Tad
c5b1cc9a35
Simplify 8e3f0438
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 20:23:53 -04:00
Tad
8e3f043820
Warn when running activity from 32 bit app on ARM64 devices.
...
https://android-review.googlesource.com/c/platform/frameworks/base/+/2003790/
https://github.com/GrapheneOS/platform_frameworks_base/pull/182
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 12:00:22 -04:00
Tad
42c9d22de9
Default disable exec spawning
...
Change the property too, so it takes effect next update.
Since 16.0 lacks a toggle, this effectively disables the feature for it.
Even devices with 4GB of RAM have usability severely impacted.
Plus some other tweaks/churn
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 17:58:04 -04:00
Tad
d50a3a043b
Switch 16.0/17.1/18.1 to the more robust GrapheneOS sensors permission patchset
...
Like done for 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-04-10 21:12:03 -04:00
Tad
a9e250afd9
Cleanup
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-07 00:37:20 -04:00
Tad
f481055ae9
Add the GrapheneOS always randomize MAC option to 17.1 and 18.1
...
The DHCP state patch was backported to 17.1
Signed-off-by: Tad <tad@spotco.us>
2022-03-29 22:27:09 -04:00
Tad
8a03e46c7e
Add the exec-spawning toggle from GrapheneOS
...
Tested working on 18.1/klte
TODO: backport to 16.0
Signed-off-by: Tad <tad@spotco.us>
2022-03-28 16:14:37 -04:00
Tad
1603092c50
Not all kernels have (working) getrandom support
...
hammerhead 16.0 was reported not booting
and shamu 18.1 was reported to take ~15+ minutes to boot
hammerhead does not have getrandom so it failed immediately
shamu does have getrandom BUT it blocks during init
meaning it'll wait until the entropy pool slowly fills
In tested I did not discovery this
I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita
All the newer ones have working getrandom
All the older ones included a patch to make getrandom non blocking on init
Signed-off-by: Tad <tad@spotco.us>
2022-03-17 13:21:52 -04:00
Tad
c9765fc883
Tweak tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-16 18:38:30 -04:00
Tad
a28f43c6a7
Tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-16 12:11:41 -04:00
Tad
352705fbf7
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-16 11:43:51 -04:00
Tad
a9f6672fed
hardened_malloc fixes for broken devices
...
- enable the patchset for 18.1
- add an ugly patch that extends the Pixel 3* camera workaround to all camera executables
Signed-off-by: Tad <tad@spotco.us>
2022-03-16 02:01:19 -04:00
Tad
1df7c7f1d4
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 19:16:19 -04:00
Tad
181519cf38
Add bionic hardening patchsets from GrapheneOS
...
11 b3a0c2c5db
11 5412c37195
#explicit zero
11 31456ac632
#brk
11 58ebc243ea
#random
11 5323b39f7e
#undefined
11 6a91d9dddb
#merge
11 a042b5a0ba
#vla formatting
11 9ec639de1b
#pthread
11 49571a0a49
#read only
11 149cc5ccb8
#zero
11 2e613ccbe7
#fork mmap
11 e239c7dff8
#memprot pthread
11 0b03d92b7f
#xor
11 de08419b82
#junk
11 897d4903e2
#guard
11 648cd68ca3
#ptrhread guard
11 0bc4dbcbd2
#stack rand
10 aa9cc05d07
10 a8cdbb6352
#explicit zero
10 b28302c668
#brk
10 9f8be7d07c
#random
10 cb91a7ee3a
#undefined
10 08279e2fdd
#merge
10 6a18bd565d
#vla formatting
10 2f392c2d08
#pthread
10 8bbce1bc50
#read only
10 725f61db82
#zero
10 4cd257135f
#fork mmap
10 9220cf622b
#memprot pthread
10 8ef71d1ffd
#memprot exit
10 0eaef1abbd
#xor
10 64f1cc2148
#junk
10 5c42a527cf
#guard
10 5cc8c34e60
#pthread guard
10 7f61cc8a1c
#stack rand
9 abdf523d26
9 e4b9b31e6f
#explicit zero
9 a3a22a63d2
#brk
9 7444dbc3cf
#random
9 dcd3b72ac9
#undefined
9 543e1df342
#merge
9 611e5691f7
#vla formatting
9 8de97ce864
#pthread
9 a475717042
#read only
9 7f0947cc0e
#zero
9 e9751d3370
#fork mmap
9 83cd86d0d5
#memprot pthread
9 1ebb165455
#memprot exit
9 488ba483cf
#xor
9 f9351d884b
#junk
9 85e5bca0a5
#move
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 16:56:46 -04:00
Tad
1878cd19ab
Fix/Add hardened malloc patchsets from GrapheneOS
...
