Commit Graph

533 Commits

Author SHA1 Message Date
Tad
c753abf1b2 Small update
Signed-off-by: Tad <tad@spotco.us>
2021-09-20 12:12:58 -04:00
Tad
e7dd0af4b6 hardenDefconfig: pull in some more options
Signed-off-by: Tad <tad@spotco.us>
2021-09-19 01:20:41 -04:00
Tad
ba07cfb300 Optimize hardenDefconfig 2021-09-18 21:53:03 -04:00
Tad
7e093e0500 Ensure all used defconfigs are altered 2021-09-18 21:28:13 -04:00
Tad
038ab89982 More kernel cmdline work
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 11:48:07 -04:00
Tad
4917af86cc Update copyright dates
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:30:08 -04:00
Tad
cf3a12cb5a Move some changes into a new Post.sh
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:26:37 -04:00
Tad
083e2048f8 Don't disable slub/slab merging via kernel command line, but by default
I have a sneaking suspicion that the length of some device command lines is
causing boot issues.
eg. with the recent additions, klte boots fine, but recovery doesn't, maybe
bootloader is adding more flags, exceeding a limit?

Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:17:27 -04:00
Tad
3bb1199c34 Small fix
Signed-off-by: Tad <tad@spotco.us>
2021-09-14 09:16:17 -04:00
Tad
bf5d9bc778 Small tweaks
- disable disablement of PROC_PAGE_MONITOR to fix memory stats calculation
- enable slub_nomerge, similar to slab_nomerge for pre 3.18 kernels
  slub_nomerge was already default enabled on many 3.10 devices via:
  0006-AndroidHardening-Kernel_Hardening/3.10/0010.patch

Signed-off-by: Tad <tad@spotco.us>
2021-09-13 10:39:33 -04:00
Tad
35036e694d Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-09-08 22:59:33 -04:00
Tad
0ade46cc8e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-09-07 16:57:15 -04:00
Tad
e84111aaa8 Small changes
- Include TalkBack
- Fixup hosts inclusion, due to path mismatch
- 14.1: bump patch level to match the picked ASB
- 14.1: m7-common: deblobber fix

Signed-off-by: Tad <tad@spotco.us>
2021-09-06 14:32:37 -04:00
Tad
f77971d38f Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-08-31 20:53:17 -04:00
Tad
1dc0bce913 Disable removal of display color blobs
Removal is still breaking boot on some devices

Signed-off-by: Tad <tad@spotco.us>
2021-08-21 15:34:02 -04:00
Tad
de22605785 18.1: add sunfish, bramble, and redfin
Signed-off-by: Tad <tad@spotco.us>
2021-08-14 04:52:08 -04:00
Tad
4ae1402229 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 23:54:19 -04:00
Tad
441a66bbb0 Breakup hardenDefconfig for readbility and debugging purposes
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 22:55:21 -04:00
Tad
79132fddef Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 11:07:07 -04:00
Tad
3a79316ddb Fix camera on taimen/walleye/alioth
+ typo fix for last commit
+ cherrypick cleanups

Signed-off-by: Tad <tad@spotco.us>
2021-08-10 00:21:02 -04:00
Tad
0b4ad0e7cc 18.1: add raphael, lmi, alioth
+ verity fixes
+ 16.0: drop beryllium, 18.1 builds now
+ deblob: better handle device makefiles

Signed-off-by: Tad <tad@spotco.us>
2021-08-09 20:54:44 -04:00
Tad
3f311f84ad Changes
- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes

