Commit Graph

368 Commits

Author SHA1 Message Date
Tad
84ac696e16 Small updates 2020-01-08 21:22:35 -05:00
Tad
204285d7c8 kernel command line: enable hardening options 2019-10-18 22:14:28 -04:00
Tad
159e5ea194 Minor tweaks
- Update cherry picks
- Update copyright year
- bacon: fix delta generation
2019-10-11 13:24:38 -04:00
Tad
f20ddfc0f6 Minor tweaks 2019-10-04 10:39:27 -04:00
Tad
79ec8a4999 clark: experimental 16.0 2019-09-28 17:37:18 -04:00
Tad
a0e8f9653c Future proofing keys 2019-09-25 21:04:24 -04:00
Tad
f55cdef5b0 Minor tweaks 2019-09-21 15:42:26 -04:00
Tad
e01e457b24 Per-device signing keys
- also fix OTA/recovery key regression
- Update cherrypicks
2019-09-15 22:18:04 -04:00
Tad
19d5b66097 Many changes
- ASB chery picks
- 16.0: recovery: fix sideload
- Restore releasetools for some devices
- Only include Backup where supported
- Change some small defaults
- z00t: 14.1 -> 15.1
- himaul: 14.1 -> 15.1
- i9100: 14.1 -> 15.1+16.0
- flo: 15.1 -> 16.0, disabled
- flounder: 15.1 disabled, enable 14.1
2019-09-13 20:24:02 -04:00
Tad
09b38c1f04 marlin/sailfish: fix MediaProvider using 100% CPU
- by disabling mtp over functionfs
- affects both GrapheneOS and LineageOS
- might need to be applied to other devices

[pid  2482] ppoll([{fd=42, events=POLLIN}, {fd=51, events=POLLIN}], 2, {tv_sec=0, tv_nsec=0}, NULL, 0) = 0 (Timeout)
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 42 -> /dev/usb-ffs/mtp/ep0
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 51 -> anon_inode:[eventfd]

https://forum.xda-developers.com/android/help/pixel2-help-diagnose-android-process-t3863274
https://bugs.chromium.org/p/chromium/issues/detail?id=947901
2019-09-06 09:38:01 -04:00
Tad
1a7291aa36 Minor changes
- Cherry picks
- New default wallpaper, credit: Pawel Czerwinski, UmzGrVna1P0
2019-09-05 04:23:28 -04:00
Tad
9ce8cdb9b6 Add Steve Soltys' Backup app 2019-09-04 06:40:05 -04:00
Tad
330df0983c 16.0: Add GrapheneOS' exec-based spawning feature + misc tweaks
- patch credit updates
- 16.0: allow SystemUI to directly manage Bluetooth/WiFi
 - from GrapheneOS
- cleanup
2019-08-30 02:30:13 -04:00
Tad
e10a865b05 Improve release processing to support deltas and archiving 2019-08-29 19:09:31 -04:00
Tad
057bedb65b Minor tweaks
- 14.1+15.1+16.0: enable kernel protections for files
 - protected_*: hardlinks, symlinks, fifos, regular
 - from GrapheneOS
- defconfig: enable more verity options
- cleanup
2019-08-28 20:24:59 -04:00
Tad
db348ab09c Minor tweaks
- 15.1+16.0: Replace in-line build signing patch with bash function
 - From GrapheneOS/script
- 15.1+16.0: Enable fingerprint failed lockout after 5 attempts
 - From GrapheneOS
2019-08-28 00:40:27 -04:00
Tad
68cdef8733 Minor tweaks 2019-08-26 20:50:28 -04:00
Tad
6d33e4ecbf Parallize many functions invoked by find 2019-08-05 21:09:35 -04:00
