Tad
7b8ef09540
Update CVE patchers
...
Effectively no changes
Signed-off-by: Tad <tad@spotco.us>
2022-07-04 18:30:09 -04:00
Tad
d79d1fcba3
19.1: More promotions
...
Signed-off-by: Tad <tad@spotco.us>
2022-07-01 14:17:18 -04:00
Tad
ac645dd62e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-28 11:32:05 -04:00
Tad
519a474173
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-19 22:44:05 -04:00
Tad
4e09464e86
Pick
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-15 17:17:47 -04:00
Tad
11b9ae5bc4
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-13 21:24:08 -04:00
Tad
d58279e054
Update wireless-regdb to 2022.06.06 release
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-11 10:17:25 -04:00
Tad
70b8485695
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-09 17:59:48 -04:00
Tad
c092b13a44
Restore star*lte
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-08 22:55:00 -04:00
Tad
2bf84a7643
Increase default max password length to 64, credit GrapheneOS
...
Closes https://github.com/Divested-Mobile/DivestOS-Build/pull/119
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/27
Signed-off-by: Tad <tad@spotco.us>
2022-06-07 15:33:38 -04:00
Tad
492b6ba291
Tweaks
...
Exempt the Fused Location Provider:
5f19508083
Bring the hardened malloc camera workaround in tree, it was dropped upstream
Signed-off-by: Tad <tad@spotco.us>
2022-06-07 15:06:25 -04:00
Tad
27f8663b00
Tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-06 16:58:55 -04:00
Tad
697bed18fb
17.1+18.1: Drop all devices working on 19.1
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 14:26:44 -04:00
Tad
1f41b1c498
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 12:55:32 -04:00
Tad
899ea17d4e
Add the missing page sanitization to 3.18 kernels
...
All along they only had slub sanization :(
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 12:00:01 -04:00
Tad
3da5613dfc
Add unconditional burnin protection on 18.1 and 19.1, credit @arter97
...
Also skip the power on animation on 19.1, credit @kdrag0n
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 10:54:11 -04:00
Tad
5df4058a15
Chrun
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-03 15:14:35 -04:00
Tad
92c66447f8
Drop slub_debug
...
What is lost?
- sanity checks and redzoning on all devices
- redzoning reportedly however causes issues on some devices such as the Pixel 3/4 and OnePlus 7
- slub sanization on 3.0, 3.4, 4.4 (except google/wahoo), xiaomi/sm6150, and oneplus/sm7250
Note: all 3.4+ devices still have page sanization
Signed-off-by: Tad <tad@spotco.us>
2022-06-03 13:58:17 -04:00
Tad
d3cb12b41b
Skip adding slub_debug=P where not needed
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-03 13:39:08 -04:00
Tad
da63c9e571
Various small patches
...
7408144e1b
> extend Network/Sensors permission handling for legacy apps not targeting Android 6
> or above (API 23) to resolve a UI issue where the user choosing to grant the
> Network/Sensors permissions via the legacy permission review interface doesn't
> appear in the Settings app info page
22d32cb61b
suppresses https://github.com/Divested-Mobile/DivestOS-Build/discussions/112
66f406b979
3f69205d06
nice to have
Signed-off-by: Tad <tad@spotco.us>
2022-06-02 23:17:05 -04:00
Tad
e6a7cd6a14
Tiny fix
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-02 21:48:48 -04:00
Tad
aa61367ace
Tweaks
...
- Disable slub_debug=P for devices with INIT_ON_ALLOC/FREE_DEFAULT_ON
- Disable slub_debug=Z due to known breakage
- Disable many debug options on Linux 4.x and up
- 19.1: fixup missing manifests for vayu :\
Signed-off-by: Tad <tad@spotco.us>
2022-06-02 17:13:20 -04:00
Tad
0eaca57fa6
19.1: Add OnePlus 8 and 9 series
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-02 11:52:58 -04:00
Tad
0b4c829b74
Fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-01 07:45:19 -04:00
Tad
6d95c231bc
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-31 21:29:22 -04:00
Tad
1132b40666
19.1: add alioth, lmi, and vayu
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-31 19:45:44 -04:00
Tad
735c9e0de8
Revert 5d57bf13
...
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices
Signed-off-by: Tad <tad@spotco.us>
2022-05-27 23:46:57 -04:00
Tad
5d57bf13c4
Compile fixes
...
