Commit Graph

797 Commits

Author SHA1 Message Date
Tad
d64534a7c1 Update CVE patchers 2019-11-04 21:04:49 -05:00
Tad
1a7897211a 16.0: add Amber 2019-10-29 17:37:43 -04:00
Tad
791087fefa minor tweaks 2019-10-27 16:20:27 -04:00
Tad
640ef60b83 Move many old cherry picks in tree for archival/support purposes 2019-10-19 22:03:59 -04:00
Tad
204285d7c8 kernel command line: enable hardening options 2019-10-18 22:14:28 -04:00
Tad
159e5ea194 Minor tweaks
- Update cherry picks
- Update copyright year
- bacon: fix delta generation
2019-10-11 13:24:38 -04:00
Tad
579f340c3c Update CVE patchers 2019-10-04 14:43:19 -04:00
Tad
f20ddfc0f6 Minor tweaks 2019-10-04 10:39:27 -04:00
Tad
79ec8a4999 clark: experimental 16.0 2019-09-28 17:37:18 -04:00
Tad
e01e457b24 Per-device signing keys
- also fix OTA/recovery key regression
- Update cherrypicks
2019-09-15 22:18:04 -04:00
Tad
19d5b66097 Many changes
- ASB chery picks
- 16.0: recovery: fix sideload
- Restore releasetools for some devices
- Only include Backup where supported
- Change some small defaults
- z00t: 14.1 -> 15.1
- himaul: 14.1 -> 15.1
- i9100: 14.1 -> 15.1+16.0
- flo: 15.1 -> 16.0, disabled
- flounder: 15.1 disabled, enable 14.1
2019-09-13 20:24:02 -04:00
Tad
09b38c1f04 marlin/sailfish: fix MediaProvider using 100% CPU
- by disabling mtp over functionfs
- affects both GrapheneOS and LineageOS
- might need to be applied to other devices

[pid  2482] ppoll([{fd=42, events=POLLIN}, {fd=51, events=POLLIN}], 2, {tv_sec=0, tv_nsec=0}, NULL, 0) = 0 (Timeout)
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 42 -> /dev/usb-ffs/mtp/ep0
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 51 -> anon_inode:[eventfd]

https://forum.xda-developers.com/android/help/pixel2-help-diagnose-android-process-t3863274
https://bugs.chromium.org/p/chromium/issues/detail?id=947901
2019-09-06 09:38:01 -04:00
Tad
1a7291aa36 Minor changes
- Cherry picks
- New default wallpaper, credit: Pawel Czerwinski, UmzGrVna1P0
2019-09-05 04:23:28 -04:00
Tad
9ce8cdb9b6 Add Steve Soltys' Backup app 2019-09-04 06:40:05 -04:00
Tad
ec48a4c89c Update CVE patchers 2019-09-04 01:31:12 -04:00
Tad
db572efa89 Many changes
- processRelease: Support AVB
- sort device build order by SoC

Additions:
- taimen/muskie: 15.1, 16.0
- crosshatch/blueline: 16.0
- bonito/sargo: 16.0
2019-09-03 16:50:50 -04:00
Tad
1bd0e47099 victara: 15.1 -> 16.0
- other fixes
2019-08-30 22:42:10 -04:00
Tad
330df0983c 16.0: Add GrapheneOS' exec-based spawning feature + misc tweaks
- patch credit updates
- 16.0: allow SystemUI to directly manage Bluetooth/WiFi
 - from GrapheneOS
- cleanup
2019-08-30 02:30:13 -04:00
Tad
e10a865b05 Improve release processing to support deltas and archiving 2019-08-29 19:09:31 -04:00
Tad
057bedb65b Minor tweaks
- 14.1+15.1+16.0: enable kernel protections for files
 - protected_*: hardlinks, symlinks, fifos, regular
 - from GrapheneOS
- defconfig: enable more verity options
- cleanup
2019-08-28 20:24:59 -04:00
Tad
db348ab09c Minor tweaks
- 15.1+16.0: Replace in-line build signing patch with bash function
 - From GrapheneOS/script
- 15.1+16.0: Enable fingerprint failed lockout after 5 attempts
 - From GrapheneOS
2019-08-28 00:40:27 -04:00
Tad
68cdef8733 Minor tweaks 2019-08-26 20:50:28 -04:00
Tad
89de66bdba Many small changes
- Cherrypicks for ASB patches
- Apps: Switch gallery to Simple Gallery
- Apps: Switch camera to OpenCamera
- PKGBUILD: update with image optimization dependencies
- Deblobber: fix bug introducted in 6d33e4ecbf
2019-08-08 14:22:24 -04:00
Tad
aee6b66dd8 Update CVE patchers 2019-08-05 16:03:41 -04:00
Tad
bad890614e Update CVE patchers 2019-07-21 09:47:10 -04:00
Tad
34d1bbe155 Minor updates 2019-07-21 07:36:02 -04:00
Tad
6458d6785f Enable IPv6 privacy extensions 2019-07-05 16:47:59 -04:00
Tad
a29825f6e1 Update CVE patchers 2019-07-01 18:06:05 -04:00
Tad
e41d053f00 Minor updates
- drop usage stats patch, causes Settings to crash
2019-06-27 23:01:28 -04:00
Tad
55c3072089 Going the distance... [pt2] 2019-06-18 13:51:04 -04:00
Tad
c15105d945 Update CVE patchers 2019-06-17 23:26:38 -04:00
Tad
1d67143181 Update CVE patchers 2019-06-08 04:09:24 -04:00
Tad
d7078bafd6 Update CVE patchers 2019-06-03 18:41:24 -04:00
Tad
bb72bccbeb Two hardening patches from @MSe1969
+ a backport of browser location restriction patch to 14.1 and 15.1
  by @syphyr
2019-06-02 19:25:29 -04:00
Tad
163fdb1f68 Minor updates 2019-05-31 21:13:39 -04:00
Tad
40d6db0326 divestos.xyz > divestos.org 2019-05-23 11:34:26 -04:00
Tad
8030a63a2a 11.0: fixes 2019-05-17 23:26:25 -04:00
Tad
380353773e Fixes 2019-05-17 20:48:26 -04:00
Tad
899812864f Update CVE patchers 2019-05-14 21:04:55 -04:00
Tad
223c5d1a2c Disable temperature monitoring
Breaks boot after 9.0 May security ASB:
- thermal service unavailable
