Commit Graph

111 Commits

Author SHA1 Message Date
Tad
8b67d5c41e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-10 22:02:37 -04:00
Tad
933f33ba6b Cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2022-08-04 09:57:11 -04:00
Tad
178f01958d Cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2022-08-02 19:39:09 -04:00
Tad
22f915cc3e Cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2022-07-07 18:59:37 -04:00
Tad
d79d1fcba3 19.1: More promotions
Signed-off-by: Tad <tad@spotco.us>
2022-07-01 14:17:18 -04:00
Tad
11b9ae5bc4 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-06-13 21:24:08 -04:00
Tad
c092b13a44 Restore star*lte
Signed-off-by: Tad <tad@spotco.us>
2022-06-08 22:55:00 -04:00
Tad
697bed18fb 17.1+18.1: Drop all devices working on 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 14:26:44 -04:00
Tad
de781e9921 Tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-05-23 23:15:27 -04:00
Tad
91953c0a45 Remove more blobs
Signed-off-by: Tad <tad@spotco.us>
2022-05-21 13:42:51 -04:00
Tad
64b4bbe075 Disable older devices tested/reported working on 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-05-15 13:16:36 -04:00
Tad
9286bdd258 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-10 15:02:03 -04:00
Tad
675b1a5da0 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-05-09 12:56:03 -04:00
Tad
b2eb3c01b4 Update CVE patchers
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375

Signed-off-by: Tad <tad@spotco.us>
2022-05-03 23:33:17 -04:00
Tad
3457fd4151 Device cleanup
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo

Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)

Signed-off-by: Tad <tad@spotco.us>
2022-04-26 15:19:57 -04:00
Tad
4b6a86a473 Add missing device variants
Signed-off-by: Tad <tad@spotco.us>
2022-04-14 19:47:21 -04:00
Tad
be6b03fe96 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-04-13 14:54:08 -04:00
Tad
486e358050 More (disabled) lowram tweaks for <2GB devices
The inprocess variants make very little reduction and likely reduce security.

Signed-off-by: Tad <tad@spotco.us>
2022-04-12 20:25:26 -04:00
Tad
81d9923cda Don't disable scudo on lowram devices
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 15:01:05 -04:00
Tad
30de608a61 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 02:51:44 -04:00
Tad
d078b24ddb lowram tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-04-11 23:40:26 -04:00
Tad
a9e250afd9 Cleanup
Signed-off-by: Tad <tad@spotco.us>
2022-04-07 00:37:20 -04:00
Tad
3a0659b9d8 19.1: more work, it compiles and boots!
- Add the manifest
- Add Pixel 2 series
- Add some missing patches
- More DNS files
- Drop Silence in 19.1

Signed-off-by: Tad <tad@spotco.us>
2022-04-05 23:44:15 -04:00
Tad
8a03e46c7e Add the exec-spawning toggle from GrapheneOS
Tested working on 18.1/klte

TODO: backport to 16.0

Signed-off-by: Tad <tad@spotco.us>
2022-03-28 16:14:37 -04:00
Tad
1603092c50 Not all kernels have (working) getrandom support
hammerhead 16.0 was reported not booting
and shamu 18.1 was reported to take ~15+ minutes to boot

hammerhead does not have getrandom so it failed immediately

shamu does have getrandom BUT it blocks during init
meaning it'll wait until the entropy pool slowly fills

In tested I did not discovery this
I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita
All the newer ones have working getrandom
All the older ones included a patch to make getrandom non blocking on init

Signed-off-by: Tad <tad@spotco.us>
2022-03-17 13:21:52 -04:00
Tad
e61e288b4a Optionally allow the official Bromite WebView to be used, credit @MSe1969
This also replaces the overrides for all versions
And should allow the Google WebView on 14/15/16
And lastly only leaves the bundled version as default

This is a merge of the LineageOS 14/15/16 and 17/18 overlay
With the addition of the Bromite signature from @MSe1969