Tad
6458d6785f Enable IPv6 privacy extensions 2019-07-05 16:47:59 -04:00
Tad
e41d053f00 Minor updates
- drop usage stats patch, causes Settings to crash
2019-06-27 23:01:28 -04:00
Tad
55c3072089 Going the distance... [pt2] 2019-06-18 13:51:04 -04:00
Tad
d7078bafd6 Update CVE patchers 2019-06-03 18:41:24 -04:00
Tad
bb72bccbeb Two hardening patches from @MSe1969
+ a backport of browser location restriction patch to 14.1 and 15.1
  by @syphyr
2019-06-02 19:25:29 -04:00
Tad
30bf0f2fb9 Resurrect verity 2019-05-09 06:16:34 -04:00
Tad
20c8c7525c Misc tweaks
- 15.1: Contacts: remove Privacy Policy and Terms of Service links
  - from GrapheneOS
- cherry picks
2019-04-06 22:55:14 -04:00
Tad
25cc717ec2 Use GrapheneOS' hardened memory allocator
+ 16.0: some other misc hardening patches from GrapheneOS
  - always restrict access to Build.SERIAL
  - don't grant location permission to system browsers
  - fbe: pad filenames more
+ 16.0: Contacts: remove Privacy Policy and Terms of Service links
2019-04-04 01:07:58 -04:00
Tad
f5d99c938b 16.0: More bringup 2019-03-04 05:53:51 -05:00
Tad
afe719ffc4 16.0: Initial bringup
- 14.1/15.1: Remove @ValdikSS' bluetooth patches
- 15.1: Cleanup
2019-03-04 02:45:54 -05:00
Tad
83478880ef WireGuard kernel module inclusion support 2019-03-04 00:06:22 -05:00
Tad
b9ff7a74e6 Updates and fixes 2019-02-12 16:09:41 -05:00
Tad
c9e17ffb52 Many changes
- Add more DNS resolver choices
- Change default DNS resolver back to OpenNIC
- More cleanup
- 15.1: Update some CVE patchers
2019-02-09 20:51:23 -05:00
Tad
a7a4e869fd Many changes
- Remove broken/permissive devices
- Notify user when location is requested via SUPL
- 15.1: skia cherrypicks for Feb ASB
- 15.1: recovery: change selected text color
2019-02-09 14:20:19 -05:00
Tad
9178760d1a Updater: Fix downloads over Tor
+ Update TODO
+ Minor tweaks
2019-02-08 20:58:15 -05:00
Tad
24c291c630 Improve hardenLocation to include fwb and its overlays 2019-02-08 18:46:42 -05:00
Tad
929a3d5704 15.1: fix g3 2019-02-04 04:39:31 -05:00
Tad
0ea1d37f0c Minor changes
- Update cherrypicks
- Update submodules
- Add some comments
2019-01-28 21:54:45 -05:00
Tad
883c22d162 Get d852 building + Update CVE patchers 2019-01-17 18:52:55 -05:00
Tad
a7a0a67888 Many changes
- Allow enabling accessibility services without disabling secure start-up
- Disable overclocks
- Update select CVE patchers
- Update submodules
- Support select downloads over Tor
- Update defconfig enablers
- Cherry pick security patches
2019-01-14 03:12:50 -05:00
Tad
c27f226269 Properly fix network mode patch 2018-12-29 12:19:27 -05:00
Tad
0df749ef73 Add more preferred network modes such as LTE Only, LTE/3G only, and 3G only 2018-12-28 08:02:24 -05:00
Tad
01be578137 11.0: Initial restore
I think this is like the 6th time I've done this.
