DivestOS

mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00

Author	SHA1	Message	Date
Tad	ec42acceb6	Various fixes from GrapheneOS Signed-off-by: Tad <tad@spotco.us>	2022-09-13 10:24:26 -04:00
Tad	ebdf629cbc	15.1 ASB work Compile tested Signed-off-by: Tad <tad@spotco.us>	2022-08-12 21:10:31 -04:00
Tad	e0b57197ea	Churn Signed-off-by: Tad <tad@spotco.us>	2022-08-06 11:30:49 -04:00
Tad	2c27a88a24	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-07-06 19:22:21 -04:00
Tad	2e2eb42abd	Churn Signed-off-by: Tad <tad@spotco.us>	2022-06-12 17:07:46 -04:00
Tad	697bed18fb	17.1+18.1: Drop all devices working on 19.1 Signed-off-by: Tad <tad@spotco.us>	2022-06-04 14:26:44 -04:00
Tad	3da5613dfc	Add unconditional burnin protection on 18.1 and 19.1, credit @arter97 Also skip the power on animation on 19.1, credit @kdrag0n Signed-off-by: Tad <tad@spotco.us>	2022-06-04 10:54:11 -04:00
Tad	05930af014	Various changes	2022-05-14 21:40:50 -04:00
Tad	59c28bc022	Better ensure extra keys are included Signed-off-by: Tad <tad@spotco.us>	2022-05-12 10:15:03 -04:00
Tad	675b1a5da0	Churn Signed-off-by: Tad <tad@spotco.us>	2022-05-09 12:56:03 -04:00
Tad	e38aff581e	Small tweaks - Remove some more blobs - 19.1: disable FP animation (jesec) - 18.1: mata: allow major upgrades (to 19.1) (Updater patch by erfanoabdi) - mata: disable Vulkan, it doesn't work Signed-off-by: Tad <tad@spotco.us>	2022-05-02 15:04:12 -04:00
Tad	4f64f7538c	19.1: Add toggle for /etc/hosts Signed-off-by: Tad <tad@spotco.us>	2022-04-20 22:45:12 -04:00
Tad	879256139f	Ensure localhost has a correct response when hosts_disable is set To prevent a bad response from a malicious DNS upstream Signed-off-by: Tad <tad@spotco.us>	2022-04-20 21:09:29 -04:00
Tad	c2e60b94bb	Siplify `9a6c7a26` Signed-off-by: Tad <tad@spotco.us>	2022-04-20 20:57:13 -04:00
Tad	9a6c7a2684	18.1: Add toggle for /etc/hosts TODO: 19.1 and maybe 17.1 Tested working on klte/18.1 Signed-off-by: Tad <tad@spotco.us>	2022-04-20 16:40:22 -04:00
Tad	c5b1cc9a35	Simplify `8e3f0438` Signed-off-by: Tad <tad@spotco.us>	2022-04-19 20:23:53 -04:00
Tad	8e3f043820	Warn when running activity from 32 bit app on ARM64 devices. https://android-review.googlesource.com/c/platform/frameworks/base/+/2003790/ https://github.com/GrapheneOS/platform_frameworks_base/pull/182 Signed-off-by: Tad <tad@spotco.us>	2022-04-19 12:00:22 -04:00
Tad	42c9d22de9	Default disable exec spawning Change the property too, so it takes effect next update. Since 16.0 lacks a toggle, this effectively disables the feature for it. Even devices with 4GB of RAM have usability severely impacted. Plus some other tweaks/churn Signed-off-by: Tad <tad@spotco.us>	2022-04-12 17:58:04 -04:00
Tad	d50a3a043b	Switch 16.0/17.1/18.1 to the more robust GrapheneOS sensors permission patchset Like done for 19.1 Signed-off-by: Tad <tad@spotco.us>	2022-04-10 21:12:03 -04:00
Tad	a9e250afd9	Cleanup Signed-off-by: Tad <tad@spotco.us>	2022-04-07 00:37:20 -04:00
Tad	f481055ae9	Add the GrapheneOS always randomize MAC option to 17.1 and 18.1 The DHCP state patch was backported to 17.1 Signed-off-by: Tad <tad@spotco.us>	2022-03-29 22:27:09 -04:00
Tad	8a03e46c7e	Add the exec-spawning toggle from GrapheneOS Tested working on 18.1/klte TODO: backport to 16.0 Signed-off-by: Tad <tad@spotco.us>	2022-03-28 16:14:37 -04:00