Signed-off-by: Tad <tad@spotco.us>
2021-08-06 18:36:57 -04:00
Tad
e9b730d83a USB enablement
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 14:21:50 -04:00
Tad
477b0a1a62 More fixes
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 10:58:22 -04:00
Tad
eea1d0e7cd 18.1: add hotdog, hotdogb, aura 2021-07-20 12:58:22 -04:00
Tad
48ff571fbb Small updates and fixes 2021-07-13 16:10:30 -04:00
Tad
ca857913ef Directory sanity 2021-07-09 07:09:27 -04:00
Tad
c13672b9b7 Update CVE patchers 2021-07-07 15:14:20 -04:00
Tad
12283124b5 Fixup last commit 2021-07-04 17:05:27 -04:00
Tad
c2ce9572fa umask 0022 all the things
umask 0077 breaks things in subtle ways
2021-06-27 14:14:34 -04:00
Tad
d6dca6e66d Small tweaks 2021-06-26 14:13:03 -04:00
Tad
24379944ab 18.1: Add serrano 2021-06-23 13:51:58 -04:00
Tad
1078b6bdb6 Don't break netmgrd on victara and m8 2021-06-17 09:34:21 -04:00
Tad
d42c8f033d Small changes
- Fixup CVE-2020-36386 breakage
- Move some cherrypicks in tree (gerrit down right now, pulled from reflog)
- Update cherrypicks
2021-06-15 05:46:30 -04:00
Tad
47ca4c5954 Tiny tweaks 2021-06-12 17:17:11 -04:00
Tad
50c670c477 Small tweaks
- June ASB cherrypicks
- Change default NTP. only 2*.pool.ntp.org supports IPv6
2021-06-10 22:45:32 -04:00
Tad
143bec97a9 Small tweaks 2021-06-07 21:32:10 -04:00
Tad
5c3d3b4d35 Reverts + disable mm-pp removal
Revert d7fd127e5f
Partial revert 1c9a66f896
2021-05-30 10:39:34 -04:00
Tad
1c9a66f896 Ensure mm-pp-daemon is disabled
When not in late_start appears to break boot if not available.
Seems to fix oneplus2 and likely ether + others
2021-05-29 18:24:37 -04:00
Tad
1cde58eaa4 Tiny tweaks 2021-05-12 03:15:41 -04:00
Tad
4bbc70d5a8 17.1: drop support for all devices compiling on 18.1 2021-05-10 09:12:58 -04:00
Tad
3770bf469d Add a list of potentially bad commits from umn.edu addresses 2021-04-21 21:40:40 -04:00
Tad
83fe8f0434 More small tweaks
- Really fix yylloc sed line
- Drop merged ASB cherrypicks
- Edit vendor gps.conf files too
2021-04-16 20:31:57 -04:00
Tad
bdf990a638 Small tweaks
- Remove some changes that have been commented for a while
- Don't remove the QCOM VR repos
- Adjust the default quick tiles
- Don't force hardware layers for recents
- Only generate deltas for update_engine devices
- Cherrypick: Update WebView to 90.0.4430.66
- Adjust yylloc sed line
- Add comments to 17.1 devices explaining why they aren't removed for 18.1 yet
2021-04-14 21:29:12 -04:00
Tad
4bc2c66124 Small updates 2021-04-14 11:34:51 -04:00
Tad
2f2d94c9b5 Small tweaks 2021-04-13 11:59:08 -04:00
Tad
a423f977ff Update CVE patchers 2021-04-12 20:53:35 -04:00
Tad
8e496341b5 Small tweaks + ASB cherrypicks 2021-04-08 05:40:22 -04:00
Tad
4d31a97c3f Set forceencrypt for devices using footer 2021-04-06 15:36:20 -04:00
Tad
d9238f8385 18.1: fix recovery signing
friendly reminder to take a break when dealing with the same issue for extended periods of time
2021-04-06 05:56:47 -04:00
Tad
f3e672fb18 Failed attempt at fixing signing
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.

Override it at the source and set it explicitely as well.

This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.

11.0 signing is ignored.

This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.

--

After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
2021-04-06 04:07:18 -04:00
Tad
ad178961e4 Improvements and fixes
- 18.1: disable m8, thermanager is not yet ready
- 17.1: drop cheeseburger/dumpling, it is absolutely broken
- deblobber: remove euicc + others
- deblobber: hack to remove vintf fragments
2021-04-05 18:09:22 -04:00
Tad
c3271c38da Small fixes 2021-04-01 20:58:04 -04:00
Tad
9db9215d6b Small changes
- Disable generation of unused OTA to reduce compile time
- 17.1+: Disable APEX, breaks signing, and is also useless since no Play Store.
- 18.1: Fixup signing
2021-03-31 01:30:17 -04:00
Tad
38ad988924 Potentially fixup manta
- Deblobber: don't remove mfc_fw.bin, used for media decode
- Deblobber: don't remove es305_fw.bin, used for audio processing
- don't force dexpreopt on manta, likely breaks Wi-Fi
- fix some SELinux denials on manta
2021-03-26 16:39:55 -04:00
Tad
5d14e4b4f7 Small changes
- Add m7 and avicii (untested)
- Use low_ram target on <2GB devices
  Silly me, this never did anything due to the git reset...
- Update Chromium WebView cherrypick
2021-03-24 14:43:12 -04:00
Tad
ecd0094b6e Fixup dragon 2021-03-23 17:14:19 -04:00
Tad
529b47039c 18.1: Initial bringup
- Functionality tested on mako and klte
- In-place upgrade from 17.1 tested working on klte
- Compile tested on bacon and klte
- Recovery OTA key patch missing, unsure if still needed.
- Deblobber needs support for removing vintf manifest paths from vendor Android.bp
- Launcher needs more default_workspace grid variants (eg. 4x5)
2021-03-23 12:36:31 -04:00
Tad
add30db605 Drop support for overclocking
These patches have been disabled for years.
2021-03-20 16:23:38 -04:00
Tad
62cba6a878 More cleanup 2021-03-20 16:15:01 -04:00
Tad
caeb3d5199 Add FP3 to 16.0 and 17.1
Untested
2021-03-19 21:53:28 -04:00
Tad
f8416a1083 Legal goodies 2021-03-01 21:05:42 -05:00
Tad
41a04ebd36 Update CVE patchers 2021-02-10 15:55:51 -05:00
Tad
f1e2e43642 Update CVE patchers 2021-02-07 19:41:46 -05:00
Tad
bac552732f Small tweaks 2021-01-30 21:34:50 -05:00
Tad
6a1fb99cc9 Unbreak last commit
This should be most of it

