DivestOS

mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00

Author	SHA1	Message	Date
Tad	40d7fac99a	Churn https://github.com/voron00/android_kernel_lge_mako/pull/1 Signed-off-by: Tad <tad@spotco.us>	2022-08-10 10:57:49 -04:00
Tad	12c56938cb	Improve CVE-2021-1048 patching on 3.x kernels It is still actively being used by malware. This largely handles 3.0, 3.4, and 3.10 kernels. It works for select 3.18 kernels too. TODO: need alternate get_file_rcu backport for the following: 15.1/lge_msm8996 15.1/zte_msm8996 16.0/xiaomi_msm8937 17.1/motorola_msm8996 18.1/google_marlin 18.1/lge_msm8996 18.1/oneplus_msm8996 Signed-off-by: Tad <tad@spotco.us>	2022-08-09 21:39:25 -04:00
Tad	31a67f054d	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-08-04 11:12:40 -04:00
Tad	933f33ba6b	Cherrypicks Signed-off-by: Tad <tad@spotco.us>	2022-08-04 09:57:11 -04:00
Tad	178f01958d	Cherrypicks Signed-off-by: Tad <tad@spotco.us>	2022-08-02 19:39:09 -04:00
Tad	2b299c1aff	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-07-21 21:28:26 -04:00
Tad	c08ce75b03	Churn Signed-off-by: Tad <tad@spotco.us>	2022-07-13 10:01:32 -04:00
Tad	1d64c759a5	Fixes Signed-off-by: Tad <tad@spotco.us>	2022-07-10 00:31:44 -04:00
Tad	d3632c25ce	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-07-07 21:47:59 -04:00
Tad	22f915cc3e	Cherrypicks Signed-off-by: Tad <tad@spotco.us>	2022-07-07 18:59:37 -04:00
Tad	2c27a88a24	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-07-06 19:22:21 -04:00
Tad	7b8ef09540	Update CVE patchers Effectively no changes Signed-off-by: Tad <tad@spotco.us>	2022-07-04 18:30:09 -04:00
Tad	d79d1fcba3	19.1: More promotions Signed-off-by: Tad <tad@spotco.us>	2022-07-01 14:17:18 -04:00
Tad	ac645dd62e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-06-28 11:32:05 -04:00
Tad	519a474173	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-06-19 22:44:05 -04:00
Tad	11b9ae5bc4	Churn Signed-off-by: Tad <tad@spotco.us>	2022-06-13 21:24:08 -04:00
Tad	70b8485695	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-06-09 17:59:48 -04:00
Tad	c092b13a44	Restore star*lte Signed-off-by: Tad <tad@spotco.us>	2022-06-08 22:55:00 -04:00
Tad	2bf84a7643	Increase default max password length to 64, credit GrapheneOS Closes https://github.com/Divested-Mobile/DivestOS-Build/pull/119 Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/27 Signed-off-by: Tad <tad@spotco.us>	2022-06-07 15:33:38 -04:00
Tad	27f8663b00	Tweak Signed-off-by: Tad <tad@spotco.us>	2022-06-06 16:58:55 -04:00
Tad	697bed18fb	17.1+18.1: Drop all devices working on 19.1 Signed-off-by: Tad <tad@spotco.us>	2022-06-04 14:26:44 -04:00
Tad	899ea17d4e	Add the missing page sanitization to 3.18 kernels All along they only had slub sanization :( Signed-off-by: Tad <tad@spotco.us>	2022-06-04 12:00:01 -04:00
Tad	3da5613dfc	Add unconditional burnin protection on 18.1 and 19.1, credit @arter97 Also skip the power on animation on 19.1, credit @kdrag0n Signed-off-by: Tad <tad@spotco.us>	2022-06-04 10:54:11 -04:00
Tad	92c66447f8	Drop slub_debug What is lost? - sanity checks and redzoning on all devices - redzoning reportedly however causes issues on some devices such as the Pixel 3/4 and OnePlus 7 - slub sanization on 3.0, 3.4, 4.4 (except google/wahoo), xiaomi/sm6150, and oneplus/sm7250 Note: all 3.4+ devices still have page sanization Signed-off-by: Tad <tad@spotco.us>	2022-06-03 13:58:17 -04:00
Tad	da63c9e571	Various small patches `7408144e1b` > extend Network/Sensors permission handling for legacy apps not targeting Android 6 > or above (API 23) to resolve a UI issue where the user choosing to grant the > Network/Sensors permissions via the legacy permission review interface doesn't > appear in the Settings app info page `22d32cb61b` suppresses https://github.com/Divested-Mobile/DivestOS-Build/discussions/112 `66f406b979` `3f69205d06` nice to have Signed-off-by: Tad <tad@spotco.us>	2022-06-02 23:17:05 -04:00
Tad	aa61367ace	Tweaks - Disable slub_debug=P for devices with INIT_ON_ALLOC/FREE_DEFAULT_ON - Disable slub_debug=Z due to known breakage - Disable many debug options on Linux 4.x and up - 19.1: fixup missing manifests for vayu :\ Signed-off-by: Tad <tad@spotco.us>	2022-06-02 17:13:20 -04:00
