Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,386 Commits 1 Branch 0 Tags 101 MiB
f7bb9e0c06
Commit Graph

687 Commits

Author SHA1 Message Date
Tad
ac3dc319c7
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-07 15:51:17 -05:00
Tad
7fb334d825
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-03 13:25:38 -04:00
Tad
c051cb282d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-22 21:39:01 -04:00
Tad
1338c24d9b
Disable CarrierConfig and carrier_list changes 
I've had reports of non-functional SIM and reboots with select carriers on this last update

Signed-off-by: Tad <tad@spotco.us>
 2022-10-20 19:42:01 -04:00
Tad
148df59b7e
Cleanup: Drop UnifiedNlp, FDroidPrivExt, and Silence 
These haven't been included for a while

+remove some old cruft from 20.0

Signed-off-by: Tad <tad@spotco.us>
 2022-10-19 12:15:24 -04:00
Tad
0c4db149e1
20.0: Network & Sensors permission from GrapheneOS 
This revokes the permissions to all user installed apps on update.
Likely an expected quirk of being on 20.0 without the permission.
19.1 upgrades and new 20.0 installs should be fine.

TODO: update 19.1 with the SpecialRuntimePermAppUtils too

Signed-off-by: Tad <tad@spotco.us>
 2022-10-18 22:14:56 -04:00
Tad
055ed9bfad
20.0: Initial bringup 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-15 10:39:48 -04:00
Tad
2acd454f13
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-13 23:42:20 -04:00
Tad
2166491d5d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-12 17:11:06 -04:00
Tad
e7968e1269
Picks + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-09 16:35:12 -04:00
Tad
bf66d5db45
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 20:59:55 -04:00
Tad
348b392f03
Picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 10:24:04 -04:00
Tad
d78121a1c0
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 10:22:17 -04:00
Tad
598d78bb61
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-25 13:49:45 -04:00
Tad
25568706e1
Various 
- Add back the SIM ToolKit app
- 17.1: CarrierConfig testing
- 19.1: Enable op5 firmware inclusion, needs testing
- Don't disable coresight bits on op8, breaks compile
- 19.1: Add a patch from GrapheneOS to display/share logs when a crash happens

Signed-off-by: Tad <tad@spotco.us>
 2022-09-23 22:53:12 -04:00
Tad
411fcc08e1
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-15 14:11:58 -04:00
Tad
eb200546ea
17.1+: Update carrier configs for improved compatibility 
CarrierConfig@c2819f8
TelephonyProvider@af5c1386

Signed-off-by: Tad <tad@spotco.us>
 2022-09-14 14:58:01 -04:00
Tad
ec42acceb6
Various fixes from GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-13 10:24:26 -04:00
Tad
e2b314da3c
15.1+16.0: September 2022 ASB picks 
16.0 backports thanks to MSe1969 as usual:
https://github.com/lin16-microg/android_system_bt/commits/lineage-16.0 - last 3 commits
https://github.com/lin16-microg/android_frameworks_base/commits/lineage-16.0 - last 4 commits
https://github.com/lin16-microg/android_external_expat/commits/lineage-16.0 - last 4 commits

Signed-off-by: Tad <tad@spotco.us>
 2022-09-10 18:32:25 -04:00
Tad
e5eb67f77d
Picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-08 16:07:23 -04:00
Tad
2bc43f195c
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-07 10:04:28 -04:00
Tad
b6e9f50cb5
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-04 14:05:36 -04:00
Tad
86ed884251
More verification 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 23:14:15 -04:00
Tad
3618774d9f
GPG verification for all platform repositories 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 22:40:27 -04:00
Tad
da15dc05d5
Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 14:00:52 -04:00
Tad
adb61b0fb2
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 12:15:45 -04:00
Tad
d8d8e457a1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-21 10:44:12 -04:00
Tad
7918347d1c Updates 
- Add a script to update commons like APNs, VVM configs, and contributors cloud
- Add the latest contributors cloud to all branches
- Update wireless-regdb to 2022.08.12 release
- Add some shell opts to some scripts

Signed-off-by: Tad <tad@spotco.us>
 2022-08-15 16:37:42 -04:00
Tad
8b67d5c41e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-10 22:02:37 -04:00
Tad
12c56938cb Improve CVE-2021-1048 patching on 3.x kernels 
It is still actively being used by malware.

