Commit Graph

377 Commits

Author SHA1 Message Date
Tad
71fe4d590e Small tweaks
- 14.1: drop z00t, compiles on 15.1
- fix double patch breakage for CVE-2020-36386
- clark: fix recovery firmware extraction, hopefully
2021-06-12 10:49:54 -04:00
Tad
4b044379ec Update CVE patchers 2021-06-11 11:00:54 -04:00
Tad
50c670c477 Small tweaks
- June ASB cherrypicks
- Change default NTP. only 2*.pool.ntp.org supports IPv6
2021-06-10 22:45:32 -04:00
Tad
94b91c6afd Incall privacy warning from CalyxOS 2021-06-08 12:11:13 -04:00
Tad
d9c49b56c3 Update CVE patchers 2021-06-07 22:30:33 -04:00
Tad
143bec97a9 Small tweaks 2021-06-07 21:32:10 -04:00
Tad
1e5df6f42e Update CVE patchers 2021-06-03 13:28:32 -04:00
Tad
5c3d3b4d35 Reverts + disable mm-pp removal
Revert d7fd127e5f
Partial revert 1c9a66f896
2021-05-30 10:39:34 -04:00
Tad
d7fd127e5f Only dexpreopt boot and system server
Full dexpreopt has repeatedly shown to cause many problems over the years.
The slight gains are not worth the headache it incurs.
2021-05-30 00:36:57 -04:00
Tad
4af81f4d66 Update CVE patchers 2021-05-27 14:54:07 -04:00
Tad
13bffe05e7 Update CVE patchers 2021-05-21 09:14:31 -04:00
Tad
1cde58eaa4 Tiny tweaks 2021-05-12 03:15:41 -04:00
Tad
ccce1fad9b Update CVE patchers 2021-05-11 17:11:41 -04:00
Tad
731e0e995c Update CVE patchers 2021-05-07 21:48:29 -04:00
Tad
2cf0b314d8 Various changes
- Cherrypick May ASB topics
- 18.1: bump enchilada, fajita, and guacamole
2021-05-06 14:37:52 -04:00
Tad
4450921a10 Update CVE patchers 2021-05-03 20:41:32 -04:00
Tad
febec1b60a Update CVE patchers 2021-05-02 17:05:53 -04:00
Tad
82014e469a Update CVE patchers 2021-04-25 11:55:12 -04:00
Tad
3770bf469d Add a list of potentially bad commits from umn.edu addresses 2021-04-21 21:40:40 -04:00
Tad
4362cf4e63 Small changes
- 16.0: drop cheeseburger/dumpling, tested working on 18.1
- Fix some conflicts
2021-04-18 13:42:23 -04:00
Tad
81084a26d7 Update CVE patchers 2021-04-17 11:01:30 -04:00
Tad
83fe8f0434 More small tweaks
- Really fix yylloc sed line
- Drop merged ASB cherrypicks
- Edit vendor gps.conf files too
2021-04-16 20:31:57 -04:00
Tad
bdf990a638 Small tweaks
- Remove some changes that have been commented for a while
- Don't remove the QCOM VR repos
- Adjust the default quick tiles
- Don't force hardware layers for recents
- Only generate deltas for update_engine devices
- Cherrypick: Update WebView to 90.0.4430.66
- Adjust yylloc sed line
- Add comments to 17.1 devices explaining why they aren't removed for 18.1 yet
2021-04-14 21:29:12 -04:00
Tad
2f2d94c9b5 Small tweaks 2021-04-13 11:59:08 -04:00
Tad
a423f977ff Update CVE patchers 2021-04-12 20:53:35 -04:00
Tad
8e496341b5 Small tweaks + ASB cherrypicks 2021-04-08 05:40:22 -04:00
Tad
f48738f944 Update CVE patchers 2021-04-06 20:55:55 -04:00
Tad
9293f48b0c Revert "17.1: drop support for all devices tested working on 18.1"
This reverts commit 2bbbd6d87f.

18.1 recovery is refusing to compile properly.
2021-04-06 04:12:46 -04:00
Tad
f3e672fb18 Failed attempt at fixing signing
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.

Override it at the source and set it explicitely as well.

This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.

11.0 signing is ignored.

This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.