- power service hooks thermal service
- keyguard service hooks power service
- no keyguard = no system ui
- no system ui = rescue party engages
- rescue party goes into recovery demanding factory wipe

see commit:
fwb: DO NOT MERGE Implement USB High Temperature warning dialog
2019-05-12 13:42:06 -04:00
Tad
aaa44f058e Update license 2019-05-09 06:43:09 -04:00
Tad
f59c77f00c Cherrypicks 2019-05-06 16:29:58 -04:00
Tad
9e2dd548d8 Disable LiveDisplay by default for performance reasons 2019-04-17 00:23:42 -04:00
Tad
20c8c7525c Misc tweaks
- 15.1: Contacts: remove Privacy Policy and Terms of Service links
  - from GrapheneOS
- cherry picks
2019-04-06 22:55:14 -04:00
Tad
974cc3b3f8 16.0: recovery has been updated
but leave it disabled because it doesn't boot
2019-04-04 23:33:10 -04:00
Tad
25cc717ec2 Use GrapheneOS' hardened memory allocator
+ 16.0: some other misc hardening patches from GrapheneOS
  - always restrict access to Build.SERIAL
  - don't grant location permission to system browsers
  - fbe: pad filenames more
+ 16.0: Contacts: remove Privacy Policy and Terms of Service links
2019-04-04 01:07:58 -04:00
Tad
60cf364f19 Minor tweaks
- init.sh: sort options
- overlay: leave radioScanningTimeout default
- hardenDefconfig: disable more components with CVEs
- cherry picks
- 16.0: trebuchet: tmp fix for default workspace overlay
2019-04-03 19:04:37 -04:00
Tad
1c49b80da0 Minor tweaks
- CVE patchers were updated with no change
- hardenDefconfig: disable MSM_SMP2P_TEST to mitigate CVE-2019-2247
- 14.1 add a cherry pick
2019-04-01 18:57:04 -04:00
Tad
dd7e4c3faf Remove more blobs 2019-03-22 05:28:57 -04:00
Tad
e344b17a36 Build fixes + new blob blocker 2019-03-22 04:20:06 -04:00
Tad
23f8759937 Remove some unneeded packages 2019-03-12 20:40:31 -04:00
Tad
cfe766be09 Tweaks 2019-03-11 18:19:50 -04:00
Tad
b1455b641d Update CVE patchers 2019-03-08 15:15:46 -05:00
Tad
5607db2e0b Update CVE patchers
- More aggressively attempt to apply incremental patches by
  ignoring the current subversion, as it is common for it to be 0
  Hopefully I won't have to revert this
2019-03-04 21:41:55 -05:00
Tad
9e897989d1 Update CVE patchers 2019-03-04 20:18:29 -05:00
Tad
f5d99c938b 16.0: More bringup 2019-03-04 05:53:51 -05:00
Tad
afe719ffc4 16.0: Initial bringup
- 14.1/15.1: Remove @ValdikSS' bluetooth patches
- 15.1: Cleanup
2019-03-04 02:45:54 -05:00
Tad
83478880ef WireGuard kernel module inclusion support 2019-03-04 00:06:22 -05:00
Tad
bc63feedc9 Update CVE patchers 2019-02-21 06:25:47 -05:00
Tad
fccc124868 tuna fixes + fdroid priv changes 2019-02-14 04:36:50 -05:00
Tad
b9ff7a74e6 Updates and fixes 2019-02-12 16:09:41 -05:00
Tad
ffabfb3616 14.1: fix maguro denials 2019-02-09 14:47:55 -05:00
Tad
9178760d1a Updater: Fix downloads over Tor
+ Update TODO
+ Minor tweaks
2019-02-08 20:58:15 -05:00
Tad
aa9b5499e6 Updates 2019-02-07 11:15:29 -05:00
Tad
15237becbb Update CVE patchers 2019-02-04 16:03:59 -05:00
Tad
378971497c 14.1: Support unified tuna 2019-02-01 02:53:13 -05:00
Tad
0ea1d37f0c Minor changes
- Update cherrypicks
- Update submodules
- Add some comments
2019-01-28 21:54:45 -05:00
Tad
ec3ffa38f2 Fixup CVE patchers 2019-01-07 19:42:25 -05:00
Tad
d8aac4c07b Update CVE patchers 2019-01-07 17:07:00 -05:00
Tad
c27f226269 Properly fix network mode patch 2018-12-29 12:19:27 -05:00
Tad
66a38a4705 Fixup network modes patch on 14.1 2018-12-28 14:53:23 -05:00
Tad
0df749ef73 Add more preferred network modes such as LTE Only, LTE/3G only, and 3G only 2018-12-28 08:02:24 -05:00
Tad
c07027dd97 Many changes
- Update CVE patchers
- Update submodules
- Update defconfig enablers
- Update DNS IP addresses
- + Misc changes
2018-12-24 23:29:56 -05:00
Tad
6c4eadcdc7 Manifest cleanup + always remove latemount from /cache
formatting/erasing /cache will result in selinux contexts being lost
these are normally restored by system/core/rootdir/init.rc in post-fs
but latemount causes /cache to not be mounted beforehand
preventing it from ever being fixed
result is broken ota and recovery updates
2018-12-20 17:22:34 -05:00
Tad
c5d2f25797 11.0: nex: switch to -user + add disabled overclock 2018-12-19 02:15:15 -05:00
Tad
a652eb1e23 11.0: Remove the rest of CMStats
Hmm, I don't remember Dialer having stats.
Goddamn spyware.
2018-12-18 23:39:29 -05:00
Tad
bae3092539 11.0: Remove CMStats 2018-12-18 22:08:57 -05:00
Tad
875d6505af F-Droid changes
- Drop Briar repo, its in main repos now and seems to keep in sync
- Switch to official builds of PrivExt
2018-12-18 21:37:35 -05:00
Tad
715cb32468 11.0: Cherrypick ASB topics 2018-12-18 21:36:02 -05:00
Tad
314701f0e8 11.0: Drop grouper + more work 2018-12-18 21:36:01 -05:00
Tad
28b0e915f5 11.0: More restoration work 2018-12-18 21:35:41 -05:00
Tad
01be578137 11.0: Initial restore
I think this is like the 6th time I've done this.