I always remove it, wait a few months, pull out a device that I want to run it on
and then spend hours restoring and bringing it back. I always think to myself
do I really need to toy with this device? No, I don't, but I do it anyway. :)
2018-12-18 21:35:14 -05:00
Tad
34be4797ea Switch to official F-Droid 2018-10-20 16:26:42 -04:00
Tad
4f488269ff Minor changes 2018-10-20 13:13:32 -04:00
Tad
95959a0d89 Many changes
- Add back microG support (not enabled)
- Add choice between DNS66 and Blokada when $DOS_HOSTS_BLOCKING=false
2018-10-19 18:28:18 -04:00
Tad
5696da8d0c Many changes
- 15.1: Update some CVE patchers
- 15.1: Address some mako denials
- 14.1: Add cherrypicks for various security patches
- Common: Prepare for F-Droid additional repos
- Common: Disable overclock for mako
- Misc tweaks
2018-10-19 09:55:08 -04:00
Tad
776be6f992 Backport Updater Tor support patch to 14.1 2018-09-24 06:46:54 -04:00
Tad
08c65c8334 Patches to add captive portal check toggle from @MSe1969 2018-09-22 21:05:41 -04:00
Tad
137c8d992d Various changes 2018-09-21 16:32:02 -04:00
Tad
b50352bc8e Updater: Add initial Tor support 2018-09-20 21:45:58 -04:00
Tad
c012af895f Updates 2018-09-18 20:55:45 -04:00
Tad
a39764938c Build fixes and updates 2018-09-12 22:51:05 -04:00
Tad
d9970b3f77 Minor tweaks and update F-Droid 2018-09-12 13:43:05 -04:00
Tad
e5b588265c Add function to always ensure discard mount option is enabled 2018-09-11 19:53:50 -04:00
Tad
8e79da6971 GPG verify all F-Droid apps before copy 2018-08-30 23:46:17 -04:00
Tad
44b799afb1 Update F-Droid 2018-08-26 23:10:42 -04:00
Tad
e078d37b82 Enable previously added Bluetooth patches 2018-08-24 13:52:34 -04:00
Tad
642f978509 Experimental Bluetooth audio quailty improvement patches, credit @ValdikSS 2018-08-23 22:31:43 -04:00
Tad
bf717204e3 GPS improvements 2018-08-07 23:28:38 -04:00
Tad
ce42870cd2 Fixes 2018-08-07 14:26:15 -04:00
Tad
94f1382077 Updates 2018-07-25 21:56:11 -04:00
Tad
13fd3fab51 fugu fixes 2018-07-22 17:08:22 -04:00
Tad
9af1881a89 Many changes
- 15.1: Fix build
- 15.1: Add jfltexx
- 15.1: Add CVE patchers for jf and fugu
- Manifests: Add Intel repos back
- Overlay: Add more default apps to launcher
- Remove more blobs
2018-07-19 22:15:20 -04:00
Tad
bf1256f182 Final overlay fixes 2018-07-13 22:04:42 -04:00
Tad
df213a8b19 Overlay fixes and F-Droid additional repos prep 2018-07-13 17:43:14 -04:00
Tad
2f50e7c142 Overlay fixes 2018-07-13 01:45:38 -04:00
Tad
91a6b29806 More overlay work 2018-07-13 01:02:41 -04:00
Tad
2ee7a13a80 More overlay work 2018-07-12 22:43:28 -04:00
Tad
f95b73fe06 More overlay work 2018-07-12 22:19:30 -04:00
Tad
9dec3c7018 More overlay work 2018-07-12 22:12:55 -04:00
Tad
1dc92478ed Many changes
- Drop Copperhead patches
- More overlay work
2018-07-12 22:05:02 -04:00
Tad
79972d393c DNM: WIP: Migrate to a proper vendor overlay for most changes 2018-07-12 21:27:01 -04:00
Tad
bf49c6a5fa Many changes
- Remove more blobs
- 14.1: Add fugu
- 15.1: Add fugu and readd clark
2018-07-12 21:14:11 -04:00
Tad
cb8fdaf3f5 Low RAM tweaks 2018-07-11 14:20:15 -04:00
Tad
e2ae8e333a More terminators 2018-07-11 08:01:45 -04:00
Tad
