Commit Graph

1115 Commits

Author SHA1 Message Date
Tad
a423f977ff Update CVE patchers 2021-04-12 20:53:35 -04:00
Tad
8e496341b5 Small tweaks + ASB cherrypicks 2021-04-08 05:40:22 -04:00
Tad
f48738f944 Update CVE patchers 2021-04-06 20:55:55 -04:00
Tad
4d31a97c3f Set forceencrypt for devices using footer 2021-04-06 15:36:20 -04:00
Tad
d9238f8385 18.1: fix recovery signing
friendly reminder to take a break when dealing with the same issue for extended periods of time
2021-04-06 05:56:47 -04:00
Tad
9293f48b0c Revert "17.1: drop support for all devices tested working on 18.1"
This reverts commit 2bbbd6d87f.

18.1 recovery is refusing to compile properly.
2021-04-06 04:12:46 -04:00
Tad
f3e672fb18 Failed attempt at fixing signing
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.

Override it at the source and set it explicitely as well.

This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.

11.0 signing is ignored.

This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.

--

After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
2021-04-06 04:07:18 -04:00
Tad
ad178961e4 Improvements and fixes
- 18.1: disable m8, thermanager is not yet ready
- 17.1: drop cheeseburger/dumpling, it is absolutely broken
- deblobber: remove euicc + others
- deblobber: hack to remove vintf fragments
2021-04-05 18:09:22 -04:00
Tad
2a0e74864b 17.1: Add fugu 2021-04-02 15:41:28 -04:00
Tad
a2d6d77b4c Update CVE patchers 2021-04-02 12:20:40 -04:00
Tad
d60f2ab05c 18.1 Add victara 2021-04-02 11:58:28 -04:00
Tad
2bbbd6d87f 17.1: drop support for all devices tested working on 18.1 2021-04-02 02:32:15 -04:00
Tad
c3271c38da Small fixes 2021-04-01 20:58:04 -04:00
Tad
9db9215d6b Small changes
- Disable generation of unused OTA to reduce compile time
- 17.1+: Disable APEX, breaks signing, and is also useless since no Play Store.
- 18.1: Fixup signing
2021-03-31 01:30:17 -04:00
Tad
398f663e47 Small changes 2021-03-29 23:14:33 -04:00
Tad
9c70bfc6a3 Small fixes
- Bring 17.1 recovery in line with 18.1
- flox: fix sensors on 17.1
- flo 15.1: sensors might still be broken due to denial
- flox 17.1: reboot issue is likely fixed
- 18.1: fix my Wi-Fi (wpa2-eap with a cert, but no domain)
2021-03-27 13:48:55 -04:00
Tad
9ae46b7624 Update CVE patchers
This fixes Fenix causing a reboot on select devices.
2021-03-26 22:51:50 -04:00
Tad
32b5369cbf 15.1: restore flo support
17.1 flox powers off when unused for a random period of time.
repeated power off leads to corruption of /data, requiring a wipe.
2021-03-26 21:02:17 -04:00
Tad
38ad988924 Potentially fixup manta
- Deblobber: don't remove mfc_fw.bin, used for media decode
- Deblobber: don't remove es305_fw.bin, used for audio processing
- don't force dexpreopt on manta, likely breaks Wi-Fi
- fix some SELinux denials on manta
2021-03-26 16:39:55 -04:00
Tad
4d902672df More cleanup 2021-03-25 10:16:38 -04:00
Tad
d8712ad62a Update CVE patchers 2021-03-24 16:31:25 -04:00
Tad
5d14e4b4f7 Small changes
- Add m7 and avicii (untested)
- Use low_ram target on <2GB devices
  Silly me, this never did anything due to the git reset...
- Update Chromium WebView cherrypick