--

After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
2021-04-06 04:07:18 -04:00
Tad
2bbbd6d87f 17.1: drop support for all devices tested working on 18.1 2021-04-02 02:32:15 -04:00
Tad
9db9215d6b Small changes
- Disable generation of unused OTA to reduce compile time
- 17.1+: Disable APEX, breaks signing, and is also useless since no Play Store.
- 18.1: Fixup signing
2021-03-31 01:30:17 -04:00
Tad
9c70bfc6a3 Small fixes
- Bring 17.1 recovery in line with 18.1
- flox: fix sensors on 17.1
- flo 15.1: sensors might still be broken due to denial
- flox 17.1: reboot issue is likely fixed
- 18.1: fix my Wi-Fi (wpa2-eap with a cert, but no domain)
2021-03-27 13:48:55 -04:00
Tad
9ae46b7624 Update CVE patchers
This fixes Fenix causing a reboot on select devices.
2021-03-26 22:51:50 -04:00
Tad
4d902672df More cleanup 2021-03-25 10:16:38 -04:00
Tad
d8712ad62a Update CVE patchers 2021-03-24 16:31:25 -04:00
Tad
5d14e4b4f7 Small changes
- Add m7 and avicii (untested)
- Use low_ram target on <2GB devices
  Silly me, this never did anything due to the git reset...
- Update Chromium WebView cherrypick
2021-03-24 14:43:12 -04:00
Tad
08ea27fd00 Only include Silence when needed
ie. not on tablets without cellular
2021-03-23 21:11:08 -04:00
Tad
529b47039c 18.1: Initial bringup
- Functionality tested on mako and klte
- In-place upgrade from 17.1 tested working on klte
- Compile tested on bacon and klte
- Recovery OTA key patch missing, unsure if still needed.
- Deblobber needs support for removing vintf manifest paths from vendor Android.bp
- Launcher needs more default_workspace grid variants (eg. 4x5)
2021-03-23 12:36:31 -04:00
Tad
add30db605 Drop support for overclocking
These patches have been disabled for years.
2021-03-20 16:23:38 -04:00
Tad
62cba6a878 More cleanup 2021-03-20 16:15:01 -04:00
Tad
92dcea3b7d Update CVE patchers 2021-03-20 16:04:14 -04:00
Tad
70b1007dec 15.1: drop support for all devices compiling on 16.0 or 17.1 2021-03-20 14:28:36 -04:00
Tad
aa3d0aeac5 16.0: drop support for all devices compiling on 17.1 2021-03-20 14:03:01 -04:00
Tad
d87ae7d12c 16.0: drop support for all devices tested working on 17.1 2021-03-20 13:38:05 -04:00
Tad
caeb3d5199 Add FP3 to 16.0 and 17.1
Untested
2021-03-19 21:53:28 -04:00
Tad
c6f2a5a06d Fixup ef0ee2c3 2021-03-15 01:06:23 -04:00
Tad
ef0ee2c316 Update CVE patchers 2021-03-14 21:59:19 -04:00
Tad
a3fbed9da5 Update cherrypicks and small tweaks 2021-03-07 03:04:44 -05:00
Tad
60070a19bd Update CVE patchers
Consider splitting CVE-2020-27067 to restore basic patches.
2021-03-04 15:10:24 -05:00
Tad
f02363ecb4 March 2021 Security Updates 2021-03-04 13:02:10 -05:00
Tad
5a3b13e650 Update CVE patchers 2021-02-28 17:56:07 -05:00
Tad
07e46913d9 Fixup verity enablement for cheryl
cheryl was already supported in Copy_Keys.sh
2021-02-14 22:50:34 -05:00
Tad
6d0bc0c57e Update CVE patchers 2021-02-11 15:04:46 -05:00
Tad
41a04ebd36 Update CVE patchers 2021-02-10 15:55:51 -05:00
Tad
f1e2e43642 Update CVE patchers 2021-02-07 19:41:46 -05:00
Tad
d003ee6ea7 Update cherrypicks 2021-02-06 15:24:31 -05:00
Tad
3c0aaaa803 Update CVE patchers 2021-02-06 13:04:52 -05:00
Tad
820c637f20 Move many old cherry picks in tree for archival/support purposes 2021-02-05 20:00:43 -05:00
Tad
ebd992580c Update cherrypicks 2021-02-05 16:53:25 -05:00
Tad
d44eca7187 Update CVE patchers 2021-02-03 19:40:55 -05:00
Tad
fc5ba24098 Fixup 2021-02-03 12:19:37 -05:00
Tad
8fbe6a4bd2 Update CVE patchers 2021-02-03 11:50:22 -05:00
Tad
31d0b901ae Update cherrypicks 2021-02-03 09:45:26 -05:00
Tad
bac552732f Small tweaks 2021-01-30 21:34:50 -05:00
Tad
6a1fb99cc9 Unbreak last commit
This should be most of it

