Commit Graph

957 Commits

Author SHA1 Message Date
Tad
844227a4f4 18.1: add the ptrace_scope patchset from GrapheneOS
ad017fba58
3b89605581
8b0419ac04
52ea603339

Signed-off-by: Tad <tad@spotco.us>
2022-03-15 14:29:34 -04:00
Tad
07bd5a3a0e Automatic reboot and Bluetooth/Wi-Fi shutoff from GrapheneOS and CalyxOS
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/59
Tested on 18.1
Untested on 17.1

Signed-off-by: Tad <tad@spotco.us>
2022-03-15 01:27:08 -04:00
Tad
e61e288b4a Optionally allow the official Bromite WebView to be used, credit @MSe1969
This also replaces the overrides for all versions
And should allow the Google WebView on 14/15/16
And lastly only leaves the bundled version as default

This is a merge of the LineageOS 14/15/16 and 17/18 overlay
With the addition of the Bromite signature from @MSe1969

Signed-off-by: Tad <tad@spotco.us>
2022-03-14 22:59:40 -04:00
Tad
9ba3a061c6 Tweak
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 11:57:34 -04:00
Tad
015799737e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 17:16:47 -05:00
Tad
4f75a8272a Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 11:59:30 -05:00
Tad
902239e2b5 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 23:20:43 -05:00
Tad
de764885b3 Fixup
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 12:56:52 -05:00
Tad
54dbcd9e43 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-03-07 19:12:10 -05:00
Tad
bda848a0a1 Fixup 057bedb6
Sadly this means the option was never enabled :(
Note: these options are only available on 4.4+ kernels

Signed-off-by: Tad <tad@spotco.us>
2022-03-06 23:05:13 -05:00
Tad
9a6c3f99ed Verify authorship and Change-Id of all contained patches
- No patches were found with incorrect authorship/From: lines
- The older AndroidHardening patch repos are no longer available to verify CID.
- New GrapheneOS patches do not include a CID.
- *Signature_Spoofing.patch CID could not be found.
- Fixed CID of *Harden_Sig_Spoofing.patch to match 14.1
- Fixed CID of *LGE_Fixes.patch to match 14.1
- Fixed CID of *Harden.patch to match 14.1
- Added edit note to *Harden.patch
- Fixed CID of *PREREQ_Handle_All_Modes.patch to match 14.1
- Fixed CID of *More_Preferred_Network_Modes.patch to match 14.1
- Fixed CID of *AES256.patch to match 14.1
- Fixed CID of *0001-OTA_Keys.patch to match 18.1
- Fixed CID of *Camera_Fix.patch to match 15.1
- Fixed CID of *Connectivity.patch to match 14.1
- Fixed CID of *Fix_Calling.patch to match 14.1
- Fixed CID of *Remove_Analytics.patch to match 14.1
- Fixed CID of Unused-*.patch/audio_extn to match original

Signed-off-by: Tad <tad@spotco.us>
2022-03-05 13:13:30 -05:00
Tad
ac1e89f0c8 Update CVE patchers [the big fixup]
This removes many duplicately or wrongly applied patches.

Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely

Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once	to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev

Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
  then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
  This was seemingly fixed with a hand merged patch in patch repo.

Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames

Signed-off-by: Tad <tad@spotco.us>
2022-03-04 00:42:28 -05:00
Tad
927b9bfbc5 Fix random reboots on broken kernels when an app has data restricted
I don't like this

Reading:
- 24b3bdcf71
- https://review.lineageos.org/c/LineageOS/android_kernel_essential_msm8998/+/320470
- https://review.lineageos.org/c/LineageOS/android_system_bpf/+/264702
- https://gitlab.com/LineageOS/issues/android/-/issues/2514
- https://gitlab.com/LineageOS/issues/android/-/issues/3144
- https://gitlab.com/LineageOS/issues/android/-/issues/3287

Test:
- restrict mobile data for an app
- toggle wifi on and off a few times
- watch systemui crash and soft-reboot

Tested working on cheeseburger

Signed-off-by: Tad <tad@spotco.us>
2022-03-03 17:51:46 -05:00
Tad
0d0104b4bb Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-03-02 22:57:34 -05:00
Tad
0d59c18c85 Enable the NETWORK permission patchset for 16.0 too
Likely has issues with secondary users.
As in the permission affects all copies of the same app.

Signed-off-by: Tad <tad@spotco.us>
2022-02-28 01:27:38 -05:00
Tad
bbdfcdc2a2 Tiny fix
Signed-off-by: Tad <tad@spotco.us>
2022-02-26 11:47:52 -05:00
Tad
5e1521700f Port the GrapheneOS NETWORK permission to 17.1 and 18.1
Some patches were ported from 12 to 10/11
Some patches from 11 were ported to 10
This 10/11 port should be very close to 12

BOUNS: 16.0 patches, disabled

Signed-off-by: Tad <tad@spotco.us>
2022-02-25 16:52:51 -05:00
Tad
5245109cc1 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-02-19 23:22:19 -05:00
Tad
5283db6f05 Drop the broken PDB patch
Why'd past me write this trash?

