Tad
a56e3a3016
Disable the bionic hardening patchset to fix boot issues
...
10+4 devices tested working with bionic hardening patches enabled
but hammerhead and shamu do not boot...
2 of the patches were already found to have issues and disabled
3 other patches were ruled out:
- Stop implicitly marking mappings as mergeable
- Make __stack_chk_guard read-only at runtime
- On 64-bit, zero the leading stack canary byte
Leaves 11+1 patches remaining that need to be tested
But I don't have either of the two known impacted devices.
Signed-off-by: Tad <tad@spotco.us>
2022-03-19 16:19:00 -04:00
Tad
3207cde72e
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-19 12:41:49 -04:00
Tad
09353cdcd2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-18 00:07:18 -04:00
Tad
1603092c50
Not all kernels have (working) getrandom support
...
hammerhead 16.0 was reported not booting
and shamu 18.1 was reported to take ~15+ minutes to boot
hammerhead does not have getrandom so it failed immediately
shamu does have getrandom BUT it blocks during init
meaning it'll wait until the entropy pool slowly fills
In tested I did not discovery this
I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita
All the newer ones have working getrandom
All the older ones included a patch to make getrandom non blocking on init
Signed-off-by: Tad <tad@spotco.us>
2022-03-17 13:21:52 -04:00
Tad
a9f6672fed
hardened_malloc fixes for broken devices
...
- enable the patchset for 18.1
- add an ugly patch that extends the Pixel 3* camera workaround to all camera executables
Signed-off-by: Tad <tad@spotco.us>
2022-03-16 02:01:19 -04:00
Tad
1df7c7f1d4
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 19:16:19 -04:00
Tad
181519cf38
Add bionic hardening patchsets from GrapheneOS
...
11 b3a0c2c5db
11 5412c37195
#explicit zero
11 31456ac632
#brk
11 58ebc243ea
#random
11 5323b39f7e
#undefined
11 6a91d9dddb
#merge
11 a042b5a0ba
#vla formatting
11 9ec639de1b
#pthread
11 49571a0a49
#read only
11 149cc5ccb8
#zero
11 2e613ccbe7
#fork mmap
11 e239c7dff8
#memprot pthread
11 0b03d92b7f
#xor
11 de08419b82
#junk
11 897d4903e2
#guard
11 648cd68ca3
#ptrhread guard
11 0bc4dbcbd2
#stack rand
10 aa9cc05d07
10 a8cdbb6352
#explicit zero
10 b28302c668
#brk
10 9f8be7d07c
#random
10 cb91a7ee3a
#undefined
10 08279e2fdd
#merge
10 6a18bd565d
#vla formatting
10 2f392c2d08
#pthread
10 8bbce1bc50
#read only
10 725f61db82
#zero
10 4cd257135f
#fork mmap
10 9220cf622b
#memprot pthread
10 8ef71d1ffd
#memprot exit
10 0eaef1abbd
#xor
10 64f1cc2148
#junk
10 5c42a527cf
#guard
10 5cc8c34e60
#pthread guard
10 7f61cc8a1c
#stack rand
9 abdf523d26
9 e4b9b31e6f
#explicit zero
9 a3a22a63d2
#brk
9 7444dbc3cf
#random
9 dcd3b72ac9
#undefined
9 543e1df342
#merge
9 611e5691f7
#vla formatting
9 8de97ce864
#pthread
9 a475717042
#read only
9 7f0947cc0e
#zero
9 e9751d3370
#fork mmap
9 83cd86d0d5
#memprot pthread
9 1ebb165455
#memprot exit
9 488ba483cf
#xor
9 f9351d884b
#junk
9 85e5bca0a5
#move
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 16:56:46 -04:00
Tad
209481c53e
Fix/Add exec based spawning patchsets from GrapheneOS
...