The backported fix for CVE-2021-39713 requires CONFIG_MODULES=y
MODULES is default enabled, but some kernels are mutilated and break with it on
Signed-off-by: Tad <tad@spotco.us>
2022-05-26 22:36:22 -04:00
Tad
28724c4a6e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-25 22:52:22 -04:00
Tad
2c4caa30a1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-24 00:36:49 -04:00
Tad
de781e9921
Tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-23 23:15:27 -04:00
Tad
91953c0a45
Remove more blobs
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-21 13:42:51 -04:00
Tad
1ffaf7fe51
Fix
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-20 17:16:51 -04:00
Tad
e8bc36af04
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-20 17:16:29 -04:00
Tad
e5b0a6a429
Make ZRAM great again
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-18 23:04:01 -04:00
Tad
1ea1ce9bc2
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-18 12:49:54 -04:00
Tad
991e4c0642
Revert "Revert b5224f0"
...
I've triple checked that calls/data work fine without these blobs
and also have another report from walleye as the same.
I have no idea what is happening to those who have SIM issues.
This reverts commit dc392b17b6
.
2022-05-17 18:42:38 -04:00
Tad
dc392b17b6
Revert b5224f0
...
Calling and data is tested working on my taimen
But there are multiple reports that say otherwise
Signed-off-by: Tad <tad@spotco.us>
2022-05-17 10:48:28 -04:00
Tad
df4631a493
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-15 19:14:55 -04:00
Tad
64b4bbe075
Disable older devices tested/reported working on 19.1
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-15 13:16:36 -04:00
Tad
3114ca7157
19.1: Add the Private DNS presets
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-14 22:34:17 -04:00
Tad
05930af014
Various changes
2022-05-14 21:40:50 -04:00
Tad
3e7b657295
Tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-13 19:47:43 -04:00
Tad
7a168302cf
19.1: Location indicator exemptions
...
Credit/References:
26ddac7988
7370657f85
37e2a4e0bc
a5d43c0157
ac60a2117e
Signed-off-by: Tad <tad@spotco.us>
2022-05-12 23:25:21 -04:00
Tad
bf7c06105c
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-12 22:13:06 -04:00
Tad
4dbab20c06
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-10 15:32:13 -04:00
Tad
9286bdd258
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-10 15:02:03 -04:00
Tad
c4400a9a6f
Pick
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-09 22:16:00 -04:00
Tad
1f807b843f
Split
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-09 14:37:22 -04:00
Tad
675b1a5da0
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-09 12:56:03 -04:00
Tad
df398fd6f5
Various
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-07 20:22:49 -04:00
Tad
bc0a9f79b3
19.1: replace OpenCamera with official prebuilt GrapheneOS Camera
...
Benefits over OpenCamera
- QR scanner
- no broken panoroma option
- much simpler and cleaner "just works" interface
- selfie self illumination option, try it!
TODO: consider adding to 17.1 and 18.1
Signed-off-by: Tad <tad@spotco.us>
2022-05-07 20:22:36 -04:00
Tad
4edfa56f1a
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-04 11:52:22 -04:00
Tad
b2eb3c01b4
Update CVE patchers
...
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375
Signed-off-by: Tad <tad@spotco.us>
2022-05-03 23:33:17 -04:00
Tad
9c549763a4
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-03 21:11:05 -04:00
Tad
b5224f0c79
Remove the Google carrier blobs
...
These were previously removed, and added back after a false report of breakage.
Data and VoLTE tested working on taimen
Signed-off-by: Tad <tad@spotco.us>
2022-05-03 14:28:51 -04:00
Tad
e38aff581e
Small tweaks
...
- Remove some more blobs
- 19.1: disable FP animation (jesec)
- 18.1: mata: allow major upgrades (to 19.1) (Updater patch by erfanoabdi)
- mata: disable Vulkan, it doesn't work
Signed-off-by: Tad <tad@spotco.us>
2022-05-02 15:04:12 -04:00
Tad
8491016b84
19.1: add mata, cheeseburger, dumpling
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-01 10:45:33 -04:00
Tad
65883d9bc4
2022
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-01 01:13:49 -04:00
Tad
0086d97848
Put back slub_debug=Z
...