Signed-off-by: Tad <tad@spotco.us>
2022-02-14 07:43:45 -05:00
Tad
143b6fa164 18.1: Refresh for recent upstream Updater changes
Untested, should work

Signed-off-by: Tad <tad@spotco.us>
2022-02-14 03:05:32 -05:00
Tad
2eda5086fc Tiny tweak
Signed-off-by: Tad <tad@spotco.us>
2022-02-13 23:57:59 -05:00
Tad
48b009a02e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-02-12 06:56:28 -05:00
Tad
b6da59d24f Drop FairEmail, Vanilla, and their AOSP equivalents
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 14:25:30 -05:00
Tad
5b783483e6 Cleanup
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 14:23:51 -05:00
Tad
bc3a9cddba Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-02-09 00:22:02 -05:00
Tad
ee0bd8625f Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-02-07 14:43:05 -05:00
Tad
0a664cc22c Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-02-03 21:12:02 -05:00
Tad
c0aac415aa Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-01-29 09:35:59 -05:00
Tad
58b53de17a Multi user tweaks from GrapheneOS
Signed-off-by: Tad <tad@spotco.us>
2022-01-24 06:30:39 -05:00
Tad
2400cf0964 App updates
- Drops Calendar, Eleven, and Email
- Adds a variable for Silence inclusion
- Adds a NONE option for microG inclusion flag to disable NLP inclusion

Signed-off-by: Tad <tad@spotco.us>
2022-01-24 06:30:15 -05:00
Tad
6864156bd6 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-01-20 22:22:22 -05:00
Tad
dbd2a71722 Update CVE patchers
Hopefully fixes boot breakage

Signed-off-by: Tad <tad@spotco.us>
2022-01-17 01:23:10 -05:00
Tad
5e18ec4dfe Tiny tweak
Signed-off-by: Tad <tad@spotco.us>
2022-01-16 16:42:26 -05:00
Tad
6ec0c63126 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-01-13 11:08:22 -05:00
Tad
bfcf6b18b7 Fixup
Signed-off-by: Tad <tad@spotco.us>
2022-01-12 05:57:08 -05:00
Tad
ce6ee9d8e4 Update CVE patchers
CVE-2021-0961 should be fine now

Signed-off-by: Tad <tad@spotco.us>
2022-01-11 05:41:26 -05:00
Tad
b9c7839110 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 01:19:31 -05:00
Tad
8a45dc4696 18.1: Device additions
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c

Signed-off-by: Tad <tad@spotco.us>
2022-01-06 21:04:17 -05:00
Tad
207e45fe6a Update oneplus/sdm845 to 4.9.295
Signed-off-by: Tad <tad@spotco.us>
2022-01-06 15:21:00 -05:00
Tad
b05823bb20 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-01-04 21:00:25 -05:00
Tad
daf98f8197 Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-12-31 21:39:04 -05:00
Tad
39e520a03f Sync APN list from 18.1
Signed-off-by: Tad <tad@spotco.us>
2021-12-31 21:12:24 -05:00
Tad
e08349a202 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-12-29 11:51:58 -05:00
Tad
68771721d5 Update oneplus/sdm845 to 4.8.282
Signed-off-by: Tad <tad@spotco.us>
2021-12-29 11:51:52 -05:00
Tad
8b3beeb9fd More analytics disablement
Signed-off-by: Tad <tad@spotco.us>
2021-12-27 23:24:03 -05:00
Tad
ee1f466211 Fixup
Signed-off-by: Tad <tad@spotco.us>
2021-12-27 18:16:42 -05:00
Tad
2c1d8d5e78 Hamper analytics improvements
Signed-off-by: Tad <tad@spotco.us>
2021-12-27 17:35:53 -05:00
Tad
3c1931bcc9 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-12-19 05:15:32 -05:00
Tad
11141d3bc9 Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-12-17 14:31:13 -05:00
Tad
6c38ece551 Update CVE patchers
User report confirms fixing wifi on lmi

Signed-off-by: Tad <tad@spotco.us>
2021-12-15 17:10:35 -05:00
Tad
20e1023627 Small changes
- 16.0: drop wallpaper optimization patch, questionable source
- deblobber: don't remove libmmparser_lite.so, potentially used by camera
- 17.1: pick Q_asb_2021-12, excluding a broken patch
- clark 17.1: some camera denial fixes
- alioth: unmark broken
- 17.1: switch to upstream glibc fix
- 17.1/18.1: disable per app sensors permission patchset, potential camera issues

Signed-off-by: Tad <tad@spotco.us>
2021-12-13 20:28:54 -05:00
Tad
8b85bf9719 Small change
Signed-off-by: Tad <tad@spotco.us>
2021-12-12 12:10:47 -05:00
Tad
8cf90d055e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-12-11 01:12:41 -05:00
Tad
359ce4608f Small updates
Signed-off-by: Tad <tad@spotco.us>
2021-12-07 20:57:54 -05:00
Tad
ed1c151ce5 Update CVE patchers
CVE-2021-0961/ANY/0001.patch likely causes breakage

Signed-off-by: Tad <tad@spotco.us>
2021-12-06 17:43:34 -05:00
Tad
c5c3998593 Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝
Tested on 14.1 and 15.1 targets

Signed-off-by: Tad <tad@spotco.us>
2021-11-29 21:14:00 -05:00
Tad
62166d1ea5 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 11:54:59 -05:00
Tad
df3b54fa20 Fixup camera on flox
Camera works in OpenCamera, but it can't actually take pictures.
Switch to Camera2 instead, tested pictures and videos working.