This largely handles 3.0, 3.4, and 3.10 kernels.
It works for select 3.18 kernels too.

TODO: need alternate get_file_rcu backport for the following:
15.1/lge_msm8996
15.1/zte_msm8996
16.0/xiaomi_msm8937
17.1/motorola_msm8996
18.1/google_marlin
18.1/lge_msm8996
18.1/oneplus_msm8996

Signed-off-by: Tad <tad@spotco.us>
 2022-08-09 21:39:25 -04:00
Tad
31a67f054d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-04 11:12:40 -04:00
Tad
933f33ba6b Cherrypicks 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-04 09:57:11 -04:00
Tad
178f01958d Cherrypicks 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-02 19:39:09 -04:00
Tad
2b299c1aff Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-21 21:28:26 -04:00
Tad
1d64c759a5 Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-10 00:31:44 -04:00
Tad
d3632c25ce Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-07 21:47:59 -04:00
Tad
22f915cc3e Cherrypicks 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-07 18:59:37 -04:00
Tad
2c27a88a24 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-06 19:22:21 -04:00
Tad
7b8ef09540 Update CVE patchers 
Effectively no changes

Signed-off-by: Tad <tad@spotco.us>
 2022-07-04 18:30:09 -04:00
Tad
ac645dd62e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-28 11:32:05 -04:00
Tad
519a474173 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-19 22:44:05 -04:00
Tad
d58279e054 Update wireless-regdb to 2022.06.06 release 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-11 10:17:25 -04:00
Tad
70b8485695 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-09 17:59:48 -04:00
Tad
c092b13a44 Restore star*lte 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-08 22:55:00 -04:00
Tad
2bf84a7643 Increase default max password length to 64, credit GrapheneOS 
Closes https://github.com/Divested-Mobile/DivestOS-Build/pull/119
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/27

Signed-off-by: Tad <tad@spotco.us>
 2022-06-07 15:33:38 -04:00
Tad
27f8663b00 Tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-06 16:58:55 -04:00
Tad
697bed18fb 17.1+18.1: Drop all devices working on 19.1 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-04 14:26:44 -04:00
Tad
899ea17d4e Add the missing page sanitization to 3.18 kernels 
All along they only had slub sanization :(

Signed-off-by: Tad <tad@spotco.us>
 2022-06-04 12:00:01 -04:00
Tad
92c66447f8 Drop slub_debug 
What is lost?
- sanity checks and redzoning on all devices
  - redzoning reportedly however causes issues on some devices such as the Pixel 3/4 and OnePlus 7
- slub sanization on 3.0, 3.4, 4.4 (except google/wahoo), xiaomi/sm6150, and oneplus/sm7250

Note: all 3.4+ devices still have page sanization

Signed-off-by: Tad <tad@spotco.us>
 2022-06-03 13:58:17 -04:00
Tad
da63c9e571 Various small patches 
7408144e1b
> extend Network/Sensors permission handling for legacy apps not targeting Android 6
> or above (API 23) to resolve a UI issue where the user choosing to grant the
> Network/Sensors permissions via the legacy permission review interface doesn't
> appear in the Settings app info page

22d32cb61b
suppresses https://github.com/Divested-Mobile/DivestOS-Build/discussions/112

66f406b979
3f69205d06
nice to have

Signed-off-by: Tad <tad@spotco.us>
 2022-06-02 23:17:05 -04:00
Tad
aa61367ace Tweaks 
- Disable slub_debug=P for devices with INIT_ON_ALLOC/FREE_DEFAULT_ON
- Disable slub_debug=Z due to known breakage
- Disable many debug options on Linux 4.x and up
- 19.1: fixup missing manifests for vayu :\

