Commit Graph

264 Commits

Author SHA1 Message Date
Tad
da1df44c8f
GrapheneOS kernel hardening patches update
Maybe some compile breakage

Signed-off-by: Tad <tad@spotco.us>
2023-01-24 19:03:01 -05:00
Tad
e81cd5586d
Add even more captive portal servers + sorting
TODO: apply to other branches

Signed-off-by: Tad <tad@spotco.us>
2023-01-23 16:42:00 -05:00
Tad
2529515b33
19.1+: Fixup DHCP hostname handling
Signed-off-by: Tad <tad@spotco.us>
2023-01-22 15:52:20 -05:00
Tad
9558a7d0e9 Switch to the Broadcom PSDS server for Pixel 6/7 series
Instead of agnss.goog cache
Based off of a patch from GrapheneOS

Signed-off-by: Tad <tad@spotco.us>
2023-01-21 04:08:26 -05:00
Tad
84a9a1326c
18.1+: add multiple captive potal server options
This also switches 18.1 from @MSe1969's patch to the GrapheneOS patch
Can maybe port to 17.1 too

Signed-off-by: Tad <tad@spotco.us>
2023-01-20 00:21:30 -05:00
Tad
91807acf21
various small fixes
- loose versioning fixes for 4.9
- remove GPG commit verification for GOS repos, they use SSH now. TODO: support that
- 20.0: fixup AudioFX stray lines
- 20.0: broken fix for gs101/201 stray iwlan lines

Signed-off-by: Tad <tad@spotco.us>
2023-01-18 20:02:11 -05:00
Tad
5ce2d33162
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-01-18 14:13:33 -05:00
Tad
2153422bb0
Potentially unbreak video playback on vayu, davinci, guacamole*, and hotdog*.
Signed-off-by: Tad <tad@spotco.us>
2023-01-13 21:27:18 -05:00
Tad
14f40e024f
Update CVE patchers
This adds loose versioning applying 4.14 patches to 4.9

Signed-off-by: Tad <tad@spotco.us>
2023-01-13 13:23:12 -05:00
Tad
3e5f1ec5ec Churn
Signed-off-by: Tad <tad@spotco.us>
2023-01-12 16:07:39 -05:00
Tad
207bdd2406
Strict versionCode checks for system apps from GrapheneOS
Signed-off-by: Tad <tad@spotco.us>
2023-01-11 12:19:41 -05:00
Tad
8eca7f2149
20.0: add xz2 series + churn
Signed-off-by: Tad <tad@spotco.us>
2023-01-09 13:47:10 -05:00
Tad
4012c57952 beryllium: fix a stutter
Signed-off-by: Tad <tad@spotco.us>
2023-01-09 09:42:13 -05:00
Tad
7dbdcdf751 Tweak Aperture defaults
Signed-off-by: Tad <tad@spotco.us>
2023-01-08 21:20:36 -05:00
Tad
c92c084ca1
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-01-08 20:49:57 -05:00
Tad
3ac41a1918 Tweaks
Signed-off-by: Tad <tad@spotco.us>
2023-01-05 10:09:04 -05:00
Tad
f2d87b1e81
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-01-03 20:18:40 -05:00
Tad
06eed1fba9
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-31 21:41:46 -05:00
Tad
035ae85e0f
19.1: drop devices that are on 20.0
- there have been updater checks for all of these on 20.0, expect for aura
- 20.0 has been my daily driver on fajita (and recently bluejay) since mid October
- there are only some minor issues on 20.0 that aren't much of a blocker
- LineageOS has marked 20.0 stable

Signed-off-by: Tad <tad@spotco.us>
2022-12-31 18:26:42 -05:00
Tad
a3015c3ad0
Fixup
Signed-off-by: Tad <tad@spotco.us>
2022-12-26 16:12:03 -05:00
Tad
06254708be
Many fixes to get bluejay booting & working proper
- Enable APEX for Pixel 6/7, necessary for camera and pKVM
  - Also drop hack removing pKVM for Pixel 6/7
  - patch from GrapheneOS