I always remove it, wait a few months, pull out a device that I want to run it on
and then spend hours restoring and bringing it back. I always think to myself
do I really need to toy with this device? No, I don't, but I do it anyway. :)
2018-12-18 21:35:14 -05:00
Tad
c6206ccd7e Minor updates 2018-12-17 17:59:12 -05:00
Tad
982462aa00 Update CVE patchers 2018-12-04 17:21:39 -05:00
Tad
6ea39e0a0f Updates 2018-11-13 17:33:49 -05:00
Tad
5be6227a8b Minor updates + Update CVE patchers 2018-11-06 21:09:35 -05:00
Tad
34be4797ea Switch to official F-Droid 2018-10-20 16:26:42 -04:00
Tad
95959a0d89 Many changes
- Add back microG support (not enabled)
- Add choice between DNS66 and Blokada when $DOS_HOSTS_BLOCKING=false
2018-10-19 18:28:18 -04:00
Tad
5696da8d0c Many changes
- 15.1: Update some CVE patchers
- 15.1: Address some mako denials
- 14.1: Add cherrypicks for various security patches
- Common: Prepare for F-Droid additional repos
- Common: Disable overclock for mako
- Misc tweaks
2018-10-19 09:55:08 -04:00
Tad
586f967667 Minor updates 2018-10-14 20:21:06 -04:00
Tad
136bb520aa Update CVE patchers 2018-10-01 22:45:00 -04:00
Tad
776be6f992 Backport Updater Tor support patch to 14.1 2018-09-24 06:46:54 -04:00
Tad
08c65c8334 Patches to add captive portal check toggle from @MSe1969 2018-09-22 21:05:41 -04:00
Tad
b50352bc8e Updater: Add initial Tor support 2018-09-20 21:45:58 -04:00
Tad
51fd815236 Update CVE patchers 2018-09-13 21:53:30 -04:00
Tad
f8a438b32a Update CVE patchers 2018-09-12 15:45:35 -04:00
Tad
e5b588265c Add function to always ensure discard mount option is enabled 2018-09-11 19:53:50 -04:00
Tad
8d79a008ff hardenDefconfig: Ensure IOMMU is enabled 2018-09-05 04:53:42 -04:00
Tad
98762a1ccf Update included apps 2018-08-30 23:11:14 -04:00
Tad
54ecd7ae21 hardenDefconfig improvements 2018-08-24 20:00:43 -04:00
Tad
9fb6c648d9 Partial revert of 1983d9a8f7 2018-08-24 00:26:35 -04:00
Tad
642f978509 Experimental Bluetooth audio quailty improvement patches, credit @ValdikSS 2018-08-23 22:31:43 -04:00
Tad
9cbc514c59 Initial support for geminipda 2018-08-23 18:50:13 -04:00
Tad
c3f480b867 Updates 2018-08-17 19:22:00 -04:00
Tad
17340a0963 Update CVE patchers 2018-08-10 21:03:28 -04:00
Tad
db3b42ae4f Update CVE patchers + misc fixes 2018-08-08 20:23:26 -04:00
Tad
46b1b409c9 Update CVE patchers 2018-08-06 21:32:33 -04:00
Tad
4136ab17b8 Updates 2018-08-04 09:15:22 -04:00
Tad
94f1382077 Updates 2018-07-25 21:56:11 -04:00
Tad
e3dcb260aa Update CVE Patchers
- and add initial rpi3 support
2018-07-22 09:37:23 -04:00
Tad
9af1881a89 Many changes
- 15.1: Fix build
- 15.1: Add jfltexx
- 15.1: Add CVE patchers for jf and fugu
- Manifests: Add Intel repos back
- Overlay: Add more default apps to launcher
- Remove more blobs
2018-07-19 22:15:20 -04:00
Tad
3c2fae77d5 Switch DNS to Cloudflare and fixup F-Droid Provisioner
- OpenNIC anycast seems to have disappeared and their main site is also down
2018-07-15 12:33:16 -04:00
Tad
bf1256f182 Final overlay fixes 2018-07-13 22:04:42 -04:00
Tad
3027afedd8 Overlay tweaks 2018-07-13 17:54:16 -04:00
Tad
df213a8b19 Overlay fixes and F-Droid additional repos prep 2018-07-13 17:43:14 -04:00
Tad
5ae0eb7a92 More overlay work 2018-07-13 15:35:09 -04:00
Tad
2f50e7c142 Overlay fixes 2018-07-13 01:45:38 -04:00
Tad
91a6b29806 More overlay work 2018-07-13 01:02:41 -04:00
Tad
2ee7a13a80 More overlay work 2018-07-12 22:43:28 -04:00
Tad
2c6ba127d4 More overlay work 2018-07-12 22:29:21 -04:00
Tad
f95b73fe06 More overlay work 2018-07-12 22:19:30 -04:00
Tad
9dec3c7018 More overlay work 2018-07-12 22:12:55 -04:00
Tad
1dc92478ed Many changes
- Drop Copperhead patches
- More overlay work
2018-07-12 22:05:02 -04:00
Tad
39740b384f Drop KitKat (for the third time?) 2018-07-12 21:29:43 -04:00
Tad
79972d393c DNM: WIP: Migrate to a proper vendor overlay for most changes 2018-07-12 21:27:01 -04:00
Tad
db0bcf60f3 Official F-Droid preparation 2018-07-12 21:25:43 -04:00
Tad
cb8fdaf3f5 Low RAM tweaks 2018-07-11 14:20:15 -04:00
Tad
5af16e1ddd Add build option to enable lowram/go on all devices 2018-07-10 21:45:11 -04:00
Tad
746c925a22 14.1: Improved grouper perf tweaks 2018-07-10 19:45:48 -04:00
Tad
8b2902fd94 Tweaks 2018-07-10 17:59:03 -04:00
Tad
da5485d873 11.0: More work 2018-07-10 09:28:01 -04:00
Tad
966f4a5baf 11.0: More work 2018-07-10 08:29:08 -04:00
Tad
5716c58485 11.0: More work 2018-07-10 08:07:19 -04:00