Tad	0eaca57fa6	19.1: Add OnePlus 8 and 9 series Signed-off-by: Tad <tad@spotco.us>	2022-06-02 11:52:58 -04:00
Tad	6d95c231bc	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-05-31 21:29:22 -04:00
Tad	735c9e0de8	Revert `5d57bf13` I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices Signed-off-by: Tad <tad@spotco.us>	2022-05-27 23:46:57 -04:00
Tad	28724c4a6e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-05-25 22:52:22 -04:00
Tad	2c4caa30a1	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-05-24 00:36:49 -04:00
Tad	de781e9921	Tweaks Signed-off-by: Tad <tad@spotco.us>	2022-05-23 23:15:27 -04:00
Tad	91953c0a45	Remove more blobs Signed-off-by: Tad <tad@spotco.us>	2022-05-21 13:42:51 -04:00
Tad	e8bc36af04	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-05-20 17:16:29 -04:00
Tad	64b4bbe075	Disable older devices tested/reported working on 19.1 Signed-off-by: Tad <tad@spotco.us>	2022-05-15 13:16:36 -04:00
Tad	05930af014	Various changes	2022-05-14 21:40:50 -04:00
Tad	3e7b657295	Tweaks Signed-off-by: Tad <tad@spotco.us>	2022-05-13 19:47:43 -04:00
Tad	bf7c06105c	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-05-12 22:13:06 -04:00
Tad	9286bdd258	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-05-10 15:02:03 -04:00
Tad	675b1a5da0	Churn Signed-off-by: Tad <tad@spotco.us>	2022-05-09 12:56:03 -04:00
Tad	4edfa56f1a	Tiny tweak Signed-off-by: Tad <tad@spotco.us>	2022-05-04 11:52:22 -04:00
Tad	b2eb3c01b4	Update CVE patchers Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375 Signed-off-by: Tad <tad@spotco.us>	2022-05-03 23:33:17 -04:00
Tad	9c549763a4	Tiny tweak Signed-off-by: Tad <tad@spotco.us>	2022-05-03 21:11:05 -04:00
Tad	e38aff581e	Small tweaks - Remove some more blobs - 19.1: disable FP animation (jesec) - 18.1: mata: allow major upgrades (to 19.1) (Updater patch by erfanoabdi) - mata: disable Vulkan, it doesn't work Signed-off-by: Tad <tad@spotco.us>	2022-05-02 15:04:12 -04:00
Tad	8491016b84	19.1: add mata, cheeseburger, dumpling Signed-off-by: Tad <tad@spotco.us>	2022-05-01 10:45:33 -04:00
Tad	65883d9bc4	2022 Signed-off-by: Tad <tad@spotco.us>	2022-05-01 01:13:49 -04:00
Tad	3316cc4824	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-04-27 07:46:22 -04:00
Tad	3457fd4151	Device cleanup Drop long non-compiling devices: - 14.1: n7100, jellypro - 15.1: himaul, oneplus2 - 16.0: zenfone3, fugu - 17.1: yellowstone, fugu - 18.1: bonito, sargo Drop in favor of 19.1: - 17.1: bonito, sargo - 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin (experimental, but these devices don't currently appear to have any users) Signed-off-by: Tad <tad@spotco.us>	2022-04-26 15:19:57 -04:00
Tad	9a6c7a2684	18.1: Add toggle for /etc/hosts TODO: 19.1 and maybe 17.1 Tested working on klte/18.1 Signed-off-by: Tad <tad@spotco.us>	2022-04-20 16:40:22 -04:00
Tad	1f721c7845	Further credit patches Signed-off-by: Tad <tad@spotco.us>	2022-04-19 23:52:10 -04:00
Tad	c5b1cc9a35	Simplify `8e3f0438` Signed-off-by: Tad <tad@spotco.us>	2022-04-19 20:23:53 -04:00
Tad	e666a4a891	Update CVE patchers TODO: maybe split CVE-2022-23960/4.9 to get back? Signed-off-by: Tad <tad@spotco.us>	2022-04-19 14:38:44 -04:00
Tad	8e3f043820	Warn when running activity from 32 bit app on ARM64 devices. https://android-review.googlesource.com/c/platform/frameworks/base/+/2003790/ https://github.com/GrapheneOS/platform_frameworks_base/pull/182 Signed-off-by: Tad <tad@spotco.us>	2022-04-19 12:00:22 -04:00
Tad	d4dceffa60	Update supported kernels to latest wireless regulations database Applies for ~43 kernel trees Source: wireless-regdb-2022.04.08 Signed-off-by: Tad <tad@spotco.us>	2022-04-19 11:30:57 -04:00
Tad	163a162568	Fix boot animation + churn Signed-off-by: Tad <tad@spotco.us>	2022-04-18 23:04:24 -04:00
Tad	4b6a86a473	Add missing device variants Signed-off-by: Tad <tad@spotco.us>	2022-04-14 19:47:21 -04:00
Tad	be6b03fe96	Churn Signed-off-by: Tad <tad@spotco.us>	2022-04-13 14:54:08 -04:00
Tad	486e358050	More (disabled) lowram tweaks for <2GB devices The inprocess variants make very little reduction and likely reduce security. Signed-off-by: Tad <tad@spotco.us>	2022-04-12 20:25:26 -04:00