Signed-off-by: Tad <tad@spotco.us>
2022-03-14 22:59:40 -04:00
Tad
9ba3a061c6 Tweak
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 11:57:34 -04:00
Tad
f65c7a4ccd Tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-03-12 11:48:23 -05:00
Tad
902239e2b5 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 23:20:43 -05:00
Tad
512673d97d Bump marlin/sailfish to 18.1
Signed-off-by: Tad <tad@spotco.us>
2022-02-23 13:33:28 -05:00
Tad
5245109cc1 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-02-19 23:22:19 -05:00
Tad
f767a8ea87 Hopefully fix the broken radio on Pixels
Thank you Google for all these great proprietary apps.

Signed-off-by: Tad <tad@spotco.us>
2022-02-10 15:36:44 -05:00
Tad
7ccaecd6d6 Small tweak
Signed-off-by: Tad <tad@spotco.us>
2022-01-20 19:13:08 -05:00
Tad
5e18ec4dfe Tiny tweak
Signed-off-by: Tad <tad@spotco.us>
2022-01-16 16:42:26 -05:00
Tad
6ec0c63126 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-01-13 11:08:22 -05:00
Tad
8a45dc4696 18.1: Device additions
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c

Signed-off-by: Tad <tad@spotco.us>
2022-01-06 21:04:17 -05:00
Tad
daf98f8197 Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-12-31 21:39:04 -05:00
Tad
6e604e8703 Small update
Signed-off-by: Tad <tad@spotco.us>
2021-12-13 21:33:04 -05:00
Tad
20e1023627 Small changes
- 16.0: drop wallpaper optimization patch, questionable source
- deblobber: don't remove libmmparser_lite.so, potentially used by camera
- 17.1: pick Q_asb_2021-12, excluding a broken patch
- clark 17.1: some camera denial fixes
- alioth: unmark broken
- 17.1: switch to upstream glibc fix
- 17.1/18.1: disable per app sensors permission patchset, potential camera issues

Signed-off-by: Tad <tad@spotco.us>
2021-12-13 20:28:54 -05:00
Tad
8b85bf9719 Small change
Signed-off-by: Tad <tad@spotco.us>
2021-12-12 12:10:47 -05:00
Tad
359ce4608f Small updates
Signed-off-by: Tad <tad@spotco.us>
2021-12-07 20:57:54 -05:00
Tad
62166d1ea5 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 11:54:59 -05:00
Tad
df3b54fa20 Fixup camera on flox
Camera works in OpenCamera, but it can't actually take pictures.
Switch to Camera2 instead, tested pictures and videos working.

Also fixup compile issue with oneplus/msm8998-common
And refresh some patchers

Signed-off-by: Tad <tad@spotco.us>
2021-11-15 18:01:27 -05:00
Tad
1ce0093d9f More verified boot fixes
Signed-off-by: Tad <tad@spotco.us>
2021-11-08 09:36:56 -05:00
Tad
3e62262e88 Small fixup
Signed-off-by: Tad <tad@spotco.us>
2021-11-07 13:37:37 -05:00
Tad
6567937b05 ASB picks
Signed-off-by: Tad <tad@spotco.us>
2021-11-05 13:29:50 -04:00
Tad
621441349e Fixup the sensors permission patches on 7, 8, and 9.
Switch these patches to MODE_ALLOWED from MODE_ASK to fix breakage
of system services.

Also remove some code that adds a likely security issue.

Will need some extra regression testing.

Signed-off-by: Tad <tad@spotco.us>
2021-11-04 10:24:06 -04:00
Tad
809e03833e Verity enablement overhaul
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita

Signed-off-by: Tad <tad@spotco.us>
2021-11-02 10:24:07 -04:00
Tad
a0918b5222 18.1: add z2_plus
Signed-off-by: Tad <tad@spotco.us>
2021-10-22 13:37:53 -04:00
Tad
b78944933c More fixes
Ensure new shells have the correct settings too.

Signed-off-by: Tad <tad@spotco.us>
2021-10-16 22:57:43 -04:00