Was removed for testing purposes in bfa18cb1
Signed-off-by: Tad <tad@spotco.us>
2022-04-30 14:35:27 -04:00
Tad
52c3a55140
Another kernel compile fix
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-29 19:34:34 -04:00
Tad
1b6f6909ad
Fix compile on some kernels
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-29 17:25:23 -04:00
Tad
b337aef1bb
19.1: Disable kernel update for op6
...
While this works on 18.1, on 19.1 it causes breakage
opening a terminal emulator causes instant panic with no logs
Signed-off-by: Tad <tad@spotco.us>
2022-04-29 16:38:28 -04:00
Tad
e3ff62cda1
FIX
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-29 15:26:15 -04:00
Tad
bfa18cb176
defconfig tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-29 14:02:29 -04:00
Tad
36fabeca42
Deblob manifest.xml
...
Reverts 766219aa
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/55
Signed-off-by: Tad <tad@spotco.us>
2022-04-29 09:44:36 -04:00
Tad
9875334547
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-28 20:17:13 -04:00
Tad
5fb67c45ae
19.1: add cheryl
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-28 19:57:49 -04:00
Tad
edfbb8b063
Further ensure oem unlock toggle is available
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-28 08:30:54 -04:00
Tad
766219aabd
Don't remove source built ClearKey DRM
...
Breaks some Chromium browsers like Brave and Kiwi
Signed-off-by: Tad <tad@spotco.us>
2022-04-28 08:04:28 -04:00
Tad
e9aa53b640
19.1: add guacamoleb
...
skipping 18.1
Signed-off-by: Tad <tad@spotco.us>
2022-04-27 08:35:48 -04:00
Tad
3316cc4824
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-27 07:46:22 -04:00
Tad
3457fd4151
Device cleanup
...
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo
Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)
Signed-off-by: Tad <tad@spotco.us>
2022-04-26 15:19:57 -04:00
Tad
13a9997a0c
19.1: aura and beryllium + some fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-26 11:41:28 -04:00
Tad
4f64f7538c
19.1: Add toggle for /etc/hosts
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-20 22:45:12 -04:00
Tad
9a6c7a2684
18.1: Add toggle for /etc/hosts
...
TODO: 19.1 and maybe 17.1
Tested working on klte/18.1
Signed-off-by: Tad <tad@spotco.us>
2022-04-20 16:40:22 -04:00
Tad
1f721c7845
Further credit patches
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 23:52:10 -04:00
Tad
18e97c565d
19.1: missed hosts work
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 23:28:05 -04:00
Tad
c5b1cc9a35
Simplify 8e3f0438
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 20:23:53 -04:00
Tad
e666a4a891
Update CVE patchers
...
TODO: maybe split CVE-2022-23960/4.9 to get back?
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 14:38:44 -04:00
Tad
8e3f043820
Warn when running activity from 32 bit app on ARM64 devices.
...
https://android-review.googlesource.com/c/platform/frameworks/base/+/2003790/
https://github.com/GrapheneOS/platform_frameworks_base/pull/182
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 12:00:22 -04:00
Tad
d4dceffa60
Update supported kernels to latest wireless regulations database
...
Applies for ~43 kernel trees
Source: wireless-regdb-2022.04.08
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 11:30:57 -04:00
Tad
163a162568
Fix boot animation + churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-18 23:04:24 -04:00
Tad
0e1266ac1f
Drop Silence
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-16 18:53:00 -04:00
Tad
4b6a86a473
Add missing device variants
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-14 19:47:21 -04:00
Tad
be6b03fe96
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-13 14:54:08 -04:00
Tad
486e358050
More (disabled) lowram tweaks for <2GB devices
...
The inprocess variants make very little reduction and likely reduce security.
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 20:25:26 -04:00
Tad
42c9d22de9
Default disable exec spawning
...
Change the property too, so it takes effect next update.
Since 16.0 lacks a toggle, this effectively disables the feature for it.
Even devices with 4GB of RAM have usability severely impacted.
Plus some other tweaks/churn
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 17:58:04 -04:00
Tad
81d9923cda
Don't disable scudo on lowram devices
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 15:01:05 -04:00
Tad
30de608a61
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 02:51:44 -04:00
Tad
d078b24ddb
lowram tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-11 23:40:26 -04:00
Tad
293a4d12f4
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-10 21:20:55 -04:00
Tad
d50a3a043b
Switch 16.0/17.1/18.1 to the more robust GrapheneOS sensors permission patchset
...