also
- properly update webview, repopick doesn't seem to handle the branch
- always cd back to base, to prevent script breakage
2021-01-25 13:31:57 -05:00
Tad
38da3e202e Re-enable the SOUND_TRIGGER removal bits disabled in e9fd952b
It does not fix the phone call audio issues on mata like I hoped it would.
2021-01-18 09:11:37 -05:00
Tad
b99e1865fe deblobber improvements
- fixup CNE removal to disable Wi-Fi calling
- extend system.prop edits to cover all .props
- remove persist. and ro. from edits to cover all properties
2021-01-18 07:15:11 -05:00
Tad
e9fd952ba2 Many small tweaks
- Remove leftover WireGuard repo missed in 31898834
- Enable the volteOverride, to ensure VoLTE enablement on supported devices on unknown carriers
- Extend volteOverride to support system.prop if vendor.prop doesn't exist (to cover eg. marlin/sailfish)
- Disable commenting of SOUND_TRIGGER flags.
  sountrigger blobs are not removed due to boot breakage.
  disable this and stop patching hardware/qcom/audio.
  Intended to potentially fix phone call audio issues on mata
- Small CVE patcher updates
2021-01-16 21:16:02 -05:00
Tad
55a9da29b0 Small fix 2021-01-14 05:26:49 -05:00
Tad
3b8750cdff Deblobber: don't remove aonvr*.bin
breaks microphone on shamu and victara
2021-01-01 20:16:19 -05:00
Tad
1be184bac9 Small tweaks 2020-12-16 07:48:41 -05:00
Tad
e36a91facc Update CVE patchers 2020-12-07 09:36:20 -05:00
Tad
9c691d02ab Update CVE patchers 2020-12-03 22:43:23 -05:00
Tad
9d7e5a24a3 License headers 2020-11-17 10:19:06 -05:00
Tad
7b9d90d781 move clark from 14.1 to 17.1 2020-11-15 08:16:29 -05:00
Tad
523264aebb Update CVE patchers 2020-11-12 23:46:38 -05:00
Tad
e7a65ff912 Small fixes 2020-11-09 22:55:36 -05:00
Tad
6a5866c01d More failed attempts at fixing IMS
Keeping IMS, RCS, CNE, ATFWD, and allowing ims* to access /dev/diag:
IMS service still fails to register on mata

Is it the carrier?
Is it the phone?
Is it LineageOS?
Is is DivestOS?
Absolute mess.
2020-11-02 19:24:56 -05:00
Tad
e36f4529a3 Fixup 9f01dc03
Enables replacing of vendor fingerprints.
I thought this was broken, turns out it was the AUX camera change instead.
2020-11-02 11:04:49 -05:00
Tad
9f01dc038c Small changes
- SUPL NTP fix
- Remove debug info from dexpreopt, saves a few MB
- 15.1+: enable full dexpreopt, for perf and memory benefits
- 17.1: change oneplus/msm8998-common kernel
- 17.1: add OpenCamera to AUX list
- Resurrect verity for devices missed previously
- Update some CVE patchers
- deblobber: remove some lingering atfwd blobs
2020-11-02 06:28:06 -05:00
Tad
3926f3a44f Small updates
- Various rebranding fixes
- 17.1: hold off on Seedvault inclusion for now
- 17.1: update kernel/fxtec/msm8998 CVE patcher
- 17.1: build cheeseburger/dumpling
2020-10-31 15:16:25 -04:00
Tad
47d064f98c Fixes 2020-10-23 18:50:51 -04:00
Tad
fb2a4df9a0 Add yellowstone, untested and disabled for now 2020-10-23 16:47:06 -04:00
Tad
1b4b86c38d Tiny tweaks 2020-10-23 14:49:16 -04:00
Tad
c7eb6fcbfe deblobber: fixup IMS for a few devices
Don't remove qti-vzw-ims-internal.jar needed by IMS stack.
It is just a shim and doesn't really do anything.

Also put RCS behind a flag.
2020-10-21 20:09:53 -04:00
Tad
0958df7de5 deblobber: remove more blobs 2020-10-20 10:45:57 -04:00
Tad
00a6a86126 deblobber: fixup timekeep replacement, credit Wang Han/aviraxp 2020-10-20 05:39:06 -04:00
Tad
6d15a2bb82 Update CVE patchers 2020-10-15 22:36:28 -04:00
Tad
688f4dd953 More CVE patcher fixes 2020-10-15 21:31:46 -04:00
Tad
10d042c3c0 Update CVE patchers 2020-10-14 15:20:06 -04:00
Tad
6c9c91941e Fix errors from compile test of all 14.1 kernels 2020-10-14 14:23:22 -04:00
Tad
d53a4f4e41 Update CVE patchers
- Drop tcp_sack=0 sysctl, as most devices are now patched
2020-10-12 18:38:07 -04:00
Tad
b56929d3d9 Many changes
- Missing credit in LICENSE
- Update TODO
- hardenLocationConf: don't change version
- hardenDefconfig: Fix reboot on shutdown
- changeDefaultDNS: replace a level3 dns straggler for tethering config
- Don't remove CompanionDeviceManager if microG is included
- Update cherry picks
- init.sh: update comment wording
2020-10-12 07:52:54 -04:00
Tad
115dd21832 Many changes
- 17.1: Add Pixel 4/XL
- Promote klte to 17.1
- hardenBootArgs: don't run on klte
- hardenBootArgs: regorganize
- hardenDefconfig: enabler: drop unnecessary options (iommu)
- hardenDefconfig: disabler: comment diag options for now
- deblobber: comment dirac lines to fix cheeseburger headphone jack
- fixup Etar replacement
2020-10-11 07:12:00 -04:00
Tad
260140f0a1 Update CVE patchers 2020-10-10 11:56:35 -04:00
Tad
b56fabac3b Update CVE patchers
I expect some breakage here
2020-10-06 21:14:18 -04:00
Tad
55e010fba5 Small updates 2020-10-01 14:56:37 -04:00
Tad
6e16320468 Small fixes 2020-09-13 19:52:37 -04:00
Tad
bca6af1516 Small updates
- recovery: abort on serial number specific updates, credit: GrapheneOS
- Add lists of missing CVEs
- Update cherrypicks
2020-09-02 14:20:51 -04:00
Tad
0808ac1fd0 Many updates
- Add OnePlus 6, 6T, 7, 7 Pro
- Ensure verity/avb keys are *always* copied
- Update cherry picks
2020-09-01 03:26:21 -04:00
Tad
98854115be 16.0: Add pro1
- Also initial beryllium support, no builds yet
2020-08-10 15:34:55 -04:00
Tad
f19dbe5958 More fixes for a69326f3 2020-08-10 03:46:36 -04:00
Tad
2f83043c68 14.1+15.1: GPS week rollover fix
16.0: 279492
17.1: 278135

