Commit Graph

370 Commits

Author SHA1 Message Date
Tad
20c4e75fe1
Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 18:30:29 -05:00
Tad
4f6e21d7f9 Deduplicate Defaults.sh
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:57:13 -05:00
Tad
af3fe9776b Small updates
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:19:21 -05:00
Tad
1511176a07
Update CVE patchers
Maybe some breakage

Signed-off-by: Tad <tad@spotco.us>
2023-01-28 20:33:44 -05:00
Tad
3231979ef4
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-01-24 20:55:42 -05:00
Tad
da1df44c8f
GrapheneOS kernel hardening patches update
Maybe some compile breakage

Signed-off-by: Tad <tad@spotco.us>
2023-01-24 19:03:01 -05:00
Tad
e81cd5586d
Add even more captive portal servers + sorting
TODO: apply to other branches

Signed-off-by: Tad <tad@spotco.us>
2023-01-23 16:42:00 -05:00
Tad
9558a7d0e9 Switch to the Broadcom PSDS server for Pixel 6/7 series
Instead of agnss.goog cache
Based off of a patch from GrapheneOS

Signed-off-by: Tad <tad@spotco.us>
2023-01-21 04:08:26 -05:00
Tad
84a9a1326c
18.1+: add multiple captive potal server options
This also switches 18.1 from @MSe1969's patch to the GrapheneOS patch
Can maybe port to 17.1 too

Signed-off-by: Tad <tad@spotco.us>
2023-01-20 00:21:30 -05:00
Tad
91807acf21
various small fixes
- loose versioning fixes for 4.9
- remove GPG commit verification for GOS repos, they use SSH now. TODO: support that
- 20.0: fixup AudioFX stray lines
- 20.0: broken fix for gs101/201 stray iwlan lines

Signed-off-by: Tad <tad@spotco.us>
2023-01-18 20:02:11 -05:00
Tad
5ce2d33162
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-01-18 14:13:33 -05:00
Tad
b01e902988 m8: boost microphone volume patch from @Ke1i
Signed-off-by: Tad <tad@spotco.us>
2023-01-14 14:01:30 -05:00
Tad
b82427ce5b Conservative reverse loose versioning for 3.10
This applies 3.4 patches to 3.10 if no other match is available

Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch

Signed-off-by: Tad <tad@spotco.us>
2023-01-13 15:51:46 -05:00
Tad
14f40e024f
Update CVE patchers
This adds loose versioning applying 4.14 patches to 4.9

Signed-off-by: Tad <tad@spotco.us>
2023-01-13 13:23:12 -05:00
Tad
207bdd2406
Strict versionCode checks for system apps from GrapheneOS
Signed-off-by: Tad <tad@spotco.us>
2023-01-11 12:19:41 -05:00
Tad
efa31534a9
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-01-07 10:52:03 -05:00
Tad
06eed1fba9
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-31 21:41:46 -05:00
Tad
06254708be
Many fixes to get bluejay booting & working proper
- Enable APEX for Pixel 6/7, necessary for camera and pKVM
  - Also drop hack removing pKVM for Pixel 6/7
  - patch from GrapheneOS

- Extend hmalloc workaround to /apex

- Deblobber:
  - actually handle wildcard f/w/b overlays
  - move some stuff around
  - remove some more Pixel blobs
  - flag and disable removal of camera extensions, being able to use the second camera is nice

- Adjust what hardenDefconfig disables, caused boot issues
  minimal impact as most of these are already default-disabled
  can be narrowed down in future

- Disable some of the bionic hardening patches, causing more boot issues
  annoying to lose, but having a phone that boots is more important

- Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS

- Remove Pixel 2 ramdisk compression reverts, fixed upstream

And yes, I know I should've split up this commit...