11 14c3c1d4cd
ac1943345e
1abb805041
2e07ab8c24
0044836677
c561811fad
7a848373ef
89646bdeb1
2a70bbac4a
d414dcaa35
b4cd877e3a
98634286bb
11 4c2635390c
11 add34a4bc6
11 a2b51906de
10 527787f3c8
ffde474ad7
aa87e487c4
c906fe9722
c69c3eecd4
b2303adccc
5bb05db6f7
536b497688
24802a832b
ce6dcc2368
3d3d5c4d38
2eda592b79
10 29f28b53c0
10 13a992c716
9 750efbf6bc
ed563b6f26
aad3c7d750
da3180f9a8
68773a29b7
283b3fa09c
f133136b65
01a01ce5f6
17c309c098
8806ec3ef1
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 15:55:13 -04:00
Tad
f015dd348f
Add the JNINativeMethod table constification patchsets from GrapheneOS
...
11 63b9f96a12
11 d8a62b5156
11 e3a4d64f29
11 e41f1d7f8e
11 c34b037486
11 dce2d0f64f
11 c99c35cb2a
10 07071814db
10 a48ba29b98
10 157fa78115
10 b914409e05
10 20a51f508b
10 b8afb8af37
10 e1b6653db7
9 ff688b68a7
9 866f0df315
9 77c9fa981a
9 fbf620e59c
9 ceaf63c790
9 253247fc39
9 76bf4c46f0
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 15:26:48 -04:00
Tad
ad579b6681
Misc hardening from GrapheneOS
...
11 62f81c237b
11 1f05db99ab
11 f242089d3f
10 abcf485dcf
9x c5db5a9f9e
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 14:40:05 -04:00
Tad
e61e288b4a
Optionally allow the official Bromite WebView to be used, credit @MSe1969
...
This also replaces the overrides for all versions
And should allow the Google WebView on 14/15/16
And lastly only leaves the bundled version as default
This is a merge of the LineageOS 14/15/16 and 17/18 overlay
With the addition of the Bromite signature from @MSe1969
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 22:59:40 -04:00
Tad
f65c7a4ccd
Tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-12 11:48:23 -05:00
Tad
015799737e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 17:16:47 -05:00
Tad
4f75a8272a
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 11:59:30 -05:00
Tad
902239e2b5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 23:20:43 -05:00
Tad
de764885b3
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 12:56:52 -05:00
Tad
54dbcd9e43
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-07 19:12:10 -05:00
Tad
bda848a0a1
Fixup 057bedb6
...
Sadly this means the option was never enabled :(
Note: these options are only available on 4.4+ kernels
Signed-off-by: Tad <tad@spotco.us>
2022-03-06 23:05:13 -05:00
Tad
ac1e89f0c8
Update CVE patchers [the big fixup]
...
This removes many duplicately or wrongly applied patches.
Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely
Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev
Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
This was seemingly fixed with a hand merged patch in patch repo.
Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames
Signed-off-by: Tad <tad@spotco.us>
2022-03-04 00:42:28 -05:00
Tad
927b9bfbc5
Fix random reboots on broken kernels when an app has data restricted
...
I don't like this
Reading:
- 24b3bdcf71
- https://review.lineageos.org/c/LineageOS/android_kernel_essential_msm8998/+/320470
- https://review.lineageos.org/c/LineageOS/android_system_bpf/+/264702
- https://gitlab.com/LineageOS/issues/android/-/issues/2514
- https://gitlab.com/LineageOS/issues/android/-/issues/3144
- https://gitlab.com/LineageOS/issues/android/-/issues/3287
Test:
- restrict mobile data for an app
- toggle wifi on and off a few times
- watch systemui crash and soft-reboot
Tested working on cheeseburger
Signed-off-by: Tad <tad@spotco.us>
2022-03-03 17:51:46 -05:00
Tad
0d0104b4bb
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-02 22:57:34 -05:00
Tad
5e1521700f
Port the GrapheneOS NETWORK permission to 17.1 and 18.1
...
Some patches were ported from 12 to 10/11
Some patches from 11 were ported to 10
This 10/11 port should be very close to 12
BOUNS: 16.0 patches, disabled
Signed-off-by: Tad <tad@spotco.us>
2022-02-25 16:52:51 -05:00
Tad
f4fbe65756
Various changes
...