Tad	42c9d22de9	Default disable exec spawning Change the property too, so it takes effect next update. Since 16.0 lacks a toggle, this effectively disables the feature for it. Even devices with 4GB of RAM have usability severely impacted. Plus some other tweaks/churn Signed-off-by: Tad <tad@spotco.us>	2022-04-12 17:58:04 -04:00
Tad	81d9923cda	Don't disable scudo on lowram devices Signed-off-by: Tad <tad@spotco.us>	2022-04-12 15:01:05 -04:00
Tad	30de608a61	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-04-12 02:51:44 -04:00
Tad	d078b24ddb	lowram tweaks Signed-off-by: Tad <tad@spotco.us>	2022-04-11 23:40:26 -04:00
Tad	d50a3a043b	Switch 16.0/17.1/18.1 to the more robust GrapheneOS sensors permission patchset Like done for 19.1 Signed-off-by: Tad <tad@spotco.us>	2022-04-10 21:12:03 -04:00
Tad	7da114e755	Tweaks Signed-off-by: Tad <tad@spotco.us>	2022-04-07 11:01:27 -04:00
Tad	a9e250afd9	Cleanup Signed-off-by: Tad <tad@spotco.us>	2022-04-07 00:37:20 -04:00
Tad	d1e441e4cb	19.1: More work - Adds hosts cache and wildcard support back - Fixes broken hardened malloc enablement patch - Drops FDroidPrivExt, non-functional - Disables captive portal toggle patch, crashes Settings, needs rework - Rebranding work - Attempts to fix no boot animation Signed-off-by: Tad <tad@spotco.us>	2022-04-06 02:32:33 -04:00
Tad	3a0659b9d8	19.1: more work, it compiles and boots! - Add the manifest - Add Pixel 2 series - Add some missing patches - More DNS files - Drop Silence in 19.1 Signed-off-by: Tad <tad@spotco.us>	2022-04-05 23:44:15 -04:00
Tad	1705545d22	19.1: Initial bringup TODO: - manifest - devices - a few small patches to rebase Signed-off-by: Tad <tad@spotco.us>	2022-04-05 00:44:19 -04:00
Tad	b464106cc5	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-04-04 15:51:23 -04:00
Tad	deb183d273	Tiny fix One of these might not be necessary Signed-off-by: Tad <tad@spotco.us>	2022-04-03 17:33:20 -04:00
Tad	6c5a65622c	Page sanitization improvements This ensures init_on_alloc/free is used instead of page poisioning where available. 3.4 through 3.18 have a patch without a toggle for page sanitization. Signed-off-by: Tad <tad@spotco.us>	2022-04-02 12:57:17 -04:00
Tad	01900ca1c6	Reverts WebView overlay is breaking boot on 15.1??? This reverts commit `e61e288b4a`.	2022-04-01 17:07:27 -04:00
Tad	3f9b346345	Fix boot breakage On devices with quota enabled and impacted by this patch Signed-off-by: Tad <tad@spotco.us>	2022-04-01 10:30:30 -04:00
Tad	e1f5d99e51	Fixes Signed-off-by: Tad <tad@spotco.us>	2022-04-01 08:16:28 -04:00
Tad	e26908b9e0	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-31 21:30:56 -04:00
Tad	e2c499dd24	Enable Clang's -ftrivial-auto-var-init=zero on supported kernels Signed-off-by: Tad <tad@spotco.us>	2022-03-31 21:00:31 -04:00
Tad	256df737a3	Don't set device name as DHCP hostname Signed-off-by: Tad <tad@spotco.us>	2022-03-31 18:46:21 -04:00
Tad	f481055ae9	Add the GrapheneOS always randomize MAC option to 17.1 and 18.1 The DHCP state patch was backported to 17.1 Signed-off-by: Tad <tad@spotco.us>	2022-03-29 22:27:09 -04:00
Tad	1bbb6f9b4e	Fix and enable exec_spawning feature This is the missing puzzle piece :) Signed-off-by: Tad <tad@spotco.us>	2022-03-28 22:02:52 -04:00
Tad	19b03c9ff4	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-28 17:43:48 -04:00
Tad	8a03e46c7e	Add the exec-spawning toggle from GrapheneOS Tested working on 18.1/klte TODO: backport to 16.0 Signed-off-by: Tad <tad@spotco.us>	2022-03-28 16:14:37 -04:00
Tad	a53062ca0b	Backports Adds ptrace_scope and timeout options to 17.1, tested working Also adds hardened_malloc to 15.1, but failing to compile: external/hardened_malloc/h_malloc.c:1688:18: error: use of undeclared identifier 'M_PURGE' if (param == M_PURGE) { ^ external/hardened_malloc/h_malloc.c:1743:30: error: missing field 'ordblks' initializer [-Werror,-Wmissing-field-initializers] struct mallinfo info = {0}; ^ Signed-off-by: Tad <tad@spotco.us>	2022-03-21 18:06:49 -04:00
