Tad
ac3dc319c7
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-07 15:51:17 -05:00
Tad
8ddbd86d44
20.0: more devices
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-19 15:22:20 -04:00
Tad
0c4db149e1
20.0: Network & Sensors permission from GrapheneOS
...
This revokes the permissions to all user installed apps on update.
Likely an expected quirk of being on 20.0 without the permission.
19.1 upgrades and new 20.0 installs should be fine.
TODO: update 19.1 with the SpecialRuntimePermAppUtils too
Signed-off-by: Tad <tad@spotco.us>
2022-10-18 22:14:56 -04:00
Tad
2acd454f13
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-13 23:42:20 -04:00
Tad
2166491d5d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-12 17:11:06 -04:00
Tad
e7968e1269
Picks + Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-09 16:35:12 -04:00
Tad
4230652540
18.1: Drop all devices working on 19.1
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 21:10:04 -04:00
Tad
348b392f03
Picks
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 10:24:04 -04:00
Tad
e2b314da3c
15.1+16.0: September 2022 ASB picks
...
16.0 backports thanks to MSe1969 as usual:
https://github.com/lin16-microg/android_system_bt/commits/lineage-16.0 - last 3 commits
https://github.com/lin16-microg/android_frameworks_base/commits/lineage-16.0 - last 4 commits
https://github.com/lin16-microg/android_external_expat/commits/lineage-16.0 - last 4 commits
Signed-off-by: Tad <tad@spotco.us>
2022-09-10 18:32:25 -04:00
Tad
e5eb67f77d
Picks
...
Signed-off-by: Tad <tad@spotco.us>
2022-09-08 16:07:23 -04:00
Tad
86ed884251
More verification
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 23:14:15 -04:00
Tad
3618774d9f
GPG verification for all platform repositories
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 22:40:27 -04:00
Tad
8b67d5c41e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-10 22:02:37 -04:00
Tad
933f33ba6b
Cherrypicks
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-04 09:57:11 -04:00
Tad
178f01958d
Cherrypicks
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-02 19:39:09 -04:00
Tad
22f915cc3e
Cherrypicks
...
Signed-off-by: Tad <tad@spotco.us>
2022-07-07 18:59:37 -04:00
Tad
d79d1fcba3
19.1: More promotions
...
Signed-off-by: Tad <tad@spotco.us>
2022-07-01 14:17:18 -04:00
Tad
11b9ae5bc4
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-13 21:24:08 -04:00
Tad
c092b13a44
Restore star*lte
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-08 22:55:00 -04:00
Tad
697bed18fb
17.1+18.1: Drop all devices working on 19.1
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 14:26:44 -04:00
Tad
de781e9921
Tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-23 23:15:27 -04:00
Tad
91953c0a45
Remove more blobs
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-21 13:42:51 -04:00
Tad
64b4bbe075
Disable older devices tested/reported working on 19.1
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-15 13:16:36 -04:00
Tad
9286bdd258
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-10 15:02:03 -04:00
Tad
675b1a5da0
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-09 12:56:03 -04:00
Tad
b2eb3c01b4
Update CVE patchers
...
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375
Signed-off-by: Tad <tad@spotco.us>
2022-05-03 23:33:17 -04:00
Tad
3457fd4151
Device cleanup
...
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo
Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)
Signed-off-by: Tad <tad@spotco.us>
2022-04-26 15:19:57 -04:00
Tad
4b6a86a473
Add missing device variants
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-14 19:47:21 -04:00
Tad
be6b03fe96
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-13 14:54:08 -04:00
Tad
486e358050
More (disabled) lowram tweaks for <2GB devices
...
The inprocess variants make very little reduction and likely reduce security.
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 20:25:26 -04:00
Tad
81d9923cda
Don't disable scudo on lowram devices
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 15:01:05 -04:00
Tad
30de608a61
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 02:51:44 -04:00
Tad
d078b24ddb
lowram tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-11 23:40:26 -04:00
Tad
a9e250afd9
Cleanup
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-07 00:37:20 -04:00
Tad
3a0659b9d8
19.1: more work, it compiles and boots!
...
- Add the manifest
- Add Pixel 2 series
- Add some missing patches
- More DNS files
- Drop Silence in 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-04-05 23:44:15 -04:00
Tad
8a03e46c7e
Add the exec-spawning toggle from GrapheneOS
...
