0961/ANY/0001.patch likely causes breakage

Signed-off-by: Tad <tad@spotco.us>
 2021-12-06 17:43:34 -05:00
Tad
202f70b980 Final import of loose versioning work 
Untested, but likely works.

Signed-off-by: Tad <tad@spotco.us>
 2021-12-02 02:47:27 -05:00
Tad
c5c3998593 Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝ 
Tested on 14.1 and 15.1 targets

Signed-off-by: Tad <tad@spotco.us>
 2021-11-29 21:14:00 -05:00
Tad
b9929ea959 18.1: (extreme) loose versioning work [untested] 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-28 01:24:39 -05:00
Tad
bf129b729d 17.1: extreme loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 23:25:35 -05:00
Tad
67b5a166fc 16.0: extreme loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 22:44:29 -05:00
Tad
de89333a03 15.1: extreme loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 22:09:30 -05:00
Tad
7d54ee4be7 14.1: extreme loose versioning work 
This will apply 3.10 and 3.18 specific patches to 3.0
Example of tuna 3.0 kernel:
199 without loose versioning
311 with loose versioning
364 with extreme loose versioning

Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 21:06:26 -05:00
Tad
c4dbc73c56 Alter the glibc fix 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 15:52:09 -05:00
Tad
9b84cebf92 17.1: loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 15:50:11 -05:00
Tad
0e539e6f92 16.0: loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-26 22:53:46 -05:00
Tad
c153981b3f 15.1: loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-26 22:40:07 -05:00
Tad
1b1db41869 Initial use of loose versioning for 3.x CVE patches 
This will for example apply a 3.4 specific patch to 3.0 if no 3.0 specific patch is available.
Tested compiling on 14.1 and booting on toroplus.

Will be applied to other branches soon.

Signed-off-by: Tad <tad@spotco.us>
 2021-11-26 18:56:03 -05:00
Tad
62166d1ea5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-26 11:54:59 -05:00
Tad
df3b54fa20 Fixup camera on flox 
Camera works in OpenCamera, but it can't actually take pictures.
Switch to Camera2 instead, tested pictures and videos working.

Also fixup compile issue with oneplus/msm8998-common
And refresh some patchers

Signed-off-by: Tad <tad@spotco.us>
 2021-11-15 18:01:27 -05:00
Tad
f950398fa1 glibc 2.34 fix 
Tested working to compile mako on Fedora 35

Signed-off-by: Tad <tad@spotco.us>
 2021-11-14 20:16:48 -05:00
Tad
b8f5d8a510 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-12 11:51:02 -05:00
Tad
ebab5c9407 17.1: add harpia and merlin 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-11 10:22:00 -05:00
Tad
1b8df47bd5 14.1: add jellypro 
Tis a broken device

Signed-off-by: Tad <tad@spotco.us>
 2021-11-09 11:27:21 -05:00
Tad
c95421b6d2 Fixup 9c105b79 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-08 18:45:29 -05:00
Tad
9c105b799f O_asb_2021-11 
Based off of:
https://review.lineageos.org/q/topic:P_asb_2021-11

Missing:
https://review.lineageos.org/c/LineageOS/android_packages_apps_Settings/+/318655

Maybe missing:
https://review.lineageos.org/c/LineageOS/android_hardware_nxp_nfc/+/318653

Doesn't exist:
https://review.lineageos.org/c/LineageOS/android_frameworks_native/+/318652

Untested

Signed-off-by: Tad <tad@spotco.us>
 2021-11-08 17:19:50 -05:00
Tad
1ce0093d9f More verified boot fixes 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-08 09:36:56 -05:00
Tad
3e62262e88 Small fixup 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-07 13:37:37 -05:00
Tad
e882cf16c7 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-06 18:47:57 -04:00
Tad
f2b9eb8e8b Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-06 11:22:43 -04:00
Tad
5c8250bbdd Disable the per-app sensor permission patches 
Breaks camera on angler

Signed-off-by: Tad <tad@spotco.us>
 2021-11-05 14:46:32 -04:00
Tad
fdd549ee98 16.0: add kccat6 and lentislte 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-05 14:16:18 -04:00
Tad
6567937b05 ASB picks 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-05 13:29:50 -04:00
Tad
97d0b239d5 Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-05 08:54:08 -04:00
Tad
621441349e Fixup the sensors permission patches on 7, 8, and 9. 
Switch these patches to MODE_ALLOWED from MODE_ASK to fix breakage
of system services.