Tad
05a5c7c38c 11.0: More fixes 2018-07-09 22:16:52 -04:00
Tad
bd5b0f6146 Tweaks 2018-07-07 02:37:00 -04:00
Tad
ae0d89ee8a Many changes
- Switch to new HOSTS list
- Minor tweaks
- 14.1: Fix default Trebuchet workspaces
2018-07-04 15:35:16 -04:00
Tad
08bb0a87cc Remove Android CVE patches 2018-07-03 03:34:24 -04:00
Tad
33c6980b88 Cleanup 2018-07-03 03:29:08 -04:00
Tad
31444ad3c8 Update CVE patchers 2018-07-02 23:16:36 -04:00
Tad
60a651008e Changes
- Deblobber improvements and cleanup
- Fixup starlte
2018-07-01 00:34:34 -04:00
Tad
303fe971ed Many changes
- 14.1: Fixup previous commits
- 15.1: Add mata
- Deblobber: Remove more blobs (audiofx, cne, hdr, ims-rtp)
2018-06-28 20:11:20 -04:00
Tad
29ace39eb9 Fixup previous 2 commits + misc tweaks 2018-06-27 12:04:42 -04:00
Tad
5d4d12b324 14.1: Add back all devices that were moved to 15.1 2018-06-27 09:17:50 -04:00
Tad
746b695d6a Deduplicate updater patches 2018-06-27 08:43:12 -04:00
Tad
e65234f8eb Many changes
- Allow OTA server to be set from init.sh
- Fix link updating from Rebrand.sh
- Update CVE patchers
2018-06-26 21:47:45 -04:00
Tad
af9126ffcb More deduplication
- Deduplicate Trebuchet default workspaces
- Deduplicate LatinIME patches
- Deduplicate SetupWizard assets
- And fix a typo with grouper overclock
2018-06-26 21:25:59 -04:00
Tad
14b5b95cb8 Add overclocks for grouper 2018-06-26 13:58:08 -04:00
Tad
6746942f30 14.1: Add grouper 2018-06-26 05:57:22 -04:00
Tad
ee4ea5072b Many changes
- Fixed UnifiedNLP not registering
- Inlined location provider patch
- Simplified generateBootAnimationShine
- Add notes about inclusion of other apps
- Replaced microG with just UnifiedNLP
2018-06-25 14:19:38 -04:00
Tad
c914a655a5 Fixup previous commits 2018-06-25 10:16:32 -04:00
Tad
97248d28f2 Implement choice of UnifiedNLP only or full microG 2018-06-25 09:31:31 -04:00
Tad
f6cdc9426c Many changes
- Remove proprietary audio enhancement blobs
- Remove AudioFX to prevent crashes after blobs are removed
- Deduplicate patches a bit with the new Patches/Common directory
- Switch boot animation shine generation from gradient to plasma
- Update submodules
2018-06-25 07:59:24 -04:00
Tad
3a3fe5aca9 Replace DNS patches with a function + some misc fixes 2018-06-24 01:27:33 -04:00
Tad
5772b68224 Update CVE patches + more globbing fixes 2018-06-23 03:39:01 -04:00
Tad
af94760587 Remove msm8992 overclocks 2018-06-23 00:23:34 -04:00
Tad
a0ce912d99 Add Provisioner repo to F-Droid and fixup previous deblobber changes 2018-06-17 19:42:17 -04:00
Tad
2ed7a8a874 init.sh: add options to control extra parts of the deblobber 2018-06-13 07:07:47 -04:00
Tad
8eeafdd09f Changes for trust_interface and other misc tweaks 2018-06-10 19:00:02 -04:00
Tad
b10f0a97dc Update CVE patchers + misc fixes 2018-06-05 00:35:42 -04:00
Tad
eeba3fd873 Going the distance... 2018-06-03 14:13:59 -04:00
Tad
bf8f1e4d3d More fixes and cleanup 2018-06-02 18:34:15 -04:00
Tad
2fb4b7f5f1 Add option to disable inclusion of microG 2018-06-02 17:37:21 -04:00
Tad
fe6f853746 mako: add back LTE support patch 2018-05-30 03:45:43 -04:00
Tad
ab9487fea1 Tweaks 2018-05-29 13:30:37 -04:00
Tad
f9f893a443 Hamper the ad/analytics libraries! 2018-05-21 05:28:07 -04:00
Tad
67db210756 Many changes
- 15.1: Fixup ether here too
- Change F-Droid application id to allow installation of official F-Droid side by side
- Remove FDroidPriv patch and use sed instead
- Optimize: Switch VM_MAX_READAHEAD to 512KB
- Misc tweaks
- Update TODO
2018-05-20 23:30:40 -04:00
Tad
dfaf44387b Update CVE patchers 2018-05-17 16:42:42 -04:00
Tad
f30d5cd7f2 Update links 2018-05-13 22:21:42 -04:00
Tad
5695712cf4 Many changes
- Add support to scan for malware in certain directories
- 15.1: Add new device, griffin
- Note deprecation status of various devices
- Add a few blobs to the deblobber
2018-05-10 23:46:18 -04:00
Tad
966c9c8509 Change connectivity check URLs 2018-05-08 20:56:02 -04:00
Tad
e22d028cbd Switch DNS back to OpenNIC for now 2018-05-08 16:04:41 -04:00
Tad
f5fd480f56 Update CVE patchers 2018-05-07 16:20:58 -04:00
Tad
2054759724 Fix inclusion of LocalCalendar 2018-05-03 10:22:04 -04:00
Tad
ee6788df1e Switch from OpenNIC to Cloudflare DNS 2018-05-03 07:38:32 -04:00
Tad
8220c2fd11 Prepare potential future inclusion of DNS66 2018-04-28 21:50:06 -04:00
Tad
b30c62629b Revert "Strong AES patch changes"
This reverts commit 60b85e10fe.
