DivestOS

mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00

Author	SHA1	Message	Date
Tad	a28f43c6a7	Tweak Signed-off-by: Tad <tad@spotco.us>	2022-03-16 12:11:41 -04:00
Tad	352705fbf7	Churn Signed-off-by: Tad <tad@spotco.us>	2022-03-16 11:43:51 -04:00
Tad	a9f6672fed	hardened_malloc fixes for broken devices - enable the patchset for 18.1 - add an ugly patch that extends the Pixel 3* camera workaround to all camera executables Signed-off-by: Tad <tad@spotco.us>	2022-03-16 02:01:19 -04:00
Tad	e002154486	Typo Signed-off-by: Tad <tad@spotco.us>	2022-03-15 20:59:43 -04:00
Tad	1df7c7f1d4	Churn Signed-off-by: Tad <tad@spotco.us>	2022-03-15 19:16:19 -04:00
Tad	181519cf38	Add bionic hardening patchsets from GrapheneOS 11 `b3a0c2c5db` 11 `5412c37195` #explicit zero 11 `31456ac632` #brk 11 `58ebc243ea` #random 11 `5323b39f7e` #undefined 11 `6a91d9dddb` #merge 11 `a042b5a0ba` #vla formatting 11 `9ec639de1b` #pthread 11 `49571a0a49` #read only 11 `149cc5ccb8` #zero 11 `2e613ccbe7` #fork mmap 11 `e239c7dff8` #memprot pthread 11 `0b03d92b7f` #xor 11 `de08419b82` #junk 11 `897d4903e2` #guard 11 `648cd68ca3` #ptrhread guard 11 `0bc4dbcbd2` #stack rand 10 `aa9cc05d07` 10 `a8cdbb6352` #explicit zero 10 `b28302c668` #brk 10 `9f8be7d07c` #random 10 `cb91a7ee3a` #undefined 10 `08279e2fdd` #merge 10 `6a18bd565d` #vla formatting 10 `2f392c2d08` #pthread 10 `8bbce1bc50` #read only 10 `725f61db82` #zero 10 `4cd257135f` #fork mmap 10 `9220cf622b` #memprot pthread 10 `8ef71d1ffd` #memprot exit 10 `0eaef1abbd` #xor 10 `64f1cc2148` #junk 10 `5c42a527cf` #guard 10 `5cc8c34e60` #pthread guard 10 `7f61cc8a1c` #stack rand 9 `abdf523d26` 9 `e4b9b31e6f` #explicit zero 9 `a3a22a63d2` #brk 9 `7444dbc3cf` #random 9 `dcd3b72ac9` #undefined 9 `543e1df342` #merge 9 `611e5691f7` #vla formatting 9 `8de97ce864` #pthread 9 `a475717042` #read only 9 `7f0947cc0e` #zero 9 `e9751d3370` #fork mmap 9 `83cd86d0d5` #memprot pthread 9 `1ebb165455` #memprot exit 9 `488ba483cf` #xor 9 `f9351d884b` #junk 9 `85e5bca0a5` #move Signed-off-by: Tad <tad@spotco.us>	2022-03-15 16:56:46 -04:00
Tad	1878cd19ab	Fix/Add hardened malloc patchsets from GrapheneOS 11 `8c0f3c0e04` 11 `4e6320c247` 11 `108754debb` 10 `818be3fc1d` 10 `010949662f` 10 `ede5e38f5b` 9 `80754c93bf` 9 `20160b8161` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 16:24:56 -04:00
Tad	209481c53e	Fix/Add exec based spawning patchsets from GrapheneOS 11 `14c3c1d4cd` `ac1943345e` `1abb805041` `2e07ab8c24` `0044836677` `c561811fad` `7a848373ef` `89646bdeb1` `2a70bbac4a` `d414dcaa35` `b4cd877e3a` `98634286bb` 11 `4c2635390c` 11 `add34a4bc6` 11 `a2b51906de` 10 `527787f3c8` `ffde474ad7` `aa87e487c4` `c906fe9722` `c69c3eecd4` `b2303adccc` `5bb05db6f7` `536b497688` `24802a832b` `ce6dcc2368` `3d3d5c4d38` `2eda592b79` 10 `29f28b53c0` 10 `13a992c716` 9 `750efbf6bc` `ed563b6f26` `aad3c7d750` `da3180f9a8` `68773a29b7` `283b3fa09c` `f133136b65` `01a01ce5f6` `17c309c098` `8806ec3ef1` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 15:55:13 -04:00
Tad	f015dd348f	Add the JNINativeMethod table constification patchsets from GrapheneOS 11 `63b9f96a12` 11 `d8a62b5156` 11 `e3a4d64f29` 11 `e41f1d7f8e` 11 `c34b037486` 11 `dce2d0f64f` 11 `c99c35cb2a` 10 `07071814db` 10 `a48ba29b98` 10 `157fa78115` 10 `b914409e05` 10 `20a51f508b` 10 `b8afb8af37` 10 `e1b6653db7` 9 `ff688b68a7` 9 `866f0df315` 9 `77c9fa981a` 9 `fbf620e59c` 9 `ceaf63c790` 9 `253247fc39` 9 `76bf4c46f0` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 15:26:48 -04:00
Tad	ad579b6681	Misc hardening from GrapheneOS 11 `62f81c237b` 11 `1f05db99ab` 11 `f242089d3f` 10 `abcf485dcf` 9x `c5db5a9f9e` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 14:40:05 -04:00
Tad	844227a4f4	18.1: add the ptrace_scope patchset from GrapheneOS `ad017fba58` `3b89605581` `8b0419ac04` `52ea603339` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 14:29:34 -04:00