Like done for 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-04-10 21:12:03 -04:00
Tad
0895190ffa
Icon cache fix
...
Lineage overhauled icons and old ones are still showing
Signed-off-by: Tad <tad@spotco.us>
2022-04-10 18:40:12 -04:00
Simon Brand
882c3083c5
Remove duplicte line in Enable_Verity.sh
2022-04-10 16:38:03 +00:00
Tad
5431edd85b
Fix boot issues on select devices after recent AVB changes
...
alioth, beryllium, davinci, vayu were tested working without this
lavender however would not boot
lmi was not tested
lavender, unlocked, managed to get into some weird broken state
that won't even boot after this, not even with Lineage or TWRP
:(
enchilada/fajita 18.1 use stock vendor and don't boot either
enchilada is tested booting again after this
Signed-off-by: Tad <tad@spotco.us>
2022-04-09 18:27:48 -04:00
Tad
f747fb36e5
Various
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-08 16:55:30 -04:00
Tad
7da114e755
Tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-07 11:01:27 -04:00
Tad
a9e250afd9
Cleanup
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-07 00:37:20 -04:00
Tad
258fe8389b
Adjust quick tiles for 12
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 22:30:56 -04:00
Tad
fd835ca492
Fixup 5a3c64c1
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 21:46:49 -04:00
Tad
2de5521a7c
Keystore fix from GrapheneOS
...
See:
https://nitter.net/GrapheneOS/status/1510736425259573249
https://github.com/Divested-Mobile/DivestOS-Build/discussions/46#discussioncomment-2520009
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 21:10:26 -04:00
Tad
5a3c64c178
19.1: oneplus/sdm845: 4.9.227 -> 4.9.282
...
Just like 18.1
also .282 is the latest qc/4.9 sadly
AOSP/4.9 can be merged but has charging related tweaks that might break things
Broken:
drivers/char/diag/diagmem.c:184:11: error: cast to smaller integer type 'int' from 'void *'
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 21:09:43 -04:00
Tad
75f3bfd5d0
19.1: More work
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 17:09:14 -04:00
Tad
2d7a34a27d
19.1: Initial roster
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 17:04:59 -04:00
Tad
c5477f31dc
FIX
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 16:30:04 -04:00
Tad
18c840222b
Simplify: always nochain
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 15:45:20 -04:00
Tad
b026a7811c
Actually enforce AVB + signing fixes
...
- Turns out AVB was set permissive this entire time :(
--flags 2 == VERIFICATION_DISABLED
- APEX support from GrapheneOS
- Disable vbmeta chaining like GrapheneOS
and optionally handle it like CalyxOS
taimen 19.1 boots with locked bootloader successfully after this
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 15:16:12 -04:00
Tad
d1e441e4cb
19.1: More work
...
- Adds hosts cache and wildcard support back
- Fixes broken hardened malloc enablement patch
- Drops FDroidPrivExt, non-functional
- Disables captive portal toggle patch, crashes Settings, needs rework
- Rebranding work
- Attempts to fix no boot animation
Signed-off-by: Tad <tad@spotco.us>
2022-04-06 02:32:33 -04:00
Tad
3a0659b9d8
19.1: more work, it compiles and boots!
...
- Add the manifest
- Add Pixel 2 series
- Add some missing patches
- More DNS files
- Drop Silence in 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-04-05 23:44:15 -04:00
Tad
1705545d22
19.1: Initial bringup
...
TODO:
- manifest
- devices
- a few small patches to rebase
Signed-off-by: Tad <tad@spotco.us>
2022-04-05 00:44:19 -04:00
Tad
b464106cc5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-04 15:51:23 -04:00
Tad
deb183d273
Tiny fix
...
One of these might not be necessary
Signed-off-by: Tad <tad@spotco.us>
2022-04-03 17:33:20 -04:00
Tad
1b83b96807
Simplify
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-02 15:15:30 -04:00
Tad
6c5a65622c
Page sanitization improvements
...
This ensures init_on_alloc/free is used instead of page poisioning where available.
3.4 through 3.18 have a patch without a toggle for page sanitization.
Signed-off-by: Tad <tad@spotco.us>
2022-04-02 12:57:17 -04:00
Tad
01900ca1c6
Reverts
...
