Commit Graph

583 Commits

Author SHA1 Message Date
Tad
2651f33e5c
ASB cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 13:44:00 -04:00
Tad
a1a3cbb94e
Fix overlay conflicts
Should mostly fix https://github.com/Divested-Mobile/DivestOS-Build/issues/219

Signed-off-by: Tad <tad@spotco.us>
2023-07-06 14:51:40 -04:00
Tad
c4666a33b7
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-07-05 19:42:40 -04:00
Tad
a96f74ca28
Enable the opt-in unprivileged microG enablement patchset
Runtime tested: 17.1, 18.1, 20.0
Compile tested: 19.1

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 21:50:08 -04:00
Tad
4282c7c35f
Backports of 0f4044e2 to 17.1/18.1/19.1
Also don't grant any special location permissions

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 15:17:56 -04:00
Tad
2e2ac4557d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-26 19:41:11 -04:00
Tad
0bc93038ac
Cleanup
Signed-off-by: Tad <tad@spotco.us>
2023-06-18 20:35:34 -04:00
Tad
cda898f141
Certificate Authority store updates
- Remove some untrustworthy CAs
- Update CA store for all branches to aosp/e302aa968334b3c3fc9cd709a7c7661e0cf534eb

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:54 -04:00
Tad
41e2669884
17.1: switch to flamefire's ASB topics
This gets us ~9 extra patches

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:46 -04:00
Tad
a07133a064
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-16 11:03:46 -04:00
Tad
0dde119d7e
20.0 June ASB work + churn
QPR3 is delayed a week now

Patches pulled from GrapheneOS and checked against CalyxOS

Signed-off-by: Tad <tad@spotco.us>
2023-06-12 21:06:42 -04:00
Tad
04b4a1a45f
Picks + Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-08 22:48:40 -04:00
Tad
2ee99fe3ef
Update CVE patchers
CVE-2020-36694 appears to be a duplicate of CVE-2021-29650

Signed-off-by: Tad <tad@spotco.us>
2023-06-01 21:12:08 -04:00
Tad
8463705798
Update CVE patchers
- Includes CVE-2023-32233 fixes for more devices
- Upstream has reverted the LVT patches, maybe consider handling them

Signed-off-by: Tad <tad@spotco.us>
2023-05-22 20:33:47 -04:00
Tad
289d01c66e
m8: artifacting workaround
Signed-off-by: Tad <tad@spotco.us>
2023-05-19 12:45:16 -04:00
Tad
71c169d326
Promote LGE G5, G6, and V20 to 19.1
Signed-off-by: Tad <tad@spotco.us>
2023-05-17 02:52:11 -04:00
Tad
cd0a29d69b
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-05-12 23:28:44 -04:00
Tad
2856ebd8c2
More device additions
18.1:
	- serranodsdd
	- jactivelte, jfvelte
	- jasmine_sprout, platina, twolip, wayne, whyred

Signed-off-by: Tad <tad@spotco.us>
2023-05-10 17:20:57 -04:00
polkaulfield
30ac119aa5 Fixed a couple of typos 2023-05-10 14:37:08 -04:00
polkaulfield
32c6195acf Added support for Samsung Galaxy Note 3 (hlte) 2023-05-10 14:37:08 -04:00
Tad
0004c224cf
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-05-06 00:15:27 -04:00
Tad
6d2a255eef
Remove User-Agent (and serial) from source built libloc
Signed-off-by: Tad <tad@spotco.us>
2023-05-05 22:27:27 -04:00
Tad
e4abf9aeab
Drop picks
Merged upstream

Signed-off-by: Tad <tad@spotco.us>
2023-05-03 21:45:47 -04:00
Tad
c544c28b94
Prevent Qualcomm location stack from reading chipset serial number
The deblobber already removes xtra-daemon which is what actually performs the requests.
This is just extra sanctity.