also
- properly update webview, repopick doesn't seem to handle the branch
- always cd back to base, to prevent script breakage
2021-01-25 13:31:57 -05:00
Tad
08142c2c9d Update CVE patchers
I expect breakage.
2021-01-24 00:30:24 -05:00
Tad
bef3ba0049 Small changes 2021-01-23 23:08:00 -05:00
Tad
c17623a87a Update CVE patchers 2021-01-16 22:48:28 -05:00
Tad
e9fd952ba2 Many small tweaks
- Remove leftover WireGuard repo missed in 31898834
- Enable the volteOverride, to ensure VoLTE enablement on supported devices on unknown carriers
- Extend volteOverride to support system.prop if vendor.prop doesn't exist (to cover eg. marlin/sailfish)
- Disable commenting of SOUND_TRIGGER flags.
  sountrigger blobs are not removed due to boot breakage.
  disable this and stop patching hardware/qcom/audio.
  Intended to potentially fix phone call audio issues on mata
- Small CVE patcher updates
2021-01-16 21:16:02 -05:00
Tad
a4333daefe Update cherrypicks
I managed to miss 300243 in the recent 17.1 rebuilds
2021-01-14 12:08:46 -05:00
Tad
318988345b Drop WireGuard kernel module support
It was never used or enabled.
Silly me didn't acknowledge that it requires root for any app to use.

The app itself will still be included in the PrebuiltApps submodule for anyone who needs.
2021-01-13 06:30:44 -05:00
Tad
f621ff7dda Update CVE patchers
I have absolutely no idea why kernel_oneplus_msm8998 was downgraded
4.4.241 to 4.4.205
https://github.com/LineageOS/android_kernel_oneplus_msm8998/tree/backup/lineage-17.1_20210108_1948
2021-01-13 04:29:00 -05:00
Tad
b683d40ef3 Small tweaks
- Update cherry picks
- Add star2lte to 15.1 and 17.1
2021-01-09 13:37:07 -05:00
Tad
42b94605f8 Cherrypicks and CVE-2019-2306 patching 2021-01-06 14:04:18 -05:00
Tad
e557ca3710 Update CVE patchers 2021-01-05 14:26:15 -05:00
Tad
bd4cb22db1 ASB cherry picks 2021-01-05 12:22:42 -05:00
Tad
e62afb602b Sync APN list from 17.1 to all versions
- 15.1: enable hammerhead due to reported bt issues on 16.0
2021-01-04 20:16:33 -05:00
Tad
ff96315fb4 Update CVE patchers 2020-12-30 11:08:19 -05:00
Tad
4c0ac9c46c Small changes 2020-12-24 02:01:10 -05:00
Tad
8b56cd13c6 deblobber: Don't remove CNE
- breaks Wi-Fi calling
- breaks IMS on marlin/sailfish
2020-12-22 13:53:29 -05:00
Tad
d6cf9ec8b0 Many fixes
VoLTE tested working on mata/17.1!
VoWiFi tested working with DOS_DEBLOBBER_REMOVE_CNE=false