Also remove some code that adds a likely security issue.

Will need some extra regression testing.

Signed-off-by: Tad <tad@spotco.us>
 2021-11-04 10:24:06 -04:00
Tad
f7295a0f74 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 23:50:35 -04:00
Tad
b6575a362e Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 22:47:34 -04:00
Tad
f3277f3c07 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 12:01:36 -04:00
Tad
809e03833e Verity enablement overhaul 
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita

Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 10:24:07 -04:00
Tad
bc77ca416c Verity fixups 
Not sure how I missed all of these?

Signed-off-by: Tad <tad@spotco.us>
 2021-11-01 20:55:22 -04:00
Tad
a9f445ad47 16.0: add land and santoni 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-28 19:07:31 -04:00
Tad
ecc4688ce0 Denial fixes for clark, osprey, surnia, and g3-common 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-28 00:47:59 -04:00
Tad
ec043e961e Update CVE patchers 
CVE-2021-20317 might need to be disabled due to QC timer breakage.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-27 15:26:53 -04:00
Tad
e6beba4b15 Small tweaks 
Sad churn from git version.
Will be removed next build cycle.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-27 14:16:37 -04:00
Tad
b77444f84d Deblobber tweaks 
- Put more blobs behind flags for testing purposes
- Potential graphics fix for newer devices
- Removes more Wi-Fi display blobs
- Remove some misc blobs

Signed-off-by: Tad <tad@spotco.us>
 2021-10-23 19:49:27 -04:00
Tad
0c793835da Expand the available Private DNS options 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-22 18:33:06 -04:00
Tad
a0918b5222 18.1: add z2_plus 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-22 13:37:53 -04:00
Tad
fbd97dd24a Extend changeDefaultDNS to additional files 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-22 00:55:50 -04:00
Tad
fe8e8201a9 Add more 'Private DNS' options 
Based off of patches from CalyxOS as noted in each included patch.

Tested and verified working on klte and mata 18.1

Signed-off-by: Tad <tad@spotco.us>
 2021-10-21 23:39:46 -04:00
Tad
70b96aa211 Update oneplus/sdm845 from 4.9.227 to 4.9.277 
Pulls us into August 2021

Tested working:
- boot
- usb mtp
- wifi
- bluetooth
- cameras
- audio
- gps
- brightness

Signed-off-by: Tad <tad@spotco.us>
 2021-10-21 00:12:59 -04:00
Tad
5d7d710076 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-20 15:01:18 -04:00
Tad
bc443ffee3 14.1: Add apollo 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-17 14:01:31 -04:00
Tad
b78944933c More fixes 
Ensure new shells have the correct settings too.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 22:57:43 -04:00
Tad
042b9063d1 More fixes 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 17:12:13 -04:00
Tad
256b1db98b Hard fail on error 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 16:08:43 -04:00
Tad
a5cdb9ab58 Fix patch ordering 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 15:21:22 -04:00
Tad
4ce35a3c60 Refresh most branch specific patches 
Fixed up:
LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch
LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch

Must review again:
LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch

Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 15:19:55 -04:00
Tad
f7194d1f13 Switch to applyPatch 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 14:01:44 -04:00
Tad
f296ec0346 Support refreshing patches 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 13:51:54 -04:00
Tad
5b630620f8 Drop 11.0 
It has been over 2,500 days since the last release of 4.4.4.
And over 600 days since I last compiled this.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-14 20:08:44 -04:00
Tad
7ba42f052a Small changes 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-14 15:58:22 -04:00
Tad
df60bfceda Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-13 12:20:44 -04:00
Tad
d5d3846f2c Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-10 19:44:59 -04:00
Tad
dd2e8b4b5c Tiny tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-08 21:26:11 -04:00
Tad
939c6aa7ed Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-07 20:07:49 -04:00
Tad
2af0e1201e Re-enable the recovery downgrade check 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 17:03:22 -04:00
Tad
f2e1d32eba Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 16:54:45 -04:00
Tad
7b28a193f1 Include the Support app 
This is a very basic app with zero permissions and has quick links to
various related resources.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 06:21:38 -04:00
Tad
e4a4e7f8de Fix BT on apollo/thor 
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/16

Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 04:52:14 -04:00
Tad
59bd09a807 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-05 14:44:23 -04:00
Tad
5658b56424 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-03 20:00:52 -04:00
Tad
870382ff40 Switch to the Mulch WebView 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-02 01:44:46 -04:00
Tad
7f98aad299 18.1: Drop DnsResolver patches 
Merged upstream

Signed-off-by: Tad <tad@spotco.us>
 2021-10-01 17:54:54 -04:00
Tad
025ca7df7f compile fixups 
after the CVE-2021-Misc2 import and hardenDefconfig overhaul

also sync 18.1 DnsResovler patches with:
6332b25b87
f8490d024a

Signed-off-by: Tad <tad@spotco.us>
 2021-10-01 12:34:22 -04:00
Tad
27fe558b76 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-29 16:47:50 -04:00
Tad
9f9d418060 18.1: forward port the hosts cache and wildcard support 
These were likely missed when resolv/ moved out of netd into DnsResolver.

Signed-off-by: Tad <tad@spotco.us>
 2021-09-26 22:41:30 -04:00
Tad
c6df37ca23 Expose the Sensors Off tile 
This removes the hidden development 'Sensors off' tile from Settings app,
adds it back to SystemUI, and enables it by default.

Tested working on 18.1

Signed-off-by: Tad <tad@spotco.us>
 2021-09-26 16:36:15 -04:00
Tad
35372142ed Small tweak 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-25 20:24:14 -04:00
Tad
84c7d230ab Permission for sensors access patches from @MSe1969 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-24 23:35:33 -04:00
Tad
f5a58bd35f Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-23 20:56:00 -04:00
Tad
c753abf1b2 Small update 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-20 12:12:58 -04:00
Tad
e7dd0af4b6 hardenDefconfig: pull in some more options 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-19 01:20:41 -04:00
Tad
ba07cfb300 Optimize hardenDefconfig 2021-09-18 21:53:03 -04:00
Tad
7e093e0500 Ensure all used defconfigs are altered 2021-09-18 21:28:13 -04:00
Tad
83efa5fe7d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-18 13:43:41 -04:00
Tad
038ab89982 More kernel cmdline work 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-15 11:48:07 -04:00
Tad
4917af86cc Update copyright dates 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-15 10:30:08 -04:00
Tad
cf3a12cb5a Move some changes into a new Post.sh 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-15 10:26:37 -04:00
Tad
083e2048f8 Don't disable slub/slab merging via kernel command line, but by default 
I have a sneaking suspicion that the length of some device command lines is
causing boot issues.
eg. with the recent additions, klte boots fine, but recovery doesn't, maybe
bootloader is adding more flags, exceeding a limit?

Signed-off-by: Tad <tad@spotco.us>
 2021-09-15 10:17:27 -04:00
Tad
3bb1199c34 Small fix 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-14 09:16:17 -04:00
Tad
bf5d9bc778 Small tweaks 
- disable disablement of PROC_PAGE_MONITOR to fix memory stats calculation
- enable slub_nomerge, similar to slab_nomerge for pre 3.18 kernels
  slub_nomerge was already default enabled on many 3.10 devices via:
  0006-AndroidHardening-Kernel_Hardening/3.10/0010.patch

Signed-off-by: Tad <tad@spotco.us>
 2021-09-13 10:39:33 -04:00
Tad
907dc0f040 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-11 16:06:57 -04:00
Tad
faf681a0c6 17.1: add davinci 
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/10

Signed-off-by: Tad <tad@spotco.us>
 2021-09-11 14:55:27 -04:00
Tad
35036e694d Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-08 22:59:33 -04:00
Tad
0ade46cc8e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-07 16:57:15 -04:00
Tad
e84111aaa8 Small changes 
- Include TalkBack
- Fixup hosts inclusion, due to path mismatch
- 14.1: bump patch level to match the picked ASB
- 14.1: m7-common: deblobber fix