2021-03-24 14:43:12 -04:00
Tad
08ea27fd00 Only include Silence when needed
ie. not on tablets without cellular
2021-03-23 21:11:08 -04:00
Tad
ecd0094b6e Fixup dragon 2021-03-23 17:14:19 -04:00
Tad
529b47039c 18.1: Initial bringup
- Functionality tested on mako and klte
- In-place upgrade from 17.1 tested working on klte
- Compile tested on bacon and klte
- Recovery OTA key patch missing, unsure if still needed.
- Deblobber needs support for removing vintf manifest paths from vendor Android.bp
- Launcher needs more default_workspace grid variants (eg. 4x5)
2021-03-23 12:36:31 -04:00
Tad
c23646ebd5 More cleanup 2021-03-20 16:37:15 -04:00
Tad
add30db605 Drop support for overclocking
These patches have been disabled for years.
2021-03-20 16:23:38 -04:00
Tad
62cba6a878 More cleanup 2021-03-20 16:15:01 -04:00
Tad
92dcea3b7d Update CVE patchers 2021-03-20 16:04:14 -04:00
Tad
10b157418d 14.1: drop support for all devices compiling on 15.1 or 16.0 or 17.1 2021-03-20 14:28:41 -04:00
Tad
70b1007dec 15.1: drop support for all devices compiling on 16.0 or 17.1 2021-03-20 14:28:36 -04:00
Tad
aa3d0aeac5 16.0: drop support for all devices compiling on 17.1 2021-03-20 14:03:01 -04:00
Tad
96d6d74534 14.1: drop support for all devices tested working on 15.1 or 16.0 or 17.1 2021-03-20 13:52:15 -04:00
Tad
3067ecca23 15.1: drop support for all devices tested working on 16.0 or 17.1 2021-03-20 13:45:37 -04:00
Tad
d87ae7d12c 16.0: drop support for all devices tested working on 17.1 2021-03-20 13:38:05 -04:00
Tad
caeb3d5199 Add FP3 to 16.0 and 17.1
Untested
2021-03-19 21:53:28 -04:00
Tad
c6f2a5a06d Fixup ef0ee2c3 2021-03-15 01:06:23 -04:00
Tad
ef0ee2c316 Update CVE patchers 2021-03-14 21:59:19 -04:00
Tad
a3fbed9da5 Update cherrypicks and small tweaks 2021-03-07 03:04:44 -05:00
Tad
60070a19bd Update CVE patchers
Consider splitting CVE-2020-27067 to restore basic patches.
2021-03-04 15:10:24 -05:00
Tad
f02363ecb4 March 2021 Security Updates 2021-03-04 13:02:10 -05:00
Tad
f8416a1083 Legal goodies 2021-03-01 21:05:42 -05:00
Tad
5a3b13e650 Update CVE patchers 2021-02-28 17:56:07 -05:00
Tad
701f336185 Tiny tweaks 2021-02-28 13:25:55 -05:00
Tad
07e46913d9 Fixup verity enablement for cheryl
cheryl was already supported in Copy_Keys.sh
2021-02-14 22:50:34 -05:00
Tad
6d0bc0c57e Update CVE patchers 2021-02-11 15:04:46 -05:00
Tad
41a04ebd36 Update CVE patchers 2021-02-10 15:55:51 -05:00
Tad
553299c409 Small updates 2021-02-08 18:49:01 -05:00
Tad
f1e2e43642 Update CVE patchers 2021-02-07 19:41:46 -05:00
Tad
d003ee6ea7 Update cherrypicks 2021-02-06 15:24:31 -05:00
Tad
3c0aaaa803 Update CVE patchers 2021-02-06 13:04:52 -05:00
Tad
820c637f20 Move many old cherry picks in tree for archival/support purposes 2021-02-05 20:00:43 -05:00
Tad
ebd992580c Update cherrypicks 2021-02-05 16:53:25 -05:00
Tad
d44eca7187 Update CVE patchers 2021-02-03 19:40:55 -05:00
Tad
fc5ba24098 Fixup 2021-02-03 12:19:37 -05:00
Tad
8fbe6a4bd2 Update CVE patchers 2021-02-03 11:50:22 -05:00
Tad
31d0b901ae Update cherrypicks 2021-02-03 09:45:26 -05:00
Tad
bac552732f Small tweaks 2021-01-30 21:34:50 -05:00
Tad
6a1fb99cc9 Unbreak last commit
This should be most of it