Signed-off-by: Tad <tad@spotco.us>
2023-05-03 21:41:20 -04:00
Tad
366b4eb5ef
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 18:01:39 -04:00
Tad
3f40c8fb7c
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 17:09:25 -04:00
Tad
39b0c9e036
Remove broken emoji updates
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 15:31:57 -04:00
Tad
7b2eb1079a
Update emoji list in LatinIME too and disable
tested not working on 15.1
shows as cross boxes or double characters

Signed-off-by: Tad <tad@spotco.us>
2023-04-29 16:56:13 -04:00
Tad
86b7525400
Update the emojis, untested
Signed-off-by: Tad <tad@spotco.us>
2023-04-29 16:17:00 -04:00
Tad
47136145e5
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-04-23 23:20:36 -04:00
Tad
9ba61642de
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-04-17 23:19:28 -04:00
Tad
aad60b7567
Promotions
16.0 santoni/land to 20.0 Mi8937 unified
17.1 griffin to 18.1
17.1 star*/crownlte to 20.0
20.0 add pro1x

Signed-off-by: Tad <tad@spotco.us>
2023-04-17 21:36:49 -04:00
Tad
baeec11627
Picks + Churn
Signed-off-by: Tad <tad@spotco.us>
2023-04-16 01:24:20 -04:00
Tad
2cc87c4dc7
Switch fingerprint locked to 5 attempts instead of 3 + churn
Signed-off-by: Tad <tad@spotco.us>
2023-04-12 15:26:26 -04:00
Tad
9a97c7013b
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-04-05 12:43:36 -04:00
Tad
4435c200ed
15.1+: vCard 4.0 support from GrapheneOS
8fbeedd002

Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/202

Signed-off-by: Tad <tad@spotco.us>
2023-04-04 12:50:42 -04:00
Tad
750f244304
Updates, logging, and churn
also add an extra March ASB patch for 17.1

Signed-off-by: Tad <tad@spotco.us>
2023-03-31 12:38:46 -04:00
Tad
ca93ef33ce
Slightly improve compatibility with apps that want GSF
38a5ca05e9

Signed-off-by: Tad <tad@spotco.us>
2023-03-28 23:45:58 -04:00
Tad
2907be1be5
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-28 00:48:08 -04:00
Tad
fe80137df9
Don't remove CompanionDeviceManager
Used by some wearables, not just Android Wear

Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/196

Signed-off-by: Tad <tad@spotco.us>
2023-03-25 20:21:38 -04:00
Tad
472ec96915
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-03-22 16:23:26 -04:00
Tad
b4dbe27f23
Fixes
- 18.1: Fix exempted background tasks when dozing (GrapheneOS)
- 20.0: pick a fix for some colors after qpr2
- 20.0: fix the missing notification backdrop

Signed-off-by: Tad <tad@spotco.us>
2023-03-20 17:51:09 -04:00
Tad
ec38522af9
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-03-18 20:52:59 -04:00
Tad
d261ab1107
Updates
Signed-off-by: Tad <tad@spotco.us>
2023-03-17 19:27:37 -04:00
Tad
8bcb5c734d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-17 19:27:22 -04:00
Tad
38626e1b0c
Picks + Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-03-14 16:58:27 -04:00
Tad
162b40a39d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-13 18:13:54 -04:00
Tad
ef2fdb1d3e
More handling improvements
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 16:14:51 -05:00
Tad
0b294c1601
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 16:01:49 -05:00
Tad
5d0ab40f0b
Robustness improvements
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 01:14:06 -05:00
Tad
6ba784ac33
Some actual error handling 1/n
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 00:03:23 -05:00
Tad
097019193e
Don't bail when devices are missing
Signed-off-by: Tad <tad@spotco.us>
2023-03-07 23:41:27 -05:00
Tad
804786aa23
Update CVE patchers
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/193

Signed-off-by: Tad <tad@spotco.us>
2023-03-06 19:54:15 -05:00
Tad
b8f39716f1
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-02-26 12:21:36 -05:00
Tad
b08bf0356f
Small additions + churn
- 18.1+: Disable NTP fully when automatic time is off, credit GrapheneOS
- 20.0: Handle Tor-over-Orbot when killswitch enabled, credit CalyxOS, BROKEN