Signed-off-by: Tad <tad@spotco.us>
 2021-09-06 14:32:37 -04:00
Tad
b589976f7b Switch to the more efficient HOSTS blocking list 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-05 21:27:18 -04:00
Tad
56e9a75445 14.1+15.1: Support wildcards in cached hosts file 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-05 16:30:34 -04:00
Tad
809a361e07 Update CVE patchers 
Don't introduce https://gitlab.com/LineageOS/issues/android/-/issues/3916

Will consider adding it as a revert

Signed-off-by: Tad <tad@spotco.us>
 2021-09-04 14:35:24 -04:00
Tad
e0d300a651 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-03 22:52:24 -04:00
Tad
f77971d38f Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-31 20:53:17 -04:00
Tad
043b194210 17.1: add surnia + other changes 
- 17.1: fixup invalid line in marlin from deblobber
- 18.1: fixup audiofx removal
- all: change repo sync to 8 threads from 20, for google HTTP 429 error

Signed-off-by: Tad <tad@spotco.us>
 2021-08-26 21:02:28 -04:00
Tad
792cb89ed7 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-26 12:17:46 -04:00
Tad
0dbabac59a Update CVE patchers 
Maybe breakage?

Signed-off-by: Tad <tad@spotco.us>
 2021-08-23 15:27:53 -04:00
Tad
1dc0bce913 Disable removal of display color blobs 
Removal is still breaking boot on some devices

Signed-off-by: Tad <tad@spotco.us>
 2021-08-21 15:34:02 -04:00
Tad
c0debe55c4 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-18 08:54:30 -04:00
Tad
de22605785 18.1: add sunfish, bramble, and redfin 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-14 04:52:08 -04:00
Tad
4ae1402229 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-13 23:54:19 -04:00
Tad
441a66bbb0 Breakup hardenDefconfig for readbility and debugging purposes 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-13 22:55:21 -04:00
Tad
79132fddef Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-13 11:07:07 -04:00
Tad
3a79316ddb Fix camera on taimen/walleye/alioth 
+ typo fix for last commit
+ cherrypick cleanups

Signed-off-by: Tad <tad@spotco.us>
 2021-08-10 00:21:02 -04:00
Tad
0b4ad0e7cc 18.1: add raphael, lmi, alioth 
+ verity fixes
+ 16.0: drop beryllium, 18.1 builds now
+ deblob: better handle device makefiles

Signed-off-by: Tad <tad@spotco.us>
 2021-08-09 20:54:44 -04:00
Tad
2d468d9da2 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-09 14:44:48 -04:00
Tad
3f311f84ad Changes 
- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes

Signed-off-by: Tad <tad@spotco.us>
 2021-08-06 18:36:57 -04:00
Tad
189cf4d801 Update comments 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 22:18:00 -04:00
Tad
2db8ac7c70 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 14:57:55 -04:00
Tad
6f1512b63a crackling for 17.1 - try 2 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 14:22:16 -04:00
Tad
e9b730d83a USB enablement 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 14:21:50 -04:00
Tad
477b0a1a62 More fixes 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 10:58:22 -04:00
Tad
9e548cabf5 Fixup 3d69ad87 
Tested to compile bacon, ether, and griffin kernels

Signed-off-by: Tad <tad@spotco.us>
 2021-08-03 18:46:38 -04:00
Tad
3d69ad873e \"\'FIXES\'\" PART 2 
There will likely be some breakage here.
Many of these patches have been here since the start and never used.

Signed-off-by: Tad <tad@spotco.us>
 2021-08-03 15:14:02 -04:00
Tad
4fae8d0445 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-03 12:37:28 -04:00
Tad
2c05482872 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-07-31 09:17:08 -04:00
Tad
702ea9c91f Move FP3 to 18.1 
Signed-off-by: Tad <tad@spotco.us>
 2021-07-30 11:55:03 -04:00
Tad
914bed8556 Reimplement fe6f8537 
LTE tested working with hybrid 33-107 modem.
Phone calls drop to HSPA as expected.
No issues if using stock modem either compared to without this patch.

In my area, without this patch, my makos are useless cell-wise.

Gives extra life to the Nexus 4.

Signed-off-by: Tad <tad@spotco.us>
 2021-07-29 15:25:05 -04:00