also
- properly update webview, repopick doesn't seem to handle the branch
- always cd back to base, to prevent script breakage
2021-01-25 13:31:57 -05:00
Tad
08142c2c9d Update CVE patchers
I expect breakage.
2021-01-24 00:30:24 -05:00
Tad
bef3ba0049 Small changes 2021-01-23 23:08:00 -05:00
Tad
38da3e202e Re-enable the SOUND_TRIGGER removal bits disabled in e9fd952b
It does not fix the phone call audio issues on mata like I hoped it would.
2021-01-18 09:11:37 -05:00
Tad
b99e1865fe deblobber improvements
- fixup CNE removal to disable Wi-Fi calling
- extend system.prop edits to cover all .props
- remove persist. and ro. from edits to cover all properties
2021-01-18 07:15:11 -05:00
Tad
c17623a87a Update CVE patchers 2021-01-16 22:48:28 -05:00
Tad
e9fd952ba2 Many small tweaks
- Remove leftover WireGuard repo missed in 31898834
- Enable the volteOverride, to ensure VoLTE enablement on supported devices on unknown carriers
- Extend volteOverride to support system.prop if vendor.prop doesn't exist (to cover eg. marlin/sailfish)
- Disable commenting of SOUND_TRIGGER flags.
  sountrigger blobs are not removed due to boot breakage.
  disable this and stop patching hardware/qcom/audio.
  Intended to potentially fix phone call audio issues on mata
- Small CVE patcher updates
2021-01-16 21:16:02 -05:00
Tad
a4333daefe Update cherrypicks
I managed to miss 300243 in the recent 17.1 rebuilds
2021-01-14 12:08:46 -05:00
Tad
55a9da29b0 Small fix 2021-01-14 05:26:49 -05:00
Tad
318988345b Drop WireGuard kernel module support
It was never used or enabled.
Silly me didn't acknowledge that it requires root for any app to use.

The app itself will still be included in the PrebuiltApps submodule for anyone who needs.
2021-01-13 06:30:44 -05:00
Tad
d757d84331 Fixup typo from 42b94605 2021-01-13 04:57:27 -05:00
Tad
f621ff7dda Update CVE patchers
I have absolutely no idea why kernel_oneplus_msm8998 was downgraded
4.4.241 to 4.4.205
https://github.com/LineageOS/android_kernel_oneplus_msm8998/tree/backup/lineage-17.1_20210108_1948
2021-01-13 04:29:00 -05:00
Tad
b683d40ef3 Small tweaks
- Update cherry picks
- Add star2lte to 15.1 and 17.1
2021-01-09 13:37:07 -05:00
Tad
42b94605f8 Cherrypicks and CVE-2019-2306 patching 2021-01-06 14:04:18 -05:00
Tad
e557ca3710 Update CVE patchers 2021-01-05 14:26:15 -05:00
Tad
bd4cb22db1 ASB cherry picks 2021-01-05 12:22:42 -05:00
Tad
e62afb602b Sync APN list from 17.1 to all versions
- 15.1: enable hammerhead due to reported bt issues on 16.0
2021-01-04 20:16:33 -05:00
Tad
3b8750cdff Deblobber: don't remove aonvr*.bin
breaks microphone on shamu and victara
2021-01-01 20:16:19 -05:00
Tad
ff96315fb4 Update CVE patchers 2020-12-30 11:08:19 -05:00
Tad
4c0ac9c46c Small changes 2020-12-24 02:01:10 -05:00
Tad
8b56cd13c6 deblobber: Don't remove CNE
- breaks Wi-Fi calling
- breaks IMS on marlin/sailfish
2020-12-22 13:53:29 -05:00
Tad
d6cf9ec8b0 Many fixes
VoLTE tested working on mata/17.1!
VoWiFi tested working with DOS_DEBLOBBER_REMOVE_CNE=false