Tad	1603092c50	Not all kernels have (working) getrandom support hammerhead 16.0 was reported not booting and shamu 18.1 was reported to take ~15+ minutes to boot hammerhead does not have getrandom so it failed immediately shamu does have getrandom BUT it blocks during init meaning it'll wait until the entropy pool slowly fills In tested I did not discovery this I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita All the newer ones have working getrandom All the older ones included a patch to make getrandom non blocking on init Signed-off-by: Tad <tad@spotco.us>	2022-03-17 13:21:52 -04:00
Tad	c9765fc883	Tweak tweak Signed-off-by: Tad <tad@spotco.us>	2022-03-16 18:38:30 -04:00
Tad	a28f43c6a7	Tweak Signed-off-by: Tad <tad@spotco.us>	2022-03-16 12:11:41 -04:00
Tad	352705fbf7	Churn Signed-off-by: Tad <tad@spotco.us>	2022-03-16 11:43:51 -04:00
Tad	a9f6672fed	hardened_malloc fixes for broken devices - enable the patchset for 18.1 - add an ugly patch that extends the Pixel 3* camera workaround to all camera executables Signed-off-by: Tad <tad@spotco.us>	2022-03-16 02:01:19 -04:00
Tad	1df7c7f1d4	Churn Signed-off-by: Tad <tad@spotco.us>	2022-03-15 19:16:19 -04:00
Tad	181519cf38	Add bionic hardening patchsets from GrapheneOS 11 `b3a0c2c5db` 11 `5412c37195` #explicit zero 11 `31456ac632` #brk 11 `58ebc243ea` #random 11 `5323b39f7e` #undefined 11 `6a91d9dddb` #merge 11 `a042b5a0ba` #vla formatting 11 `9ec639de1b` #pthread 11 `49571a0a49` #read only 11 `149cc5ccb8` #zero 11 `2e613ccbe7` #fork mmap 11 `e239c7dff8` #memprot pthread 11 `0b03d92b7f` #xor 11 `de08419b82` #junk 11 `897d4903e2` #guard 11 `648cd68ca3` #ptrhread guard 11 `0bc4dbcbd2` #stack rand 10 `aa9cc05d07` 10 `a8cdbb6352` #explicit zero 10 `b28302c668` #brk 10 `9f8be7d07c` #random 10 `cb91a7ee3a` #undefined 10 `08279e2fdd` #merge 10 `6a18bd565d` #vla formatting 10 `2f392c2d08` #pthread 10 `8bbce1bc50` #read only 10 `725f61db82` #zero 10 `4cd257135f` #fork mmap 10 `9220cf622b` #memprot pthread 10 `8ef71d1ffd` #memprot exit 10 `0eaef1abbd` #xor 10 `64f1cc2148` #junk 10 `5c42a527cf` #guard 10 `5cc8c34e60` #pthread guard 10 `7f61cc8a1c` #stack rand 9 `abdf523d26` 9 `e4b9b31e6f` #explicit zero 9 `a3a22a63d2` #brk 9 `7444dbc3cf` #random 9 `dcd3b72ac9` #undefined 9 `543e1df342` #merge 9 `611e5691f7` #vla formatting 9 `8de97ce864` #pthread 9 `a475717042` #read only 9 `7f0947cc0e` #zero 9 `e9751d3370` #fork mmap 9 `83cd86d0d5` #memprot pthread 9 `1ebb165455` #memprot exit 9 `488ba483cf` #xor 9 `f9351d884b` #junk 9 `85e5bca0a5` #move Signed-off-by: Tad <tad@spotco.us>	2022-03-15 16:56:46 -04:00
Tad	1878cd19ab	Fix/Add hardened malloc patchsets from GrapheneOS 11 `8c0f3c0e04` 11 `4e6320c247` 11 `108754debb` 10 `818be3fc1d` 10 `010949662f` 10 `ede5e38f5b` 9 `80754c93bf` 9 `20160b8161` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 16:24:56 -04:00
Tad	209481c53e	Fix/Add exec based spawning patchsets from GrapheneOS 11 `14c3c1d4cd` `ac1943345e` `1abb805041` `2e07ab8c24` `0044836677` `c561811fad` `7a848373ef` `89646bdeb1` `2a70bbac4a` `d414dcaa35` `b4cd877e3a` `98634286bb` 11 `4c2635390c` 11 `add34a4bc6` 11 `a2b51906de` 10 `527787f3c8` `ffde474ad7` `aa87e487c4` `c906fe9722` `c69c3eecd4` `b2303adccc` `5bb05db6f7` `536b497688` `24802a832b` `ce6dcc2368` `3d3d5c4d38` `2eda592b79` 10 `29f28b53c0` 10 `13a992c716` 9 `750efbf6bc` `ed563b6f26` `aad3c7d750` `da3180f9a8` `68773a29b7` `283b3fa09c` `f133136b65` `01a01ce5f6` `17c309c098` `8806ec3ef1` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 15:55:13 -04:00