Signed-off-by: Tad <tad@spotco.us>
2023-02-18 13:52:46 -05:00
Tad
9f82763c53
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-02-17 23:57:04 -05:00
Tad
e9f58cfd3c
VPN fixes
Some devices still don't have these in 2023
https://gitlab.com/LineageOS/issues/android/-/issues/2193

Note, the following still aren't patched:
15.1
kernel/google/msm
kernel/lge/hammerhead

16.0
kernel/cyanogen/msm8974
kernel/lge/hammerhead

18.1
kernel/motorola/msm8974

Signed-off-by: Tad <tad@spotco.us>
2023-02-12 21:34:23 -05:00
Tad
a845f59546
Fixup persistent IPv6 privacy address issue + churn
Backports of rfc4941bis from Google/Linaro
and workaround for legacy kernels from GrapheneOS

already has rfc4941bis patch:
fairphone_sdm632
google_gs101
google_gs201
google_msm-4.14
google_msm-4.9
google_redbull
oneplus_sdm845
razer_sdm845
xiaomi_sdm845

Signed-off-by: Tad <tad@spotco.us>
2023-02-11 20:26:24 -05:00
Tad
62b2318078 Backports + Picks
Signed-off-by: Tad <tad@spotco.us>
2023-02-11 19:20:28 -05:00
Tad
0e9599af6d
Fixup
Signed-off-by: Tad <tad@spotco.us>
2023-02-09 22:46:42 -05:00
Tad
fa067a3f89
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-02-06 23:06:34 -05:00
Tad
19d5f73b50
Remove silly carrier restrictions
Signed-off-by: Tad <tad@spotco.us>
2023-02-03 22:17:13 -05:00
Tad
dc853bfdae
WebView: Switch to dedicated package name
And remove the F-Droid repo for it, will be moved to the 'DivestOS Official' repo
This simplifies release management and also allows other systems to benefit from the repo

Downside is users who don't update to this build won't receive any updates for it anymore

Signed-off-by: Tad <tad@spotco.us>
2023-02-02 17:17:30 -05:00
Tad
20c4e75fe1
Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 18:30:29 -05:00
Tad
4f6e21d7f9 Deduplicate Defaults.sh
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:57:13 -05:00
Tad
af3fe9776b Small updates
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:19:21 -05:00
Tad
1511176a07
Update CVE patchers
Maybe some breakage

Signed-off-by: Tad <tad@spotco.us>
2023-01-28 20:33:44 -05:00
Tad
3231979ef4
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-01-24 20:55:42 -05:00
Tad
da1df44c8f
GrapheneOS kernel hardening patches update
Maybe some compile breakage

Signed-off-by: Tad <tad@spotco.us>
2023-01-24 19:03:01 -05:00
Tad
e81cd5586d
Add even more captive portal servers + sorting
TODO: apply to other branches

Signed-off-by: Tad <tad@spotco.us>
2023-01-23 16:42:00 -05:00
Tad
9558a7d0e9 Switch to the Broadcom PSDS server for Pixel 6/7 series
Instead of agnss.goog cache
Based off of a patch from GrapheneOS

Signed-off-by: Tad <tad@spotco.us>
2023-01-21 04:08:26 -05:00
Tad
84a9a1326c
18.1+: add multiple captive potal server options
This also switches 18.1 from @MSe1969's patch to the GrapheneOS patch
Can maybe port to 17.1 too

Signed-off-by: Tad <tad@spotco.us>
2023-01-20 00:21:30 -05:00
Tad
91807acf21
various small fixes
- loose versioning fixes for 4.9
- remove GPG commit verification for GOS repos, they use SSH now. TODO: support that
- 20.0: fixup AudioFX stray lines
- 20.0: broken fix for gs101/201 stray iwlan lines

Signed-off-by: Tad <tad@spotco.us>
2023-01-18 20:02:11 -05:00
Tad
5ce2d33162
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-01-18 14:13:33 -05:00
Tad
b01e902988 m8: boost microphone volume patch from @Ke1i
Signed-off-by: Tad <tad@spotco.us>
2023-01-14 14:01:30 -05:00
Tad
b82427ce5b Conservative reverse loose versioning for 3.10
This applies 3.4 patches to 3.10 if no other match is available

Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch

Signed-off-by: Tad <tad@spotco.us>
2023-01-13 15:51:46 -05:00
Tad
14f40e024f
Update CVE patchers
This adds loose versioning applying 4.14 patches to 4.9

Signed-off-by: Tad <tad@spotco.us>
2023-01-13 13:23:12 -05:00
Tad
207bdd2406
Strict versionCode checks for system apps from GrapheneOS
Signed-off-by: Tad <tad@spotco.us>
2023-01-11 12:19:41 -05:00
Tad
efa31534a9
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-01-07 10:52:03 -05:00
Tad
06eed1fba9
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-31 21:41:46 -05:00
Tad
06254708be
Many fixes to get bluejay booting & working proper
- Enable APEX for Pixel 6/7, necessary for camera and pKVM
  - Also drop hack removing pKVM for Pixel 6/7
  - patch from GrapheneOS

- Extend hmalloc workaround to /apex

- Deblobber:
  - actually handle wildcard f/w/b overlays
  - move some stuff around
  - remove some more Pixel blobs
  - flag and disable removal of camera extensions, being able to use the second camera is nice

- Adjust what hardenDefconfig disables, caused boot issues
  minimal impact as most of these are already default-disabled
  can be narrowed down in future

- Disable some of the bionic hardening patches, causing more boot issues
  annoying to lose, but having a phone that boots is more important

- Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS

- Remove Pixel 2 ramdisk compression reverts, fixed upstream

And yes, I know I should've split up this commit...

Signed-off-by: Tad <tad@spotco.us>
2022-12-25 13:21:37 -05:00
Tad
7d6b8e3aeb
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-22 11:33:47 -05:00
Tad
03293f6b52
Fixup
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels

Signed-off-by: Tad <tad@spotco.us>
2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-16 22:06:13 -05:00
Tad
7dc3b8ef69
Tiny update
Signed-off-by: Tad <tad@spotco.us>
2022-12-11 19:25:10 -05:00
Tad
abb616d2f3
Updates
Signed-off-by: Tad <tad@spotco.us>
2022-12-09 17:23:20 -05:00
Tad
ce47fdae34
Small updates + Picks
Signed-off-by: Tad <tad@spotco.us>
2022-12-07 18:41:50 -05:00
Tad
038fca449b
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-30 08:28:40 -05:00
Tad
fd0e3e8117
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-22 07:11:30 -05:00
Tad
c4fe56a307
Update CVE patchers
This fixes CVE-2018-9422 which was primarily added via b56fabac

May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937

Signed-off-by: Tad <tad@spotco.us>
2022-11-21 08:39:10 -05:00
Tad
14f7f1db32
Updates + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-11-13 02:06:05 -05:00
Tad
b81d39c969
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 16:05:22 -05:00
Tad
27395374e1
Fixup + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 13:54:57 -05:00
Tad
8d4d73d65c
Picks
Signed-off-by: Tad <tad@spotco.us>
2022-11-09 18:11:48 -05:00
Tad
ac3dc319c7
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-07 15:51:17 -05:00
Tad
7fb334d825
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-03 13:25:38 -04:00
Tad
c051cb282d Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-22 21:39:01 -04:00
Tad
1338c24d9b
Disable CarrierConfig and carrier_list changes
I've had reports of non-functional SIM and reboots with select carriers on this last update

Signed-off-by: Tad <tad@spotco.us>
2022-10-20 19:42:01 -04:00
Tad
8ddbd86d44
20.0: more devices
Signed-off-by: Tad <tad@spotco.us>
2022-10-19 15:22:20 -04:00
Tad
148df59b7e
Cleanup: Drop UnifiedNlp, FDroidPrivExt, and Silence
These haven't been included for a while

+remove some old cruft from 20.0

Signed-off-by: Tad <tad@spotco.us>
2022-10-19 12:15:24 -04:00
Tad
0c4db149e1
20.0: Network & Sensors permission from GrapheneOS
This revokes the permissions to all user installed apps on update.
Likely an expected quirk of being on 20.0 without the permission.
19.1 upgrades and new 20.0 installs should be fine.