- 15.1: asb picks
- 17.1: drop marlin, sailfish, z2_plus, m8
- 4.9 loose versioning fixes
2022-02-24 19:51:44 -05:00
Tad
8b39498b1c
Initial loose versioning work for 4.9
...
This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL
Untested, but looks mild
Signed-off-by: Tad <tad@spotco.us>
2022-02-22 13:44:47 -05:00
Tad
5245109cc1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-19 23:22:19 -05:00
Tad
48b009a02e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-12 06:56:28 -05:00
Tad
b6da59d24f
Drop FairEmail, Vanilla, and their AOSP equivalents
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 14:25:30 -05:00
Tad
55cdea3c9b
17.1: small fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 14:05:14 -05:00
Tad
f767a8ea87
Hopefully fix the broken radio on Pixels
...
Thank you Google for all these great proprietary apps.
Signed-off-by: Tad <tad@spotco.us>
2022-02-10 15:36:44 -05:00
Tad
65584e96ce
Switch to official Etar
...
The Lineage forks have fallen behind
Signed-off-by: Tad <tad@spotco.us>
2022-02-08 14:10:04 -05:00
Tad
ee0bd8625f
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-07 14:43:05 -05:00
Tad
0a664cc22c
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-03 21:12:02 -05:00
Tad
c0aac415aa
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-29 09:35:59 -05:00
Tad
58b53de17a
Multi user tweaks from GrapheneOS
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-24 06:30:39 -05:00
Tad
2400cf0964
App updates
...
- Drops Calendar, Eleven, and Email
- Adds a variable for Silence inclusion
- Adds a NONE option for microG inclusion flag to disable NLP inclusion
Signed-off-by: Tad <tad@spotco.us>
2022-01-24 06:30:15 -05:00
Tad
6329922104
Disable the Hamper Analytics patches
...
Rely on the HOSTS to do any blocking.
With the last update this causes app crashes, due to boolean/string mismatch.
Need to figure out exactly how string in manifest can become a boolean when wanted.
Signed-off-by: Tad <tad@spotco.us>
2022-01-23 16:55:24 -05:00
Tad
dbd2a71722
Update CVE patchers
...
Hopefully fixes boot breakage
Signed-off-by: Tad <tad@spotco.us>
2022-01-17 01:23:10 -05:00
Tad
6ec0c63126
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-13 11:08:22 -05:00
Tad
208c7800c8
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-12 17:44:18 -05:00
Tad
ce6ee9d8e4
Update CVE patchers
...
CVE-2021-0961 should be fine now
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 05:41:26 -05:00
Tad
b9c7839110
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 01:19:31 -05:00
Tad
b05823bb20
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-04 21:00:25 -05:00
Tad
e08349a202
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-29 11:51:58 -05:00
Tad
3c1931bcc9
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-19 05:15:32 -05:00
Tad
11141d3bc9
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-17 14:31:13 -05:00
Tad
20e1023627
Small changes
...
- 16.0: drop wallpaper optimization patch, questionable source
- deblobber: don't remove libmmparser_lite.so, potentially used by camera
- 17.1: pick Q_asb_2021-12, excluding a broken patch
- clark 17.1: some camera denial fixes
- alioth: unmark broken
- 17.1: switch to upstream glibc fix
- 17.1/18.1: disable per app sensors permission patchset, potential camera issues
Signed-off-by: Tad <tad@spotco.us>
2021-12-13 20:28:54 -05:00
Tad
8b85bf9719
Small change
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-12 12:10:47 -05:00
Tad
8cf90d055e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-11 01:12:41 -05:00
Tad
359ce4608f
Small updates
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-07 20:57:54 -05:00
Tad
ed1c151ce5
Update CVE patchers
...
CVE-2021-0961/ANY/0001.patch likely causes breakage
Signed-off-by: Tad <tad@spotco.us>
2021-12-06 17:43:34 -05:00
Tad
c5c3998593
Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝
...