2018-04-28 15:35:53 -04:00
Tad
60b85e10fe Strong AES patch changes 2018-04-28 15:25:42 -04:00
Tad
999c94d2de Update CVE patchers 2018-04-28 00:43:08 -04:00
Tad
5f18a38e8f 15.1: Remove Lineage logo from recovery 2018-04-24 12:16:46 -04:00
Tad
f122ccb9f1 Many changes
- Disable patches with restrictive licenses by default
- Update LICENSE
- Fixup the fix for F-Droid building
- 15.1: Fix forceencrypt on mako
- 15.1: Fix crashes when accessing factory reset and development settings menus
 on devices without support for factory reset protection or oem unlocking
2018-04-23 15:42:27 -04:00
Tad
28600556b4 Many changes
- Add a variable to control inclusion of patches under a restrictive license
- Fix F-Droid building
- Add a buildDeviceDebug function that disables signing
- Misc tweaks/cleanup
- 15.1: Revert trust_interface cherry picks until official
2018-04-23 08:44:50 -04:00
Tad
f041047983 15.1: Initial deny new usb support from CopperheadOS
This is an extremely powerful security feature with minimal downsides.
Original credit goes to Grsecurity
Android port goes to Copperhead
2018-04-22 11:35:56 -04:00
Tad
28de039beb Update CVE patchers 2018-04-22 02:41:18 -04:00
Tad
a45a9be0e9 15.1: Updates & Fixes 2018-04-19 21:26:11 -04:00
Tad
b8937a6400 14.1: Fix herolte, both: replace Gallery2 with CameraRoll 2018-04-14 02:27:01 -04:00
Tad
de78fb8b9a Update CVE patchers 2018-04-13 15:29:21 -04:00
Tad
1fa75dcb65 15.1: More fixes 2018-04-12 09:26:03 -04:00
Tad
a914c813b0 15.1: Fixes, 14.1: Cleanup 2018-04-10 19:24:39 -04:00
Tad
f3a92223a5 Fix updater 2018-04-06 21:50:20 -04:00
Tad
fcea2b8d1d Lots of cleanup
- Some overclocks might be missing'
2018-04-06 14:10:43 -04:00
Tad
a661c4cde5 14.1: Drop mako 2018-04-06 13:58:48 -04:00
Tad
b2d1b93dcb 14.1: Drop bacon and m8, 15.1: Many more fixes 2018-04-04 21:24:08 -04:00
Tad
7933a5a1fc Many changes
- Remove LineageOS 11.0 again
- 15.1: Cleanup
- 15.1: More cherry picks
2018-04-03 18:36:22 -04:00
Tad
7a29793ee5 15.1: Really fix build signing 2018-04-03 14:55:28 -04:00
Tad
8e475113ef Update build signing patches 2018-04-03 12:34:00 -04:00
Tad
fa2987d3dc 15.1: More fixes and cleanup 2018-04-03 10:56:28 -04:00
Tad
42da60142c 15.1: Many fixes 2018-04-03 09:10:49 -04:00
Tad
f186d33fdb 15.1: minor fixes 2018-04-03 05:08:13 -04:00
Tad
421cbe65b3 Add back LineageOS 11.0 support again
Why do I keep doing this?
2018-03-31 19:03:43 -04:00
Tad
4f9299f900 Update CVE patchers 2018-03-30 21:47:33 -04:00
Tad
147ab4667e SetupWizard: Switch to our (temp) logo 2018-03-28 16:14:03 -04:00
Tad
8a9cd5c57c SetupWizard: Remove Lineage logo until we can replace it 2018-03-28 01:15:59 -04:00
Tad
e634a22758 14.1: Update default workspaces 2018-03-28 01:07:36 -04:00
Tad
2d8bab800c Many Changes
- Remove more projects via manifests
- Fix FDroidPrivExt inclusion
- 14.1: Remove Jelly
- Remove leftovers from LG G2
2018-03-23 12:37:26 -04:00
Tad
800bd2f985 Move Fennec DOS shim to PrebuiltApps repo 2018-03-23 10:00:33 -04:00
Tad
d9318b61e6 Fix zip name and Fennec DOS shim 2018-03-23 09:37:08 -04:00
Tad
e533bc7607 Cleanup 2018-03-22 08:32:01 -04:00
Tad
3ceff683a8 Rebase FDroidPriv patch and cleanup privacy guard changes 2018-03-21 20:50:45 -04:00
Tad
2a1b88cab3 Cleanup 2018-03-18 12:48:08 -04:00
Tad
f5e2d2dece Many fixes 2018-03-14 14:31:08 -04:00
Tad
e4435f9eac Tweaks and cleanup 2018-03-14 00:41:05 -04:00
Tad
4053ad6082 Initial support for including prebuilt apps from F-Droid
FDroid will come later, microG will probably stay as is.
2018-03-13 23:07:41 -04:00
Tad
d111027f4d Many changes
15.1: Update CVE patchers
15.1: Add back automated build signing
14.1: Disable herolte (broken)
14.1: March 2018 Security Bulletin
2018-03-08 22:06:18 -05:00
Tad
9c2272bc03 14.1: Update CVE patchers 2018-03-07 00:07:45 -05:00
Tad
eea5b71bd4 14.1: Drop 5 devices supported by 15.1 2018-03-01 09:51:05 -05:00
Tad
90ecbd9857 15.1: More fixes 2018-02-28 08:22:35 -05:00
Tad
199ffada5b 15.1: Remove analytics from SUW 2018-02-28 08:13:34 -05:00
Tad
ac990f0491 15.1: Cleanup 2018-02-28 08:12:30 -05:00
Tad
994a069deb Remove JustArchi's compiler flag optimizations
While some tasks complete slightly faster overall there are too many downsides
- Too large system images
- Weird compiler errors
- Performance regressions on some devices
- General maintenance overhead

Maybe a less aggressive variant can be brought back in the future
2018-02-25 19:56:29 -05:00
Tad
9cdfc59d5e 14.1: Update CVE patchers 2018-02-19 15:01:57 -05:00
Tad
f7abbe151d 15.1: Even more build fixes 2018-02-12 07:28:04 -05:00