TODO: update 19.1 with the SpecialRuntimePermAppUtils too

Signed-off-by: Tad <tad@spotco.us>
2022-10-18 22:14:56 -04:00
Tad
055ed9bfad
20.0: Initial bringup
Signed-off-by: Tad <tad@spotco.us>
2022-10-15 10:39:48 -04:00
Tad
2acd454f13
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-13 23:42:20 -04:00
Tad
1543d2dc17
Cleanup
Missed from 42306525

Signed-off-by: Tad <tad@spotco.us>
2022-10-12 17:11:40 -04:00
Tad
2166491d5d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-12 17:11:06 -04:00
Tad
e7968e1269
Picks + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-10-09 16:35:12 -04:00
Tad
4230652540
18.1: Drop all devices working on 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 21:10:04 -04:00
Tad
bf66d5db45
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 20:59:55 -04:00
Tad
348b392f03
Picks
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 10:24:04 -04:00
Tad
d78121a1c0
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 10:22:17 -04:00
Tad
598d78bb61
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-09-25 13:49:45 -04:00
Tad
25568706e1
Various
- Add back the SIM ToolKit app
- 17.1: CarrierConfig testing
- 19.1: Enable op5 firmware inclusion, needs testing
- Don't disable coresight bits on op8, breaks compile
- 19.1: Add a patch from GrapheneOS to display/share logs when a crash happens

Signed-off-by: Tad <tad@spotco.us>
2022-09-23 22:53:12 -04:00
Tad
411fcc08e1
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-09-15 14:11:58 -04:00
Tad
eb200546ea
17.1+: Update carrier configs for improved compatibility
CarrierConfig@c2819f8
TelephonyProvider@af5c1386

Signed-off-by: Tad <tad@spotco.us>
2022-09-14 14:58:01 -04:00
Tad
ec42acceb6
Various fixes from GrapheneOS
Signed-off-by: Tad <tad@spotco.us>
2022-09-13 10:24:26 -04:00
Tad
e2b314da3c
15.1+16.0: September 2022 ASB picks
16.0 backports thanks to MSe1969 as usual:
https://github.com/lin16-microg/android_system_bt/commits/lineage-16.0 - last 3 commits
https://github.com/lin16-microg/android_frameworks_base/commits/lineage-16.0 - last 4 commits
https://github.com/lin16-microg/android_external_expat/commits/lineage-16.0 - last 4 commits

Signed-off-by: Tad <tad@spotco.us>
2022-09-10 18:32:25 -04:00
Tad
e5eb67f77d
Picks
Signed-off-by: Tad <tad@spotco.us>
2022-09-08 16:07:23 -04:00
Tad
2bc43f195c
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-09-07 10:04:28 -04:00
Tad
b6e9f50cb5
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-09-04 14:05:36 -04:00
Tad
5fe5a4f898
Compile fixes
Signed-off-by: Tad <tad@spotco.us>
2022-08-29 14:26:47 -04:00
Tad
86ed884251
More verification
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 23:14:15 -04:00
Tad
3618774d9f
GPG verification for all platform repositories
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 22:40:27 -04:00
Tad
da15dc05d5
Fixup
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 14:00:52 -04:00
Tad
adb61b0fb2
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 12:15:45 -04:00
Tad
d8d8e457a1 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-21 10:44:12 -04:00
Tad
7918347d1c Updates
- Add a script to update commons like APNs, VVM configs, and contributors cloud
- Add the latest contributors cloud to all branches
- Update wireless-regdb to 2022.08.12 release
- Add some shell opts to some scripts

Signed-off-by: Tad <tad@spotco.us>
2022-08-15 16:37:42 -04:00
Tad
8b67d5c41e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-10 22:02:37 -04:00
Tad
40d7fac99a Churn
https://github.com/voron00/android_kernel_lge_mako/pull/1

Signed-off-by: Tad <tad@spotco.us>
2022-08-10 10:57:49 -04:00
Tad
12c56938cb Improve CVE-2021-1048 patching on 3.x kernels
It is still actively being used by malware.