Tad	0c33d328b7	Partially re-enable the bionic hardening patchset These uncommented patches have been ruled out, leaving 7 more to test shamu is tested booting with this Signed-off-by: Tad <tad@spotco.us>	2022-03-19 20:25:24 -04:00
Tad	a56e3a3016	Disable the bionic hardening patchset to fix boot issues 10+4 devices tested working with bionic hardening patches enabled but hammerhead and shamu do not boot... 2 of the patches were already found to have issues and disabled 3 other patches were ruled out: - Stop implicitly marking mappings as mergeable - Make __stack_chk_guard read-only at runtime - On 64-bit, zero the leading stack canary byte Leaves 11+1 patches remaining that need to be tested But I don't have either of the two known impacted devices. Signed-off-by: Tad <tad@spotco.us>	2022-03-19 16:19:00 -04:00
Tad	3207cde72e	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2022-03-19 12:41:49 -04:00
Tad	09353cdcd2	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-18 00:07:18 -04:00
Tad	1603092c50	Not all kernels have (working) getrandom support hammerhead 16.0 was reported not booting and shamu 18.1 was reported to take ~15+ minutes to boot hammerhead does not have getrandom so it failed immediately shamu does have getrandom BUT it blocks during init meaning it'll wait until the entropy pool slowly fills In tested I did not discovery this I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita All the newer ones have working getrandom All the older ones included a patch to make getrandom non blocking on init Signed-off-by: Tad <tad@spotco.us>	2022-03-17 13:21:52 -04:00
Tad	352705fbf7	Churn Signed-off-by: Tad <tad@spotco.us>	2022-03-16 11:43:51 -04:00
Tad	a9f6672fed	hardened_malloc fixes for broken devices - enable the patchset for 18.1 - add an ugly patch that extends the Pixel 3* camera workaround to all camera executables Signed-off-by: Tad <tad@spotco.us>	2022-03-16 02:01:19 -04:00
Tad	1df7c7f1d4	Churn Signed-off-by: Tad <tad@spotco.us>	2022-03-15 19:16:19 -04:00
Tad	181519cf38	Add bionic hardening patchsets from GrapheneOS 11 `b3a0c2c5db` 11 `5412c37195` #explicit zero 11 `31456ac632` #brk 11 `58ebc243ea` #random 11 `5323b39f7e` #undefined 11 `6a91d9dddb` #merge 11 `a042b5a0ba` #vla formatting 11 `9ec639de1b` #pthread 11 `49571a0a49` #read only 11 `149cc5ccb8` #zero 11 `2e613ccbe7` #fork mmap 11 `e239c7dff8` #memprot pthread 11 `0b03d92b7f` #xor 11 `de08419b82` #junk 11 `897d4903e2` #guard 11 `648cd68ca3` #ptrhread guard 11 `0bc4dbcbd2` #stack rand 10 `aa9cc05d07` 10 `a8cdbb6352` #explicit zero 10 `b28302c668` #brk 10 `9f8be7d07c` #random 10 `cb91a7ee3a` #undefined 10 `08279e2fdd` #merge 10 `6a18bd565d` #vla formatting 10 `2f392c2d08` #pthread 10 `8bbce1bc50` #read only 10 `725f61db82` #zero 10 `4cd257135f` #fork mmap 10 `9220cf622b` #memprot pthread 10 `8ef71d1ffd` #memprot exit 10 `0eaef1abbd` #xor 10 `64f1cc2148` #junk 10 `5c42a527cf` #guard 10 `5cc8c34e60` #pthread guard 10 `7f61cc8a1c` #stack rand 9 `abdf523d26` 9 `e4b9b31e6f` #explicit zero 9 `a3a22a63d2` #brk 9 `7444dbc3cf` #random 9 `dcd3b72ac9` #undefined 9 `543e1df342` #merge 9 `611e5691f7` #vla formatting 9 `8de97ce864` #pthread 9 `a475717042` #read only 9 `7f0947cc0e` #zero 9 `e9751d3370` #fork mmap 9 `83cd86d0d5` #memprot pthread 9 `1ebb165455` #memprot exit 9 `488ba483cf` #xor 9 `f9351d884b` #junk 9 `85e5bca0a5` #move Signed-off-by: Tad <tad@spotco.us>	2022-03-15 16:56:46 -04:00
Tad	1878cd19ab	Fix/Add hardened malloc patchsets from GrapheneOS 11 `8c0f3c0e04` 11 `4e6320c247` 11 `108754debb` 10 `818be3fc1d` 10 `010949662f` 10 `ede5e38f5b` 9 `80754c93bf` 9 `20160b8161` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 16:24:56 -04:00
Tad	209481c53e	Fix/Add exec based spawning patchsets from GrapheneOS 11 `14c3c1d4cd` `ac1943345e` `1abb805041` `2e07ab8c24` `0044836677` `c561811fad` `7a848373ef` `89646bdeb1` `2a70bbac4a` `d414dcaa35` `b4cd877e3a` `98634286bb` 11 `4c2635390c` 11 `add34a4bc6` 11 `a2b51906de` 10 `527787f3c8` `ffde474ad7` `aa87e487c4` `c906fe9722` `c69c3eecd4` `b2303adccc` `5bb05db6f7` `536b497688` `24802a832b` `ce6dcc2368` `3d3d5c4d38` `2eda592b79` 10 `29f28b53c0` 10 `13a992c716` 9 `750efbf6bc` `ed563b6f26` `aad3c7d750` `da3180f9a8` `68773a29b7` `283b3fa09c` `f133136b65` `01a01ce5f6` `17c309c098` `8806ec3ef1` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 15:55:13 -04:00
