Commit Graph

1090 Commits

Author SHA1 Message Date
Tad
83cbcfa39b
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-08 15:21:06 -04:00
Tad
9d6662dee7
15.1 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 18:00:23 -04:00
Tad
293f97d678
16.0 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 17:24:47 -04:00
Tad
4db68c3de1
Fixup b92655da
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 15:28:55 -04:00
Tad
b92655dac4
17.1 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 14:17:23 -04:00
Tad
2651f33e5c
ASB cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 13:44:00 -04:00
Tad
5bc210f135
Adjust microg config path
/product can't be used for now
https://github.com/microg/GmsCore/issues/1976

also move the wording around so it can be easier to remove later
after a new release is tagged

Signed-off-by: Tad <tad@spotco.us>
2023-07-07 13:33:48 -04:00
Tad
492ed24ca2
Fixups
Signed-off-by: Tad <tad@spotco.us>
2023-07-06 17:59:25 -04:00
Tad
34f2d0d15a
Tweak micorG defaults
New options added
4772008582

Signed-off-by: Tad <tad@spotco.us>
2023-07-06 14:39:38 -04:00
Tad
c4666a33b7
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-07-05 19:42:40 -04:00
Tad
c9a7ff8bba
Override all microG defaults to disabled
TODO after fixed:
SafetyNet: https://github.com/microg/GmsCore/issues/1971
Geocoder: https://github.com/microg/GmsCore/issues/1972

Signed-off-by: Tad <tad@spotco.us>
2023-07-04 14:48:18 -04:00
Tad
a96f74ca28
Enable the opt-in unprivileged microG enablement patchset
Runtime tested: 17.1, 18.1, 20.0
Compile tested: 19.1

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 21:50:08 -04:00
Tad
b7d37053c3
Further harden signature spoofing with targetSdk and versionCode checks
- Also fix compile for 17.1, rest should be fine

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 17:33:34 -04:00
Tad
f2c8005853
16.0: switch to upstream P_asb_2023-06
Has two extra patches for Traceur, but misses a patch for CarSettings

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 15:22:32 -04:00
Tad
4282c7c35f
Backports of 0f4044e2 to 17.1/18.1/19.1
Also don't grant any special location permissions

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 15:17:56 -04:00
Tad
0f4044e242
20.0: opt-in hardened unprivileged microG ability
Unlike other systems which ship privileged microG out of the box:
- User must enable microG repo in F-Droid
- User must install official microG apps (GmsCore/FakeStore/GSF)
- User must enable the microG toggle in Settings
- NOT a privileged app, not all features will work
- gmscore SELinux domain is still disabled

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 13:45:06 -04:00
Tad
2e2ac4557d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-26 19:41:11 -04:00
Tad
dc4d6b0901
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-20 18:36:31 -04:00
Tad
1e7f10d6b6
20.0: drop June ASB patches
QPR3 has been merged

Signed-off-by: Tad <tad@spotco.us>
2023-06-20 16:22:02 -04:00
Tad
5146f67cee
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-18 07:34:03 -04:00
Tad
cda898f141
Certificate Authority store updates
- Remove some untrustworthy CAs
- Update CA store for all branches to aosp/e302aa968334b3c3fc9cd709a7c7661e0cf534eb

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:54 -04:00
Tad
41e2669884
17.1: switch to flamefire's ASB topics
This gets us ~9 extra patches

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:46 -04:00
Tad
a07133a064
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-16 11:03:46 -04:00
Tad
e2ca79c607
20.0: add dot.sb DNS preset
Signed-off-by: Tad <tad@spotco.us>
2023-06-14 19:42:30 -04:00
Tad
0dde119d7e
20.0 June ASB work + churn
QPR3 is delayed a week now

Patches pulled from GrapheneOS and checked against CalyxOS

Signed-off-by: Tad <tad@spotco.us>
2023-06-12 21:06:42 -04:00
Tad
8c7f3daa00
15.1+16.0 June ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-06-10 05:16:45 -04:00
Tad
ab52996e4f
16.0: switch to upstream topic for May ASB patches
They're identical
I'll likely eventually pull them back in anyway

Signed-off-by: Tad <tad@spotco.us>
2023-06-10 01:57:59 -04:00
Tad
67dd049bf6
17.1 June ASB work
Note: 358555 is prone to mismerge

Signed-off-by: Tad <tad@spotco.us>
2023-06-09 23:42:54 -04:00
Tad
e7b390d7e6
Picks
https://review.lineageos.org/q/topic:%22n-asb-2023-06%22

Signed-off-by: Tad <tad@spotco.us>
2023-06-09 21:59:53 -04:00
Tad
78fa476749
Churn + Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-06-09 16:19:07 -04:00
Tad
04b4a1a45f
Picks + Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-08 22:48:40 -04:00
Tad
ffe020a7a0
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-07 18:01:35 -04:00
Tad
f31b5f6ac9
Update CVE patchers
No change :(

Signed-off-by: Tad <tad@spotco.us>
2023-06-05 16:26:16 -04:00
Tad
11d228c7c3
Switch CensurfriDNS to anycast domain
Signed-off-by: Tad <tad@spotco.us>
2023-06-05 15:47:21 -04:00
Tad
2ee99fe3ef
Update CVE patchers
CVE-2020-36694 appears to be a duplicate of CVE-2021-29650

Signed-off-by: Tad <tad@spotco.us>
2023-06-01 21:12:08 -04:00
Tad
e696cceac9
20.0 Private DNS work
- Simplify Private DNS preset patchsets
  based on updated CalyxOS patchset
  TODO: backport this

- Add DoH endpoints for all of the presets
  Disabled, very few hosts actually support DoH/3

Signed-off-by: Tad <tad@spotco.us>
2023-05-31 19:02:10 -04:00
Tad
8a43be3c58
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-05-30 15:17:29 -04:00
Tad
59bda0360e
Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-05-30 13:59:28 -04:00
Tad
5aa8f42e7a
Update commons
Signed-off-by: Tad <tad@spotco.us>
2023-05-24 11:08:49 -04:00
Tad
8463705798
Update CVE patchers
- Includes CVE-2023-32233 fixes for more devices
- Upstream has reverted the LVT patches, maybe consider handling them

Signed-off-by: Tad <tad@spotco.us>
2023-05-22 20:33:47 -04:00
Tad
71c169d326
Promote LGE G5, G6, and V20 to 19.1
Signed-off-by: Tad <tad@spotco.us>
2023-05-17 02:52:11 -04:00
Tad
cd0a29d69b
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-05-12 23:28:44 -04:00
Tad
6fb0a581c3
15.1 and 16.0 May ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-05-07 21:28:27 -04:00
Tad
8503986acb
17.1 May ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-05-07 14:29:54 -04:00
Tad
21702e1fc7
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-05-07 00:36:02 -04:00
Tad
0004c224cf
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-05-06 00:15:27 -04:00
Tad
14c191ffb5
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-05-04 21:19:33 -04:00
Tad
c544c28b94
Prevent Qualcomm location stack from reading chipset serial number
The deblobber already removes xtra-daemon which is what actually performs the requests.
This is just extra sanctity.

Signed-off-by: Tad <tad@spotco.us>
2023-05-03 21:41:20 -04:00
Tad
366b4eb5ef
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 18:01:39 -04:00
Tad
39b0c9e036
Remove broken emoji updates
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 15:31:57 -04:00