11 8c0f3c0e04
11 4e6320c247
11 108754debb
10 818be3fc1d
10 010949662f
10 ede5e38f5b
9 80754c93bf
9 20160b8161
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 16:24:56 -04:00
Tad
209481c53e
Fix/Add exec based spawning patchsets from GrapheneOS
...
11 14c3c1d4cd
ac1943345e
1abb805041
2e07ab8c24
0044836677
c561811fad
7a848373ef
89646bdeb1
2a70bbac4a
d414dcaa35
b4cd877e3a
98634286bb
11 4c2635390c
11 add34a4bc6
11 a2b51906de
10 527787f3c8
ffde474ad7
aa87e487c4
c906fe9722
c69c3eecd4
b2303adccc
5bb05db6f7
536b497688
24802a832b
ce6dcc2368
3d3d5c4d38
2eda592b79
10 29f28b53c0
10 13a992c716
9 750efbf6bc
ed563b6f26
aad3c7d750
da3180f9a8
68773a29b7
283b3fa09c
f133136b65
01a01ce5f6
17c309c098
8806ec3ef1
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 15:55:13 -04:00
Tad
f015dd348f
Add the JNINativeMethod table constification patchsets from GrapheneOS
...
11 63b9f96a12
11 d8a62b5156
11 e3a4d64f29
11 e41f1d7f8e
11 c34b037486
11 dce2d0f64f
11 c99c35cb2a
10 07071814db
10 a48ba29b98
10 157fa78115
10 b914409e05
10 20a51f508b
10 b8afb8af37
10 e1b6653db7
9 ff688b68a7
9 866f0df315
9 77c9fa981a
9 fbf620e59c
9 ceaf63c790
9 253247fc39
9 76bf4c46f0
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 15:26:48 -04:00
Tad
ad579b6681
Misc hardening from GrapheneOS
...
11 62f81c237b
11 1f05db99ab
11 f242089d3f
10 abcf485dcf
9x c5db5a9f9e
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 14:40:05 -04:00
Tad
844227a4f4
18.1: add the ptrace_scope patchset from GrapheneOS
...
ad017fba58
3b89605581
8b0419ac04
52ea603339
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 14:29:34 -04:00
Tad
07bd5a3a0e
Automatic reboot and Bluetooth/Wi-Fi shutoff from GrapheneOS and CalyxOS
...
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/59
Tested on 18.1
Untested on 17.1
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 01:27:08 -04:00
Tad
9ba3a061c6
Tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 11:57:34 -04:00
Tad
bda848a0a1
Fixup 057bedb6
...
Sadly this means the option was never enabled :(
Note: these options are only available on 4.4+ kernels
Signed-off-by: Tad <tad@spotco.us>
2022-03-06 23:05:13 -05:00
Tad
9a6c3f99ed
Verify authorship and Change-Id of all contained patches
...
- No patches were found with incorrect authorship/From: lines
- The older AndroidHardening patch repos are no longer available to verify CID.
- New GrapheneOS patches do not include a CID.
- *Signature_Spoofing.patch CID could not be found.
- Fixed CID of *Harden_Sig_Spoofing.patch to match 14.1
- Fixed CID of *LGE_Fixes.patch to match 14.1
- Fixed CID of *Harden.patch to match 14.1
- Added edit note to *Harden.patch
- Fixed CID of *PREREQ_Handle_All_Modes.patch to match 14.1
- Fixed CID of *More_Preferred_Network_Modes.patch to match 14.1
- Fixed CID of *AES256.patch to match 14.1
- Fixed CID of *0001-OTA_Keys.patch to match 18.1
- Fixed CID of *Camera_Fix.patch to match 15.1
- Fixed CID of *Connectivity.patch to match 14.1
- Fixed CID of *Fix_Calling.patch to match 14.1
- Fixed CID of *Remove_Analytics.patch to match 14.1
- Fixed CID of Unused-*.patch/audio_extn to match original
Signed-off-by: Tad <tad@spotco.us>
2022-03-05 13:13:30 -05:00
Tad
5e1521700f
Port the GrapheneOS NETWORK permission to 17.1 and 18.1
...