Also fixup compile issue with oneplus/msm8998-common
And refresh some patchers

Signed-off-by: Tad <tad@spotco.us>
2021-11-15 18:01:27 -05:00
Tad
f950398fa1 glibc 2.34 fix
Tested working to compile mako on Fedora 35

Signed-off-by: Tad <tad@spotco.us>
2021-11-14 20:16:48 -05:00
Tad
b8f5d8a510 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-11-12 11:51:02 -05:00
Tad
c95421b6d2 Fixup 9c105b79
Signed-off-by: Tad <tad@spotco.us>
2021-11-08 18:45:29 -05:00
Tad
9c105b799f O_asb_2021-11
Based off of:
https://review.lineageos.org/q/topic:P_asb_2021-11

Missing:
https://review.lineageos.org/c/LineageOS/android_packages_apps_Settings/+/318655

Maybe missing:
https://review.lineageos.org/c/LineageOS/android_hardware_nxp_nfc/+/318653

Doesn't exist:
https://review.lineageos.org/c/LineageOS/android_frameworks_native/+/318652

Untested

Signed-off-by: Tad <tad@spotco.us>
2021-11-08 17:19:50 -05:00
Tad
3e62262e88 Small fixup
Signed-off-by: Tad <tad@spotco.us>
2021-11-07 13:37:37 -05:00
Tad
e882cf16c7 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-11-06 18:47:57 -04:00
Tad
f2b9eb8e8b Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-11-06 11:22:43 -04:00
Tad
fdd549ee98 16.0: add kccat6 and lentislte
Signed-off-by: Tad <tad@spotco.us>
2021-11-05 14:16:18 -04:00
Tad
621441349e Fixup the sensors permission patches on 7, 8, and 9.
Switch these patches to MODE_ALLOWED from MODE_ASK to fix breakage
of system services.

Also remove some code that adds a likely security issue.

Will need some extra regression testing.

Signed-off-by: Tad <tad@spotco.us>
2021-11-04 10:24:06 -04:00
Tad
f7295a0f74 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 23:50:35 -04:00
Tad
b6575a362e Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 22:47:34 -04:00
Tad
f3277f3c07 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 12:01:36 -04:00
Tad
809e03833e Verity enablement overhaul
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita

Signed-off-by: Tad <tad@spotco.us>
2021-11-02 10:24:07 -04:00
Tad
898c040ead More useless churn
Signed-off-by: Tad <tad@spotco.us>
2021-11-01 21:04:59 -04:00
Tad
33c2725946 More patch refreshing
Signed-off-by: Tad <tad@spotco.us>
2021-10-29 16:08:27 -04:00
Tad
a9f445ad47 16.0: add land and santoni
Signed-off-by: Tad <tad@spotco.us>
2021-10-28 19:07:31 -04:00
Tad
ecc4688ce0 Denial fixes for clark, osprey, surnia, and g3-common
Signed-off-by: Tad <tad@spotco.us>
2021-10-28 00:47:59 -04:00
Tad
ec043e961e Update CVE patchers
CVE-2021-20317 might need to be disabled due to QC timer breakage.

Signed-off-by: Tad <tad@spotco.us>
2021-10-27 15:26:53 -04:00
Tad
e6beba4b15 Small tweaks
Sad churn from git version.
Will be removed next build cycle.

Signed-off-by: Tad <tad@spotco.us>
2021-10-27 14:16:37 -04:00
Tad
b77444f84d Deblobber tweaks
- Put more blobs behind flags for testing purposes
- Potential graphics fix for newer devices
- Removes more Wi-Fi display blobs
- Remove some misc blobs

Signed-off-by: Tad <tad@spotco.us>
2021-10-23 19:49:27 -04:00
Tad
0c793835da Expand the available Private DNS options
Signed-off-by: Tad <tad@spotco.us>
2021-10-22 18:33:06 -04:00
Tad
fe8e8201a9 Add more 'Private DNS' options
Based off of patches from CalyxOS as noted in each included patch.