Tad	07bd5a3a0e	Automatic reboot and Bluetooth/Wi-Fi shutoff from GrapheneOS and CalyxOS Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/59 Tested on 18.1 Untested on 17.1 Signed-off-by: Tad <tad@spotco.us>	2022-03-15 01:27:08 -04:00
Tad	e61e288b4a	Optionally allow the official Bromite WebView to be used, credit @MSe1969 This also replaces the overrides for all versions And should allow the Google WebView on 14/15/16 And lastly only leaves the bundled version as default This is a merge of the LineageOS 14/15/16 and 17/18 overlay With the addition of the Bromite signature from @MSe1969 Signed-off-by: Tad <tad@spotco.us>	2022-03-14 22:59:40 -04:00
Tad	9ba3a061c6	Tweak Signed-off-by: Tad <tad@spotco.us>	2022-03-14 11:57:34 -04:00
Tad	f65c7a4ccd	Tweaks Signed-off-by: Tad <tad@spotco.us>	2022-03-12 11:48:23 -05:00
Tad	015799737e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-09 17:16:47 -05:00
Tad	4f75a8272a	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-09 11:59:30 -05:00
Tad	902239e2b5	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-08 23:20:43 -05:00
Tad	de764885b3	Fixup Signed-off-by: Tad <tad@spotco.us>	2022-03-08 12:56:52 -05:00
Tad	54dbcd9e43	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-07 19:12:10 -05:00
Tad	bda848a0a1	Fixup `057bedb6` Sadly this means the option was never enabled :( Note: these options are only available on 4.4+ kernels Signed-off-by: Tad <tad@spotco.us>	2022-03-06 23:05:13 -05:00
Tad	9a6c3f99ed	Verify authorship and Change-Id of all contained patches - No patches were found with incorrect authorship/From: lines - The older AndroidHardening patch repos are no longer available to verify CID. - New GrapheneOS patches do not include a CID. - Signature_Spoofing.patch CID could not be found. - Fixed CID of Harden_Sig_Spoofing.patch to match 14.1 - Fixed CID of LGE_Fixes.patch to match 14.1 - Fixed CID of Harden.patch to match 14.1 - Added edit note to Harden.patch - Fixed CID of PREREQ_Handle_All_Modes.patch to match 14.1 - Fixed CID of More_Preferred_Network_Modes.patch to match 14.1 - Fixed CID of AES256.patch to match 14.1 - Fixed CID of 0001-OTA_Keys.patch to match 18.1 - Fixed CID of Camera_Fix.patch to match 15.1 - Fixed CID of Connectivity.patch to match 14.1 - Fixed CID of Fix_Calling.patch to match 14.1 - Fixed CID of Remove_Analytics.patch to match 14.1 - Fixed CID of Unused-.patch/audio_extn to match original Signed-off-by: Tad <tad@spotco.us>	2022-03-05 13:13:30 -05:00
Tad	ac1e89f0c8	Update CVE patchers [the big fixup] This removes many duplicately or wrongly applied patches. Correctly removed: - CVE-2011-4132 can apply infinitely - CVE-2013-2891 can apply infinitely - CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap - CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result - CVE-2016-2475 can apply infinitely - CVE-2017-0627 can apply infinitely - CVE-2017-0750 can apply infinitely - CVE-2017-14875 can apply infinitely - CVE-2017-14883 can apply infinitely - CVE-2020-11146 can apply infinitely - CVE-2020-11608 can apply infinitely - CVE-2021-42008 can apply infinitely Questionable (might actually be beneficial to "incorrectly" apply again): - CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt - CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature - CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect - CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl - CVE-2019-10622 can apply once to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback - CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev Other notes: - CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696 then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it. This was seemingly fixed with a hand merged patch in patch repo. Wrongly removed: - CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru - CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops - CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames Signed-off-by: Tad <tad@spotco.us>	2022-03-04 00:42:28 -05:00