Some patches were ported from 12 to 10/11
Some patches from 11 were ported to 10
This 10/11 port should be very close to 12
BOUNS: 16.0 patches, disabled
Signed-off-by: Tad <tad@spotco.us>
2022-02-25 16:52:51 -05:00
Tad
5283db6f05
Drop the broken PDB patch
...
Why'd past me write this trash?
Signed-off-by: Tad <tad@spotco.us>
2022-02-14 07:43:45 -05:00
Tad
143b6fa164
18.1: Refresh for recent upstream Updater changes
...
Untested, should work
Signed-off-by: Tad <tad@spotco.us>
2022-02-14 03:05:32 -05:00
Tad
2eda5086fc
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-13 23:57:59 -05:00
Tad
bc3a9cddba
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-09 00:22:02 -05:00
Tad
0a664cc22c
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-03 21:12:02 -05:00
Tad
5e18ec4dfe
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-16 16:42:26 -05:00
Tad
8a45dc4696
18.1: Device additions
...
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c
Signed-off-by: Tad <tad@spotco.us>
2022-01-06 21:04:17 -05:00
Tad
207e45fe6a
Update oneplus/sdm845 to 4.9.295
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-06 15:21:00 -05:00
Tad
b05823bb20
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-04 21:00:25 -05:00
Tad
daf98f8197
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-31 21:39:04 -05:00
Tad
68771721d5
Update oneplus/sdm845 to 4.8.282
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-29 11:51:52 -05:00
Tad
8b3beeb9fd
More analytics disablement
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-27 23:24:03 -05:00
Tad
ee1f466211
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-27 18:16:42 -05:00
Tad
2c1d8d5e78
Hamper analytics improvements
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-27 17:35:53 -05:00
Tad
8b85bf9719
Small change
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-12 12:10:47 -05:00
Tad
f950398fa1
glibc 2.34 fix
...
Tested working to compile mako on Fedora 35
Signed-off-by: Tad <tad@spotco.us>
2021-11-14 20:16:48 -05:00
Tad
3e62262e88
Small fixup
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-07 13:37:37 -05:00
Tad
809e03833e
Verity enablement overhaul
...
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 10:24:07 -04:00
Tad
898c040ead
More useless churn
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-01 21:04:59 -04:00
Tad
e6beba4b15
Small tweaks
...
Sad churn from git version.
Will be removed next build cycle.
Signed-off-by: Tad <tad@spotco.us>
2021-10-27 14:16:37 -04:00
Tad
b77444f84d
Deblobber tweaks
...
- Put more blobs behind flags for testing purposes
- Potential graphics fix for newer devices
- Removes more Wi-Fi display blobs
- Remove some misc blobs
Signed-off-by: Tad <tad@spotco.us>
2021-10-23 19:49:27 -04:00
Tad
0c793835da
Expand the available Private DNS options
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-22 18:33:06 -04:00
Tad
fe8e8201a9
Add more 'Private DNS' options
...
Based off of patches from CalyxOS as noted in each included patch.
Tested and verified working on klte and mata 18.1
Signed-off-by: Tad <tad@spotco.us>
2021-10-21 23:39:46 -04:00
Tad
70b96aa211
Update oneplus/sdm845 from 4.9.227 to 4.9.277
...
Pulls us into August 2021
Tested working:
- boot
- usb mtp
- wifi
- bluetooth
- cameras
- audio
- gps
- brightness
Signed-off-by: Tad <tad@spotco.us>
2021-10-21 00:12:59 -04:00
Tad
4ce35a3c60
Refresh most branch specific patches
...
Fixed up:
LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch
LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
Must review again:
LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 15:19:55 -04:00
Tad
7ba42f052a
Small changes
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-14 15:58:22 -04:00