Tad
9b391e88f9 15.1: More build fixes 2018-02-12 07:10:10 -05:00
Tad
910ee5ad76 15.1: Build fixes 2018-02-12 05:28:24 -05:00
Tad
e16aa10199 15.1: Initial building support 2018-02-12 04:57:49 -05:00
Tad
4ee1a52cef 15.1: More aux work on rebase 2018-02-12 04:00:28 -05:00
Tad
96edc2acc6 15.1: Much more work on rebase 2018-02-12 03:43:26 -05:00
Tad
48d9b9daaa Update CVE patchers and add a helper patch function 2018-02-05 19:21:44 -05:00
Tad
d3a231e2be Many build fixes
- Deblobber: sh -> bash (potential fix)
- Mark h815 as broken upstream
- Fix h850
- Fix herolte
- Fix Z00T
2018-01-31 13:14:19 -05:00
Tad
f5e79a3d11 Minor tweaks and update CVE patchers 2018-01-30 02:18:38 -05:00
Tad
ed6b73793b Many changes
- Recovery: Squash menus
- dexpreopt boot of all devices
- Update device todo list
2018-01-20 07:36:08 -05:00
Tad
4b5717b6b7 -O3 ALL THE THINGS! Use JustArchi's compiler flags 2018-01-19 05:41:08 -05:00
Tad
e3d6171053 Update CVE patchers 2018-01-16 19:55:07 -05:00
Tad
a84bf140fe Fix thor overclock and clark recovery 2018-01-12 09:26:54 -05:00
Tad
bad18d67fc Improved thor overclocks 2018-01-11 20:39:49 -05:00
Tad
3491639412 Overclock thor 2018-01-11 20:29:37 -05:00
Tad
96104d6a2d Overclock mako 2018-01-11 15:58:04 -05:00
Tad
7ec6b4cf88 Overclocks for msm8992 2018-01-11 15:00:46 -05:00
Tad
77cc7f1341 More overclocks 2018-01-11 14:31:17 -05:00
Tad
6fb82b7907 Attempt to improve AES performance 2018-01-11 14:16:13 -05:00
Tad
85895baa66 Update CVE patchers 2018-01-10 15:24:05 -05:00
Tad
97bb50e125 Update CVE patchers 2018-01-10 02:20:35 -05:00
Tad
86234066dc Patch most 3.10 kernels against Spectre 2018-01-04 19:52:32 -05:00
Tad
a4cde9bb89 Update CVE patchers 2018-01-04 13:34:44 -05:00
Tad
1402e9b041 Update CVE patchers 2018-01-04 13:17:29 -05:00
Tad
e5cbc542ea Misc changes 2018-01-03 21:55:04 -05:00
Tad
eb32600c0b Fix AES256 encryption patch, and update CVE patchers 2018-01-03 12:15:58 -05:00
Tad
7446b2d304 Move enter to functions.sh, and move overclocks to overclock.sh 2018-01-02 20:19:09 -05:00
Tad
a350cd92f1 Patch for AES256 encryption 2018-01-01 14:49:15 -05:00
Tad
8a4f0bef72 Many changes
- Disable removal of AudioFX blobs, as it breaks audio on some devices
- Enable LG G3 overclocks
- Switch mako from test to release
- Disable force-enabling of GLONASS
2017-12-31 09:09:46 -05:00
Tad
758088bde2 Update CVE patchers 2017-12-30 07:11:23 -05:00
Tad
0861d217ae General updated, and LG G3 overclocking 2017-12-30 04:39:32 -05:00
Tad
406a4ebf6e Disable Fennec DOS shim 2017-12-24 20:59:00 -05:00
Tad
176d22c6bb Update CVE patchers 2017-12-20 14:29:33 -05:00
Tad
d3cf423227 Add a shim to install Fennec DOS 2017-12-19 20:01:17 -05:00
Tad
d740b10822 DNS changes 2017-12-19 17:03:38 -05:00
Tad
ba66e7477c Compile DejaVu 2017-12-19 16:55:30 -05:00
Tad
fe6e553cbb Remove n800 2017-12-19 16:32:07 -05:00
Tad
397ab78e21 Remove some broken patches 2017-12-19 00:18:10 -05:00
Tad
fcc8ffc5bd Tweaks and Fixes 2017-12-15 16:42:36 -05:00
Tad
f65bbb8ee0 Many improvements to the hardenDefconfig function 2017-12-09 13:27:49 -05:00
Tad
07b6c89e07 Fix bootloops with hardened defconfig 2017-12-09 05:52:59 -05:00
Tad
ef401964f7 Improvements 2017-12-09 02:07:54 -05:00
Tad
2091d44aa3 Add CVE patchers for various Android repos 2017-12-08 23:13:11 -05:00
Tad
0bda7c939e Android CVE patches submodule 2017-12-08 22:25:37 -05:00
Tad
b5c8ef6bc3 Update CVE patchers 2017-12-08 18:59:55 -05:00
Tad
11cc70ef35 Privacy guard improvements and update CVE patchers 2017-12-08 08:18:39 -05:00
Tad
1bd7aab805 Update CVE patchers 2017-12-07 20:20:48 -05:00
Tad
90d7413c04 Update CVE patchers 2017-12-05 19:42:36 -05:00
Tad
3dd9a262df Update CVE patchers with CopperheadOS kernel hardning patches 2017-12-05 18:22:31 -05:00
Tad
dd460da4c3 Build fixes 2017-12-05 11:26:57 -05:00
Tad
face62a675 Fixes 2017-12-04 22:48:33 -05:00
Tad
f93366c8e7 Update CVE patchers 2017-12-04 19:08:04 -05:00
Tad
9bed70363b Update CVE patchers 2017-12-04 18:49:19 -05:00
Tad
dd7454b664 Update CVE patchers 2017-12-01 17:02:23 -05:00
Tad
98dcb87cc8 Update submodules 2017-12-01 16:20:29 -05:00
Tad
9202c0a972 Submodules? 2017-12-01 16:19:36 -05:00
Tad
8e7e492c04 Submodules! 2017-11-28 12:28:55 -05:00
Tad
30e0d5e980 Move Linux patches out of repo 2017-11-28 12:18:40 -05:00
Tad
39337477bf Fixes 2017-11-26 12:43:47 -05:00
Tad
67e224cb1a Many new CVE patches 2017-11-25 19:39:02 -05:00
Tad
5e6208ece9 Firmware deblobber fixes 2017-11-12 09:23:12 -05:00
Tad
557d18a471 Firmware deblobber: Fix mounting /firmware 2017-11-11 09:40:23 -05:00