also switch to alternate Xtra servers
https://developer.gemalto.com/threads/gps-time-info-error
2020-08-09 12:30:47 -04:00
Tad
887ebb84c5 Update CVE patchers
Includes many fixes for a69326f3
but probably breaks other things
2020-08-09 07:29:19 -04:00
Tad
a69326f396 Update CVE patchers
Untested. I expect some breakage.
2020-08-08 13:06:39 -04:00
Tad
e78a0cc1bc Small changes 2020-07-26 09:19:12 -04:00
Tad
0a979b67fa Small changes
- 17.1: bringup bacon and ether
2020-07-24 10:20:07 -04:00
Tad
dc3cf3405f Small updates
- Fix USB breakage
2020-07-22 08:50:51 -04:00
Tad
820a680d4d Small updates + Many fixes 2020-07-13 17:37:33 -04:00
Tad
d9a61e1dea Fix GPG signing 2020-06-27 01:45:02 -04:00
Tad
2ef92046af Small changes 2020-06-22 20:41:49 -04:00
Tad
b2b9eb7ffc Potential fix for phone call audio on shamu and others 2020-06-17 15:20:02 -04:00
Tad
900183743d Add GPG signing to processRelease 2020-06-17 13:20:26 -04:00
Tad
70508e2b70 More checksums 2020-06-14 10:05:34 -04:00
Tad
5b9e44794b Fixup broken checksum generation 2020-06-14 09:36:39 -04:00
Tad
850c4ad88c Small updates
- Partial revert of 5106063c
- Cherry picks
- CVE patcher fixes
2020-06-07 04:25:12 -04:00
Tad
5797ea8fc4 Small fixes
CVE-2019-14047/ANY/0002.patch will probably need to be disabled on more devices
2020-06-02 17:33:27 -04:00
Tad
694f270d75 Initial bringup of many devices to 17.1 2020-05-31 15:10:32 -04:00
Tad
4c1577724f Small changes
- hardenDefconfig: more options from Alexander Popov's checker
- 17.1: A2DP fix from GrapheneOS when hardened_malloc is in use
2020-05-23 18:06:22 -04:00
Tad
e962fdeb81 Update CVE patchers 2020-05-04 17:18:50 -04:00
Tad
e58ba3e9b2 Disable IMS stack 2020-05-02 22:29:23 -04:00
Tad
84300d6611 Small fixes 2020-04-19 13:19:55 -04:00
Tad
c3bb898eb0 2020 2020-04-14 21:39:51 -04:00
Tad
8012903ba1 17.1: Initial bringup
- See items marked with '17REBASE'
2020-04-14 21:21:13 -04:00
Tad
cdd74148b9 Patcher build fixes 2020-04-12 13:58:02 -04:00
Tad
0c89accfb5 Update CVE patchers 2020-04-06 22:23:37 -04:00
Tad
c26b3e95c7 Minor tweaks
- Cherry pick PPP/CVE-2020-8597 patches
- Add some more DNS providers
- Switch default DNS to Cloudflare's new malware blocking provider
- GCC 10 build fix
- Update CVE patchers (select)
2020-04-05 15:53:58 -04:00
Tad
d7ef9abf61 Minor tweaks 2020-03-25 22:08:25 -04:00
Tad
50f44d1934 Small changes
- cheeseburger/dumpling: fix ogg vorbis playback, credit @LuK1337
- cheeseburger/dumpling: fix delta ota generation
- remove a few more blobs
- potentially bluetooth when ant is removed on newer devices
- support newer clamav
- commented support for extracting boot.img when recovery.img isn't available
-- fastboot.zip should be preferred
- potentially fix boot on many untested newer devices (diag on msm8996+)
- update cherry picks
2020-02-24 18:53:27 -05:00
Tad
4292bcaa3e recovery: fix sideload with larger files
+ 16.0: add a disabled patch to remove backuptool
+ processRelease: add support for copying recovery image to archive
2020-02-23 16:06:47 -05:00
Tad
fe54dd26a6 Fix many device issues
- Fix mata
- Fix cheeseburger
- Enable near-entire IMS stack (proprietary)
- Fix many other new devices
2020-02-22 13:29:01 -05:00
Tad
4e25046418 Many changes
- Add OnePlus 2, 3/T, 5/T
- Fix flounder
- Cherrypicks
2020-02-17 22:21:47 -05:00
Tad
332807d427 Update CVE patchers 2020-02-02 12:09:49 -05:00
Tad
7ef8a2726d Minor tweaks 2019-11-28 12:03:40 -05:00
Tad
038ae37376 Minor tweaks 2019-11-24 16:22:58 -05:00
Tad
baabd45a16 Minor tweaks + ASB cherrypicks 2019-11-10 02:34:40 -05:00
Tad
1a7897211a 16.0: add Amber 2019-10-29 17:37:43 -04:00
Tad
791087fefa minor tweaks 2019-10-27 16:20:27 -04:00
Tad
a8af0c3d0d hardenDefconfig: more options from Alexander Popov's checker 2019-10-20 01:53:59 -04:00
Tad
204285d7c8 kernel command line: enable hardening options 2019-10-18 22:14:28 -04:00
Tad
e13c6c7c9c processRelease features
- support removing device out after complete
- support malware scan before sign
- Update cherry picks
2019-10-15 12:23:46 -04:00
Tad
bffcd06644 16.0: add zenfone3 2019-10-11 15:16:09 -04:00
Tad
159e5ea194 Minor tweaks
- Update cherry picks
- Update copyright year
- bacon: fix delta generation
2019-10-11 13:24:38 -04:00
Tad
579f340c3c Update CVE patchers 2019-10-04 14:43:19 -04:00
Tad
f20ddfc0f6 Minor tweaks 2019-10-04 10:39:27 -04:00
Tad
79ec8a4999 clark: experimental 16.0 2019-09-28 17:37:18 -04:00
Tad
a0e8f9653c Future proofing keys 2019-09-25 21:04:24 -04:00
Tad
ca734124f9 Generate factory image if needed by device 2019-09-23 12:45:00 -04:00
Tad
f55cdef5b0 Minor tweaks 2019-09-21 15:42:26 -04:00
Tad
4a1ebe1b71 Scripts: localize variables in functions 2019-09-17 04:14:35 -04:00
Tad
e01e457b24 Per-device signing keys
- also fix OTA/recovery key regression
- Update cherrypicks
2019-09-15 22:18:04 -04:00
Tad
19d5b66097 Many changes
- ASB chery picks
- 16.0: recovery: fix sideload
- Restore releasetools for some devices
- Only include Backup where supported
- Change some small defaults
- z00t: 14.1 -> 15.1
- himaul: 14.1 -> 15.1
- i9100: 14.1 -> 15.1+16.0
- flo: 15.1 -> 16.0, disabled
- flounder: 15.1 disabled, enable 14.1
2019-09-13 20:24:02 -04:00
Tad
ec48a4c89c Update CVE patchers 2019-09-04 01:31:12 -04:00
Tad
db572efa89 Many changes
- processRelease: Support AVB
- sort device build order by SoC