WebView overlay is breaking boot on 15.1???
This reverts commit e61e288b4a
.
2022-04-01 17:07:27 -04:00
Tad
3f9b346345
Fix boot breakage
...
On devices with quota enabled and impacted by this patch
Signed-off-by: Tad <tad@spotco.us>
2022-04-01 10:30:30 -04:00
Tad
e1f5d99e51
Fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-01 08:16:28 -04:00
Tad
987122f99e
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-01 02:12:34 -04:00
Tad
8dbdc0f31e
Enable Clang's -ftrivial-auto-var-init=zero on 17.1
...
Just like Android 11+
Signed-off-by: Tad <tad@spotco.us>
2022-03-31 22:04:50 -04:00
Tad
e26908b9e0
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-31 21:30:56 -04:00
Tad
e2c499dd24
Enable Clang's -ftrivial-auto-var-init=zero on supported kernels
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-31 21:00:31 -04:00
Tad
256df737a3
Don't set device name as DHCP hostname
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-31 18:46:21 -04:00
Tad
90420610f0
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-30 10:46:37 -04:00
Tad
f481055ae9
Add the GrapheneOS always randomize MAC option to 17.1 and 18.1
...
The DHCP state patch was backported to 17.1
Signed-off-by: Tad <tad@spotco.us>
2022-03-29 22:27:09 -04:00
Tad
09834b568f
Disable USAP when exec_spawning patchset is enabled
...
It seems to increase memory usage and its interactions are unknown
Signed-off-by: Tad <tad@spotco.us>
2022-03-29 22:26:23 -04:00
Tad
1bbb6f9b4e
Fix and enable exec_spawning feature
...
This is the missing puzzle piece :)
Signed-off-by: Tad <tad@spotco.us>
2022-03-28 22:02:52 -04:00
Tad
19b03c9ff4
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-28 17:43:48 -04:00
Tad
8a03e46c7e
Add the exec-spawning toggle from GrapheneOS
...
Tested working on 18.1/klte
TODO: backport to 16.0
Signed-off-by: Tad <tad@spotco.us>
2022-03-28 16:14:37 -04:00
Tad
a3266de8df
Tiny fix
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-21 18:25:48 -04:00
Tad
a53062ca0b
Backports
...
Adds ptrace_scope and timeout options to 17.1, tested working
Also adds hardened_malloc to 15.1, but failing to compile:
external/hardened_malloc/h_malloc.c:1688:18: error: use of undeclared identifier 'M_PURGE'
if (param == M_PURGE) {
^
external/hardened_malloc/h_malloc.c:1743:30: error: missing field 'ordblks' initializer [-Werror,-Wmissing-field-initializers]
struct mallinfo info = {0};
^
Signed-off-by: Tad <tad@spotco.us>
2022-03-21 18:06:49 -04:00
Tad
0c33d328b7
Partially re-enable the bionic hardening patchset
...
These uncommented patches have been ruled out, leaving 7 more to test
shamu is tested booting with this
Signed-off-by: Tad <tad@spotco.us>
2022-03-19 20:25:24 -04:00
Tad
a56e3a3016
Disable the bionic hardening patchset to fix boot issues
...
10+4 devices tested working with bionic hardening patches enabled
but hammerhead and shamu do not boot...
2 of the patches were already found to have issues and disabled
3 other patches were ruled out:
- Stop implicitly marking mappings as mergeable
- Make __stack_chk_guard read-only at runtime
- On 64-bit, zero the leading stack canary byte
Leaves 11+1 patches remaining that need to be tested
But I don't have either of the two known impacted devices.
Signed-off-by: Tad <tad@spotco.us>
2022-03-19 16:19:00 -04:00
Tad
3207cde72e
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-19 12:41:49 -04:00
Tad
09353cdcd2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-18 00:07:18 -04:00
Tad
1603092c50
Not all kernels have (working) getrandom support
...
hammerhead 16.0 was reported not booting
and shamu 18.1 was reported to take ~15+ minutes to boot
hammerhead does not have getrandom so it failed immediately
shamu does have getrandom BUT it blocks during init
meaning it'll wait until the entropy pool slowly fills
In tested I did not discovery this
I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita
All the newer ones have working getrandom
All the older ones included a patch to make getrandom non blocking on init
Signed-off-by: Tad <tad@spotco.us>
2022-03-17 13:21:52 -04:00
Tad
352705fbf7
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-16 11:43:51 -04:00
Tad
a9f6672fed
hardened_malloc fixes for broken devices
...
