Tad
621441349e
Fixup the sensors permission patches on 7, 8, and 9.
...
Switch these patches to MODE_ALLOWED from MODE_ASK to fix breakage
of system services.
Also remove some code that adds a likely security issue.
Will need some extra regression testing.
Signed-off-by: Tad <tad@spotco.us>
2021-11-04 10:24:06 -04:00
Tad
a9f445ad47
16.0: add land and santoni
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-28 19:07:31 -04:00
Tad
0c793835da
Expand the available Private DNS options
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-22 18:33:06 -04:00
Tad
fe8e8201a9
Add more 'Private DNS' options
...
Based off of patches from CalyxOS as noted in each included patch.
Tested and verified working on klte and mata 18.1
Signed-off-by: Tad <tad@spotco.us>
2021-10-21 23:39:46 -04:00
Tad
042b9063d1
More fixes
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 17:12:13 -04:00
Tad
4ce35a3c60
Refresh most branch specific patches
...
Fixed up:
LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch
LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
Must review again:
LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 15:19:55 -04:00
Tad
84c7d230ab
Permission for sensors access patches from @MSe1969
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-24 23:35:33 -04:00
Tad
a9f44dee41
Fix hamper analytics patches
...
These must all be strings.
Sadly meant this likely hasn't worked for years.
:\
Signed-off-by: Tad <tad@spotco.us>
2021-09-13 15:27:29 -04:00
Tad
bdccb5fb39
Hamper ad_personalization_signals
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-27 13:46:11 -04:00
Tad
27d55efdff
Hamper ssaid collection
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-27 13:41:57 -04:00
Tad
c2b2aa5830
16.0+: Add captive portal toggle from @MSe1969
...
Source:
0045a97cb4
b483b4e9ab
18.1 is the 17.1 patch rebased
Wording was altered.
Already included in 14.1+15.1
2021-07-10 22:48:45 -04:00
Tad
ef8573b29c
Small fixes
2021-06-26 22:59:46 -04:00
Tad
881c24d8b2
Various patches from GrapheneOS
2021-06-26 18:57:46 -04:00
Tad
fe1f9ec7c4
Sync reflog extracted commits with Gerrit originals
2021-06-15 21:04:37 -04:00
Tad
d42c8f033d
Small changes
...
- Fixup CVE-2020-36386 breakage
- Move some cherrypicks in tree (gerrit down right now, pulled from reflog)
- Update cherrypicks
2021-06-15 05:46:30 -04:00
Tad
94b91c6afd
Incall privacy warning from CalyxOS
2021-06-08 12:11:13 -04:00
Tad
f3e672fb18
Failed attempt at fixing signing
...
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.
Override it at the source and set it explicitely as well.
This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.
11.0 signing is ignored.
This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.
--
After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
2021-04-06 04:07:18 -04:00
Tad
293c386322
More cleanup
2021-03-20 16:21:31 -04:00
Tad
820c637f20
Move many old cherry picks in tree for archival/support purposes
2021-02-05 20:00:43 -05:00
Tad
d53a4f4e41
Update CVE patchers
...
- Drop tcp_sack=0 sysctl, as most devices are now patched
2020-10-12 18:38:07 -04:00
Tad
bca6af1516
Small updates
...
- recovery: abort on serial number specific updates, credit: GrapheneOS
- Add lists of missing CVEs
- Update cherrypicks
2020-09-02 14:20:51 -04:00
Tad
f5462dd23c
Minor tweaks
2020-05-13 17:38:39 -04:00
Tad
2aa65e6b16
Cherry picks
2020-05-11 07:57:53 -04:00
Tad
8012903ba1
17.1: Initial bringup
...
- See items marked with '17REBASE'
2020-04-14 21:21:13 -04:00
Tad
4292bcaa3e
recovery: fix sideload with larger files
...
+ 16.0: add a disabled patch to remove backuptool
+ processRelease: add support for copying recovery image to archive
2020-02-23 16:06:47 -05:00
Tad
791087fefa
minor tweaks
2019-10-27 16:20:27 -04:00
Tad
640ef60b83
Move many old cherry picks in tree for archival/support purposes
2019-10-19 22:03:59 -04:00
Tad
79ec8a4999
clark: experimental 16.0
2019-09-28 17:37:18 -04:00
Tad
09b38c1f04
marlin/sailfish: fix MediaProvider using 100% CPU
...
- by disabling mtp over functionfs
- affects both GrapheneOS and LineageOS
- might need to be applied to other devices
[pid 2482] ppoll([{fd=42, events=POLLIN}, {fd=51, events=POLLIN}], 2, {tv_sec=0, tv_nsec=0}, NULL, 0) = 0 (Timeout)
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 42 -> /dev/usb-ffs/mtp/ep0
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 51 -> anon_inode:[eventfd]
https://forum.xda-developers.com/android/help/pixel2-help-diagnose-android-process-t3863274
https://bugs.chromium.org/p/chromium/issues/detail?id=947901
2019-09-06 09:38:01 -04:00
Tad
330df0983c
16.0: Add GrapheneOS' exec-based spawning feature + misc tweaks
...
- patch credit updates
- 16.0: allow SystemUI to directly manage Bluetooth/WiFi
- from GrapheneOS
- cleanup
2019-08-30 02:30:13 -04:00
Tad
057bedb65b
Minor tweaks
...
- 14.1+15.1+16.0: enable kernel protections for files
- protected_*: hardlinks, symlinks, fifos, regular
- from GrapheneOS
- defconfig: enable more verity options
- cleanup
2019-08-28 20:24:59 -04:00
Tad
db348ab09c
Minor tweaks
...
- 15.1+16.0: Replace in-line build signing patch with bash function
- From GrapheneOS/script
- 15.1+16.0: Enable fingerprint failed lockout after 5 attempts
- From GrapheneOS
2019-08-28 00:40:27 -04:00
Tad
6458d6785f
Enable IPv6 privacy extensions
2019-07-05 16:47:59 -04:00
Tad
c15105d945
Update CVE patchers
2019-06-17 23:26:38 -04:00
Tad
40d6db0326
divestos.xyz > divestos.org
2019-05-23 11:34:26 -04:00
Tad
20c8c7525c
Misc tweaks
...
- 15.1: Contacts: remove Privacy Policy and Terms of Service links
- from GrapheneOS
- cherry picks
2019-04-06 22:55:14 -04:00
Tad
25cc717ec2
Use GrapheneOS' hardened memory allocator
...
+ 16.0: some other misc hardening patches from GrapheneOS
- always restrict access to Build.SERIAL
- don't grant location permission to system browsers
- fbe: pad filenames more
+ 16.0: Contacts: remove Privacy Policy and Terms of Service links
2019-04-04 01:07:58 -04:00
Tad
cfe766be09
Tweaks
2019-03-11 18:19:50 -04:00
Tad
f5d99c938b
16.0: More bringup
2019-03-04 05:53:51 -05:00
Tad
afe719ffc4
16.0: Initial bringup
...
- 14.1/15.1: Remove @ValdikSS' bluetooth patches
- 15.1: Cleanup
2019-03-04 02:45:54 -05:00