Tested on 14.1 and 15.1 targets
Signed-off-by: Tad <tad@spotco.us>
2021-11-29 21:14:00 -05:00
Tad
bf129b729d
17.1: extreme loose versioning work
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 23:25:35 -05:00
Tad
c4dbc73c56
Alter the glibc fix
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 15:52:09 -05:00
Tad
9b84cebf92
17.1: loose versioning work
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 15:50:11 -05:00
Tad
62166d1ea5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 11:54:59 -05:00
Tad
f950398fa1
glibc 2.34 fix
...
Tested working to compile mako on Fedora 35
Signed-off-by: Tad <tad@spotco.us>
2021-11-14 20:16:48 -05:00
Tad
b8f5d8a510
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-12 11:51:02 -05:00
Tad
ebab5c9407
17.1: add harpia and merlin
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-11 10:22:00 -05:00
Tad
9c105b799f
O_asb_2021-11
...
Based off of:
https://review.lineageos.org/q/topic:P_asb_2021-11
Missing:
https://review.lineageos.org/c/LineageOS/android_packages_apps_Settings/+/318655
Maybe missing:
https://review.lineageos.org/c/LineageOS/android_hardware_nxp_nfc/+/318653
Doesn't exist:
https://review.lineageos.org/c/LineageOS/android_frameworks_native/+/318652
Untested
Signed-off-by: Tad <tad@spotco.us>
2021-11-08 17:19:50 -05:00
Tad
e882cf16c7
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-06 18:47:57 -04:00
Tad
f2b9eb8e8b
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-06 11:22:43 -04:00
Tad
5c8250bbdd
Disable the per-app sensor permission patches
...
Breaks camera on angler
Signed-off-by: Tad <tad@spotco.us>
2021-11-05 14:46:32 -04:00
Tad
6567937b05
ASB picks
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-05 13:29:50 -04:00
Tad
f7295a0f74
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 23:50:35 -04:00
Tad
f3277f3c07
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 12:01:36 -04:00
Tad
809e03833e
Verity enablement overhaul
...
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 10:24:07 -04:00
Tad
bc77ca416c
Verity fixups
...
Not sure how I missed all of these?
Signed-off-by: Tad <tad@spotco.us>
2021-11-01 20:55:22 -04:00
Tad
ecc4688ce0
Denial fixes for clark, osprey, surnia, and g3-common
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-28 00:47:59 -04:00
Tad
ec043e961e
Update CVE patchers
...
CVE-2021-20317 might need to be disabled due to QC timer breakage.
Signed-off-by: Tad <tad@spotco.us>
2021-10-27 15:26:53 -04:00
Tad
fe8e8201a9
Add more 'Private DNS' options
...
Based off of patches from CalyxOS as noted in each included patch.
Tested and verified working on klte and mata 18.1
Signed-off-by: Tad <tad@spotco.us>
2021-10-21 23:39:46 -04:00
Tad
5d7d710076
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-20 15:01:18 -04:00
Tad
b78944933c
More fixes
...
Ensure new shells have the correct settings too.
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 22:57:43 -04:00
Tad
042b9063d1
More fixes
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 17:12:13 -04:00
Tad
256b1db98b
Hard fail on error
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 16:08:43 -04:00
Tad
a5cdb9ab58
Fix patch ordering
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 15:21:22 -04:00
Tad
f7194d1f13
Switch to applyPatch
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 14:01:44 -04:00
Tad
7ba42f052a
Small changes
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-14 15:58:22 -04:00
Tad
df60bfceda
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-13 12:20:44 -04:00
Tad
d5d3846f2c
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-10 19:44:59 -04:00
Tad
939c6aa7ed
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-07 20:07:49 -04:00
Tad
2af0e1201e
Re-enable the recovery downgrade check
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-06 17:03:22 -04:00
Tad
f2e1d32eba
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-06 16:54:45 -04:00
Tad
7b28a193f1
Include the Support app
...
This is a very basic app with zero permissions and has quick links to
various related resources.