- enable the patchset for 18.1
- add an ugly patch that extends the Pixel 3* camera workaround to all camera executables
Signed-off-by: Tad <tad@spotco.us>
2022-03-16 02:01:19 -04:00
Tad
e002154486
Typo
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 20:59:43 -04:00
Tad
1df7c7f1d4
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 19:16:19 -04:00
Tad
181519cf38
Add bionic hardening patchsets from GrapheneOS
...
11 b3a0c2c5db
11 5412c37195
#explicit zero
11 31456ac632
#brk
11 58ebc243ea
#random
11 5323b39f7e
#undefined
11 6a91d9dddb
#merge
11 a042b5a0ba
#vla formatting
11 9ec639de1b
#pthread
11 49571a0a49
#read only
11 149cc5ccb8
#zero
11 2e613ccbe7
#fork mmap
11 e239c7dff8
#memprot pthread
11 0b03d92b7f
#xor
11 de08419b82
#junk
11 897d4903e2
#guard
11 648cd68ca3
#ptrhread guard
11 0bc4dbcbd2
#stack rand
10 aa9cc05d07
10 a8cdbb6352
#explicit zero
10 b28302c668
#brk
10 9f8be7d07c
#random
10 cb91a7ee3a
#undefined
10 08279e2fdd
#merge
10 6a18bd565d
#vla formatting
10 2f392c2d08
#pthread
10 8bbce1bc50
#read only
10 725f61db82
#zero
10 4cd257135f
#fork mmap
10 9220cf622b
#memprot pthread
10 8ef71d1ffd
#memprot exit
10 0eaef1abbd
#xor
10 64f1cc2148
#junk
10 5c42a527cf
#guard
10 5cc8c34e60
#pthread guard
10 7f61cc8a1c
#stack rand
9 abdf523d26
9 e4b9b31e6f
#explicit zero
9 a3a22a63d2
#brk
9 7444dbc3cf
#random
9 dcd3b72ac9
#undefined
9 543e1df342
#merge
9 611e5691f7
#vla formatting
9 8de97ce864
#pthread
9 a475717042
#read only
9 7f0947cc0e
#zero
9 e9751d3370
#fork mmap
9 83cd86d0d5
#memprot pthread
9 1ebb165455
#memprot exit
9 488ba483cf
#xor
9 f9351d884b
#junk
9 85e5bca0a5
#move
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 16:56:46 -04:00
Tad
1878cd19ab
Fix/Add hardened malloc patchsets from GrapheneOS
...
11 8c0f3c0e04
11 4e6320c247
11 108754debb
10 818be3fc1d
10 010949662f
10 ede5e38f5b
9 80754c93bf
9 20160b8161
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 16:24:56 -04:00
Tad
209481c53e
Fix/Add exec based spawning patchsets from GrapheneOS
...
11 14c3c1d4cd
ac1943345e
1abb805041
2e07ab8c24
0044836677
c561811fad
7a848373ef
89646bdeb1
2a70bbac4a
d414dcaa35
b4cd877e3a
98634286bb
11 4c2635390c
11 add34a4bc6
11 a2b51906de
10 527787f3c8
ffde474ad7
aa87e487c4
c906fe9722
c69c3eecd4
b2303adccc
5bb05db6f7
536b497688
24802a832b
ce6dcc2368
3d3d5c4d38
2eda592b79
10 29f28b53c0
10 13a992c716
9 750efbf6bc
ed563b6f26
aad3c7d750
da3180f9a8
68773a29b7
283b3fa09c
f133136b65
01a01ce5f6
17c309c098
8806ec3ef1
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 15:55:13 -04:00
Tad
f015dd348f
Add the JNINativeMethod table constification patchsets from GrapheneOS
...
11 63b9f96a12
11 d8a62b5156
11 e3a4d64f29
11 e41f1d7f8e
11 c34b037486
11 dce2d0f64f
11 c99c35cb2a
10 07071814db
10 a48ba29b98
10 157fa78115
10 b914409e05
10 20a51f508b
10 b8afb8af37
10 e1b6653db7
9 ff688b68a7
9 866f0df315
9 77c9fa981a
9 fbf620e59c
9 ceaf63c790
9 253247fc39
9 76bf4c46f0
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 15:26:48 -04:00
Tad
ad579b6681
Misc hardening from GrapheneOS
...