Signed-off-by: Tad <tad@spotco.us>
 2022-06-02 17:13:20 -04:00
Tad
6d95c231bc Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-31 21:29:22 -04:00
Tad
735c9e0de8 Revert 5d57bf13 
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices

Signed-off-by: Tad <tad@spotco.us>
 2022-05-27 23:46:57 -04:00
Tad
28724c4a6e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-25 22:52:22 -04:00
Tad
2c4caa30a1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-24 00:36:49 -04:00
Tad
e8bc36af04 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-20 17:16:29 -04:00
Tad
64b4bbe075 Disable older devices tested/reported working on 19.1 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-15 13:16:36 -04:00
Tad
05930af014 Various changes 2022-05-14 21:40:50 -04:00
Tad
3e7b657295 Tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-13 19:47:43 -04:00
Tad
bf7c06105c Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-12 22:13:06 -04:00
Tad
4edfa56f1a Tiny tweak 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-04 11:52:22 -04:00
Tad
b2eb3c01b4 Update CVE patchers 
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375

Signed-off-by: Tad <tad@spotco.us>
 2022-05-03 23:33:17 -04:00
Tad
65883d9bc4 2022 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-01 01:13:49 -04:00
Tad
3316cc4824 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-27 07:46:22 -04:00
Tad
3457fd4151 Device cleanup 
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo

Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)

Signed-off-by: Tad <tad@spotco.us>
 2022-04-26 15:19:57 -04:00
Tad
13a9997a0c 19.1: aura and beryllium + some fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-26 11:41:28 -04:00
Tad
9a6c7a2684 18.1: Add toggle for /etc/hosts 
TODO: 19.1 and maybe 17.1

Tested working on klte/18.1

Signed-off-by: Tad <tad@spotco.us>
 2022-04-20 16:40:22 -04:00
Tad
1f721c7845 Further credit patches 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 23:52:10 -04:00
Tad
c5b1cc9a35 Simplify 8e3f0438 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 20:23:53 -04:00
Tad
e666a4a891 Update CVE patchers 
TODO: maybe split CVE-2022-23960/4.9 to get back?

Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 14:38:44 -04:00
Tad
8e3f043820 Warn when running activity from 32 bit app on ARM64 devices. 
https://android-review.googlesource.com/c/platform/frameworks/base/+/2003790/
https://github.com/GrapheneOS/platform_frameworks_base/pull/182

Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 12:00:22 -04:00
Tad
d4dceffa60 Update supported kernels to latest wireless regulations database 
Applies for ~43 kernel trees

Source: wireless-regdb-2022.04.08

Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 11:30:57 -04:00
Tad
163a162568 Fix boot animation + churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-18 23:04:24 -04:00
Tad
be6b03fe96 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-13 14:54:08 -04:00
Tad
486e358050 More (disabled) lowram tweaks for <2GB devices 
The inprocess variants make very little reduction and likely reduce security.

Signed-off-by: Tad <tad@spotco.us>
 2022-04-12 20:25:26 -04:00
Tad
42c9d22de9 Default disable exec spawning 
Change the property too, so it takes effect next update.
Since 16.0 lacks a toggle, this effectively disables the feature for it.
Even devices with 4GB of RAM have usability severely impacted.

Plus some other tweaks/churn

Signed-off-by: Tad <tad@spotco.us>
 2022-04-12 17:58:04 -04:00
Tad
30de608a61 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-12 02:51:44 -04:00
Tad
d078b24ddb lowram tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-11 23:40:26 -04:00
Tad
d50a3a043b Switch 16.0/17.1/18.1 to the more robust GrapheneOS sensors permission patchset 
Like done for 19.1

Signed-off-by: Tad <tad@spotco.us>
 2022-04-10 21:12:03 -04:00
Tad
5431edd85b Fix boot issues on select devices after recent AVB changes 
alioth, beryllium, davinci, vayu were tested working without this
lavender however would not boot
lmi was not tested

lavender, unlocked, managed to get into some weird broken state
that won't even boot after this, not even with Lineage or TWRP
:(

enchilada/fajita 18.1 use stock vendor and don't boot either
enchilada is tested booting again after this