Additions:
- taimen/muskie: 15.1, 16.0
- crosshatch/blueline: 16.0
- bonito/sargo: 16.0
2019-09-03 16:50:50 -04:00
Tad
1bd0e47099 victara: 15.1 -> 16.0
- other fixes
2019-08-30 22:42:10 -04:00
Tad
330df0983c 16.0: Add GrapheneOS' exec-based spawning feature + misc tweaks
- patch credit updates
- 16.0: allow SystemUI to directly manage Bluetooth/WiFi
 - from GrapheneOS
- cleanup
2019-08-30 02:30:13 -04:00
Tad
e10a865b05 Improve release processing to support deltas and archiving 2019-08-29 19:09:31 -04:00
Tad
057bedb65b Minor tweaks
- 14.1+15.1+16.0: enable kernel protections for files
 - protected_*: hardlinks, symlinks, fifos, regular
 - from GrapheneOS
- defconfig: enable more verity options
- cleanup
2019-08-28 20:24:59 -04:00
Tad
db348ab09c Minor tweaks
- 15.1+16.0: Replace in-line build signing patch with bash function
 - From GrapheneOS/script
- 15.1+16.0: Enable fingerprint failed lockout after 5 attempts
 - From GrapheneOS
2019-08-28 00:40:27 -04:00
Tad
68cdef8733 Minor tweaks 2019-08-26 20:50:28 -04:00
Tad
eccf9c6f6d Many new devices
- hammerhead: 15.1 -> 16.0