Tad	927b9bfbc5	Fix random reboots on broken kernels when an app has data restricted I don't like this Reading: - `24b3bdcf71` - https://review.lineageos.org/c/LineageOS/android_kernel_essential_msm8998/+/320470 - https://review.lineageos.org/c/LineageOS/android_system_bpf/+/264702 - https://gitlab.com/LineageOS/issues/android/-/issues/2514 - https://gitlab.com/LineageOS/issues/android/-/issues/3144 - https://gitlab.com/LineageOS/issues/android/-/issues/3287 Test: - restrict mobile data for an app - toggle wifi on and off a few times - watch systemui crash and soft-reboot Tested working on cheeseburger Signed-off-by: Tad <tad@spotco.us>	2022-03-03 17:51:46 -05:00
Tad	0d0104b4bb	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-02 22:57:34 -05:00
Tad	893e425321	Add the script to generate vbhashes.txt Output has been verified as correct on mata, cheeseburger, fajita, and guacamole Signed-off-by: Tad <tad@spotco.us>	2022-02-28 01:32:24 -05:00
Tad	0d59c18c85	Enable the NETWORK permission patchset for 16.0 too Likely has issues with secondary users. As in the permission affects all copies of the same app. Signed-off-by: Tad <tad@spotco.us>	2022-02-28 01:27:38 -05:00
Tad	bbdfcdc2a2	Tiny fix Signed-off-by: Tad <tad@spotco.us>	2022-02-26 11:47:52 -05:00
Tad	5e1521700f	Port the GrapheneOS NETWORK permission to 17.1 and 18.1 Some patches were ported from 12 to 10/11 Some patches from 11 were ported to 10 This 10/11 port should be very close to 12 BOUNS: 16.0 patches, disabled Signed-off-by: Tad <tad@spotco.us>	2022-02-25 16:52:51 -05:00
Tad	f4fbe65756	Various changes - 15.1: asb picks - 17.1: drop marlin, sailfish, z2_plus, m8 - 4.9 loose versioning fixes	2022-02-24 19:51:44 -05:00
Tad	a8cfa8157c	Fixup last commit Signed-off-by: Tad <tad@spotco.us>	2022-02-23 14:52:29 -05:00
Tad	512673d97d	Bump marlin/sailfish to 18.1 Signed-off-by: Tad <tad@spotco.us>	2022-02-23 13:33:28 -05:00
Tad	8b39498b1c	Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us>	2022-02-22 13:44:47 -05:00
Tad	21c97c6967	Tweak Signed-off-by: Tad <tad@spotco.us>	2022-02-21 23:30:45 -05:00
Tad	5245109cc1	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-19 23:22:19 -05:00
Tad	5283db6f05	Drop the broken PDB patch Why'd past me write this trash? Signed-off-by: Tad <tad@spotco.us>	2022-02-14 07:43:45 -05:00
Tad	143b6fa164	18.1: Refresh for recent upstream Updater changes Untested, should work Signed-off-by: Tad <tad@spotco.us>	2022-02-14 03:05:32 -05:00
Tad	2eda5086fc	Tiny tweak Signed-off-by: Tad <tad@spotco.us>	2022-02-13 23:57:59 -05:00
Tad	a38d544f8b	18.1: small fixes Signed-off-by: Tad <tad@spotco.us>	2022-02-12 07:32:29 -05:00
Tad	48b009a02e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-12 06:56:28 -05:00
Tad	a23bae5cd5	Tiny tweak Signed-off-by: Tad <tad@spotco.us>	2022-02-11 23:35:22 -05:00
Tad	b6da59d24f	Drop FairEmail, Vanilla, and their AOSP equivalents Signed-off-by: Tad <tad@spotco.us>	2022-02-11 14:25:30 -05:00
Tad	5b783483e6	Cleanup Signed-off-by: Tad <tad@spotco.us>	2022-02-11 14:23:51 -05:00
Tad	55cdea3c9b	17.1: small fixes Signed-off-by: Tad <tad@spotco.us>	2022-02-11 14:05:14 -05:00
Tad	f767a8ea87	Hopefully fix the broken radio on Pixels Thank you Google for all these great proprietary apps. Signed-off-by: Tad <tad@spotco.us>	2022-02-10 15:36:44 -05:00
Tad	bc3a9cddba	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2022-02-09 00:22:02 -05:00
Tad	65584e96ce	Switch to official Etar The Lineage forks have fallen behind Signed-off-by: Tad <tad@spotco.us>	2022-02-08 14:10:04 -05:00
Tad	ee0bd8625f	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-07 14:43:05 -05:00
Tad	0a664cc22c	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-03 21:12:02 -05:00
Tad	c0aac415aa	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-29 09:35:59 -05:00

1 2 3 4 5 ...

1439 Commits