5af16e1ddd Add build option to enable lowram/go on all devices 2018-07-10 21:45:11 -04:00
Tad
58d7e42a1d Initial support for 11.0 2018-07-09 16:04:09 -04:00
Tad
ae0d89ee8a Many changes
- Switch to new HOSTS list
- Minor tweaks
- 14.1: Fix default Trebuchet workspaces
2018-07-04 15:35:16 -04:00
Tad
31444ad3c8 Update CVE patchers 2018-07-02 23:16:36 -04:00
Tad
b35cf0f3ae Few changes
- Deblobber: Fixup AudioFX handling
- 15.1: Fixup starlte
2018-07-01 22:06:29 -04:00
Tad
30d59ea53d More devices
- 14.1: dragon, manta, us996, us997, victara
- 15.1: dragon, us996, us997, victara
- Deblobber: Remove more blobs
2018-06-30 14:03:11 -04:00
Tad
d2ba1ddb20 Overhaul variable names 2018-06-29 13:46:12 -04:00
Tad
4917b3ebc7 Cleanup 2018-06-28 23:17:59 -04:00
Tad
29ace39eb9 Fixup previous 2 commits + misc tweaks 2018-06-27 12:04:42 -04:00
Tad
5d4d12b324 14.1: Add back all devices that were moved to 15.1 2018-06-27 09:17:50 -04:00
Tad
746b695d6a Deduplicate updater patches 2018-06-27 08:43:12 -04:00
Tad
af9126ffcb More deduplication
- Deduplicate Trebuchet default workspaces
- Deduplicate LatinIME patches
- Deduplicate SetupWizard assets
- And fix a typo with grouper overclock
2018-06-26 21:25:59 -04:00
Tad
3e931219df Few changes
- Fix F-Droid building
- Update F-Droid preferences
- Add privacy policy links for DNS presets
2018-06-25 19:15:22 -04:00
Tad
ee4ea5072b Many changes
- Fixed UnifiedNLP not registering
- Inlined location provider patch
- Simplified generateBootAnimationShine
- Add notes about inclusion of other apps
- Replaced microG with just UnifiedNLP
2018-06-25 14:19:38 -04:00
Tad
c914a655a5 Fixup previous commits 2018-06-25 10:16:32 -04:00
Tad
97248d28f2 Implement choice of UnifiedNLP only or full microG 2018-06-25 09:31:31 -04:00
Tad
f6cdc9426c Many changes
- Remove proprietary audio enhancement blobs
- Remove AudioFX to prevent crashes after blobs are removed
- Deduplicate patches a bit with the new Patches/Common directory
- Switch boot animation shine generation from gradient to plasma
- Update submodules
2018-06-25 07:59:24 -04:00
Tad
3a3fe5aca9 Replace DNS patches with a function + some misc fixes 2018-06-24 01:27:33 -04:00
Tad
a79c888157 Fixes 2018-06-23 02:38:49 -04:00
Tad
79429b40a4 Add init.sh option to remove AudioFX 2018-06-23 00:51:10 -04:00
Tad
9c3996bed9 Shellcheck
mainly just double quoting
2018-06-23 00:21:48 -04:00
Tad
79aa32c5e2 Cleanup 2018-06-13 19:48:53 -04:00
Tad
2ed7a8a874 init.sh: add options to control extra parts of the deblobber 2018-06-13 07:07:47 -04:00
Tad
7005ff0073 15.1: Update CVE patchers + build fixes 2018-06-11 20:33:16 -04:00
Tad
8eeafdd09f Changes for trust_interface and other misc tweaks 2018-06-10 19:00:02 -04:00
Tad
eeba3fd873 Going the distance... 2018-06-03 14:13:59 -04:00
Tad
2ac0a5cd15 Add basic validation to init.sh 2018-06-03 08:03:44 -04:00
Tad
c6f7abd855 Add an option to disable overclocks 2018-06-03 07:48:34 -04:00
Tad
bf8f1e4d3d More fixes and cleanup 2018-06-02 18:34:15 -04:00
Tad
2345e7ed7d Fixes 2018-06-02 18:13:51 -04:00
Tad
e224489acd Add option to enable strong encryption 2018-06-02 18:04:03 -04:00
Tad
8698ccc0c2 Add option to choose between DNS patches 2018-06-02 18:02:26 -04:00