Tad	f015dd348f	Add the JNINativeMethod table constification patchsets from GrapheneOS 11 `63b9f96a12` 11 `d8a62b5156` 11 `e3a4d64f29` 11 `e41f1d7f8e` 11 `c34b037486` 11 `dce2d0f64f` 11 `c99c35cb2a` 10 `07071814db` 10 `a48ba29b98` 10 `157fa78115` 10 `b914409e05` 10 `20a51f508b` 10 `b8afb8af37` 10 `e1b6653db7` 9 `ff688b68a7` 9 `866f0df315` 9 `77c9fa981a` 9 `fbf620e59c` 9 `ceaf63c790` 9 `253247fc39` 9 `76bf4c46f0` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 15:26:48 -04:00
Tad	ad579b6681	Misc hardening from GrapheneOS 11 `62f81c237b` 11 `1f05db99ab` 11 `f242089d3f` 10 `abcf485dcf` 9x `c5db5a9f9e` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 14:40:05 -04:00
Tad	844227a4f4	18.1: add the ptrace_scope patchset from GrapheneOS `ad017fba58` `3b89605581` `8b0419ac04` `52ea603339` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 14:29:34 -04:00
Tad	07bd5a3a0e	Automatic reboot and Bluetooth/Wi-Fi shutoff from GrapheneOS and CalyxOS Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/59 Tested on 18.1 Untested on 17.1 Signed-off-by: Tad <tad@spotco.us>	2022-03-15 01:27:08 -04:00
Tad	e61e288b4a	Optionally allow the official Bromite WebView to be used, credit @MSe1969 This also replaces the overrides for all versions And should allow the Google WebView on 14/15/16 And lastly only leaves the bundled version as default This is a merge of the LineageOS 14/15/16 and 17/18 overlay With the addition of the Bromite signature from @MSe1969 Signed-off-by: Tad <tad@spotco.us>	2022-03-14 22:59:40 -04:00
Tad	9ba3a061c6	Tweak Signed-off-by: Tad <tad@spotco.us>	2022-03-14 11:57:34 -04:00
Tad	f65c7a4ccd	Tweaks Signed-off-by: Tad <tad@spotco.us>	2022-03-12 11:48:23 -05:00
Tad	015799737e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-09 17:16:47 -05:00
Tad	4f75a8272a	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-09 11:59:30 -05:00
Tad	902239e2b5	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-08 23:20:43 -05:00
Tad	54dbcd9e43	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-07 19:12:10 -05:00
Tad	bda848a0a1	Fixup `057bedb6` Sadly this means the option was never enabled :( Note: these options are only available on 4.4+ kernels Signed-off-by: Tad <tad@spotco.us>	2022-03-06 23:05:13 -05:00
Tad	ac1e89f0c8	Update CVE patchers [the big fixup] This removes many duplicately or wrongly applied patches. Correctly removed: - CVE-2011-4132 can apply infinitely - CVE-2013-2891 can apply infinitely - CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap - CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result - CVE-2016-2475 can apply infinitely - CVE-2017-0627 can apply infinitely - CVE-2017-0750 can apply infinitely - CVE-2017-14875 can apply infinitely - CVE-2017-14883 can apply infinitely - CVE-2020-11146 can apply infinitely - CVE-2020-11608 can apply infinitely - CVE-2021-42008 can apply infinitely Questionable (might actually be beneficial to "incorrectly" apply again): - CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt - CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature - CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect - CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl - CVE-2019-10622 can apply once to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback - CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev Other notes: - CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696 then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it. This was seemingly fixed with a hand merged patch in patch repo. Wrongly removed: - CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru - CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops - CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames Signed-off-by: Tad <tad@spotco.us>	2022-03-04 00:42:28 -05:00