Tested and verified working on klte and mata 18.1

Signed-off-by: Tad <tad@spotco.us>
2021-10-21 23:39:46 -04:00
Tad
70b96aa211 Update oneplus/sdm845 from 4.9.227 to 4.9.277
Pulls us into August 2021

Tested working:
- boot
- usb mtp
- wifi
- bluetooth
- cameras
- audio
- gps
- brightness

Signed-off-by: Tad <tad@spotco.us>
2021-10-21 00:12:59 -04:00
Tad
5d7d710076 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-10-20 15:01:18 -04:00
Tad
042b9063d1 More fixes
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 17:12:13 -04:00
Tad
4ce35a3c60 Refresh most branch specific patches
Fixed up:
LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch
LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch

Must review again:
LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch

Signed-off-by: Tad <tad@spotco.us>
2021-10-16 15:19:55 -04:00
Tad
52fd9c9ddb Tiny cleanup
Signed-off-by: Tad <tad@spotco.us>
2021-10-15 14:05:14 -04:00
Tad
5b630620f8 Drop 11.0
It has been over 2,500 days since the last release of 4.4.4.
And over 600 days since I last compiled this.

Signed-off-by: Tad <tad@spotco.us>
2021-10-14 20:08:44 -04:00
Tad
7ba42f052a Small changes
Signed-off-by: Tad <tad@spotco.us>
2021-10-14 15:58:22 -04:00
Tad
df60bfceda Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-10-13 12:20:44 -04:00
Tad
939c6aa7ed Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-10-07 20:07:49 -04:00
Tad
f2e1d32eba Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-10-06 16:54:45 -04:00
Tad
7b28a193f1 Include the Support app
This is a very basic app with zero permissions and has quick links to
various related resources.

Signed-off-by: Tad <tad@spotco.us>
2021-10-06 06:21:38 -04:00
Tad
0ac035a48e Fixup e4a4e7f8
Signed-off-by: Tad <tad@spotco.us>
2021-10-06 05:31:40 -04:00
Tad
e4a4e7f8de Fix BT on apollo/thor
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/16

Signed-off-by: Tad <tad@spotco.us>
2021-10-06 04:52:14 -04:00
Tad
59bd09a807 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-10-05 14:44:23 -04:00
Tad
5658b56424 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-10-03 20:00:52 -04:00
Tad
7f98aad299 18.1: Drop DnsResolver patches
Merged upstream

Signed-off-by: Tad <tad@spotco.us>
2021-10-01 17:54:54 -04:00
Tad
025ca7df7f compile fixups
after the CVE-2021-Misc2 import and hardenDefconfig overhaul

also sync 18.1 DnsResovler patches with:
6332b25b87
f8490d024a

Signed-off-by: Tad <tad@spotco.us>
2021-10-01 12:34:22 -04:00
Tad
27fe558b76 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-09-29 16:47:50 -04:00
Tad
9f9d418060 18.1: forward port the hosts cache and wildcard support
These were likely missed when resolv/ moved out of netd into DnsResolver.

Signed-off-by: Tad <tad@spotco.us>
2021-09-26 22:41:30 -04:00
Tad
94f342ac37 Tiny tweak
Signed-off-by: Tad <tad@spotco.us>
2021-09-26 16:41:48 -04:00
Tad
c6df37ca23 Expose the Sensors Off tile
This removes the hidden development 'Sensors off' tile from Settings app,
adds it back to SystemUI, and enables it by default.

Tested working on 18.1

Signed-off-by: Tad <tad@spotco.us>
2021-09-26 16:36:15 -04:00
Tad
84c7d230ab Permission for sensors access patches from @MSe1969
Signed-off-by: Tad <tad@spotco.us>
2021-09-24 23:35:33 -04:00
Tad
f5a58bd35f Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-09-23 20:56:00 -04:00
Tad
83efa5fe7d Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-09-18 13:43:41 -04:00
Tad
083e2048f8 Don't disable slub/slab merging via kernel command line, but by default
I have a sneaking suspicion that the length of some device command lines is
causing boot issues.
eg. with the recent additions, klte boots fine, but recovery doesn't, maybe
bootloader is adding more flags, exceeding a limit?

Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:17:27 -04:00
Tad
a9f44dee41 Fix hamper analytics patches
These must all be strings.
Sadly meant this likely hasn't worked for years.
:\

Signed-off-by: Tad <tad@spotco.us>
2021-09-13 15:27:29 -04:00
Tad
2f8550d2ae Sync APN list from 18.1
Signed-off-by: Tad <tad@spotco.us>
2021-09-11 16:25:14 -04:00
Tad
907dc0f040 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-09-11 16:06:57 -04:00
Tad
0ade46cc8e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-09-07 16:57:15 -04:00
Tad
e84111aaa8 Small changes
- Include TalkBack
- Fixup hosts inclusion, due to path mismatch
- 14.1: bump patch level to match the picked ASB
- 14.1: m7-common: deblobber fix

Signed-off-by: Tad <tad@spotco.us>
2021-09-06 14:32:37 -04:00
Tad
56e9a75445 14.1+15.1: Support wildcards in cached hosts file
Signed-off-by: Tad <tad@spotco.us>
2021-09-05 16:30:34 -04:00
Tad
809a361e07 Update CVE patchers
Don't introduce https://gitlab.com/LineageOS/issues/android/-/issues/3916