Tad	f015dd348f	Add the JNINativeMethod table constification patchsets from GrapheneOS 11 `63b9f96a12` 11 `d8a62b5156` 11 `e3a4d64f29` 11 `e41f1d7f8e` 11 `c34b037486` 11 `dce2d0f64f` 11 `c99c35cb2a` 10 `07071814db` 10 `a48ba29b98` 10 `157fa78115` 10 `b914409e05` 10 `20a51f508b` 10 `b8afb8af37` 10 `e1b6653db7` 9 `ff688b68a7` 9 `866f0df315` 9 `77c9fa981a` 9 `fbf620e59c` 9 `ceaf63c790` 9 `253247fc39` 9 `76bf4c46f0` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 15:26:48 -04:00
Tad	ad579b6681	Misc hardening from GrapheneOS 11 `62f81c237b` 11 `1f05db99ab` 11 `f242089d3f` 10 `abcf485dcf` 9x `c5db5a9f9e` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 14:40:05 -04:00
Tad	844227a4f4	18.1: add the ptrace_scope patchset from GrapheneOS `ad017fba58` `3b89605581` `8b0419ac04` `52ea603339` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 14:29:34 -04:00
Tad	07bd5a3a0e	Automatic reboot and Bluetooth/Wi-Fi shutoff from GrapheneOS and CalyxOS Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/59 Tested on 18.1 Untested on 17.1 Signed-off-by: Tad <tad@spotco.us>	2022-03-15 01:27:08 -04:00
Tad	9ba3a061c6	Tweak Signed-off-by: Tad <tad@spotco.us>	2022-03-14 11:57:34 -04:00
Tad	bda848a0a1	Fixup `057bedb6` Sadly this means the option was never enabled :( Note: these options are only available on 4.4+ kernels Signed-off-by: Tad <tad@spotco.us>	2022-03-06 23:05:13 -05:00
Tad	9a6c3f99ed	Verify authorship and Change-Id of all contained patches - No patches were found with incorrect authorship/From: lines - The older AndroidHardening patch repos are no longer available to verify CID. - New GrapheneOS patches do not include a CID. - Signature_Spoofing.patch CID could not be found. - Fixed CID of Harden_Sig_Spoofing.patch to match 14.1 - Fixed CID of LGE_Fixes.patch to match 14.1 - Fixed CID of Harden.patch to match 14.1 - Added edit note to Harden.patch - Fixed CID of PREREQ_Handle_All_Modes.patch to match 14.1 - Fixed CID of More_Preferred_Network_Modes.patch to match 14.1 - Fixed CID of AES256.patch to match 14.1 - Fixed CID of 0001-OTA_Keys.patch to match 18.1 - Fixed CID of Camera_Fix.patch to match 15.1 - Fixed CID of Connectivity.patch to match 14.1 - Fixed CID of Fix_Calling.patch to match 14.1 - Fixed CID of Remove_Analytics.patch to match 14.1 - Fixed CID of Unused-.patch/audio_extn to match original Signed-off-by: Tad <tad@spotco.us>	2022-03-05 13:13:30 -05:00
Tad	5e1521700f	Port the GrapheneOS NETWORK permission to 17.1 and 18.1 Some patches were ported from 12 to 10/11 Some patches from 11 were ported to 10 This 10/11 port should be very close to 12 BOUNS: 16.0 patches, disabled Signed-off-by: Tad <tad@spotco.us>	2022-02-25 16:52:51 -05:00
Tad	5283db6f05	Drop the broken PDB patch Why'd past me write this trash? Signed-off-by: Tad <tad@spotco.us>	2022-02-14 07:43:45 -05:00
Tad	143b6fa164	18.1: Refresh for recent upstream Updater changes Untested, should work Signed-off-by: Tad <tad@spotco.us>	2022-02-14 03:05:32 -05:00
Tad	2eda5086fc	Tiny tweak Signed-off-by: Tad <tad@spotco.us>	2022-02-13 23:57:59 -05:00
Tad	bc3a9cddba	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2022-02-09 00:22:02 -05:00
Tad	0a664cc22c	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-03 21:12:02 -05:00
Tad	5e18ec4dfe	Tiny tweak Signed-off-by: Tad <tad@spotco.us>	2022-01-16 16:42:26 -05:00
Tad	8a45dc4696	18.1: Device additions h910 lavender pioneer, voyager, discovery akari, aurora, xz2c Signed-off-by: Tad <tad@spotco.us>	2022-01-06 21:04:17 -05:00
Tad	207e45fe6a	Update oneplus/sdm845 to 4.9.295 Signed-off-by: Tad <tad@spotco.us>	2022-01-06 15:21:00 -05:00
Tad	b05823bb20	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-04 21:00:25 -05:00