11 62f81c237b
11 1f05db99ab
11 f242089d3f
10 abcf485dcf
9x c5db5a9f9e
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 14:40:05 -04:00
Tad
844227a4f4
18.1: add the ptrace_scope patchset from GrapheneOS
...
ad017fba58
3b89605581
8b0419ac04
52ea603339
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 14:29:34 -04:00
Tad
07bd5a3a0e
Automatic reboot and Bluetooth/Wi-Fi shutoff from GrapheneOS and CalyxOS
...
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/59
Tested on 18.1
Untested on 17.1
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 01:27:08 -04:00
Tad
e61e288b4a
Optionally allow the official Bromite WebView to be used, credit @MSe1969
...
This also replaces the overrides for all versions
And should allow the Google WebView on 14/15/16
And lastly only leaves the bundled version as default
This is a merge of the LineageOS 14/15/16 and 17/18 overlay
With the addition of the Bromite signature from @MSe1969
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 22:59:40 -04:00
Tad
9ba3a061c6
Tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 11:57:34 -04:00
Tad
f65c7a4ccd
Tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-12 11:48:23 -05:00
Tad
015799737e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 17:16:47 -05:00
Tad
4f75a8272a
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 11:59:30 -05:00
Tad
902239e2b5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 23:20:43 -05:00
Tad
de764885b3
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 12:56:52 -05:00
Tad
54dbcd9e43
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-07 19:12:10 -05:00
Tad
bda848a0a1
Fixup 057bedb6
...
Sadly this means the option was never enabled :(
Note: these options are only available on 4.4+ kernels
Signed-off-by: Tad <tad@spotco.us>
2022-03-06 23:05:13 -05:00
Tad
ac1e89f0c8
Update CVE patchers [the big fixup]
...
This removes many duplicately or wrongly applied patches.
Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely
Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev
Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
This was seemingly fixed with a hand merged patch in patch repo.
Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames
Signed-off-by: Tad <tad@spotco.us>
2022-03-04 00:42:28 -05:00
Tad
927b9bfbc5
Fix random reboots on broken kernels when an app has data restricted
...
I don't like this
Reading:
- 24b3bdcf71
- https://review.lineageos.org/c/LineageOS/android_kernel_essential_msm8998/+/320470
- https://review.lineageos.org/c/LineageOS/android_system_bpf/+/264702
- https://gitlab.com/LineageOS/issues/android/-/issues/2514
- https://gitlab.com/LineageOS/issues/android/-/issues/3144
- https://gitlab.com/LineageOS/issues/android/-/issues/3287
Test:
- restrict mobile data for an app
- toggle wifi on and off a few times
- watch systemui crash and soft-reboot
Tested working on cheeseburger
Signed-off-by: Tad <tad@spotco.us>
2022-03-03 17:51:46 -05:00
Tad
0d0104b4bb
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-02 22:57:34 -05:00
Tad
893e425321
Add the script to generate vbhashes.txt
...
Output has been verified as correct on mata, cheeseburger, fajita, and guacamole
Signed-off-by: Tad <tad@spotco.us>
2022-02-28 01:32:24 -05:00
Tad
0d59c18c85
Enable the NETWORK permission patchset for 16.0 too
...
Likely has issues with secondary users.
As in the permission affects all copies of the same app.
Signed-off-by: Tad <tad@spotco.us>
2022-02-28 01:27:38 -05:00
Tad
5e1521700f
Port the GrapheneOS NETWORK permission to 17.1 and 18.1
...
Some patches were ported from 12 to 10/11
Some patches from 11 were ported to 10
This 10/11 port should be very close to 12
BOUNS: 16.0 patches, disabled
Signed-off-by: Tad <tad@spotco.us>
2022-02-25 16:52:51 -05:00
Tad
f4fbe65756
Various changes
...
- 15.1: asb picks
- 17.1: drop marlin, sailfish, z2_plus, m8
- 4.9 loose versioning fixes
2022-02-24 19:51:44 -05:00
Tad
a8cfa8157c
Fixup last commit
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-23 14:52:29 -05:00
Tad
512673d97d
Bump marlin/sailfish to 18.1
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-23 13:33:28 -05:00
Tad
8b39498b1c
Initial loose versioning work for 4.9
...