Will consider adding it as a revert

Signed-off-by: Tad <tad@spotco.us>
2021-09-04 14:35:24 -04:00
Tad
e0d300a651 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-09-03 22:52:24 -04:00
Tad
dd4457260f 18.1 Updates
- Update Settings and SetupWizard patches after the big SetupWizard UI update
- Use the latest captive portal patch, was also previously partially broken
  due to mis-apply

Signed-off-by: Tad <tad@spotco.us>
2021-09-03 08:57:40 -04:00
Tad
f77971d38f Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-08-31 20:53:17 -04:00
Tad
bdccb5fb39 Hamper ad_personalization_signals
Signed-off-by: Tad <tad@spotco.us>
2021-08-27 13:46:11 -04:00
Tad
27d55efdff Hamper ssaid collection
Signed-off-by: Tad <tad@spotco.us>
2021-08-27 13:41:57 -04:00
Tad
31e615f341 Add the WebView repository
Allows for rapid updates in-between build cycles.
Tested working on many devices.

Signed-off-by: Tad <tad@spotco.us>
2021-08-27 12:46:54 -04:00
Tad
792cb89ed7 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-26 12:17:46 -04:00
Tad
0dbabac59a Update CVE patchers
Maybe breakage?

Signed-off-by: Tad <tad@spotco.us>
2021-08-23 15:27:53 -04:00
Tad
1dc0bce913 Disable removal of display color blobs
Removal is still breaking boot on some devices

Signed-off-by: Tad <tad@spotco.us>
2021-08-21 15:34:02 -04:00
Tad
c0debe55c4 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-18 08:54:30 -04:00
Tad
4ae1402229 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 23:54:19 -04:00
Tad
79132fddef Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 11:07:07 -04:00
Tad
2d468d9da2 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-09 14:44:48 -04:00
Tad
2db8ac7c70 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 14:57:55 -04:00
Tad
9e548cabf5 Fixup 3d69ad87
Tested to compile bacon, ether, and griffin kernels

Signed-off-by: Tad <tad@spotco.us>
2021-08-03 18:46:38 -04:00
Tad
3d69ad873e \"\'FIXES\'\" PART 2
There will likely be some breakage here.
Many of these patches have been here since the start and never used.

Signed-off-by: Tad <tad@spotco.us>
2021-08-03 15:14:02 -04:00
Tad
4fae8d0445 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 12:37:28 -04:00
Tad
2c05482872 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-07-31 09:17:08 -04:00
Tad
914bed8556 Reimplement fe6f8537
LTE tested working with hybrid 33-107 modem.
Phone calls drop to HSPA as expected.
No issues if using stock modem either compared to without this patch.

In my area, without this patch, my makos are useless cell-wise.

Gives extra life to the Nexus 4.

Signed-off-by: Tad <tad@spotco.us>
2021-07-29 15:25:05 -04:00
Tad
36331d6d62 Update CVE patchers 2021-07-28 10:08:52 -04:00
Tad
b61264e3b9 Update CVE patchers 2021-07-27 00:17:14 -04:00
Tad
40c356371a Small tweaks 2021-07-25 22:41:56 -04:00
Tad
ca51db0be0 Update CVE patchers 2021-07-21 22:48:29 -04:00
Tad
9a4c02c3dc Tiny tweaks 2021-07-19 12:05:18 -04:00
Tad
3d67f9e25c Update CVE patchers 2021-07-12 06:31:38 -04:00
Tad
c2b2aa5830 16.0+: Add captive portal toggle from @MSe1969
Source:
0045a97cb4
b483b4e9ab
18.1 is the 17.1 patch rebased

Wording was altered.