Tested working on 18.1/klte
TODO: backport to 16.0
Signed-off-by: Tad <tad@spotco.us>
2022-03-28 16:14:37 -04:00
Tad
1603092c50
Not all kernels have (working) getrandom support
...
hammerhead 16.0 was reported not booting
and shamu 18.1 was reported to take ~15+ minutes to boot
hammerhead does not have getrandom so it failed immediately
shamu does have getrandom BUT it blocks during init
meaning it'll wait until the entropy pool slowly fills
In tested I did not discovery this
I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita
All the newer ones have working getrandom
All the older ones included a patch to make getrandom non blocking on init
Signed-off-by: Tad <tad@spotco.us>
2022-03-17 13:21:52 -04:00
Tad
e61e288b4a
Optionally allow the official Bromite WebView to be used, credit @MSe1969
...
This also replaces the overrides for all versions
And should allow the Google WebView on 14/15/16
And lastly only leaves the bundled version as default
This is a merge of the LineageOS 14/15/16 and 17/18 overlay
With the addition of the Bromite signature from @MSe1969
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 22:59:40 -04:00
Tad
9ba3a061c6
Tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 11:57:34 -04:00
Tad
f65c7a4ccd
Tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-12 11:48:23 -05:00
Tad
902239e2b5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 23:20:43 -05:00
Tad
512673d97d
Bump marlin/sailfish to 18.1
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-23 13:33:28 -05:00
Tad
5245109cc1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-19 23:22:19 -05:00
Tad
f767a8ea87
Hopefully fix the broken radio on Pixels
...
Thank you Google for all these great proprietary apps.
Signed-off-by: Tad <tad@spotco.us>
2022-02-10 15:36:44 -05:00
Tad
7ccaecd6d6
Small tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-20 19:13:08 -05:00
Tad
5e18ec4dfe
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-16 16:42:26 -05:00
Tad
6ec0c63126
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-13 11:08:22 -05:00
Tad
8a45dc4696
18.1: Device additions
...
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c
Signed-off-by: Tad <tad@spotco.us>
2022-01-06 21:04:17 -05:00
Tad
daf98f8197
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-31 21:39:04 -05:00
Tad
6e604e8703
Small update
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-13 21:33:04 -05:00
Tad
20e1023627
Small changes
...
- 16.0: drop wallpaper optimization patch, questionable source
- deblobber: don't remove libmmparser_lite.so, potentially used by camera
- 17.1: pick Q_asb_2021-12, excluding a broken patch
- clark 17.1: some camera denial fixes
- alioth: unmark broken
- 17.1: switch to upstream glibc fix
- 17.1/18.1: disable per app sensors permission patchset, potential camera issues
Signed-off-by: Tad <tad@spotco.us>
2021-12-13 20:28:54 -05:00
Tad
8b85bf9719
Small change
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-12 12:10:47 -05:00
Tad
359ce4608f
Small updates
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-07 20:57:54 -05:00
Tad
62166d1ea5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 11:54:59 -05:00
Tad
df3b54fa20
Fixup camera on flox
...
Camera works in OpenCamera, but it can't actually take pictures.
Switch to Camera2 instead, tested pictures and videos working.
Also fixup compile issue with oneplus/msm8998-common
And refresh some patchers
Signed-off-by: Tad <tad@spotco.us>
2021-11-15 18:01:27 -05:00
Tad
1ce0093d9f
More verified boot fixes
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-08 09:36:56 -05:00
Tad
3e62262e88
Small fixup
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-07 13:37:37 -05:00
Tad
6567937b05
ASB picks
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-05 13:29:50 -04:00
Tad
621441349e
Fixup the sensors permission patches on 7, 8, and 9.
...
Switch these patches to MODE_ALLOWED from MODE_ASK to fix breakage
of system services.
Also remove some code that adds a likely security issue.
Will need some extra regression testing.
Signed-off-by: Tad <tad@spotco.us>
2021-11-04 10:24:06 -04:00
Tad
809e03833e
Verity enablement overhaul
...
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 10:24:07 -04:00
Tad
a0918b5222
18.1: add z2_plus
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-22 13:37:53 -04:00
Tad
b78944933c
More fixes
...
Ensure new shells have the correct settings too.
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 22:57:43 -04:00
Tad
042b9063d1
More fixes
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 17:12:13 -04:00
Tad
256b1db98b
Hard fail on error
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 16:08:43 -04:00
Tad
7ba42f052a
Small changes
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-14 15:58:22 -04:00
Tad
d5d3846f2c
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-10 19:44:59 -04:00
Tad
59bd09a807
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-05 14:44:23 -04:00
Tad
35372142ed
Small tweak
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-25 20:24:14 -04:00
Tad
cf3a12cb5a
Move some changes into a new Post.sh
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:26:37 -04:00
Tad
bf5d9bc778
Small tweaks
...
- disable disablement of PROC_PAGE_MONITOR to fix memory stats calculation
- enable slub_nomerge, similar to slab_nomerge for pre 3.18 kernels
slub_nomerge was already default enabled on many 3.10 devices via:
0006-AndroidHardening-Kernel_Hardening/3.10/0010.patch
Signed-off-by: Tad <tad@spotco.us>
2021-09-13 10:39:33 -04:00
Tad
faf681a0c6
17.1: add davinci
...