- axon7: 14.1, 15.1
- cheryl: 16.0
- crackling: 14.1, 15.1, 16.0
- ham: 14.1, 15.1, 16.0
- kipper: 14.1, 15.1, 16.0
- z2_plus: 16.0
2019-08-23 17:27:53 -04:00
Tad
e9b5c06188 Lots of device updates
- d802: 15.1 -> 16.0
- d852: 15.1 -> 16.0
- d855: 15.1 -> 16.0
- fugu: 15.1 -> 16.0
- jfltexx: 14.1 -> 16.0
- m8: 15.1 -> 16.0
- mata: 15.1 -> 16.0
- update cherrypicks
- defconfig: enable MMC_SECDISCARD
2019-08-23 11:47:43 -04:00
Tad
3a080bbcd7 Minor tweaks 2019-08-13 01:56:01 -04:00
Tad
89de66bdba Many small changes
- Cherrypicks for ASB patches
- Apps: Switch gallery to Simple Gallery
- Apps: Switch camera to OpenCamera
- PKGBUILD: update with image optimization dependencies
- Deblobber: fix bug introducted in 6d33e4ecbf
2019-08-08 14:22:24 -04:00
Tad
6d33e4ecbf Parallize many functions invoked by find 2019-08-05 21:09:35 -04:00
Tad
3f8e9a846b Complete tree image optimization
- recursively optimize images using optipng/jpegoptim
benefits:
+ reduces image size
+ decreases load time
+ reduces memory usage
2019-08-05 20:34:08 -04:00
Tad
55c3072089 Going the distance... [pt2] 2019-06-18 13:51:04 -04:00
Tad
380353773e Fixes 2019-05-17 20:48:26 -04:00
Tad
30bf0f2fb9 Resurrect verity 2019-05-09 06:16:34 -04:00
Tad
ebaf61eb31 Cherrypicks 2019-05-07 03:10:55 -04:00
Tad
60cf364f19 Minor tweaks
- init.sh: sort options
- overlay: leave radioScanningTimeout default
- hardenDefconfig: disable more components with CVEs
- cherry picks
- 16.0: trebuchet: tmp fix for default workspace overlay
2019-04-03 19:04:37 -04:00
Tad
1c49b80da0 Minor tweaks
- CVE patchers were updated with no change
- hardenDefconfig: disable MSM_SMP2P_TEST to mitigate CVE-2019-2247
- 14.1 add a cherry pick
2019-04-01 18:57:04 -04:00
Tad
7223df543a Minor fixes 2019-03-31 22:46:37 -04:00
Tad
61ee2e5757 More minor fixes 2019-03-26 19:37:56 -04:00
Tad
3c806603d9 Various fixes 2019-03-25 21:30:26 -04:00
Tad
8f609e9cbe Minor tweaks
+ remove a few more blobs
+ fix broken USB and log spam on hdx*
2019-03-24 16:32:55 -04:00
Tad
54c68a1e93 Fixup radio on Motorola device 2019-03-23 20:23:42 -04:00
Tad
a8dbb447ed Deblobber cleanup
Break all the really long lines up into the following categories
- libraries (*.so)
- jars (*.jar)
- binaries
- apps (*.apk)
- non-executables (*.xml, *.cfg, *.conf, *.txt)
- firmwares (tz.*)
- treble stuff (vendor.*, com.*)
2019-03-23 18:11:57 -04:00
Tad
c044136234 Remove many more blobs 2019-03-23 14:57:39 -04:00
Tad
fc2e71acbe Remove more blobs 2019-03-22 19:43:29 -04:00
Tad
a91a3d427a Remove more blobs 2019-03-22 06:04:29 -04:00
Tad
dd7e4c3faf Remove more blobs 2019-03-22 05:28:57 -04:00
Tad
e344b17a36 Build fixes + new blob blocker 2019-03-22 04:20:06 -04:00
Tad
3c056c7785 Remove some more blobs 2019-03-21 08:55:01 -04:00
Tad
cf5a58f447 11.0: misc. fixes 2019-03-17 17:27:51 -04:00
Tad
913fbcd109 ASB cherry picks + minor tweaks 2019-03-05 22:57:45 -05:00
Tad
23056ddef0 Minor tweaks 2019-03-04 03:11:51 -05:00
Tad
fccc124868 tuna fixes + fdroid priv changes 2019-02-14 04:36:50 -05:00
Tad
c9e17ffb52 Many changes
- Add more DNS resolver choices
- Change default DNS resolver back to OpenNIC
- More cleanup
- 15.1: Update some CVE patchers
2019-02-09 20:51:23 -05:00
Tad
9178760d1a Updater: Fix downloads over Tor
+ Update TODO
+ Minor tweaks
2019-02-08 20:58:15 -05:00
Tad
24c291c630 Improve hardenLocation to include fwb and its overlays 2019-02-08 18:46:42 -05:00
Tad
aa9b5499e6 Updates 2019-02-07 11:15:29 -05:00
Tad
3f9d78a4c7 Updates 2019-02-06 17:44:17 -05:00
Tad
a7a0a67888 Many changes
- Allow enabling accessibility services without disabling secure start-up
- Disable overclocks
- Update select CVE patchers
- Update submodules
- Support select downloads over Tor
- Update defconfig enablers
- Cherry pick security patches
2019-01-14 03:12:50 -05:00
Tad
0df749ef73 Add more preferred network modes such as LTE Only, LTE/3G only, and 3G only 2018-12-28 08:02:24 -05:00
Tad
c07027dd97 Many changes
- Update CVE patchers
- Update submodules
- Update defconfig enablers
- Update DNS IP addresses
- + Misc changes
2018-12-24 23:29:56 -05:00
Tad
6c4eadcdc7 Manifest cleanup + always remove latemount from /cache
formatting/erasing /cache will result in selinux contexts being lost
these are normally restored by system/core/rootdir/init.rc in post-fs
but latemount causes /cache to not be mounted beforehand
preventing it from ever being fixed
result is broken ota and recovery updates
2018-12-20 17:22:34 -05:00
Tad
c5d2f25797 11.0: nex: switch to -user + add disabled overclock 2018-12-19 02:15:15 -05:00
Tad
01be578137 11.0: Initial restore
I think this is like the 6th time I've done this.
I always remove it, wait a few months, pull out a device that I want to run it on
and then spend hours restoring and bringing it back. I always think to myself
do I really need to toy with this device? No, I don't, but I do it anyway. :)
2018-12-18 21:35:14 -05:00
Tad
5696da8d0c Many changes
- 15.1: Update some CVE patchers
- 15.1: Address some mako denials
- 14.1: Add cherrypicks for various security patches
- Common: Prepare for F-Droid additional repos
- Common: Disable overclock for mako
- Misc tweaks
2018-10-19 09:55:08 -04:00
Tad
586f967667 Minor updates 2018-10-14 20:21:06 -04:00
Tad
5df567fe3b Cleanup overclocks.sh 2018-10-02 13:55:39 -04:00
Tad
136bb520aa Update CVE patchers 2018-10-01 22:45:00 -04:00
Tad
137c8d992d Various changes 2018-09-21 16:32:02 -04:00
Tad
8347c07ec1 Deduplicate Overclock.sh and Optimize.sh 2018-09-21 03:55:54 -04:00
Tad
289b110d8f Fix GPS on various devices 2018-09-19 01:03:02 -04:00
Tad
4929867e95 Build fixes 2018-09-14 19:34:01 -04:00
Tad
d9970b3f77 Minor tweaks and update F-Droid 2018-09-12 13:43:05 -04:00
Tad
e5b588265c Add function to always ensure discard mount option is enabled 2018-09-11 19:53:50 -04:00
Tad
d231bd3172 Build fixes 2018-09-06 07:48:10 -04:00
Tad
8d79a008ff hardenDefconfig: Ensure IOMMU is enabled 2018-09-05 04:53:42 -04:00
Tad
8e79da6971 GPG verify all F-Droid apps before copy 2018-08-30 23:46:17 -04:00
Tad
44a192b7a4 Various fixes 2018-08-26 20:32:19 -04:00
Tad
09fe9b212a Refinements of previous commits 2018-08-24 23:56:38 -04:00
Tad
54ecd7ae21 hardenDefconfig improvements 2018-08-24 20:00:43 -04:00
Tad
48d7f11919 Deblobber improvements
Deblobber
- Remove more diag blobs
- Remove more AT blobs
- Remove IPA blobs by default now
- Support removal of IPC security exceptions