Tad	daf98f8197	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2021-12-31 21:39:04 -05:00
Tad	68771721d5	Update oneplus/sdm845 to 4.8.282 Signed-off-by: Tad <tad@spotco.us>	2021-12-29 11:51:52 -05:00
Tad	8b3beeb9fd	More analytics disablement Signed-off-by: Tad <tad@spotco.us>	2021-12-27 23:24:03 -05:00
Tad	ee1f466211	Fixup Signed-off-by: Tad <tad@spotco.us>	2021-12-27 18:16:42 -05:00
Tad	2c1d8d5e78	Hamper analytics improvements Signed-off-by: Tad <tad@spotco.us>	2021-12-27 17:35:53 -05:00
Tad	8b85bf9719	Small change Signed-off-by: Tad <tad@spotco.us>	2021-12-12 12:10:47 -05:00
Tad	f950398fa1	glibc 2.34 fix Tested working to compile mako on Fedora 35 Signed-off-by: Tad <tad@spotco.us>	2021-11-14 20:16:48 -05:00
Tad	3e62262e88	Small fixup Signed-off-by: Tad <tad@spotco.us>	2021-11-07 13:37:37 -05:00
Tad	809e03833e	Verity enablement overhaul No change to AVB devices except for enabling on more Verity devices have the potential to regress by not booting No change to non-verity/avb devices Tested working on: mata, cheeseburger, fajita Signed-off-by: Tad <tad@spotco.us>	2021-11-02 10:24:07 -04:00
Tad	898c040ead	More useless churn Signed-off-by: Tad <tad@spotco.us>	2021-11-01 21:04:59 -04:00
Tad	e6beba4b15	Small tweaks Sad churn from git version. Will be removed next build cycle. Signed-off-by: Tad <tad@spotco.us>	2021-10-27 14:16:37 -04:00
Tad	b77444f84d	Deblobber tweaks - Put more blobs behind flags for testing purposes - Potential graphics fix for newer devices - Removes more Wi-Fi display blobs - Remove some misc blobs Signed-off-by: Tad <tad@spotco.us>	2021-10-23 19:49:27 -04:00
Tad	0c793835da	Expand the available Private DNS options Signed-off-by: Tad <tad@spotco.us>	2021-10-22 18:33:06 -04:00
Tad	fe8e8201a9	Add more 'Private DNS' options Based off of patches from CalyxOS as noted in each included patch. Tested and verified working on klte and mata 18.1 Signed-off-by: Tad <tad@spotco.us>	2021-10-21 23:39:46 -04:00
Tad	70b96aa211	Update oneplus/sdm845 from 4.9.227 to 4.9.277 Pulls us into August 2021 Tested working: - boot - usb mtp - wifi - bluetooth - cameras - audio - gps - brightness Signed-off-by: Tad <tad@spotco.us>	2021-10-21 00:12:59 -04:00
Tad	4ce35a3c60	Refresh most branch specific patches Fixed up: LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch Must review again: LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch Signed-off-by: Tad <tad@spotco.us>	2021-10-16 15:19:55 -04:00
Tad	7ba42f052a	Small changes Signed-off-by: Tad <tad@spotco.us>	2021-10-14 15:58:22 -04:00
Tad	7f98aad299	18.1: Drop DnsResolver patches Merged upstream Signed-off-by: Tad <tad@spotco.us>	2021-10-01 17:54:54 -04:00
Tad	025ca7df7f	compile fixups after the CVE-2021-Misc2 import and hardenDefconfig overhaul also sync 18.1 DnsResovler patches with: `6332b25b87` `f8490d024a` Signed-off-by: Tad <tad@spotco.us>	2021-10-01 12:34:22 -04:00
Tad	9f9d418060	18.1: forward port the hosts cache and wildcard support These were likely missed when resolv/ moved out of netd into DnsResolver. Signed-off-by: Tad <tad@spotco.us>	2021-09-26 22:41:30 -04:00
Tad	c6df37ca23	Expose the Sensors Off tile This removes the hidden development 'Sensors off' tile from Settings app, adds it back to SystemUI, and enables it by default. Tested working on 18.1 Signed-off-by: Tad <tad@spotco.us>	2021-09-26 16:36:15 -04:00
Tad	84c7d230ab	Permission for sensors access patches from @MSe1969 Signed-off-by: Tad <tad@spotco.us>	2021-09-24 23:35:33 -04:00