Tad
35a449dc82 Firmware Deblobber: Make device agnostic, remove more blobs 2017-11-11 07:27:00 -05:00
Tad
5dfb34d47d Inline the firmware deblobber 2017-11-11 06:46:58 -05:00
Tad
dec73c392c Add a qs tile for controlling radio power 2017-11-10 17:28:44 -05:00
Tad
7d4faa1ef8 More patches 2017-11-10 12:23:07 -05:00
Tad
1b74baddf0 Patch against towelroot 2017-11-10 03:06:09 -05:00
Tad
2711871d50 PAPP: Add more apps 2017-11-09 20:56:11 -05:00
Tad
b84f0881b0 Version the previous USB patches 2017-11-08 13:13:06 -05:00
Tad
7b3c994731 Update CVE patchers 2017-11-08 03:42:33 -05:00
Tad
aaa94329a5 Add more patches 2017-11-08 03:23:39 -05:00
Tad
397e66c977 CVE Build fixes 2017-11-07 23:45:28 -05:00
Tad
2bec4f071d Actually add the patches 2017-11-07 22:50:43 -05:00
Tad
d86c2f7d55 More CVE patches 2017-11-07 22:47:52 -05:00
Tad
42e8062935 More patches 2017-11-07 22:03:58 -05:00
Tad
7c0049f494 Update CVE patchers 2017-11-07 21:54:21 -05:00
Tad
6ce51b2775 More patches 2017-11-07 21:38:42 -05:00
Tad
e2e5a3d9e1 Patch fixes 2017-11-07 20:32:38 -05:00
Tad
8ed308c888 Update CVE pathcers against new patches 2017-11-07 20:00:37 -05:00
Tad
529ce03a13 Fixup wireless patches 2017-11-07 18:55:10 -05:00
Tad
11c7037780 Switch to new CVE patchset 2017-11-07 17:32:46 -05:00
Tad
57ce42402b Patch list fixes 2017-11-07 16:31:15 -05:00
Tad
4b3a3a4e50 Replace CVE list with a sorted list 2017-11-07 14:42:05 -05:00
Tad
f5e47ed233 Even more CVEs 2017-11-07 05:29:23 -05:00
Tad
7d50b9bcfa Add more CVE patces from LineageOS 2017-11-07 05:20:31 -05:00
Tad
58be4b7c58 Add an extremely detailed list of Linux CVE patches
It only took 7 hours!
2017-11-07 04:35:41 -05:00
Tad
0a2f23c228 LAOS-11.0 and nex Fixes 2017-11-06 20:26:28 -05:00
Tad
5bc79a7ad7 Restore nex/11.0 and cleanup 2017-11-06 15:34:40 -05:00
Tad
db7f521c28 Update FDroid repos 2017-11-05 23:19:53 -05:00
Tad
848056f0ff Remove more blobs, update FDroid repos 2017-11-05 18:39:54 -05:00
Tad
112384f039 Fixes 2017-11-05 16:49:52 -05:00
Tad
a42e8a5243 Add initial support for 7 more devices 2017-11-05 13:56:37 -05:00
Tad
7ffb675a15 Licensing fixes, and misc fixes 2017-11-05 10:58:01 -05:00
Tad
b1b71f43c6 Replace wallpapers with out own better ones, Replace FDroid repo patch with just the file instead 2017-11-04 09:47:54 -04:00
Tad
f5e96522e1 Fixes 2017-11-02 19:35:27 -04:00
Tad
5cce7e4c37 Add CVE patcher for nex 2017-11-02 19:09:39 -04:00
Tad
6cb184876a More KRACK patches 2017-11-02 16:48:37 -04:00
Tad
c3c75e7b73 Revert "CVE Patchers: Switch to 3way, patch ~552 CVEs"
This reverts commit 7d24041ae3.

A quick sanity check against cve.lineageos.org shows most of these are patched already.
--3way == bad way
2017-11-02 16:01:55 -04:00
Tad
7d24041ae3 CVE Patchers: Switch to 3way, patch ~552 CVEs
I hope this doesn't break compile... it probably will and this will end up reverted :(
2017-11-02 15:57:46 -04:00
Tad
79daadb5ef Update CVE patchers for ranged versions, patching 1 CVE 2017-11-02 15:26:49 -04:00
Tad
7c31506e56 CVE Patches: ranged versions 2017-11-02 15:07:05 -04:00
Tad
43e4a7035d Patch 30 more CVEs 2017-10-31 13:44:26 -04:00
Tad
77fc7b452c Fix empty CVE patches 2017-10-31 13:24:35 -04:00
Tad
9a09d20695 Disable patch for CVE-2016-0819 2017-10-30 22:46:23 -04:00
Tad
64d490d95e Remove network hardening patches, disable mako LTE patch, add function to enable forceencrypt 2017-10-30 17:38:00 -04:00
Tad
41b11b0273 Fully patch against KRACK 2017-10-30 01:13:51 -04:00
Tad
3afd709762 Remove duplicate cve patches and update CVE patchers 2017-10-29 22:33:38 -04:00
Tad
3989a1b20b Update Linux CVE patches 2017-10-29 22:14:37 -04:00
Tad
12b63c12b7 Remove some duplicate CVE patches and add back fixed CVE patcher scripts 2017-10-29 21:26:04 -04:00
Tad
548fbd1b50 New patchers 2017-10-29 16:25:37 -04:00
Tad
942c68a4d1 Remove invalid CVE patches 2017-10-29 16:01:30 -04:00
Tad
948a8760e2 Update CVE patches 2017-10-29 15:58:20 -04:00
Tad
92a0187dfb Overhaul CVE patches 2017-10-29 14:23:02 -04:00
Tad
ce59045163 Add some more Linux CVE patches 2017-10-29 04:19:13 -04:00
Tad
86c2d7a648 Remove many duplicate linux CVE patches and update patchers 2017-10-29 03:46:24 -04:00
Tad
75099b9404 Add patches for many Linux CVEs, and overhaul script paths 2017-10-29 01:48:53 -04:00
Tad
8c8dc284c9 Last patch prob doesnt fix that 2017-10-22 23:29:46 -04:00
Tad
106e5d1708 Add a patch to fix the keystore 2017-10-22 23:24:07 -04:00
Tad
d2d343b49c More fixes 2017-10-21 11:53:21 -04:00
Tad
f6fc3918aa More fixes 2017-10-21 09:10:23 -04:00
Tad