+ also disable earjack debugger via hardenDefconfig()
2018-08-24 18:35:53 -04:00
Tad
1983d9a8f7 Update CVE patchers 2018-08-23 21:26:33 -04:00
Tad
2a427a14bf More geminipda work 2018-08-23 19:25:33 -04:00
Tad
9cbc514c59 Initial support for geminipda 2018-08-23 18:50:13 -04:00
Tad
50bdbaedf2 More GPS fixes 2018-08-09 00:42:07 -04:00
Tad
db3b42ae4f Update CVE patchers + misc fixes 2018-08-08 20:23:26 -04:00
Tad
bf717204e3 GPS improvements 2018-08-07 23:28:38 -04:00
Tad
b384623f16 Deblobber: TimeKeep replacement fixes
- Still needs more fixes
- 14.1: Also update CVE patcher for motorol_msm8916
2018-07-20 20:06:36 -04:00
Tad
9af1881a89 Many changes
- 15.1: Fix build
- 15.1: Add jfltexx
- 15.1: Add CVE patchers for jf and fugu
- Manifests: Add Intel repos back
- Overlay: Add more default apps to launcher
- Remove more blobs
2018-07-19 22:15:20 -04:00
Tad
bf49c6a5fa Many changes
- Remove more blobs
- 14.1: Add fugu
- 15.1: Add fugu and readd clark
2018-07-12 21:14:11 -04:00
Tad
0da4e7d6c0 Remove more blobs 2018-07-12 16:49:05 -04:00
Tad
e2ae8e333a More terminators 2018-07-11 08:01:45 -04:00
Tad
966f4a5baf 11.0: More work 2018-07-10 08:29:08 -04:00
Tad
58d7e42a1d Initial support for 11.0 2018-07-09 16:04:09 -04:00
Tad
ae0d89ee8a Many changes
- Switch to new HOSTS list
- Minor tweaks
- 14.1: Fix default Trebuchet workspaces
2018-07-04 15:35:16 -04:00
Tad
b35cf0f3ae Few changes
- Deblobber: Fixup AudioFX handling
- 15.1: Fixup starlte
2018-07-01 22:06:29 -04:00
Tad
60a651008e Changes
- Deblobber improvements and cleanup
- Fixup starlte
2018-07-01 00:34:34 -04:00
Tad
a13b2ddfa8 Many changes
- SwiftShader progress
- Fix log spam after removal of AudioFX
- 15.1: Add starlte
- Misc tweaks/fixes
2018-06-30 23:43:35 -04:00
Tad
c950207b08 Deblobber: Removing more blobs
- Add initial support to remove graphics blobs
- Add initial support to perform OpenGL rendering using SwiftShader
- Add support to remove Peripheral Manager blobs
- Remove more AudioFX blobs
2018-06-30 19:52:46 -04:00
Tad
075064f266 Remove more blobs
- Remove external accessory blobs
- Remove more AudioFX blobs
- Support removal of fingerprint reader blobs
- Support removal of IR blobs
- Remove more HDCP blobs
- Remove more HDR blobs
- Remote more Verizon blobs
2018-06-30 14:49:22 -04:00
Tad
30d59ea53d More devices
- 14.1: dragon, manta, us996, us997, victara
- 15.1: dragon, us996, us997, victara
- Deblobber: Remove more blobs
2018-06-30 14:03:11 -04:00
Tad
d2ba1ddb20 Overhaul variable names 2018-06-29 13:46:12 -04:00
Tad
303fe971ed Many changes
- 14.1: Fixup previous commits
- 15.1: Add mata
- Deblobber: Remove more blobs (audiofx, cne, hdr, ims-rtp)
2018-06-28 20:11:20 -04:00
Tad
5d4d12b324 14.1: Add back all devices that were moved to 15.1 2018-06-27 09:17:50 -04:00
Tad
6746942f30 14.1: Add grouper 2018-06-26 05:57:22 -04:00
Tad
3e931219df Few changes
- Fix F-Droid building
- Update F-Droid preferences
- Add privacy policy links for DNS presets
2018-06-25 19:15:22 -04:00
Tad
ee4ea5072b Many changes
- Fixed UnifiedNLP not registering
- Inlined location provider patch
- Simplified generateBootAnimationShine
- Add notes about inclusion of other apps
- Replaced microG with just UnifiedNLP
2018-06-25 14:19:38 -04:00
Tad
c914a655a5 Fixup previous commits 2018-06-25 10:16:32 -04:00
Tad
accb8bba37 Implement choice between gradient and plasma for boot animation shine 2018-06-25 09:35:38 -04:00
Tad
f6cdc9426c Many changes
- Remove proprietary audio enhancement blobs