Tad	a9f44dee41	Fix hamper analytics patches These must all be strings. Sadly meant this likely hasn't worked for years. :\ Signed-off-by: Tad <tad@spotco.us>	2021-09-13 15:27:29 -04:00
Tad	dd4457260f	18.1 Updates - Update Settings and SetupWizard patches after the big SetupWizard UI update - Use the latest captive portal patch, was also previously partially broken due to mis-apply Signed-off-by: Tad <tad@spotco.us>	2021-09-03 08:57:40 -04:00
Tad	bdccb5fb39	Hamper ad_personalization_signals Signed-off-by: Tad <tad@spotco.us>	2021-08-27 13:46:11 -04:00
Tad	27d55efdff	Hamper ssaid collection Signed-off-by: Tad <tad@spotco.us>	2021-08-27 13:41:57 -04:00
Tad	914bed8556	Reimplement `fe6f8537` LTE tested working with hybrid 33-107 modem. Phone calls drop to HSPA as expected. No issues if using stock modem either compared to without this patch. In my area, without this patch, my makos are useless cell-wise. Gives extra life to the Nexus 4. Signed-off-by: Tad <tad@spotco.us>	2021-07-29 15:25:05 -04:00
Tad	40c356371a	Small tweaks	2021-07-25 22:41:56 -04:00
Tad	c2b2aa5830	16.0+: Add captive portal toggle from @MSe1969 Source: `0045a97cb4` `b483b4e9ab` 18.1 is the 17.1 patch rebased Wording was altered. Already included in 14.1+15.1	2021-07-10 22:48:45 -04:00
Tad	ef8573b29c	Small fixes	2021-06-26 22:59:46 -04:00
Tad	881c24d8b2	Various patches from GrapheneOS	2021-06-26 18:57:46 -04:00
Tad	d9d564ebd3	Cherrypick updates	2021-06-16 02:41:22 -04:00
Tad	fe1f9ec7c4	Sync reflog extracted commits with Gerrit originals	2021-06-15 21:04:37 -04:00
Tad	d42c8f033d	Small changes - Fixup CVE-2020-36386 breakage - Move some cherrypicks in tree (gerrit down right now, pulled from reflog) - Update cherrypicks	2021-06-15 05:46:30 -04:00
Tad	94b91c6afd	Incall privacy warning from CalyxOS	2021-06-08 12:11:13 -04:00
Tad	dd938051a5	Small patch fixup	2021-05-27 15:03:47 -04:00
Tad	d15d4f5757	18.1: updater: fix Tor support	2021-04-17 10:14:29 -04:00
Tad	cc08a358ce	18.1: replace PicoTTS with eSpeak-NG	2021-04-12 21:24:12 -04:00
Tad	d9238f8385	18.1: fix recovery signing friendly reminder to take a break when dealing with the same issue for extended periods of time	2021-04-06 05:56:47 -04:00
Tad	f3e672fb18	Failed attempt at fixing signing PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something we don't use. Override it at the source and set it explicitely as well. This ensures that the compiled recovery.img and the one generated by sign_target_files_apks.py includes the real public keys for verification. 11.0 signing is ignored. This will need to be extensively tested as breakage can mean brick on locked devices. Although in failure cases it seems test-keys are accepted. -- After much testing there appears to be a deeper issue with how keys are inserted into the recovery and handled	2021-04-06 04:07:18 -04:00
Tad	9db9215d6b	Small changes - Disable generation of unused OTA to reduce compile time - 17.1+: Disable APEX, breaks signing, and is also useless since no Play Store. - 18.1: Fixup signing	2021-03-31 01:30:17 -04:00
Tad	529b47039c	18.1: Initial bringup - Functionality tested on mako and klte - In-place upgrade from 17.1 tested working on klte - Compile tested on bacon and klte - Recovery OTA key patch missing, unsure if still needed. - Deblobber needs support for removing vintf manifest paths from vendor Android.bp - Launcher needs more default_workspace grid variants (eg. 4x5)	2021-03-23 12:36:31 -04:00

1 2 3

140 Commits