d9f56cc8ff More fixes 2017-10-21 00:39:22 -04:00
Tad
0975c5251b More fixes 2017-10-20 19:57:01 -04:00
Tad
8890e8cadd Fixup last 2 commits 2017-10-20 19:00:24 -04:00
Tad
0a238fd21e Overhaul last commit 2017-10-20 16:54:46 -04:00
Tad
b3108b9e7f Initial implementation of allowing the user to reduce screen resolution to save power 2017-10-20 15:31:04 -04:00
Tad
8168ab2db7 Replace theming patch with script 2017-10-18 12:11:10 -04:00
Tad
ffe640b21d Fix setupwizard patch and change the default accent color system wide 2017-10-18 11:59:50 -04:00
Tad
f810d0691d Fixes and remove boot anim 2017-10-18 10:00:05 -04:00
Tad
26acf27638 Add a temporary boot animation 2017-10-18 08:16:12 -04:00
Tad
4dc9f05915 Add a rebranding script and remove cmstats from SetupWizard 2017-10-18 07:54:56 -04:00
Tad
c4cdf17325 Fixes 2017-10-16 14:25:36 -04:00
Tad
c9df695f0c Fixes and switch to new updater parameters 2017-10-06 20:44:56 -04:00
Tad
f835a6e5f1 Add a patch for tri-state torch on clark 2017-10-04 20:32:48 -04:00
Tad
1535a984ae Remove SVOX patch, enable GLONASS and XTRA HTTPS for all devices 2017-10-03 05:41:25 -04:00
Tad
61fd3702ce Fixes 2017-09-15 20:16:51 -04:00
Tad
70ad6ff700 Switch from CM to LAOS updater 2017-08-26 16:07:10 -04:00
Tad
343cb8ee5b Fix LTE only patch 2017-08-16 11:27:10 -04:00
Tad
36691a61cb PAPP add two more apps 2017-07-25 13:57:27 -04:00
Tad
79975a9112 PAPP more apps 2017-07-23 18:45:12 -04:00
Tad
612c0a8cbf Disable LTE only patch 2017-07-19 04:10:19 -04:00
Tad
ce9c9f83c9 Quick fix 2017-07-18 22:47:31 -04:00
Tad
7bcd9ce09f Update changelog 2017-07-18 21:45:21 -04:00
Tad
4c2626ffea Modified LTE Only option from CopperheadOS 2017-07-18 20:34:46 -04:00
Tad
ca242f5baa Updater: Add back clobbered incremental support 2017-07-12 05:19:47 -04:00
Tad
77e6eb2014 Cleanup 2017-07-05 23:26:46 -04:00
Tad
af2b58f436 Cleanup, ZRAM, comments 2017-07-04 02:57:50 -04:00
Tad
dd09109ddd Fix per app performance profiles 2017-07-03 03:34:13 -04:00
Tad
38dada1aef Fixes 2017-07-02 23:29:47 -04:00
Tad
c70b735064 setup-makefiles.sh fixes 2017-07-02 18:34:41 -04:00
Tad
73d0b61dba Fix Silence replacement, RIP CustomTiles 2017-07-02 15:38:00 -04:00
Tad
1ef1ada003 PAPP: More apps 2017-07-01 22:58:11 -04:00
Tad
e07a7cdacf Fix PAPP 2017-07-01 22:25:51 -04:00
Tad
46aa453a5e Per app performance profiles, disable time replacement, drop vs985
PAPPv2 only took 4 years, amirite?
2017-07-01 19:54:38 -04:00
Tad
7bcac24b49 Only ship Silence on phones 2017-06-29 10:47:10 -04:00
Tad
285c6701dd Renable network hardening, fix tethering 2017-06-28 12:31:45 -04:00
Tad
219ee0ae4b Fix network hardening 2017-06-28 09:25:59 -04:00
Tad
82be2c12f5 Improved network hardening 2017-06-28 08:20:24 -04:00
Tad
e343f5b465 Fix the iptables hardening patch 2017-06-27 23:19:26 -04:00
Tad
15d3d2a540 Cleanup 2017-06-21 18:53:55 -04:00
Tad
edc740e60c Rebase update server patch 2017-06-18 10:20:47 -04:00
Tad
e73befa37b Fixes 2017-06-16 04:41:21 -04:00
Tad
61e242811c Fix Profiles tile, Ship Silence, Inline build-tools update patches 2017-06-15 23:41:35 -04:00
Tad
5d7e5735fd Update F-Droid repos patch and update network traffic cherry picks 2017-06-12 10:41:12 -04:00
Tad
df959d5fa6 Improvements 2017-06-10 10:06:06 -04:00
Tad
ced13482a0 Update profiles and tweak comments 2017-06-06 21:48:32 -04:00
Tad
b49d739e89 Remove msm8992 overclock, fix IMS,, fix credits, update changelog, and general cleanup 2017-06-06 21:18:51 -04:00
Tad
394c599e95 Bootloops, bootloops everywhere
I guess there is a bit more to CVE patches then just seeing if they apply cleanly
2017-06-04 22:34:28 -04:00
Tad
6d640639bd Fix more kernel CVEs 2017-06-04 22:32:03 -04:00
Tad
a812869b6c Fix some kernel CVEs using using raymanfxs android-cve-checker 2017-06-04 22:12:03 -04:00
Tad
97c43ced26 Switch to new domain 2017-06-04 12:48:26 -04:00
Tad
e947eb4edb Tweaks 2017-06-04 12:16:35 -04:00
Tad
1efaef9820 Repository cleanup, Update credits, Add copyright, Fix Gradle 2017-06-04 09:29:47 -04:00
Tad
d8f5c8b8ab Ship Nominatim and Ichnaea UnifiedNLP backends 2017-06-04 08:07:50 -04:00
Tad
f54c5bf914 Switch back to proprietary mpdecision/perfd 2017-06-02 01:24:25 -04:00
Tad
3d45e9a719 Replace proprietary mpdecision/perfd with msm_mpdecision 2017-06-02 00:10:57 -04:00
Tad
1fe7864416 Repository cleanup 2017-05-31 18:51:32 -04:00
Tad
fd6e4cf72b Update to use new PHP json responder 2017-05-30 15:05:36 -04:00
Tad
cb93855a57 OTA! 2017-05-30 14:31:08 -04:00
Tad
3a6815c4eb Fixes 2017-05-29 22:38:33 -04:00
Tad
188d9632ec Fixes 2017-05-29 20:48:36 -04:00