- Remove AudioFX to prevent crashes after blobs are removed
- Deduplicate patches a bit with the new Patches/Common directory
- Switch boot animation shine generation from gradient to plasma
- Update submodules
2018-06-25 07:59:24 -04:00
Tad
0eeea28907 Boot animation color improvements 2018-06-24 10:18:19 -04:00
Tad
bfa7e90d5e Boot animation shine! 2018-06-24 08:42:02 -04:00
Tad
30a8e0ba07 Minor tweaks 2018-06-24 05:26:03 -04:00
Tad
c44d11fb99 Boot animation customization! 2018-06-24 04:31:38 -04:00
Tad
3a3fe5aca9 Replace DNS patches with a function + some misc fixes 2018-06-24 01:27:33 -04:00
Tad
5772b68224 Update CVE patches + more globbing fixes 2018-06-23 03:39:01 -04:00
Tad
a79c888157 Fixes 2018-06-23 02:38:49 -04:00
Tad
24b76f617b Globbing fixes 2018-06-23 01:08:42 -04:00
Tad
79429b40a4 Add init.sh option to remove AudioFX 2018-06-23 00:51:10 -04:00
Tad
9c3996bed9 Shellcheck
mainly just double quoting
2018-06-23 00:21:48 -04:00
Tad
a0ce912d99 Add Provisioner repo to F-Droid and fixup previous deblobber changes 2018-06-17 19:42:17 -04:00
Tad
9de8123872 Deblobber: Don't build drmserver 2018-06-17 15:12:54 -04:00
Tad
60e5d491e9 Deblobber: Remove sepolicy files too 2018-06-16 18:43:07 -04:00
Tad
79aa32c5e2 Cleanup 2018-06-13 19:48:53 -04:00
Tad
2ed7a8a874 init.sh: add options to control extra parts of the deblobber 2018-06-13 07:07:47 -04:00
Tad
97fc2a236f Fixes and AES improvements ? 2018-06-12 15:25:06 -04:00
Tad
7c052a7b38 Tweaks 2018-06-12 13:34:59 -04:00
Tad
7005ff0073 15.1: Update CVE patchers + build fixes 2018-06-11 20:33:16 -04:00
Tad
4912609425 Tweaks 2018-06-08 14:15:50 -04:00
Tad
dc9ec2d8f3 Tweaks 2018-06-06 17:32:17 -04:00
Tad
eeba3fd873 Going the distance... 2018-06-03 14:13:59 -04:00
Tad
3fb3824f6d Misc tweaks 2018-06-03 08:29:15 -04:00
Tad
fe66b008c0 Changes 2018-05-23 06:25:41 -04:00
Tad
67db210756 Many changes
- 15.1: Fixup ether here too
- Change F-Droid application id to allow installation of official F-Droid side by side
- Remove FDroidPriv patch and use sed instead
- Optimize: Switch VM_MAX_READAHEAD to 512KB
- Misc tweaks
- Update TODO
2018-05-20 23:30:40 -04:00
Tad
29e49a5147 Fixup ether 2018-05-20 14:57:54 -04:00
Tad
66db536b08 Tweaks 2018-05-16 14:21:20 -04:00
Tad
2c1b2bed95 Tweaks 2018-05-15 17:45:22 -04:00
Tad
dd340b087e Deblobber: Use wildcards to remove more blobs 2018-05-11 06:50:57 -04:00
Tad
82896187de Further improve malware scanner 2018-05-11 06:15:29 -04:00
Tad
82758a5303 Improve the malware scanner and enable by default 2018-05-11 02:50:52 -04:00
Tad
5695712cf4 Many changes
- Add support to scan for malware in certain directories
- 15.1: Add new device, griffin
- Note deprecation status of various devices
- Add a few blobs to the deblobber
2018-05-10 23:46:18 -04:00
Tad
b30c62629b Revert "Strong AES patch changes"
This reverts commit 60b85e10fe.
2018-04-28 15:35:53 -04:00
Tad
60b85e10fe Strong AES patch changes 2018-04-28 15:25:42 -04:00
Tad
520dbf246a Add a warning when restricted patches are enabled 2018-04-23 18:18:09 -04:00
Tad
f122ccb9f1 Many changes
- Disable patches with restrictive licenses by default
- Update LICENSE
- Fixup the fix for F-Droid building
- 15.1: Fix forceencrypt on mako
- 15.1: Fix crashes when accessing factory reset and development settings menus
 on devices without support for factory reset protection or oem unlocking
2018-04-23 15:42:27 -04:00
Tad
02908a652a Terminate all lines 2018-04-23 08:59:18 -04:00
Tad
f0ab546816 Dramatically deduplicate scripts 2018-04-04 07:52:11 -04:00