- Disable Graphene exec spawning feature, subtly breaks many apps
  Maybe missing some patches?
- Build old versions for devices with broken IMS
- Ensure shell umask is always 0022
- fwb overlay: drop the MMS user-agent overrides
- Drop the BlobBlocker and ModuleBlocker
  They were unused and unkempt.
- Put volteOverride behind DOS_DEBLOBBER_REMOVE_IMS and comment it
2020-12-22 04:00:12 -05:00
Tad
356c743cd8 Update cherrpicks 2020-12-21 03:44:07 -05:00
Tad
1be184bac9 Small tweaks 2020-12-16 07:48:41 -05:00
Tad
39727cb7c7 Update CVE patchers 2020-12-10 14:09:58 -05:00
Tad
5ffefc4dc3 Cherry picks 2020-12-10 12:34:14 -05:00
Tad
3ec13d6bc8 Update CVE patchers 2020-12-08 10:24:24 -05:00
Tad
e36a91facc Update CVE patchers 2020-12-07 09:36:20 -05:00
Tad
9c691d02ab Update CVE patchers 2020-12-03 22:43:23 -05:00
Tad
09722044b0 Update CVE patchers 2020-11-29 19:06:06 -05:00
Tad
69c8bdfb22 Update CVE patchers 2020-11-26 09:03:45 -05:00
Tad
48e72f67bb Tiny update 2020-11-22 22:12:47 -05:00
Tad
445582fe2a Update CVE patchers 2020-11-19 17:15:55 -05:00
Tad
9d7e5a24a3 License headers 2020-11-17 10:19:06 -05:00
Tad
7b9d90d781 move clark from 14.1 to 17.1 2020-11-15 08:16:29 -05:00
Tad
523264aebb Update CVE patchers 2020-11-12 23:46:38 -05:00
Tad
e7a65ff912 Small fixes 2020-11-09 22:55:36 -05:00
Tad
a21a6acaa8 Update cherrypicks 2020-11-07 17:20:30 -05:00
Tad
dc5b1d91f2 Update CVE patchers 2020-11-06 16:15:16 -05:00
Tad
42053a97e2 ASB cherry picks 2020-11-04 09:48:12 -05:00
Tad
6a5866c01d More failed attempts at fixing IMS
Keeping IMS, RCS, CNE, ATFWD, and allowing ims* to access /dev/diag:
IMS service still fails to register on mata