- Extend hmalloc workaround to /apex

- Deblobber:
  - actually handle wildcard f/w/b overlays
  - move some stuff around
  - remove some more Pixel blobs
  - flag and disable removal of camera extensions, being able to use the second camera is nice

- Adjust what hardenDefconfig disables, caused boot issues
  minimal impact as most of these are already default-disabled
  can be narrowed down in future

- Disable some of the bionic hardening patches, causing more boot issues
  annoying to lose, but having a phone that boots is more important

- Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS

- Remove Pixel 2 ramdisk compression reverts, fixed upstream

And yes, I know I should've split up this commit...

Signed-off-by: Tad <tad@spotco.us>
2022-12-25 13:21:37 -05:00
Tad
751d1e8d72
Misc patches
- 20.0: updated and enabled burnIn patch
- 19.1: fixup apps having data restrictions wrongly applied

Signed-off-by: Tad <tad@spotco.us>
2022-12-23 10:09:37 -05:00
Tad
7d6b8e3aeb
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-22 11:33:47 -05:00
Tad
7277291dd7
Churn
Signed-off-by: Tad <tad@spotco.us>
2022-12-18 21:46:00 -05:00
Tad
03293f6b52
Fixup
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels

Signed-off-by: Tad <tad@spotco.us>
2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-16 22:06:13 -05:00
Tad
23a723feb1
Pixel 6/7 compiling
Signed-off-by: Tad <tad@spotco.us>
2022-12-16 03:34:58 -05:00
Tad
ad5de60266
More Pixel 6/7 work
compiles, but fails to generate release due to pvmfw failure

Signed-off-by: Tad <tad@spotco.us>
2022-12-15 20:49:30 -05:00
Tad
29c9826c11
20.0: QPR1 churn
Signed-off-by: Tad <tad@spotco.us>
2022-12-10 20:57:17 -05:00
Tad
b78f573eb9
Fixes
Signed-off-by: Tad <tad@spotco.us>
2022-12-10 20:30:22 -05:00
Tad
abb616d2f3
Updates
Signed-off-by: Tad <tad@spotco.us>
2022-12-09 17:23:20 -05:00
Tad
ce47fdae34
Small updates + Picks
Signed-off-by: Tad <tad@spotco.us>
2022-12-07 18:41:50 -05:00
Tad
a62922e72d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-06 15:00:40 -05:00
Tad
0aa4fd0fc3
Update CVE patchers
Appears I skipped 20.0 by accident last update

Signed-off-by: Tad <tad@spotco.us>
2022-12-05 14:23:06 -05:00
Tad
3c8c235758
Ugly workaround
For bug exposed after:
https://review.lineageos.org/c/LineageOS/android_frameworks_base/+/344890

Signed-off-by: Tad <tad@spotco.us>
2022-12-03 23:58:36 -05:00
Tad
178e127338
Small tweaks + churn
Fixes recovery not booting on 20.0

Signed-off-by: Tad <tad@spotco.us>
2022-12-03 16:19:31 -05:00
Tad
680bf51e05
Ugly hack
Signed-off-by: Tad <tad@spotco.us>
2022-11-22 07:24:21 -05:00
Tad
fd0e3e8117
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-22 07:11:30 -05:00
Tad
c4fe56a307
Update CVE patchers
This fixes CVE-2018-9422 which was primarily added via b56fabac