Already included in 14.1+15.1
2021-07-10 22:48:45 -04:00
Tad
a43601e77b Update CVE patchers
I expect breakage.
2021-07-10 11:39:14 -04:00
Tad
050da06eba Move n_asb_09-2018-qcom in tree 2021-07-09 21:04:08 -04:00
Tad
c13672b9b7 Update CVE patchers 2021-07-07 15:14:20 -04:00
Tad
12283124b5 Fixup last commit 2021-07-04 17:05:27 -04:00
Tad
f6357512a7 Update CVE patchers 2021-07-04 14:41:44 -04:00
Tad
44003bd2f5 Update CVE patchers 2021-06-30 17:05:59 -04:00
Tad
d7287a6b94 Update CVE patchers 2021-06-27 11:50:15 -04:00
Tad
ef8573b29c Small fixes 2021-06-26 22:59:46 -04:00
Tad
881c24d8b2 Various patches from GrapheneOS 2021-06-26 18:57:46 -04:00
Tad
eb3e51e7e3 Small tweaks 2021-06-23 13:00:43 -04:00
Tad
48f35901c2 Update CVE patchers 2021-06-16 23:17:37 -04:00
Tad
d9d564ebd3 Cherrypick updates 2021-06-16 02:41:22 -04:00
Tad
fe1f9ec7c4 Sync reflog extracted commits with Gerrit originals 2021-06-15 21:04:37 -04:00
Tad
d42c8f033d Small changes
- Fixup CVE-2020-36386 breakage
- Move some cherrypicks in tree (gerrit down right now, pulled from reflog)
- Update cherrypicks
2021-06-15 05:46:30 -04:00
Tad
71fe4d590e Small tweaks
- 14.1: drop z00t, compiles on 15.1
- fix double patch breakage for CVE-2020-36386
- clark: fix recovery firmware extraction, hopefully
2021-06-12 10:49:54 -04:00
Tad
4b044379ec Update CVE patchers 2021-06-11 11:00:54 -04:00
Tad
94b91c6afd Incall privacy warning from CalyxOS 2021-06-08 12:11:13 -04:00
Tad
d9c49b56c3 Update CVE patchers 2021-06-07 22:30:33 -04:00
Tad
1e5df6f42e Update CVE patchers 2021-06-03 13:28:32 -04:00
Tad
f89f0cb983 Small tweaks
Fixes oneplus2 boot
https://github.com/Divested-Mobile/DivestOS-Build/issues/5
2021-05-29 01:12:53 -04:00
Tad
dd938051a5 Small patch fixup 2021-05-27 15:03:47 -04:00
Tad
e9796c45f4 Sync APN list from 18.1 2021-05-27 14:54:50 -04:00
Tad
4af81f4d66 Update CVE patchers 2021-05-27 14:54:07 -04:00
Tad
13bffe05e7 Update CVE patchers 2021-05-21 09:14:31 -04:00
Tad
7b2e2c0bff Sync APN list from 18.1 2021-05-20 06:17:25 -04:00
Tad
ccce1fad9b Update CVE patchers 2021-05-11 17:11:41 -04:00
Tad
731e0e995c Update CVE patchers 2021-05-07 21:48:29 -04:00
Tad
4450921a10 Update CVE patchers 2021-05-03 20:41:32 -04:00
Tad
febec1b60a Update CVE patchers 2021-05-02 17:05:53 -04:00
Tad
5f0ae93a0b Drop the umn patch list
Most seem OK
2021-04-25 11:25:32 -04:00
Tad
5e56dbc90f Use clearer SPDX identifiers 2021-04-22 13:15:43 -04:00
Tad
3770bf469d Add a list of potentially bad commits from umn.edu addresses 2021-04-21 21:40:40 -04:00
Tad
81084a26d7 Update CVE patchers 2021-04-17 11:01:30 -04:00
Tad
d15d4f5757 18.1: updater: fix Tor support 2021-04-17 10:14:29 -04:00
Tad
bdf990a638 Small tweaks
- Remove some changes that have been commented for a while
- Don't remove the QCOM VR repos
- Adjust the default quick tiles
- Don't force hardware layers for recents
- Only generate deltas for update_engine devices
- Cherrypick: Update WebView to 90.0.4430.66
- Adjust yylloc sed line
- Add comments to 17.1 devices explaining why they aren't removed for 18.1 yet
2021-04-14 21:29:12 -04:00
Tad
cc08a358ce 18.1: replace PicoTTS with eSpeak-NG 2021-04-12 21:24:12 -04:00
Tad
a423f977ff Update CVE patchers 2021-04-12 20:53:35 -04:00
Tad
8e496341b5 Small tweaks + ASB cherrypicks 2021-04-08 05:40:22 -04:00
Tad
f48738f944 Update CVE patchers 2021-04-06 20:55:55 -04:00
Tad
d9238f8385 18.1: fix recovery signing
friendly reminder to take a break when dealing with the same issue for extended periods of time
2021-04-06 05:56:47 -04:00
Tad
f3e672fb18 Failed attempt at fixing signing
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.

Override it at the source and set it explicitely as well.

This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.

11.0 signing is ignored.

This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.

--

After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
2021-04-06 04:07:18 -04:00
Tad
9db9215d6b Small changes
- Disable generation of unused OTA to reduce compile time
- 17.1+: Disable APEX, breaks signing, and is also useless since no Play Store.
- 18.1: Fixup signing
2021-03-31 01:30:17 -04:00
Tad
9ae46b7624 Update CVE patchers
This fixes Fenix causing a reboot on select devices.
2021-03-26 22:51:50 -04:00
Tad
d8712ad62a Update CVE patchers 2021-03-24 16:31:25 -04:00
Tad
5d14e4b4f7 Small changes
- Add m7 and avicii (untested)
- Use low_ram target on <2GB devices
  Silly me, this never did anything due to the git reset...
- Update Chromium WebView cherrypick
2021-03-24 14:43:12 -04:00
Tad
08ea27fd00 Only include Silence when needed
ie. not on tablets without cellular
2021-03-23 21:11:08 -04:00
Tad
529b47039c 18.1: Initial bringup
- Functionality tested on mako and klte
- In-place upgrade from 17.1 tested working on klte
- Compile tested on bacon and klte
- Recovery OTA key patch missing, unsure if still needed.
- Deblobber needs support for removing vintf manifest paths from vendor Android.bp
- Launcher needs more default_workspace grid variants (eg. 4x5)
2021-03-23 12:36:31 -04:00
Tad
c23646ebd5 More cleanup 2021-03-20 16:37:15 -04:00
Tad
add30db605 Drop support for overclocking
These patches have been disabled for years.
2021-03-20 16:23:38 -04:00
Tad
293c386322 More cleanup 2021-03-20 16:21:31 -04:00
Tad
c6f2a5a06d Fixup ef0ee2c3 2021-03-15 01:06:23 -04:00
Tad
ef0ee2c316 Update CVE patchers 2021-03-14 21:59:19 -04:00
Tad
95c2c89271 Add vvm_config.xml to vendor/divsted overlay
Pulled from vendor/lineage on 17.1.
Should fix VVM on 15.1 and 16.0.