Signed-off-by: Tad <tad@spotco.us>
2021-10-06 06:21:38 -04:00
Tad
59bd09a807
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-05 14:44:23 -04:00
Tad
5658b56424
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-03 20:00:52 -04:00
Tad
870382ff40
Switch to the Mulch WebView
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-02 01:44:46 -04:00
Tad
27fe558b76
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-29 16:47:50 -04:00
Tad
c6df37ca23
Expose the Sensors Off tile
...
This removes the hidden development 'Sensors off' tile from Settings app,
adds it back to SystemUI, and enables it by default.
Tested working on 18.1
Signed-off-by: Tad <tad@spotco.us>
2021-09-26 16:36:15 -04:00
Tad
84c7d230ab
Permission for sensors access patches from @MSe1969
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-24 23:35:33 -04:00
Tad
f5a58bd35f
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-23 20:56:00 -04:00
Tad
7e093e0500
Ensure all used defconfigs are altered
2021-09-18 21:28:13 -04:00
Tad
83efa5fe7d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-18 13:43:41 -04:00
Tad
4917af86cc
Update copyright dates
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:30:08 -04:00
Tad
cf3a12cb5a
Move some changes into a new Post.sh
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:26:37 -04:00
Tad
bf5d9bc778
Small tweaks
...
- disable disablement of PROC_PAGE_MONITOR to fix memory stats calculation
- enable slub_nomerge, similar to slab_nomerge for pre 3.18 kernels
slub_nomerge was already default enabled on many 3.10 devices via:
0006-AndroidHardening-Kernel_Hardening/3.10/0010.patch
Signed-off-by: Tad <tad@spotco.us>
2021-09-13 10:39:33 -04:00
Tad
907dc0f040
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-11 16:06:57 -04:00
Tad
faf681a0c6
17.1: add davinci
...
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/10
Signed-off-by: Tad <tad@spotco.us>
2021-09-11 14:55:27 -04:00
Tad
35036e694d
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-08 22:59:33 -04:00
Tad
0ade46cc8e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-07 16:57:15 -04:00
Tad
e84111aaa8
Small changes
...
- Include TalkBack
- Fixup hosts inclusion, due to path mismatch
- 14.1: bump patch level to match the picked ASB
- 14.1: m7-common: deblobber fix
Signed-off-by: Tad <tad@spotco.us>
2021-09-06 14:32:37 -04:00
Tad
e0d300a651
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-03 22:52:24 -04:00
Tad
043b194210
17.1: add surnia + other changes
...
- 17.1: fixup invalid line in marlin from deblobber
- 18.1: fixup audiofx removal
- all: change repo sync to 8 threads from 20, for google HTTP 429 error
Signed-off-by: Tad <tad@spotco.us>
2021-08-26 21:02:28 -04:00
Tad
792cb89ed7
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-26 12:17:46 -04:00
Tad
0dbabac59a
Update CVE patchers
...
Maybe breakage?
Signed-off-by: Tad <tad@spotco.us>
2021-08-23 15:27:53 -04:00
Tad
c0debe55c4
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-18 08:54:30 -04:00
Tad
4ae1402229
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 23:54:19 -04:00
Tad
79132fddef
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 11:07:07 -04:00
Tad
2d468d9da2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-09 14:44:48 -04:00
Tad
3f311f84ad
Changes
...
- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes
Signed-off-by: Tad <tad@spotco.us>
2021-08-06 18:36:57 -04:00
Tad
189cf4d801
Update comments
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 22:18:00 -04:00
Tad
2db8ac7c70
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 14:57:55 -04:00
Tad
6f1512b63a
crackling for 17.1 - try 2
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 14:22:16 -04:00
Tad
477b0a1a62
More fixes
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 10:58:22 -04:00
Tad
9e548cabf5
Fixup 3d69ad87
...
Tested to compile bacon, ether, and griffin kernels
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 18:46:38 -04:00
Tad
3d69ad873e
\"\'FIXES\'\" PART 2
...
There will likely be some breakage here.
Many of these patches have been here since the start and never used.
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 15:14:02 -04:00
Tad
4fae8d0445
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 12:37:28 -04:00
Tad
2c05482872
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-07-31 09:17:08 -04:00
Tad
702ea9c91f
Move FP3 to 18.1
...