- Disable Graphene exec spawning feature, subtly breaks many apps
  Maybe missing some patches?
- Build old versions for devices with broken IMS
- Ensure shell umask is always 0022
- fwb overlay: drop the MMS user-agent overrides
- Drop the BlobBlocker and ModuleBlocker
  They were unused and unkempt.
- Put volteOverride behind DOS_DEBLOBBER_REMOVE_IMS and comment it
2020-12-22 04:00:12 -05:00
Tad
356c743cd8 Update cherrpicks 2020-12-21 03:44:07 -05:00
Tad
1be184bac9 Small tweaks 2020-12-16 07:48:41 -05:00
Tad
39727cb7c7 Update CVE patchers 2020-12-10 14:09:58 -05:00
Tad
5ffefc4dc3 Cherry picks 2020-12-10 12:34:14 -05:00
Tad
3ec13d6bc8 Update CVE patchers 2020-12-08 10:24:24 -05:00
Tad
e36a91facc Update CVE patchers 2020-12-07 09:36:20 -05:00
Tad
9c691d02ab Update CVE patchers 2020-12-03 22:43:23 -05:00
Tad
26cda44016 Add support for rs988, h990, and h870 2020-11-29 19:19:43 -05:00
Tad
09722044b0 Update CVE patchers 2020-11-29 19:06:06 -05:00
Tad
69c8bdfb22 Update CVE patchers 2020-11-26 09:03:45 -05:00
Tad
48e72f67bb Tiny update 2020-11-22 22:12:47 -05:00
Tad
445582fe2a Update CVE patchers 2020-11-19 17:15:55 -05:00
Tad
9d7e5a24a3 License headers 2020-11-17 10:19:06 -05:00
Tad
7b9d90d781 move clark from 14.1 to 17.1 2020-11-15 08:16:29 -05:00
Tad
523264aebb Update CVE patchers 2020-11-12 23:46:38 -05:00
Tad
e7a65ff912 Small fixes 2020-11-09 22:55:36 -05:00
Tad
dfe516fc3d 17.1: update cheeseburger/dumpling kernel 2020-11-07 17:29:55 -05:00
Tad
a21a6acaa8 Update cherrypicks 2020-11-07 17:20:30 -05:00
Tad
dc5b1d91f2 Update CVE patchers 2020-11-06 16:15:16 -05:00
Tad
42053a97e2 ASB cherry picks 2020-11-04 09:48:12 -05:00
Tad
6a5866c01d More failed attempts at fixing IMS
Keeping IMS, RCS, CNE, ATFWD, and allowing ims* to access /dev/diag:
IMS service still fails to register on mata

Is it the carrier?
Is it the phone?
Is it LineageOS?
Is is DivestOS?
Absolute mess.
2020-11-02 19:24:56 -05:00
Tad
e36f4529a3 Fixup 9f01dc03
Enables replacing of vendor fingerprints.
I thought this was broken, turns out it was the AUX camera change instead.
2020-11-02 11:04:49 -05:00
Tad
9f01dc038c Small changes
- SUPL NTP fix
- Remove debug info from dexpreopt, saves a few MB
- 15.1+: enable full dexpreopt, for perf and memory benefits
- 17.1: change oneplus/msm8998-common kernel
- 17.1: add OpenCamera to AUX list
- Resurrect verity for devices missed previously
- Update some CVE patchers
- deblobber: remove some lingering atfwd blobs
2020-11-02 06:28:06 -05:00
Tad
3926f3a44f Small updates
- Various rebranding fixes
- 17.1: hold off on Seedvault inclusion for now
- 17.1: update kernel/fxtec/msm8998 CVE patcher
- 17.1: build cheeseburger/dumpling
2020-10-31 15:16:25 -04:00
Tad
5ec84b9f7b Update CVE patchers 2020-10-30 14:35:12 -04:00
Tad
40f8cebc53 Small updates 2020-10-28 19:09:18 -04:00
Tad
b89cc98001 Small updates 2020-10-27 21:40:20 -04:00
Tad
ff8dfd95db Small updates 2020-10-26 05:24:59 -04:00
Tad
47d064f98c Fixes 2020-10-23 18:50:51 -04:00
Tad
fb2a4df9a0 Add yellowstone, untested and disabled for now 2020-10-23 16:47:06 -04:00
Tad
95077df728 Update CVE patchers 2020-10-23 15:51:19 -04:00
Tad
1b4b86c38d Tiny tweaks 2020-10-23 14:49:16 -04:00
Tad
c7eb6fcbfe deblobber: fixup IMS for a few devices
Don't remove qti-vzw-ims-internal.jar needed by IMS stack.
It is just a shim and doesn't really do anything.