d5ecc14106
2021-03-14 19:57:14 -04:00
Tad
a3fbed9da5 Update cherrypicks and small tweaks 2021-03-07 03:04:44 -05:00
Tad
60070a19bd Update CVE patchers
Consider splitting CVE-2020-27067 to restore basic patches.
2021-03-04 15:10:24 -05:00
Tad
f02363ecb4 March 2021 Security Updates 2021-03-04 13:02:10 -05:00
Tad
5a3b13e650 Update CVE patchers 2021-02-28 17:56:07 -05:00
Tad
701f336185 Tiny tweaks 2021-02-28 13:25:55 -05:00
Tad
6d0bc0c57e Update CVE patchers 2021-02-11 15:04:46 -05:00
Tad
41a04ebd36 Update CVE patchers 2021-02-10 15:55:51 -05:00
Tad
553299c409 Small updates 2021-02-08 18:49:01 -05:00
Tad
f1e2e43642 Update CVE patchers 2021-02-07 19:41:46 -05:00
Tad
3c0aaaa803 Update CVE patchers 2021-02-06 13:04:52 -05:00
Tad
820c637f20 Move many old cherry picks in tree for archival/support purposes 2021-02-05 20:00:43 -05:00
Tad
d44eca7187 Update CVE patchers 2021-02-03 19:40:55 -05:00
Tad
31d0b901ae Update cherrypicks 2021-02-03 09:45:26 -05:00
Tad
bac552732f Small tweaks 2021-01-30 21:34:50 -05:00
Tad
6a1fb99cc9 Unbreak last commit
This should be most of it

also
- properly update webview, repopick doesn't seem to handle the branch
- always cd back to base, to prevent script breakage
2021-01-25 13:31:57 -05:00
Tad
bef3ba0049 Small changes 2021-01-23 23:08:00 -05:00
Tad
b99e1865fe deblobber improvements
- fixup CNE removal to disable Wi-Fi calling
- extend system.prop edits to cover all .props
- remove persist. and ro. from edits to cover all properties
2021-01-18 07:15:11 -05:00
Tad
e9fd952ba2 Many small tweaks
- Remove leftover WireGuard repo missed in 31898834
- Enable the volteOverride, to ensure VoLTE enablement on supported devices on unknown carriers
- Extend volteOverride to support system.prop if vendor.prop doesn't exist (to cover eg. marlin/sailfish)
- Disable commenting of SOUND_TRIGGER flags.
  sountrigger blobs are not removed due to boot breakage.
  disable this and stop patching hardware/qcom/audio.
  Intended to potentially fix phone call audio issues on mata
- Small CVE patcher updates
2021-01-16 21:16:02 -05:00
Tad
f621ff7dda Update CVE patchers
I have absolutely no idea why kernel_oneplus_msm8998 was downgraded
4.4.241 to 4.4.205
https://github.com/LineageOS/android_kernel_oneplus_msm8998/tree/backup/lineage-17.1_20210108_1948
2021-01-13 04:29:00 -05:00
Tad
b683d40ef3 Small tweaks
- Update cherry picks
- Add star2lte to 15.1 and 17.1
2021-01-09 13:37:07 -05:00
Tad
42b94605f8 Cherrypicks and CVE-2019-2306 patching 2021-01-06 14:04:18 -05:00
Tad
bd4cb22db1 ASB cherry picks 2021-01-05 12:22:42 -05:00
Tad
e62afb602b Sync APN list from 17.1 to all versions
- 15.1: enable hammerhead due to reported bt issues on 16.0
2021-01-04 20:16:33 -05:00
Tad
ff96315fb4 Update CVE patchers 2020-12-30 11:08:19 -05:00
Tad
8b56cd13c6 deblobber: Don't remove CNE
- breaks Wi-Fi calling
- breaks IMS on marlin/sailfish
2020-12-22 13:53:29 -05:00
Tad
d6cf9ec8b0 Many fixes
VoLTE tested working on mata/17.1!
VoWiFi tested working with DOS_DEBLOBBER_REMOVE_CNE=false