Tad	927b9bfbc5	Fix random reboots on broken kernels when an app has data restricted I don't like this Reading: - `24b3bdcf71` - https://review.lineageos.org/c/LineageOS/android_kernel_essential_msm8998/+/320470 - https://review.lineageos.org/c/LineageOS/android_system_bpf/+/264702 - https://gitlab.com/LineageOS/issues/android/-/issues/2514 - https://gitlab.com/LineageOS/issues/android/-/issues/3144 - https://gitlab.com/LineageOS/issues/android/-/issues/3287 Test: - restrict mobile data for an app - toggle wifi on and off a few times - watch systemui crash and soft-reboot Tested working on cheeseburger Signed-off-by: Tad <tad@spotco.us>	2022-03-03 17:51:46 -05:00
Tad	0d0104b4bb	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-02 22:57:34 -05:00
Tad	5e1521700f	Port the GrapheneOS NETWORK permission to 17.1 and 18.1 Some patches were ported from 12 to 10/11 Some patches from 11 were ported to 10 This 10/11 port should be very close to 12 BOUNS: 16.0 patches, disabled Signed-off-by: Tad <tad@spotco.us>	2022-02-25 16:52:51 -05:00
Tad	512673d97d	Bump marlin/sailfish to 18.1 Signed-off-by: Tad <tad@spotco.us>	2022-02-23 13:33:28 -05:00
Tad	8b39498b1c	Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us>	2022-02-22 13:44:47 -05:00
Tad	5245109cc1	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-19 23:22:19 -05:00
Tad	143b6fa164	18.1: Refresh for recent upstream Updater changes Untested, should work Signed-off-by: Tad <tad@spotco.us>	2022-02-14 03:05:32 -05:00
Tad	a38d544f8b	18.1: small fixes Signed-off-by: Tad <tad@spotco.us>	2022-02-12 07:32:29 -05:00
Tad	48b009a02e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-12 06:56:28 -05:00
Tad	b6da59d24f	Drop FairEmail, Vanilla, and their AOSP equivalents Signed-off-by: Tad <tad@spotco.us>	2022-02-11 14:25:30 -05:00
Tad	55cdea3c9b	17.1: small fixes Signed-off-by: Tad <tad@spotco.us>	2022-02-11 14:05:14 -05:00
Tad	f767a8ea87	Hopefully fix the broken radio on Pixels Thank you Google for all these great proprietary apps. Signed-off-by: Tad <tad@spotco.us>	2022-02-10 15:36:44 -05:00
Tad	bc3a9cddba	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2022-02-09 00:22:02 -05:00
Tad	65584e96ce	Switch to official Etar The Lineage forks have fallen behind Signed-off-by: Tad <tad@spotco.us>	2022-02-08 14:10:04 -05:00
Tad	ee0bd8625f	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-07 14:43:05 -05:00
Tad	0a664cc22c	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-03 21:12:02 -05:00
Tad	c0aac415aa	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-29 09:35:59 -05:00
Tad	58b53de17a	Multi user tweaks from GrapheneOS Signed-off-by: Tad <tad@spotco.us>	2022-01-24 06:30:39 -05:00
Tad	2400cf0964	App updates - Drops Calendar, Eleven, and Email - Adds a variable for Silence inclusion - Adds a NONE option for microG inclusion flag to disable NLP inclusion Signed-off-by: Tad <tad@spotco.us>	2022-01-24 06:30:15 -05:00
Tad	6329922104	Disable the Hamper Analytics patches Rely on the HOSTS to do any blocking. With the last update this causes app crashes, due to boolean/string mismatch. Need to figure out exactly how string in manifest can become a boolean when wanted. Signed-off-by: Tad <tad@spotco.us>	2022-01-23 16:55:24 -05:00
Tad	6864156bd6	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-20 22:22:22 -05:00
Tad	7ccaecd6d6	Small tweak Signed-off-by: Tad <tad@spotco.us>	2022-01-20 19:13:08 -05:00
Tad	dbd2a71722	Update CVE patchers Hopefully fixes boot breakage Signed-off-by: Tad <tad@spotco.us>	2022-01-17 01:23:10 -05:00
Tad	5e18ec4dfe	Tiny tweak Signed-off-by: Tad <tad@spotco.us>	2022-01-16 16:42:26 -05:00
Tad	6ec0c63126	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-13 11:08:22 -05:00
Tad	208c7800c8	Fixup Signed-off-by: Tad <tad@spotco.us>	2022-01-12 17:44:18 -05:00
Tad	ce6ee9d8e4	Update CVE patchers CVE-2021-0961 should be fine now Signed-off-by: Tad <tad@spotco.us>	2022-01-11 05:41:26 -05:00
Tad	b9c7839110	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-11 01:19:31 -05:00
Tad	8a45dc4696	18.1: Device additions h910 lavender pioneer, voyager, discovery akari, aurora, xz2c Signed-off-by: Tad <tad@spotco.us>	2022-01-06 21:04:17 -05:00
Tad	b05823bb20	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-04 21:00:25 -05:00
Tad	daf98f8197	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2021-12-31 21:39:04 -05:00