This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL
Untested, but looks mild
Signed-off-by: Tad <tad@spotco.us>
2022-02-22 13:44:47 -05:00
Tad
21c97c6967
Tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-21 23:30:45 -05:00
Tad
5245109cc1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-19 23:22:19 -05:00
Tad
5283db6f05
Drop the broken PDB patch
...
Why'd past me write this trash?
Signed-off-by: Tad <tad@spotco.us>
2022-02-14 07:43:45 -05:00
Tad
143b6fa164
18.1: Refresh for recent upstream Updater changes
...
Untested, should work
Signed-off-by: Tad <tad@spotco.us>
2022-02-14 03:05:32 -05:00
Tad
2eda5086fc
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-13 23:57:59 -05:00
Tad
a38d544f8b
18.1: small fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-12 07:32:29 -05:00
Tad
48b009a02e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-12 06:56:28 -05:00
Tad
a23bae5cd5
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 23:35:22 -05:00
Tad
b6da59d24f
Drop FairEmail, Vanilla, and their AOSP equivalents
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 14:25:30 -05:00
Tad
55cdea3c9b
17.1: small fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 14:05:14 -05:00
Tad
f767a8ea87
Hopefully fix the broken radio on Pixels
...
Thank you Google for all these great proprietary apps.
Signed-off-by: Tad <tad@spotco.us>
2022-02-10 15:36:44 -05:00
Tad
bc3a9cddba
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-09 00:22:02 -05:00
Tad
65584e96ce
Switch to official Etar
...
The Lineage forks have fallen behind
Signed-off-by: Tad <tad@spotco.us>
2022-02-08 14:10:04 -05:00
Tad
ee0bd8625f
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-07 14:43:05 -05:00
Tad
0a664cc22c
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-03 21:12:02 -05:00
Tad
c0aac415aa
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-29 09:35:59 -05:00
Tad
82cc1bc979
Tiny update
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-28 09:09:10 -05:00
Tad
51003bff5a
Add an option to clobber after every run
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-24 18:01:21 -05:00
Tad
58b53de17a
Multi user tweaks from GrapheneOS
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-24 06:30:39 -05:00
Tad
2400cf0964
App updates
...
- Drops Calendar, Eleven, and Email
- Adds a variable for Silence inclusion
- Adds a NONE option for microG inclusion flag to disable NLP inclusion
Signed-off-by: Tad <tad@spotco.us>
2022-01-24 06:30:15 -05:00
Tad
6329922104
Disable the Hamper Analytics patches
...
Rely on the HOSTS to do any blocking.
With the last update this causes app crashes, due to boolean/string mismatch.
Need to figure out exactly how string in manifest can become a boolean when wanted.
Signed-off-by: Tad <tad@spotco.us>
2022-01-23 16:55:24 -05:00
Tad
8004a11c52
Add the OEM unlocking toggle where missing
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-20 23:25:58 -05:00
Tad
6864156bd6
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-20 22:22:22 -05:00
Tad
7ccaecd6d6
Small tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-20 19:13:08 -05:00
Tad
8a60bbc0a6
Silly radio fix
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-18 13:22:57 -05:00
Tad
dbd2a71722
Update CVE patchers
...
Hopefully fixes boot breakage
Signed-off-by: Tad <tad@spotco.us>
2022-01-17 01:23:10 -05:00
Tad
5e18ec4dfe
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-16 16:42:26 -05:00
Tad
6ec0c63126
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-13 11:08:22 -05:00
Tad
208c7800c8
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-12 17:44:18 -05:00
Tad
bfcf6b18b7
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-12 05:57:08 -05:00
Tad
ce6ee9d8e4
Update CVE patchers
...
CVE-2021-0961 should be fine now
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 05:41:26 -05:00
Tad
b9c7839110
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 01:19:31 -05:00
Tad
8a45dc4696
18.1: Device additions
...
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c
Signed-off-by: Tad <tad@spotco.us>
2022-01-06 21:04:17 -05:00
Tad
207e45fe6a
Update oneplus/sdm845 to 4.9.295
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-06 15:21:00 -05:00