- Disable Graphene exec spawning feature, subtly breaks many apps
  Maybe missing some patches?
- Build old versions for devices with broken IMS
- Ensure shell umask is always 0022
- fwb overlay: drop the MMS user-agent overrides
- Drop the BlobBlocker and ModuleBlocker
  They were unused and unkempt.
- Put volteOverride behind DOS_DEBLOBBER_REMOVE_IMS and comment it
2020-12-22 04:00:12 -05:00
Tad
356c743cd8 Update cherrpicks 2020-12-21 03:44:07 -05:00
Tad
1be184bac9 Small tweaks 2020-12-16 07:48:41 -05:00
Tad
39727cb7c7 Update CVE patchers 2020-12-10 14:09:58 -05:00
Tad
3ec13d6bc8 Update CVE patchers 2020-12-08 10:24:24 -05:00
Tad
e36a91facc Update CVE patchers 2020-12-07 09:36:20 -05:00
Tad
9c691d02ab Update CVE patchers 2020-12-03 22:43:23 -05:00
Tad
09722044b0 Update CVE patchers 2020-11-29 19:06:06 -05:00
Tad
69c8bdfb22 Update CVE patchers 2020-11-26 09:03:45 -05:00
Tad
445582fe2a Update CVE patchers 2020-11-19 17:15:55 -05:00
Tad
9d7e5a24a3 License headers 2020-11-17 10:19:06 -05:00
Tad
523264aebb Update CVE patchers 2020-11-12 23:46:38 -05:00
Tad
dc5b1d91f2 Update CVE patchers 2020-11-06 16:15:16 -05:00
Tad
6a5866c01d More failed attempts at fixing IMS
Keeping IMS, RCS, CNE, ATFWD, and allowing ims* to access /dev/diag:
IMS service still fails to register on mata

Is it the carrier?
Is it the phone?
Is it LineageOS?
Is is DivestOS?
Absolute mess.
2020-11-02 19:24:56 -05:00
Tad
9f01dc038c Small changes
- SUPL NTP fix
- Remove debug info from dexpreopt, saves a few MB
- 15.1+: enable full dexpreopt, for perf and memory benefits
- 17.1: change oneplus/msm8998-common kernel
- 17.1: add OpenCamera to AUX list
- Resurrect verity for devices missed previously
- Update some CVE patchers
- deblobber: remove some lingering atfwd blobs
2020-11-02 06:28:06 -05:00
Tad
3926f3a44f Small updates
- Various rebranding fixes
- 17.1: hold off on Seedvault inclusion for now
- 17.1: update kernel/fxtec/msm8998 CVE patcher
- 17.1: build cheeseburger/dumpling
2020-10-31 15:16:25 -04:00
Tad
5ec84b9f7b Update CVE patchers 2020-10-30 14:35:12 -04:00
Tad
b89cc98001 Small updates 2020-10-27 21:40:20 -04:00
Tad
1b4b86c38d Tiny tweaks 2020-10-23 14:49:16 -04:00
Tad
b0857599d6 Drop ISSUES.md
Moved to website
https://divestos.org/index.php?page=browsers
1d5bc9d979
2020-10-21 11:54:36 -04:00
Tad
0958df7de5 deblobber: remove more blobs 2020-10-20 10:45:57 -04:00
Tad
00a6a86126 deblobber: fixup timekeep replacement, credit Wang Han/aviraxp 2020-10-20 05:39:06 -04:00
Tad
d889ae4642 Update CVE patchers 2020-10-17 15:28:42 -04:00
Tad
688f4dd953 More CVE patcher fixes 2020-10-15 21:31:46 -04:00
Tad
cc64ce1634 Update CVE patchers 2020-10-14 16:28:07 -04:00
Tad
6c9c91941e Fix errors from compile test of all 14.1 kernels 2020-10-14 14:23:22 -04:00
Tad
d53a4f4e41 Update CVE patchers
- Drop tcp_sack=0 sysctl, as most devices are now patched
2020-10-12 18:38:07 -04:00
Tad
115dd21832 Many changes
- 17.1: Add Pixel 4/XL
- Promote klte to 17.1
- hardenBootArgs: don't run on klte
- hardenBootArgs: regorganize
- hardenDefconfig: enabler: drop unnecessary options (iommu)
- hardenDefconfig: disabler: comment diag options for now
- deblobber: comment dirac lines to fix cheeseburger headphone jack
- fixup Etar replacement
2020-10-11 07:12:00 -04:00
Tad
496fddb303 Replace calendar with Etar, and drop LocalCalendar 2020-10-11 04:12:16 -04:00
Tad
260140f0a1 Update CVE patchers 2020-10-10 11:56:35 -04:00
Tad
83c0570e59 Update AOSP CVE list to October patches 2020-10-07 01:59:48 -04:00
Tad
8bdad21040 Update CVE patchers 2020-10-06 23:36:29 -04:00
Tad
b56fabac3b Update CVE patchers
I expect some breakage here
2020-10-06 21:14:18 -04:00
Tad
bf9167f442 Update CVE patchers 2020-10-05 21:38:25 -04:00