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/10
Signed-off-by: Tad <tad@spotco.us>
2021-09-11 14:55:27 -04:00
Tad
35036e694d
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-08 22:59:33 -04:00
Tad
0ade46cc8e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-07 16:57:15 -04:00
Tad
e84111aaa8
Small changes
...
- Include TalkBack
- Fixup hosts inclusion, due to path mismatch
- 14.1: bump patch level to match the picked ASB
- 14.1: m7-common: deblobber fix
Signed-off-by: Tad <tad@spotco.us>
2021-09-06 14:32:37 -04:00
Tad
043b194210
17.1: add surnia + other changes
...
- 17.1: fixup invalid line in marlin from deblobber
- 18.1: fixup audiofx removal
- all: change repo sync to 8 threads from 20, for google HTTP 429 error
Signed-off-by: Tad <tad@spotco.us>
2021-08-26 21:02:28 -04:00
Tad
de22605785
18.1: add sunfish, bramble, and redfin
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-14 04:52:08 -04:00
Tad
0b4ad0e7cc
18.1: add raphael, lmi, alioth
...
+ verity fixes
+ 16.0: drop beryllium, 18.1 builds now
+ deblob: better handle device makefiles
Signed-off-by: Tad <tad@spotco.us>
2021-08-09 20:54:44 -04:00
Tad
2d468d9da2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-09 14:44:48 -04:00
Tad
4fae8d0445
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 12:37:28 -04:00
Tad
702ea9c91f
Move FP3 to 18.1
...
Signed-off-by: Tad <tad@spotco.us>
2021-07-30 11:55:03 -04:00
Tad
b61264e3b9
Update CVE patchers
2021-07-27 00:17:14 -04:00
Tad
eea1d0e7cd
18.1: add hotdog, hotdogb, aura
2021-07-20 12:58:22 -04:00
Tad
ac4d8ab822
17.1: move fp2 to 18.1
2021-07-19 14:42:37 -04:00
Tad
48ff571fbb
Small updates and fixes
2021-07-13 16:10:30 -04:00
Tad
c2b2aa5830
16.0+: Add captive portal toggle from @MSe1969
...
Source:
0045a97cb4
b483b4e9ab
18.1 is the 17.1 patch rebased
Wording was altered.
Already included in 14.1+15.1
2021-07-10 22:48:45 -04:00
Tad
dd3a611d0e
Cherrypicks
2021-07-08 20:08:24 -04:00
Tad
c2ce9572fa
umask 0022 all the things
...
umask 0077 breaks things in subtle ways
2021-06-27 14:14:34 -04:00
Tad
ef8573b29c
Small fixes
2021-06-26 22:59:46 -04:00
Tad
24379944ab
18.1: Add serrano
2021-06-23 13:51:58 -04:00
Tad
eb3e51e7e3
Small tweaks
2021-06-23 13:00:43 -04:00
Tad
48f35901c2
Update CVE patchers
2021-06-16 23:17:37 -04:00
Tad
d42c8f033d
Small changes
...
- Fixup CVE-2020-36386 breakage
- Move some cherrypicks in tree (gerrit down right now, pulled from reflog)
- Update cherrypicks
2021-06-15 05:46:30 -04:00
Tad
71fe4d590e
Small tweaks
...
- 14.1: drop z00t, compiles on 15.1
- fix double patch breakage for CVE-2020-36386
- clark: fix recovery firmware extraction, hopefully
2021-06-12 10:49:54 -04:00
Tad
4b044379ec
Update CVE patchers
2021-06-11 11:00:54 -04:00
Tad
50c670c477
Small tweaks
...
- June ASB cherrypicks
- Change default NTP. only 2*.pool.ntp.org supports IPv6
2021-06-10 22:45:32 -04:00
Tad
143bec97a9
Small tweaks
2021-06-07 21:32:10 -04:00
Tad
32856be2d8
Update AOSP CVE list to May 2021 patches
2021-06-01 06:31:29 -04:00
Tad
5c3d3b4d35
Reverts + disable mm-pp removal
...
Revert d7fd127e5f
Partial revert 1c9a66f896
2021-05-30 10:39:34 -04:00
Tad
d7fd127e5f
Only dexpreopt boot and system server
...
Full dexpreopt has repeatedly shown to cause many problems over the years.
The slight gains are not worth the headache it incurs.
2021-05-30 00:36:57 -04:00
Tad
f89f0cb983
Small tweaks
...
Fixes oneplus2 boot
https://github.com/Divested-Mobile/DivestOS-Build/issues/5
2021-05-29 01:12:53 -04:00