Tad
747af2bc1c Add option to disable inclusion of our HOSTS file 2018-06-02 17:56:21 -04:00
Tad
2fb4b7f5f1 Add option to disable inclusion of microG 2018-06-02 17:37:21 -04:00
Tad
fe6f853746 mako: add back LTE support patch 2018-05-30 03:45:43 -04:00
Tad
b650e7a07f More documentation for hamper analytics + cleanups 2018-05-21 20:29:16 -04:00
Tad
f9f893a443 Hamper the ad/analytics libraries! 2018-05-21 05:28:07 -04:00
Tad
67db210756 Many changes
- 15.1: Fixup ether here too
- Change F-Droid application id to allow installation of official F-Droid side by side
- Remove FDroidPriv patch and use sed instead
- Optimize: Switch VM_MAX_READAHEAD to 512KB
- Misc tweaks
- Update TODO
2018-05-20 23:30:40 -04:00
Tad
66db536b08 Tweaks 2018-05-16 14:21:20 -04:00
Tad
3efd056bfd Tweaks 2018-05-13 20:32:29 -04:00
Tad
82896187de Further improve malware scanner 2018-05-11 06:15:29 -04:00
Tad
966c9c8509 Change connectivity check URLs 2018-05-08 20:56:02 -04:00
Tad
e22d028cbd Switch DNS back to OpenNIC for now 2018-05-08 16:04:41 -04:00
Tad
ee6788df1e Switch from OpenNIC to Cloudflare DNS 2018-05-03 07:38:32 -04:00
Tad
776defd5c3 Tweaks 2018-04-29 00:53:53 -04:00
Tad
8220c2fd11 Prepare potential future inclusion of DNS66 2018-04-28 21:50:06 -04:00
Tad
b30c62629b Revert "Strong AES patch changes"
This reverts commit 60b85e10fe.
2018-04-28 15:35:53 -04:00
Tad
60b85e10fe Strong AES patch changes 2018-04-28 15:25:42 -04:00
Tad
cadba79c51 15.1: Verification of changes 2018-04-27 23:09:52 -04:00
Tad
520dbf246a Add a warning when restricted patches are enabled 2018-04-23 18:18:09 -04:00
Tad
f122ccb9f1 Many changes
- Disable patches with restrictive licenses by default
- Update LICENSE
- Fixup the fix for F-Droid building
- 15.1: Fix forceencrypt on mako
- 15.1: Fix crashes when accessing factory reset and development settings menus
 on devices without support for factory reset protection or oem unlocking
2018-04-23 15:42:27 -04:00
Tad
02908a652a Terminate all lines 2018-04-23 08:59:18 -04:00
Tad
28600556b4 Many changes
- Add a variable to control inclusion of patches under a restrictive license
- Fix F-Droid building
- Add a buildDeviceDebug function that disables signing
- Misc tweaks/cleanup
- 15.1: Revert trust_interface cherry picks until official
2018-04-23 08:44:50 -04:00
Tad
f041047983 15.1: Initial deny new usb support from CopperheadOS
This is an extremely powerful security feature with minimal downsides.
Original credit goes to Grsecurity
Android port goes to Copperhead
2018-04-22 11:35:56 -04:00
Tad
a45a9be0e9 15.1: Updates & Fixes 2018-04-19 21:26:11 -04:00
Tad
2289ba2053 15.1: Switch more devices to -user 2018-04-12 23:11:30 -04:00
Tad
1fa75dcb65 15.1: More fixes 2018-04-12 09:26:03 -04:00
Tad
df7979a214 Many changes
- Manifests: Cleanup and remove more repos
- Remove Lineage recovery keys
- 15.1: Switch to 14.1 recovery
- 15.1: Enable recovery updating
- 15.1: d852: fix updater denial
- Misc cleanup
2018-04-12 06:40:10 -04:00
Tad
a914c813b0 15.1: Fixes, 14.1: Cleanup 2018-04-10 19:24:39 -04:00
Tad
7be3f8a556 Many fixes 2018-04-10 00:08:21 -04:00
Tad
fcea2b8d1d Lots of cleanup
- Some overclocks might be missing'