Tad	e08349a202	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-12-29 11:51:58 -05:00
Tad	68771721d5	Update oneplus/sdm845 to 4.8.282 Signed-off-by: Tad <tad@spotco.us>	2021-12-29 11:51:52 -05:00
Tad	567c46fdd1	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-12-27 18:00:43 -05:00
Tad	3c1931bcc9	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-12-19 05:15:32 -05:00
Tad	6c38ece551	Update CVE patchers User report confirms fixing wifi on lmi Signed-off-by: Tad <tad@spotco.us>	2021-12-15 17:10:35 -05:00
Tad	6e604e8703	Small update Signed-off-by: Tad <tad@spotco.us>	2021-12-13 21:33:04 -05:00
Tad	20e1023627	Small changes - 16.0: drop wallpaper optimization patch, questionable source - deblobber: don't remove libmmparser_lite.so, potentially used by camera - 17.1: pick Q_asb_2021-12, excluding a broken patch - clark 17.1: some camera denial fixes - alioth: unmark broken - 17.1: switch to upstream glibc fix - 17.1/18.1: disable per app sensors permission patchset, potential camera issues Signed-off-by: Tad <tad@spotco.us>	2021-12-13 20:28:54 -05:00
Tad	8b85bf9719	Small change Signed-off-by: Tad <tad@spotco.us>	2021-12-12 12:10:47 -05:00
Tad	8cf90d055e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-12-11 01:12:41 -05:00
Tad	9f494c3e1d	Fixup Signed-off-by: Tad <tad@spotco.us>	2021-12-11 00:23:52 -05:00
Tad	359ce4608f	Small updates Signed-off-by: Tad <tad@spotco.us>	2021-12-07 20:57:54 -05:00
Tad	ed1c151ce5	Update CVE patchers CVE-2021-0961/ANY/0001.patch likely causes breakage Signed-off-by: Tad <tad@spotco.us>	2021-12-06 17:43:34 -05:00
Tad	202f70b980	Final import of loose versioning work Untested, but likely works. Signed-off-by: Tad <tad@spotco.us>	2021-12-02 02:47:27 -05:00
Tad	c5c3998593	Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝ Tested on 14.1 and 15.1 targets Signed-off-by: Tad <tad@spotco.us>	2021-11-29 21:14:00 -05:00
Tad	b9929ea959	18.1: (extreme) loose versioning work [untested] Signed-off-by: Tad <tad@spotco.us>	2021-11-28 01:24:39 -05:00
Tad	c4dbc73c56	Alter the glibc fix Signed-off-by: Tad <tad@spotco.us>	2021-11-27 15:52:09 -05:00
Tad	62166d1ea5	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-11-26 11:54:59 -05:00
Tad	df3b54fa20	Fixup camera on flox Camera works in OpenCamera, but it can't actually take pictures. Switch to Camera2 instead, tested pictures and videos working. Also fixup compile issue with oneplus/msm8998-common And refresh some patchers Signed-off-by: Tad <tad@spotco.us>	2021-11-15 18:01:27 -05:00
Tad	f950398fa1	glibc 2.34 fix Tested working to compile mako on Fedora 35 Signed-off-by: Tad <tad@spotco.us>	2021-11-14 20:16:48 -05:00
Tad	b8f5d8a510	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-11-12 11:51:02 -05:00
Tad	1ce0093d9f	More verified boot fixes Signed-off-by: Tad <tad@spotco.us>	2021-11-08 09:36:56 -05:00
Tad	3e62262e88	Small fixup Signed-off-by: Tad <tad@spotco.us>	2021-11-07 13:37:37 -05:00
Tad	e882cf16c7	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-11-06 18:47:57 -04:00
Tad	f2b9eb8e8b	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2021-11-06 11:22:43 -04:00
Tad	5c8250bbdd	Disable the per-app sensor permission patches Breaks camera on angler Signed-off-by: Tad <tad@spotco.us>	2021-11-05 14:46:32 -04:00
Tad	6567937b05	ASB picks Signed-off-by: Tad <tad@spotco.us>	2021-11-05 13:29:50 -04:00
Tad	621441349e	Fixup the sensors permission patches on 7, 8, and 9. Switch these patches to MODE_ALLOWED from MODE_ASK to fix breakage of system services. Also remove some code that adds a likely security issue. Will need some extra regression testing. Signed-off-by: Tad <tad@spotco.us>	2021-11-04 10:24:06 -04:00
Tad	f7295a0f74	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-11-02 23:50:35 -04:00
Tad	f3277f3c07	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-11-02 12:01:36 -04:00
Tad	809e03833e	Verity enablement overhaul No change to AVB devices except for enabling on more Verity devices have the potential to regress by not booting No change to non-verity/avb devices Tested working on: mata, cheeseburger, fajita Signed-off-by: Tad <tad@spotco.us>	2021-11-02 10:24:07 -04:00