Signed-off-by: Tad <tad@spotco.us>
2022-12-25 13:21:37 -05:00
Tad
7d6b8e3aeb
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-22 11:33:47 -05:00
Tad
03293f6b52
Fixup
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels

Signed-off-by: Tad <tad@spotco.us>
2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-16 22:06:13 -05:00
Tad
7dc3b8ef69
Tiny update
Signed-off-by: Tad <tad@spotco.us>
2022-12-11 19:25:10 -05:00
Tad
abb616d2f3
Updates
Signed-off-by: Tad <tad@spotco.us>
2022-12-09 17:23:20 -05:00
Tad
ce47fdae34
Small updates + Picks
Signed-off-by: Tad <tad@spotco.us>
2022-12-07 18:41:50 -05:00
Tad
038fca449b
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-30 08:28:40 -05:00
Tad
fd0e3e8117
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-22 07:11:30 -05:00
Tad
c4fe56a307
Update CVE patchers
This fixes CVE-2018-9422 which was primarily added via b56fabac

May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937

Signed-off-by: Tad <tad@spotco.us>
2022-11-21 08:39:10 -05:00
Tad
14f7f1db32
Updates + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-11-13 02:06:05 -05:00
Tad
b81d39c969
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 16:05:22 -05:00
Tad
27395374e1
Fixup + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 13:54:57 -05:00
Tad
8d4d73d65c
Picks
Signed-off-by: Tad <tad@spotco.us>
2022-11-09 18:11:48 -05:00
Tad
ac3dc319c7
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-07 15:51:17 -05:00
Tad
7fb334d825
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-03 13:25:38 -04:00
Tad
c051cb282d Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-22 21:39:01 -04:00
Tad
1338c24d9b
Disable CarrierConfig and carrier_list changes
I've had reports of non-functional SIM and reboots with select carriers on this last update

Signed-off-by: Tad <tad@spotco.us>
2022-10-20 19:42:01 -04:00
Tad
8ddbd86d44
20.0: more devices
Signed-off-by: Tad <tad@spotco.us>
2022-10-19 15:22:20 -04:00
Tad
148df59b7e
Cleanup: Drop UnifiedNlp, FDroidPrivExt, and Silence
These haven't been included for a while

+remove some old cruft from 20.0

Signed-off-by: Tad <tad@spotco.us>
2022-10-19 12:15:24 -04:00
Tad
0c4db149e1
20.0: Network & Sensors permission from GrapheneOS
This revokes the permissions to all user installed apps on update.
Likely an expected quirk of being on 20.0 without the permission.
19.1 upgrades and new 20.0 installs should be fine.

TODO: update 19.1 with the SpecialRuntimePermAppUtils too

Signed-off-by: Tad <tad@spotco.us>
2022-10-18 22:14:56 -04:00
Tad
055ed9bfad
20.0: Initial bringup
Signed-off-by: Tad <tad@spotco.us>
2022-10-15 10:39:48 -04:00
Tad
2acd454f13
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-13 23:42:20 -04:00
Tad
1543d2dc17
Cleanup
Missed from 42306525

Signed-off-by: Tad <tad@spotco.us>
2022-10-12 17:11:40 -04:00
Tad
2166491d5d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-12 17:11:06 -04:00
Tad
e7968e1269
Picks + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-10-09 16:35:12 -04:00
Tad
4230652540
18.1: Drop all devices working on 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 21:10:04 -04:00
Tad
bf66d5db45
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 20:59:55 -04:00
Tad
348b392f03
Picks
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 10:24:04 -04:00
Tad
d78121a1c0
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 10:22:17 -04:00
Tad
598d78bb61
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-09-25 13:49:45 -04:00
Tad
25568706e1
Various
- Add back the SIM ToolKit app
- 17.1: CarrierConfig testing
- 19.1: Enable op5 firmware inclusion, needs testing
- Don't disable coresight bits on op8, breaks compile
- 19.1: Add a patch from GrapheneOS to display/share logs when a crash happens

Signed-off-by: Tad <tad@spotco.us>
2022-09-23 22:53:12 -04:00
Tad
411fcc08e1
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-09-15 14:11:58 -04:00