May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937

Signed-off-by: Tad <tad@spotco.us>
2022-11-21 08:39:10 -05:00
Tad
7f24df22f7 Small updates
Signed-off-by: Tad <tad@spotco.us>
2022-11-21 06:09:29 -05:00
Tad
ad5f2d7bfa
Fix firmware flash denial for OP7 series
Signed-off-by: Tad <tad@spotco.us>
2022-11-16 18:42:17 -05:00
Tad
14f7f1db32
Updates + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-11-13 02:06:05 -05:00
Tad
b81d39c969
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 16:05:22 -05:00
Tad
27395374e1
Fixup + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 13:54:57 -05:00
Tad
807a08210a
Tweaks
- 20.0: pick fixes for the deny usb toggle
- 20.0: pull in a patch from GrapheneOS removing a package list leak

Signed-off-by: Tad <tad@spotco.us>
2022-11-07 20:30:36 -05:00
Tad
ac3dc319c7
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-07 15:51:17 -05:00
Tad
b9f4074226 20.0: disable the broken monet toggle patch
Has some weird inconsistencies

Signed-off-by: Tad <tad@spotco.us>
2022-11-03 14:49:28 -04:00
Tad
7fb334d825
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-03 13:25:38 -04:00
Tad
aa4ffdb014
20.0: add taimen/walleye
not stable yet, ims crashes invoking rescueparty

Signed-off-by: Tad <tad@spotco.us>
2022-10-31 18:31:55 -04:00
Tad
11780d890f Churn
Signed-off-by: Tad <tad@spotco.us>
2022-10-24 22:53:41 -04:00
Tad
c051cb282d Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-22 21:39:01 -04:00
Tad
1338c24d9b
Disable CarrierConfig and carrier_list changes
I've had reports of non-functional SIM and reboots with select carriers on this last update

Signed-off-by: Tad <tad@spotco.us>
2022-10-20 19:42:01 -04:00
Tad
8ddbd86d44
20.0: more devices
Signed-off-by: Tad <tad@spotco.us>
2022-10-19 15:22:20 -04:00
Tad
148df59b7e
Cleanup: Drop UnifiedNlp, FDroidPrivExt, and Silence
These haven't been included for a while

+remove some old cruft from 20.0

Signed-off-by: Tad <tad@spotco.us>
2022-10-19 12:15:24 -04:00
Tad
d2096c86d9
Fixup
Signed-off-by: Tad <tad@spotco.us>
2022-10-18 22:44:01 -04:00
Tad
0c4db149e1
20.0: Network & Sensors permission from GrapheneOS
This revokes the permissions to all user installed apps on update.
Likely an expected quirk of being on 20.0 without the permission.
19.1 upgrades and new 20.0 installs should be fine.

TODO: update 19.1 with the SpecialRuntimePermAppUtils too

Signed-off-by: Tad <tad@spotco.us>
2022-10-18 22:14:56 -04:00
Tad
cdca2c032e
20.0: add barbet
Signed-off-by: Tad <tad@spotco.us>
2022-10-17 07:25:53 -04:00
Tad
91b908a78a
20.0: more fixes
Signed-off-by: Tad <tad@spotco.us>
2022-10-17 06:39:55 -04:00
Tad
e8248e4938
20.0: fixes + r11 churn
Signed-off-by: Tad <tad@spotco.us>
2022-10-16 17:18:06 -04:00
Tad
4524eb43d3
20.0: It boots!
Signed-off-by: Tad <tad@spotco.us>
2022-10-16 08:54:04 -04:00
Tad
5b114cacf8
20.0: More fixes
It compiles, but fails to sign:
> TypeError: cannot use a string pattern on a bytes-like object

Signed-off-by: Tad <tad@spotco.us>
2022-10-15 17:20:41 -04:00
Tad
5cada3a769
20.0: Fixes
Signed-off-by: Tad <tad@spotco.us>
2022-10-15 15:53:17 -04:00
Tad
20cfa30df0
20.0: Initial roster
Signed-off-by: Tad <tad@spotco.us>
2022-10-15 14:42:10 -04:00
Tad
055ed9bfad
20.0: Initial bringup
Signed-off-by: Tad <tad@spotco.us>
2022-10-15 10:39:48 -04:00