Also put RCS behind a flag.
2020-10-21 20:09:53 -04:00
Tad
0958df7de5 deblobber: remove more blobs 2020-10-20 10:45:57 -04:00
Tad
00a6a86126 deblobber: fixup timekeep replacement, credit Wang Han/aviraxp 2020-10-20 05:39:06 -04:00
Tad
d889ae4642 Update CVE patchers 2020-10-17 15:28:42 -04:00
Tad
6d15a2bb82 Update CVE patchers 2020-10-15 22:36:28 -04:00
Tad
688f4dd953 More CVE patcher fixes 2020-10-15 21:31:46 -04:00
Tad
cc64ce1634 Update CVE patchers 2020-10-14 16:28:07 -04:00
Tad
10d042c3c0 Update CVE patchers 2020-10-14 15:20:06 -04:00
Tad
6c9c91941e Fix errors from compile test of all 14.1 kernels 2020-10-14 14:23:22 -04:00
Tad
d53a4f4e41 Update CVE patchers
- Drop tcp_sack=0 sysctl, as most devices are now patched
2020-10-12 18:38:07 -04:00
Tad
b56929d3d9 Many changes
- Missing credit in LICENSE
- Update TODO
- hardenLocationConf: don't change version
- hardenDefconfig: Fix reboot on shutdown
- changeDefaultDNS: replace a level3 dns straggler for tethering config
- Don't remove CompanionDeviceManager if microG is included
- Update cherry picks
- init.sh: update comment wording
2020-10-12 07:52:54 -04:00
Tad
115dd21832 Many changes
- 17.1: Add Pixel 4/XL
- Promote klte to 17.1
- hardenBootArgs: don't run on klte
- hardenBootArgs: regorganize
- hardenDefconfig: enabler: drop unnecessary options (iommu)
- hardenDefconfig: disabler: comment diag options for now
- deblobber: comment dirac lines to fix cheeseburger headphone jack
- fixup Etar replacement
2020-10-11 07:12:00 -04:00
Tad
496fddb303 Replace calendar with Etar, and drop LocalCalendar 2020-10-11 04:12:16 -04:00
Tad
260140f0a1 Update CVE patchers 2020-10-10 11:56:35 -04:00
Tad
8bdad21040 Update CVE patchers 2020-10-06 23:36:29 -04:00
Tad
b56fabac3b Update CVE patchers
I expect some breakage here
2020-10-06 21:14:18 -04:00
Tad
bf9167f442 Update CVE patchers 2020-10-05 21:38:25 -04:00
Tad
589394a589 Small updates 2020-10-05 21:38:15 -04:00
Tad
55e010fba5 Small updates 2020-10-01 14:56:37 -04:00
Tad
46c1a74ef3 17.1: Fixup TTS 2020-09-25 11:38:26 -04:00
Tad
92f7f37096 Update CVE patchers
Fix CVE-2020-25221 breakage
2020-09-25 09:27:12 -04:00
Tad
bc7cf7af0a Update CVE patchers 2020-09-25 06:55:18 -04:00
Tad
a9812ba729 17.1: Rebase microG patches 2020-09-24 08:02:27 -04:00
Tad
92879ec2a4 Update CVE patchers 2020-09-23 06:31:34 -04:00
Tad
3bc1463017 Update CVE patchers 2020-09-18 10:36:01 -04:00
Tad
8c1e8ee3e3 Update CVE patchers 2020-09-17 15:35:48 -04:00
Tad
40654dbf4b Fixup 556a8529 2020-09-15 15:29:10 -04:00
Tad
6e16320468 Small fixes 2020-09-13 19:52:37 -04:00
Tad
d16a362141 ASB cherry picks + Fixup 2f83043c
TODO: rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk
2020-09-12 08:29:09 -04:00
Tad
4c29ac36d2 Update CVE patchers 2020-09-09 19:00:03 -04:00
Tad
76fcd8a0d4 Update CVE patchers 2020-09-08 18:19:52 -04:00
Tad
37ff7ddc2d Update CVE patchers 2020-09-02 15:03:00 -04:00
Tad
bca6af1516 Small updates
- recovery: abort on serial number specific updates, credit: GrapheneOS
- Add lists of missing CVEs
- Update cherrypicks
2020-09-02 14:20:51 -04:00
Tad
0808ac1fd0 Many updates
- Add OnePlus 6, 6T, 7, 7 Pro
- Ensure verity/avb keys are *always* copied
- Update cherry picks
2020-09-01 03:26:21 -04:00
Tad
ec17d20f58 Update CVE patchers 2020-08-22 11:03:23 -04:00
Tad
826949e6df Small updates 2020-08-22 10:18:29 -04:00
Tad
98854115be 16.0: Add pro1
- Also initial beryllium support, no builds yet
2020-08-10 15:34:55 -04:00
Tad
f19dbe5958 More fixes for a69326f3 2020-08-10 03:46:36 -04:00