Tad	bc77ca416c	Verity fixups Not sure how I missed all of these? Signed-off-by: Tad <tad@spotco.us>	2021-11-01 20:55:22 -04:00
Tad	ecc4688ce0	Denial fixes for clark, osprey, surnia, and g3-common Signed-off-by: Tad <tad@spotco.us>	2021-10-28 00:47:59 -04:00
Tad	ec043e961e	Update CVE patchers CVE-2021-20317 might need to be disabled due to QC timer breakage. Signed-off-by: Tad <tad@spotco.us>	2021-10-27 15:26:53 -04:00
Tad	e6beba4b15	Small tweaks Sad churn from git version. Will be removed next build cycle. Signed-off-by: Tad <tad@spotco.us>	2021-10-27 14:16:37 -04:00
Tad	0c793835da	Expand the available Private DNS options Signed-off-by: Tad <tad@spotco.us>	2021-10-22 18:33:06 -04:00
Tad	a0918b5222	18.1: add z2_plus Signed-off-by: Tad <tad@spotco.us>	2021-10-22 13:37:53 -04:00
Tad	fe8e8201a9	Add more 'Private DNS' options Based off of patches from CalyxOS as noted in each included patch. Tested and verified working on klte and mata 18.1 Signed-off-by: Tad <tad@spotco.us>	2021-10-21 23:39:46 -04:00
Tad	70b96aa211	Update oneplus/sdm845 from 4.9.227 to 4.9.277 Pulls us into August 2021 Tested working: - boot - usb mtp - wifi - bluetooth - cameras - audio - gps - brightness Signed-off-by: Tad <tad@spotco.us>	2021-10-21 00:12:59 -04:00
Tad	5d7d710076	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-10-20 15:01:18 -04:00
Tad	b78944933c	More fixes Ensure new shells have the correct settings too. Signed-off-by: Tad <tad@spotco.us>	2021-10-16 22:57:43 -04:00
Tad	042b9063d1	More fixes Signed-off-by: Tad <tad@spotco.us>	2021-10-16 17:12:13 -04:00
Tad	256b1db98b	Hard fail on error Signed-off-by: Tad <tad@spotco.us>	2021-10-16 16:08:43 -04:00
Tad	a5cdb9ab58	Fix patch ordering Signed-off-by: Tad <tad@spotco.us>	2021-10-16 15:21:22 -04:00
Tad	f7194d1f13	Switch to applyPatch Signed-off-by: Tad <tad@spotco.us>	2021-10-16 14:01:44 -04:00
Tad	7ba42f052a	Small changes Signed-off-by: Tad <tad@spotco.us>	2021-10-14 15:58:22 -04:00
Tad	df60bfceda	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-10-13 12:20:44 -04:00
Tad	d5d3846f2c	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2021-10-10 19:44:59 -04:00
Tad	939c6aa7ed	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2021-10-07 20:07:49 -04:00
Tad	2af0e1201e	Re-enable the recovery downgrade check Signed-off-by: Tad <tad@spotco.us>	2021-10-06 17:03:22 -04:00
Tad	f2e1d32eba	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-10-06 16:54:45 -04:00
Tad	7b28a193f1	Include the Support app This is a very basic app with zero permissions and has quick links to various related resources. Signed-off-by: Tad <tad@spotco.us>	2021-10-06 06:21:38 -04:00
Tad	59bd09a807	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-10-05 14:44:23 -04:00
Tad	5658b56424	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-10-03 20:00:52 -04:00
Tad	870382ff40	Switch to the Mulch WebView Signed-off-by: Tad <tad@spotco.us>	2021-10-02 01:44:46 -04:00
Tad	7f98aad299	18.1: Drop DnsResolver patches Merged upstream Signed-off-by: Tad <tad@spotco.us>	2021-10-01 17:54:54 -04:00
Tad	27fe558b76	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-09-29 16:47:50 -04:00
Tad	9f9d418060	18.1: forward port the hosts cache and wildcard support These were likely missed when resolv/ moved out of netd into DnsResolver. Signed-off-by: Tad <tad@spotco.us>	2021-09-26 22:41:30 -04:00
Tad	c6df37ca23	Expose the Sensors Off tile This removes the hidden development 'Sensors off' tile from Settings app, adds it back to SystemUI, and enables it by default. Tested working on 18.1 Signed-off-by: Tad <tad@spotco.us>	2021-09-26 16:36:15 -04:00
Tad	35372142ed	Small tweak Signed-off-by: Tad <tad@spotco.us>	2021-09-25 20:24:14 -04:00
Tad	84c7d230ab	Permission for sensors access patches from @MSe1969 Signed-off-by: Tad <tad@spotco.us>	2021-09-24 23:35:33 -04:00
Tad	f5a58bd35f	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-09-23 20:56:00 -04:00
Tad	83efa5fe7d	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-09-18 13:43:41 -04:00
Tad	cf3a12cb5a	Move some changes into a new Post.sh Signed-off-by: Tad <tad@spotco.us>	2021-09-15 10:26:37 -04:00

... 2 3 4 5 6 ...

456 Commits