Commit Graph

415 Commits

Author SHA1 Message Date
Tad
d7078bafd6 Update CVE patchers 2019-06-03 18:41:24 -04:00
Tad
bb72bccbeb Two hardening patches from @MSe1969
+ a backport of browser location restriction patch to 14.1 and 15.1
  by @syphyr
2019-06-02 19:25:29 -04:00
Tad
163fdb1f68 Minor updates 2019-05-31 21:13:39 -04:00
Tad
40d6db0326 divestos.xyz > divestos.org 2019-05-23 11:34:26 -04:00
Tad
8030a63a2a 11.0: fixes 2019-05-17 23:26:25 -04:00
Tad
380353773e Fixes 2019-05-17 20:48:26 -04:00
Tad
899812864f Update CVE patchers 2019-05-14 21:04:55 -04:00
Tad
223c5d1a2c Disable temperature monitoring
Breaks boot after 9.0 May security ASB:
- thermal service unavailable
- power service hooks thermal service
- keyguard service hooks power service
- no keyguard = no system ui
- no system ui = rescue party engages
- rescue party goes into recovery demanding factory wipe

see commit:
fwb: DO NOT MERGE Implement USB High Temperature warning dialog
2019-05-12 13:42:06 -04:00
Tad
aaa44f058e Update license 2019-05-09 06:43:09 -04:00
Tad
f59c77f00c Cherrypicks 2019-05-06 16:29:58 -04:00
Tad
9e2dd548d8 Disable LiveDisplay by default for performance reasons 2019-04-17 00:23:42 -04:00
Tad
20c8c7525c Misc tweaks
- 15.1: Contacts: remove Privacy Policy and Terms of Service links
  - from GrapheneOS
- cherry picks
2019-04-06 22:55:14 -04:00
Tad
974cc3b3f8 16.0: recovery has been updated
but leave it disabled because it doesn't boot
2019-04-04 23:33:10 -04:00
Tad
25cc717ec2 Use GrapheneOS' hardened memory allocator
+ 16.0: some other misc hardening patches from GrapheneOS
  - always restrict access to Build.SERIAL
  - don't grant location permission to system browsers
  - fbe: pad filenames more
+ 16.0: Contacts: remove Privacy Policy and Terms of Service links
2019-04-04 01:07:58 -04:00
Tad
60cf364f19 Minor tweaks
- init.sh: sort options
- overlay: leave radioScanningTimeout default
- hardenDefconfig: disable more components with CVEs
- cherry picks
- 16.0: trebuchet: tmp fix for default workspace overlay
2019-04-03 19:04:37 -04:00
Tad
1c49b80da0 Minor tweaks
- CVE patchers were updated with no change
- hardenDefconfig: disable MSM_SMP2P_TEST to mitigate CVE-2019-2247
- 14.1 add a cherry pick
2019-04-01 18:57:04 -04:00
Tad
dd7e4c3faf Remove more blobs 2019-03-22 05:28:57 -04:00
Tad
e344b17a36 Build fixes + new blob blocker 2019-03-22 04:20:06 -04:00
Tad
23f8759937 Remove some unneeded packages 2019-03-12 20:40:31 -04:00
Tad
cfe766be09 Tweaks 2019-03-11 18:19:50 -04:00
Tad
b1455b641d Update CVE patchers 2019-03-08 15:15:46 -05:00
Tad
5607db2e0b Update CVE patchers
- More aggressively attempt to apply incremental patches by
  ignoring the current subversion, as it is common for it to be 0
  Hopefully I won't have to revert this
2019-03-04 21:41:55 -05:00
Tad
9e897989d1 Update CVE patchers 2019-03-04 20:18:29 -05:00
Tad
f5d99c938b 16.0: More bringup 2019-03-04 05:53:51 -05:00
Tad
afe719ffc4 16.0: Initial bringup
- 14.1/15.1: Remove @ValdikSS' bluetooth patches
- 15.1: Cleanup
2019-03-04 02:45:54 -05:00
Tad
83478880ef WireGuard kernel module inclusion support 2019-03-04 00:06:22 -05:00
Tad
bc63feedc9 Update CVE patchers 2019-02-21 06:25:47 -05:00
Tad
fccc124868 tuna fixes + fdroid priv changes 2019-02-14 04:36:50 -05:00
Tad
b9ff7a74e6 Updates and fixes 2019-02-12 16:09:41 -05:00
Tad
ffabfb3616 14.1: fix maguro denials 2019-02-09 14:47:55 -05:00
Tad
9178760d1a Updater: Fix downloads over Tor
+ Update TODO
+ Minor tweaks
2019-02-08 20:58:15 -05:00
Tad
aa9b5499e6 Updates 2019-02-07 11:15:29 -05:00
Tad
15237becbb Update CVE patchers 2019-02-04 16:03:59 -05:00
Tad
378971497c 14.1: Support unified tuna 2019-02-01 02:53:13 -05:00
Tad
0ea1d37f0c Minor changes
- Update cherrypicks
- Update submodules
- Add some comments
2019-01-28 21:54:45 -05:00
Tad
ec3ffa38f2 Fixup CVE patchers 2019-01-07 19:42:25 -05:00
Tad
d8aac4c07b Update CVE patchers 2019-01-07 17:07:00 -05:00
Tad
c27f226269 Properly fix network mode patch 2018-12-29 12:19:27 -05:00
Tad
66a38a4705 Fixup network modes patch on 14.1 2018-12-28 14:53:23 -05:00
Tad
0df749ef73 Add more preferred network modes such as LTE Only, LTE/3G only, and 3G only 2018-12-28 08:02:24 -05:00
Tad
c07027dd97 Many changes
- Update CVE patchers
- Update submodules
- Update defconfig enablers
- Update DNS IP addresses
- + Misc changes
2018-12-24 23:29:56 -05:00
Tad
6c4eadcdc7 Manifest cleanup + always remove latemount from /cache
formatting/erasing /cache will result in selinux contexts being lost
these are normally restored by system/core/rootdir/init.rc in post-fs
but latemount causes /cache to not be mounted beforehand
preventing it from ever being fixed
result is broken ota and recovery updates
2018-12-20 17:22:34 -05:00
Tad
c5d2f25797 11.0: nex: switch to -user + add disabled overclock 2018-12-19 02:15:15 -05:00
Tad
a652eb1e23 11.0: Remove the rest of CMStats
Hmm, I don't remember Dialer having stats.
Goddamn spyware.
2018-12-18 23:39:29 -05:00
Tad
bae3092539 11.0: Remove CMStats 2018-12-18 22:08:57 -05:00
Tad
875d6505af F-Droid changes
- Drop Briar repo, its in main repos now and seems to keep in sync
- Switch to official builds of PrivExt
2018-12-18 21:37:35 -05:00
Tad
715cb32468 11.0: Cherrypick ASB topics 2018-12-18 21:36:02 -05:00
Tad
314701f0e8 11.0: Drop grouper + more work 2018-12-18 21:36:01 -05:00
Tad
28b0e915f5 11.0: More restoration work 2018-12-18 21:35:41 -05:00
Tad
01be578137 11.0: Initial restore
I think this is like the 6th time I've done this.
I always remove it, wait a few months, pull out a device that I want to run it on
and then spend hours restoring and bringing it back. I always think to myself
do I really need to toy with this device? No, I don't, but I do it anyway. :)
2018-12-18 21:35:14 -05:00