This largely handles 3.0, 3.4, and 3.10 kernels.
It works for select 3.18 kernels too.

TODO: need alternate get_file_rcu backport for the following:
15.1/lge_msm8996
15.1/zte_msm8996
16.0/xiaomi_msm8937
17.1/motorola_msm8996
18.1/google_marlin
18.1/lge_msm8996
18.1/oneplus_msm8996

Signed-off-by: Tad <tad@spotco.us>
2022-08-09 21:39:25 -04:00
Tad
31a67f054d Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-04 11:12:40 -04:00
Tad
933f33ba6b Cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2022-08-04 09:57:11 -04:00
Tad
178f01958d Cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2022-08-02 19:39:09 -04:00
Tad
2b299c1aff Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-07-21 21:28:26 -04:00
Tad
c08ce75b03 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-07-13 10:01:32 -04:00
Tad
1d64c759a5 Fixes
Signed-off-by: Tad <tad@spotco.us>
2022-07-10 00:31:44 -04:00
Tad
d3632c25ce Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-07-07 21:47:59 -04:00
Tad
22f915cc3e Cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2022-07-07 18:59:37 -04:00
Tad
2c27a88a24 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-07-06 19:22:21 -04:00
Tad
7b8ef09540 Update CVE patchers
Effectively no changes

Signed-off-by: Tad <tad@spotco.us>
2022-07-04 18:30:09 -04:00
Tad
d79d1fcba3 19.1: More promotions
Signed-off-by: Tad <tad@spotco.us>
2022-07-01 14:17:18 -04:00
Tad
ac645dd62e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-06-28 11:32:05 -04:00
Tad
519a474173 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-06-19 22:44:05 -04:00
Tad
11b9ae5bc4 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-06-13 21:24:08 -04:00
Tad
70b8485695 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-06-09 17:59:48 -04:00
Tad
c092b13a44 Restore star*lte
Signed-off-by: Tad <tad@spotco.us>
2022-06-08 22:55:00 -04:00
Tad
2bf84a7643 Increase default max password length to 64, credit GrapheneOS
Closes https://github.com/Divested-Mobile/DivestOS-Build/pull/119
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/27

Signed-off-by: Tad <tad@spotco.us>
2022-06-07 15:33:38 -04:00
Tad
27f8663b00 Tweak
Signed-off-by: Tad <tad@spotco.us>
2022-06-06 16:58:55 -04:00
Tad
697bed18fb 17.1+18.1: Drop all devices working on 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 14:26:44 -04:00
Tad
899ea17d4e Add the missing page sanitization to 3.18 kernels
All along they only had slub sanization :(

Signed-off-by: Tad <tad@spotco.us>
2022-06-04 12:00:01 -04:00
Tad
3da5613dfc Add unconditional burnin protection on 18.1 and 19.1, credit @arter97
Also skip the power on animation on 19.1, credit @kdrag0n

Signed-off-by: Tad <tad@spotco.us>
2022-06-04 10:54:11 -04:00
Tad
92c66447f8 Drop slub_debug
What is lost?
- sanity checks and redzoning on all devices
  - redzoning reportedly however causes issues on some devices such as the Pixel 3/4 and OnePlus 7
- slub sanization on 3.0, 3.4, 4.4 (except google/wahoo), xiaomi/sm6150, and oneplus/sm7250

Note: all 3.4+ devices still have page sanization

Signed-off-by: Tad <tad@spotco.us>
2022-06-03 13:58:17 -04:00
Tad
da63c9e571 Various small patches
7408144e1b
> extend Network/Sensors permission handling for legacy apps not targeting Android 6
> or above (API 23) to resolve a UI issue where the user choosing to grant the
> Network/Sensors permissions via the legacy permission review interface doesn't
> appear in the Settings app info page

22d32cb61b
suppresses https://github.com/Divested-Mobile/DivestOS-Build/discussions/112