Is it the carrier?
Is it the phone?
Is it LineageOS?
Is is DivestOS?
Absolute mess.
2020-11-02 19:24:56 -05:00
Tad
e36f4529a3 Fixup 9f01dc03
Enables replacing of vendor fingerprints.
I thought this was broken, turns out it was the AUX camera change instead.
2020-11-02 11:04:49 -05:00
Tad
9f01dc038c Small changes
- SUPL NTP fix
- Remove debug info from dexpreopt, saves a few MB
- 15.1+: enable full dexpreopt, for perf and memory benefits
- 17.1: change oneplus/msm8998-common kernel
- 17.1: add OpenCamera to AUX list
- Resurrect verity for devices missed previously
- Update some CVE patchers
- deblobber: remove some lingering atfwd blobs
2020-11-02 06:28:06 -05:00
Tad
3926f3a44f Small updates
- Various rebranding fixes
- 17.1: hold off on Seedvault inclusion for now
- 17.1: update kernel/fxtec/msm8998 CVE patcher
- 17.1: build cheeseburger/dumpling
2020-10-31 15:16:25 -04:00
Tad
5ec84b9f7b Update CVE patchers 2020-10-30 14:35:12 -04:00
Tad
40f8cebc53 Small updates 2020-10-28 19:09:18 -04:00
Tad
b89cc98001 Small updates 2020-10-27 21:40:20 -04:00
Tad
ff8dfd95db Small updates 2020-10-26 05:24:59 -04:00
Tad
47d064f98c Fixes 2020-10-23 18:50:51 -04:00
Tad
fb2a4df9a0 Add yellowstone, untested and disabled for now 2020-10-23 16:47:06 -04:00
Tad
95077df728 Update CVE patchers 2020-10-23 15:51:19 -04:00
Tad
1b4b86c38d Tiny tweaks 2020-10-23 14:49:16 -04:00
Tad
d889ae4642 Update CVE patchers 2020-10-17 15:28:42 -04:00
Tad
6d15a2bb82 Update CVE patchers 2020-10-15 22:36:28 -04:00
Tad
688f4dd953 More CVE patcher fixes 2020-10-15 21:31:46 -04:00
Tad
cc64ce1634 Update CVE patchers 2020-10-14 16:28:07 -04:00
Tad
10d042c3c0 Update CVE patchers 2020-10-14 15:20:06 -04:00
Tad
6c9c91941e Fix errors from compile test of all 14.1 kernels 2020-10-14 14:23:22 -04:00
Tad
d53a4f4e41 Update CVE patchers
- Drop tcp_sack=0 sysctl, as most devices are now patched
2020-10-12 18:38:07 -04:00
Tad
b56929d3d9 Many changes
- Missing credit in LICENSE
- Update TODO
- hardenLocationConf: don't change version
- hardenDefconfig: Fix reboot on shutdown
- changeDefaultDNS: replace a level3 dns straggler for tethering config
- Don't remove CompanionDeviceManager if microG is included
- Update cherry picks
- init.sh: update comment wording
2020-10-12 07:52:54 -04:00
Tad
115dd21832 Many changes
- 17.1: Add Pixel 4/XL
- Promote klte to 17.1
- hardenBootArgs: don't run on klte
- hardenBootArgs: regorganize
- hardenDefconfig: enabler: drop unnecessary options (iommu)
- hardenDefconfig: disabler: comment diag options for now
- deblobber: comment dirac lines to fix cheeseburger headphone jack
- fixup Etar replacement
2020-10-11 07:12:00 -04:00
Tad
260140f0a1 Update CVE patchers 2020-10-10 11:56:35 -04:00
Tad
8bdad21040 Update CVE patchers 2020-10-06 23:36:29 -04:00
Tad
b56fabac3b Update CVE patchers
I expect some breakage here
2020-10-06 21:14:18 -04:00
Tad
bf9167f442 Update CVE patchers 2020-10-05 21:38:25 -04:00
Tad
55e010fba5 Small updates 2020-10-01 14:56:37 -04:00
Tad
92f7f37096 Update CVE patchers
Fix CVE-2020-25221 breakage
2020-09-25 09:27:12 -04:00
Tad
bc7cf7af0a Update CVE patchers 2020-09-25 06:55:18 -04:00
Tad
92879ec2a4 Update CVE patchers 2020-09-23 06:31:34 -04:00
Tad
3bc1463017 Update CVE patchers 2020-09-18 10:36:01 -04:00
Tad
8c1e8ee3e3 Update CVE patchers 2020-09-17 15:35:48 -04:00
Tad
6e16320468 Small fixes 2020-09-13 19:52:37 -04:00
Tad
d16a362141 ASB cherry picks + Fixup 2f83043c
TODO: rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk
2020-09-12 08:29:09 -04:00
Tad
4c29ac36d2 Update CVE patchers 2020-09-09 19:00:03 -04:00
Tad
76fcd8a0d4 Update CVE patchers 2020-09-08 18:19:52 -04:00
Tad
37ff7ddc2d Update CVE patchers 2020-09-02 15:03:00 -04:00
Tad
bca6af1516 Small updates
- recovery: abort on serial number specific updates, credit: GrapheneOS
- Add lists of missing CVEs
- Update cherrypicks
2020-09-02 14:20:51 -04:00
Tad
0808ac1fd0 Many updates
- Add OnePlus 6, 6T, 7, 7 Pro
- Ensure verity/avb keys are *always* copied
- Update cherry picks
2020-09-01 03:26:21 -04:00
Tad
ec17d20f58 Update CVE patchers 2020-08-22 11:03:23 -04:00
Tad
98854115be 16.0: Add pro1
- Also initial beryllium support, no builds yet
2020-08-10 15:34:55 -04:00
Tad
f19dbe5958 More fixes for a69326f3 2020-08-10 03:46:36 -04:00
Tad
887ebb84c5 Update CVE patchers
Includes many fixes for a69326f3
but probably breaks other things
2020-08-09 07:29:19 -04:00
Tad
a69326f396 Update CVE patchers
Untested. I expect some breakage.
2020-08-08 13:06:39 -04:00
Tad
7cd6df559c Update AOSP CVE list to August patches 2020-08-05 01:53:50 -04:00
Tad
af54500797 Update CVE patchers 2020-08-03 18:15:27 -04:00
Tad
0a979b67fa Small changes
- 17.1: bringup bacon and ether
2020-07-24 10:20:07 -04:00
Tad
820a680d4d Small updates + Many fixes 2020-07-13 17:37:33 -04:00
Tad
e8f13920bb Cherry picks 2020-07-08 16:39:26 -04:00
Tad
c715d549a7 Update CVE patchers 2020-07-07 01:57:39 -04:00
Tad
9bafe76906 Update CVE patchers 2020-06-27 02:29:14 -04:00
Tad
2ef92046af Small changes 2020-06-22 20:41:49 -04:00