Signed-off-by: Tad <tad@spotco.us>
2021-07-30 11:55:03 -04:00
Tad
36331d6d62
Update CVE patchers
2021-07-28 10:08:52 -04:00
Tad
b61264e3b9
Update CVE patchers
2021-07-27 00:17:14 -04:00
Tad
ca51db0be0
Update CVE patchers
2021-07-21 22:48:29 -04:00
Tad
ac4d8ab822
17.1: move fp2 to 18.1
2021-07-19 14:42:37 -04:00
Tad
9a4c02c3dc
Tiny tweaks
2021-07-19 12:05:18 -04:00
Tad
48ff571fbb
Small updates and fixes
2021-07-13 16:10:30 -04:00
Tad
3d67f9e25c
Update CVE patchers
2021-07-12 06:31:38 -04:00
Tad
c2b2aa5830
16.0+: Add captive portal toggle from @MSe1969
...
Source:
0045a97cb4
b483b4e9ab
18.1 is the 17.1 patch rebased
Wording was altered.
Already included in 14.1+15.1
2021-07-10 22:48:45 -04:00
Tad
a43601e77b
Update CVE patchers
...
I expect breakage.
2021-07-10 11:39:14 -04:00
Tad
ca857913ef
Directory sanity
2021-07-09 07:09:27 -04:00
Tad
dd3a611d0e
Cherrypicks
2021-07-08 20:08:24 -04:00
Tad
c13672b9b7
Update CVE patchers
2021-07-07 15:14:20 -04:00
Tad
12283124b5
Fixup last commit
2021-07-04 17:05:27 -04:00
Tad
f6357512a7
Update CVE patchers
2021-07-04 14:41:44 -04:00
Tad
44003bd2f5
Update CVE patchers
2021-06-30 17:05:59 -04:00
Tad
c2ce9572fa
umask 0022 all the things
...
umask 0077 breaks things in subtle ways
2021-06-27 14:14:34 -04:00
Tad
d7287a6b94
Update CVE patchers
2021-06-27 11:50:15 -04:00
Tad
ef8573b29c
Small fixes
2021-06-26 22:59:46 -04:00
Tad
08d522fd9b
17.1: drop mako
...
18.1 is functional now
2021-06-26 19:58:14 -04:00
Tad
881c24d8b2
Various patches from GrapheneOS
2021-06-26 18:57:46 -04:00
Tad
d6dca6e66d
Small tweaks
2021-06-26 14:13:03 -04:00
Tad
eb3e51e7e3
Small tweaks
2021-06-23 13:00:43 -04:00
Tad
48f35901c2
Update CVE patchers
2021-06-16 23:17:37 -04:00
Tad
d42c8f033d
Small changes
...
- Fixup CVE-2020-36386 breakage
- Move some cherrypicks in tree (gerrit down right now, pulled from reflog)
- Update cherrypicks
2021-06-15 05:46:30 -04:00
Tad
8af1c6a2ee
17.1: restore m8 for now
2021-06-14 02:06:49 -04:00
Tad
47ca4c5954
Tiny tweaks
2021-06-12 17:17:11 -04:00
Tad
71fe4d590e
Small tweaks
...
- 14.1: drop z00t, compiles on 15.1
- fix double patch breakage for CVE-2020-36386
- clark: fix recovery firmware extraction, hopefully
2021-06-12 10:49:54 -04:00
Tad
4b044379ec
Update CVE patchers
2021-06-11 11:00:54 -04:00
Tad
50c670c477
Small tweaks
...
- June ASB cherrypicks
- Change default NTP. only 2*.pool.ntp.org supports IPv6
2021-06-10 22:45:32 -04:00
Tad
94b91c6afd
Incall privacy warning from CalyxOS
2021-06-08 12:11:13 -04:00
Tad
d9c49b56c3
Update CVE patchers
2021-06-07 22:30:33 -04:00
Tad
143bec97a9
Small tweaks
2021-06-07 21:32:10 -04:00