66f406b979
3f69205d06
nice to have

Signed-off-by: Tad <tad@spotco.us>
2022-06-02 23:17:05 -04:00
Tad
aa61367ace Tweaks
- Disable slub_debug=P for devices with INIT_ON_ALLOC/FREE_DEFAULT_ON
- Disable slub_debug=Z due to known breakage
- Disable many debug options on Linux 4.x and up
- 19.1: fixup missing manifests for vayu :\

Signed-off-by: Tad <tad@spotco.us>
2022-06-02 17:13:20 -04:00
Tad
0eaca57fa6 19.1: Add OnePlus 8 and 9 series
Signed-off-by: Tad <tad@spotco.us>
2022-06-02 11:52:58 -04:00
Tad
6d95c231bc Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-31 21:29:22 -04:00
Tad
735c9e0de8 Revert 5d57bf13
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices

Signed-off-by: Tad <tad@spotco.us>
2022-05-27 23:46:57 -04:00
Tad
28724c4a6e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-25 22:52:22 -04:00
Tad
2c4caa30a1 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-24 00:36:49 -04:00
Tad
de781e9921 Tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-05-23 23:15:27 -04:00
Tad
91953c0a45 Remove more blobs
Signed-off-by: Tad <tad@spotco.us>
2022-05-21 13:42:51 -04:00
Tad
e8bc36af04 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-20 17:16:29 -04:00
Tad
64b4bbe075 Disable older devices tested/reported working on 19.1
Signed-off-by: Tad <tad@spotco.us>
2022-05-15 13:16:36 -04:00
Tad
05930af014 Various changes 2022-05-14 21:40:50 -04:00
Tad
3e7b657295 Tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-05-13 19:47:43 -04:00
Tad
bf7c06105c Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-12 22:13:06 -04:00
Tad
9286bdd258 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-10 15:02:03 -04:00
Tad
675b1a5da0 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-05-09 12:56:03 -04:00
Tad
4edfa56f1a Tiny tweak
Signed-off-by: Tad <tad@spotco.us>
2022-05-04 11:52:22 -04:00
Tad
b2eb3c01b4 Update CVE patchers
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375

Signed-off-by: Tad <tad@spotco.us>
2022-05-03 23:33:17 -04:00
Tad
9c549763a4 Tiny tweak
Signed-off-by: Tad <tad@spotco.us>
2022-05-03 21:11:05 -04:00
Tad
e38aff581e Small tweaks
- Remove some more blobs
- 19.1: disable FP animation (jesec)
- 18.1: mata: allow major upgrades (to 19.1) (Updater patch by erfanoabdi)
- mata: disable Vulkan, it doesn't work

Signed-off-by: Tad <tad@spotco.us>
2022-05-02 15:04:12 -04:00
Tad
8491016b84 19.1: add mata, cheeseburger, dumpling
Signed-off-by: Tad <tad@spotco.us>
2022-05-01 10:45:33 -04:00
Tad
65883d9bc4 2022
Signed-off-by: Tad <tad@spotco.us>
2022-05-01 01:13:49 -04:00
Tad
3316cc4824 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-04-27 07:46:22 -04:00
Tad
3457fd4151 Device cleanup
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo

Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)

Signed-off-by: Tad <tad@spotco.us>
2022-04-26 15:19:57 -04:00
Tad
9a6c7a2684 18.1: Add toggle for /etc/hosts
TODO: 19.1 and maybe 17.1

Tested working on klte/18.1

Signed-off-by: Tad <tad@spotco.us>
2022-04-20 16:40:22 -04:00
Tad
1f721c7845 Further credit patches
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 23:52:10 -04:00
Tad
c5b1cc9a35 Simplify 8e3f0438
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 20:23:53 -04:00
Tad
e666a4a891 Update CVE patchers
TODO: maybe split CVE-2022-23960/4.9 to get back?