2018-04-06 14:10:43 -04:00
Tad
b2d1b93dcb 14.1: Drop bacon and m8, 15.1: Many more fixes 2018-04-04 21:24:08 -04:00
Tad
7933a5a1fc Many changes
- Remove LineageOS 11.0 again
- 15.1: Cleanup
- 15.1: More cherry picks
2018-04-03 18:36:22 -04:00
Tad
ff543280bf Fix F-Droid 2018-04-03 15:52:11 -04:00
Tad
7a29793ee5 15.1: Really fix build signing 2018-04-03 14:55:28 -04:00
Tad
8e475113ef Update build signing patches 2018-04-03 12:34:00 -04:00
Tad
fa2987d3dc 15.1: More fixes and cleanup 2018-04-03 10:56:28 -04:00
Tad
42da60142c 15.1: Many fixes 2018-04-03 09:10:49 -04:00
Tad
e45dd6d45c Remove LOSCoins malware
LineaGenuine is a shitty joke and LOSCoins is proprietary malware

LOSCoins:
- no source available
- source will probably never be available hinted by inc.lineageos package name
- depends on proprietary google play services
- inclues proprietary libraries
- malware
- malware
- malware
2018-04-01 07:07:17 -04:00
Tad
147ab4667e SetupWizard: Switch to our (temp) logo 2018-03-28 16:14:03 -04:00
Tad
8a9cd5c57c SetupWizard: Remove Lineage logo until we can replace it 2018-03-28 01:15:59 -04:00
Tad
e634a22758 14.1: Update default workspaces 2018-03-28 01:07:36 -04:00
Tad
800bd2f985 Move Fennec DOS shim to PrebuiltApps repo 2018-03-23 10:00:33 -04:00
Tad
414fa5caa2 Fix zips and buildtype 2018-03-22 09:49:44 -04:00
Tad
babc89a079 Update buildtype and .zip prefix 2018-03-22 08:29:40 -04:00
Tad
3ceff683a8 Rebase FDroidPriv patch and cleanup privacy guard changes 2018-03-21 20:50:45 -04:00
Tad
989a494090 Cleanup 2018-03-19 21:28:15 -04:00
Tad
e4435f9eac Tweaks and cleanup 2018-03-14 00:41:05 -04:00
Tad
4053ad6082 Initial support for including prebuilt apps from F-Droid
FDroid will come later, microG will probably stay as is.
2018-03-13 23:07:41 -04:00
Tad
ad9f1aa8ce Tweaks 2018-03-12 23:13:50 -04:00
Tad
036eb2f2e8 15.1: Fix signing 2018-03-09 01:30:00 -05:00
Tad
d111027f4d Many changes
15.1: Update CVE patchers
15.1: Add back automated build signing
14.1: Disable herolte (broken)
14.1: March 2018 Security Bulletin
2018-03-08 22:06:18 -05:00
Tad
eea5b71bd4 14.1: Drop 5 devices supported by 15.1 2018-03-01 09:51:05 -05:00
Tad
601c03df01 Misc fixes 2018-02-28 16:33:29 -05:00
Tad
90ecbd9857 15.1: More fixes 2018-02-28 08:22:35 -05:00
Tad
199ffada5b 15.1: Remove analytics from SUW 2018-02-28 08:13:34 -05:00
Tad
ac990f0491 15.1: Cleanup 2018-02-28 08:12:30 -05:00
Tad
994a069deb Remove JustArchi's compiler flag optimizations
While some tasks complete slightly faster overall there are too many downsides
- Too large system images
- Weird compiler errors
- Performance regressions on some devices
- General maintenance overhead

Maybe a less aggressive variant can be brought back in the future
2018-02-25 19:56:29 -05:00
Tad
c624dbb62c 15.1: It builds! 2018-02-13 08:27:43 -05:00
Tad
9b391e88f9 15.1: More build fixes 2018-02-12 07:10:10 -05:00
Tad
910ee5ad76 15.1: Build fixes 2018-02-12 05:28:24 -05:00
Tad
e16aa10199 15.1: Initial building support 2018-02-12 04:57:49 -05:00
Tad
96edc2acc6 15.1: Much more work on rebase 2018-02-12 03:43:26 -05:00
Tad
3739cfbaa2 Super initial support for LineageOS 15.1 2018-02-11 23:50:18 -05:00