Signed-off-by: Tad <tad@spotco.us>
2022-04-19 14:38:44 -04:00
Tad
8e3f043820 Warn when running activity from 32 bit app on ARM64 devices.
https://android-review.googlesource.com/c/platform/frameworks/base/+/2003790/
https://github.com/GrapheneOS/platform_frameworks_base/pull/182

Signed-off-by: Tad <tad@spotco.us>
2022-04-19 12:00:22 -04:00
Tad
d4dceffa60 Update supported kernels to latest wireless regulations database
Applies for ~43 kernel trees

Source: wireless-regdb-2022.04.08

Signed-off-by: Tad <tad@spotco.us>
2022-04-19 11:30:57 -04:00
Tad
163a162568 Fix boot animation + churn
Signed-off-by: Tad <tad@spotco.us>
2022-04-18 23:04:24 -04:00
Tad
4b6a86a473 Add missing device variants
Signed-off-by: Tad <tad@spotco.us>
2022-04-14 19:47:21 -04:00
Tad
be6b03fe96 Churn
Signed-off-by: Tad <tad@spotco.us>
2022-04-13 14:54:08 -04:00
Tad
486e358050 More (disabled) lowram tweaks for <2GB devices
The inprocess variants make very little reduction and likely reduce security.

Signed-off-by: Tad <tad@spotco.us>
2022-04-12 20:25:26 -04:00
Tad
42c9d22de9 Default disable exec spawning
Change the property too, so it takes effect next update.
Since 16.0 lacks a toggle, this effectively disables the feature for it.
Even devices with 4GB of RAM have usability severely impacted.

Plus some other tweaks/churn

Signed-off-by: Tad <tad@spotco.us>
2022-04-12 17:58:04 -04:00
Tad
81d9923cda Don't disable scudo on lowram devices
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 15:01:05 -04:00
Tad
30de608a61 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 02:51:44 -04:00
Tad
d078b24ddb lowram tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-04-11 23:40:26 -04:00
Tad
d50a3a043b Switch 16.0/17.1/18.1 to the more robust GrapheneOS sensors permission patchset
Like done for 19.1

Signed-off-by: Tad <tad@spotco.us>
2022-04-10 21:12:03 -04:00
Tad
7da114e755 Tweaks
Signed-off-by: Tad <tad@spotco.us>
2022-04-07 11:01:27 -04:00
Tad
a9e250afd9 Cleanup
Signed-off-by: Tad <tad@spotco.us>
2022-04-07 00:37:20 -04:00
Tad
d1e441e4cb 19.1: More work
- Adds hosts cache and wildcard support back
- Fixes broken hardened malloc enablement patch
- Drops FDroidPrivExt, non-functional
- Disables captive portal toggle patch, crashes Settings, needs rework
- Rebranding work
- Attempts to fix no boot animation

Signed-off-by: Tad <tad@spotco.us>
2022-04-06 02:32:33 -04:00
Tad
3a0659b9d8 19.1: more work, it compiles and boots!
- Add the manifest
- Add Pixel 2 series
- Add some missing patches
- More DNS files
- Drop Silence in 19.1

Signed-off-by: Tad <tad@spotco.us>
2022-04-05 23:44:15 -04:00
Tad
1705545d22 19.1: Initial bringup
TODO:
- manifest
- devices
- a few small patches to rebase

Signed-off-by: Tad <tad@spotco.us>
2022-04-05 00:44:19 -04:00
Tad
b464106cc5 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-04-04 15:51:23 -04:00
Tad
deb183d273 Tiny fix
One of these might not be necessary

Signed-off-by: Tad <tad@spotco.us>
2022-04-03 17:33:20 -04:00
Tad
6c5a65622c Page sanitization improvements
This ensures init_on_alloc/free is used instead of page poisioning where available.

3.4 through 3.18 have a patch without a toggle for page sanitization.

Signed-off-by: Tad <tad@spotco.us>
2022-04-02 12:57:17 -04:00
Tad
01900ca1c6 Reverts
WebView overlay is breaking boot on 15.1???

This reverts commit e61e288b4a.
2022-04-01 17:07:27 -04:00
Tad
3f9b346345 Fix boot breakage
On devices with quota enabled and impacted by this patch

Signed-off-by: Tad <tad@spotco.us>
2022-04-01 10:30:30 -04:00