Signed-off-by: Tad <tad@spotco.us>
 2022-04-09 18:27:48 -04:00
Tad
7da114e755 Tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-07 11:01:27 -04:00
Tad
a9e250afd9 Cleanup 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-07 00:37:20 -04:00
Tad
3a0659b9d8 19.1: more work, it compiles and boots! 
- Add the manifest
- Add Pixel 2 series
- Add some missing patches
- More DNS files
- Drop Silence in 19.1

Signed-off-by: Tad <tad@spotco.us>
 2022-04-05 23:44:15 -04:00
Tad
b464106cc5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-04 15:51:23 -04:00
Tad
6c5a65622c Page sanitization improvements 
This ensures init_on_alloc/free is used instead of page poisioning where available.

3.4 through 3.18 have a patch without a toggle for page sanitization.

Signed-off-by: Tad <tad@spotco.us>
 2022-04-02 12:57:17 -04:00
Tad
01900ca1c6 Reverts 
WebView overlay is breaking boot on 15.1???

This reverts commit e61e288b4a.
 2022-04-01 17:07:27 -04:00
Tad
3f9b346345 Fix boot breakage 
On devices with quota enabled and impacted by this patch

Signed-off-by: Tad <tad@spotco.us>
 2022-04-01 10:30:30 -04:00
Tad
e1f5d99e51 Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-01 08:16:28 -04:00
Tad
8dbdc0f31e Enable Clang's -ftrivial-auto-var-init=zero on 17.1 
Just like Android 11+

Signed-off-by: Tad <tad@spotco.us>
 2022-03-31 22:04:50 -04:00
Tad
e26908b9e0 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-31 21:30:56 -04:00
Tad
e2c499dd24 Enable Clang's -ftrivial-auto-var-init=zero on supported kernels 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-31 21:00:31 -04:00
Tad
f481055ae9 Add the GrapheneOS always randomize MAC option to 17.1 and 18.1 
The DHCP state patch was backported to 17.1

Signed-off-by: Tad <tad@spotco.us>
 2022-03-29 22:27:09 -04:00
Tad
1bbb6f9b4e Fix and enable exec_spawning feature 
This is the missing puzzle piece :)

Signed-off-by: Tad <tad@spotco.us>
 2022-03-28 22:02:52 -04:00
Tad
19b03c9ff4 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-28 17:43:48 -04:00
Tad
8a03e46c7e Add the exec-spawning toggle from GrapheneOS 
Tested working on 18.1/klte

TODO: backport to 16.0

Signed-off-by: Tad <tad@spotco.us>
 2022-03-28 16:14:37 -04:00
Tad
a53062ca0b Backports 
Adds ptrace_scope and timeout options to 17.1, tested working

Also adds hardened_malloc to 15.1, but failing to compile:
external/hardened_malloc/h_malloc.c:1688:18: error: use of undeclared identifier 'M_PURGE'
    if (param == M_PURGE) {
                 ^
external/hardened_malloc/h_malloc.c:1743:30: error: missing field 'ordblks' initializer [-Werror,-Wmissing-field-initializers]
    struct mallinfo info = {0};
                             ^

Signed-off-by: Tad <tad@spotco.us>
 2022-03-21 18:06:49 -04:00
Tad
0c33d328b7 Partially re-enable the bionic hardening patchset 
These uncommented patches have been ruled out, leaving 7 more to test

shamu is tested booting with this

Signed-off-by: Tad <tad@spotco.us>
 2022-03-19 20:25:24 -04:00
Tad
a56e3a3016 Disable the bionic hardening patchset to fix boot issues 
10+4 devices tested working with bionic hardening patches enabled
but hammerhead and shamu do not boot...

2 of the patches were already found to have issues and disabled
3 other patches were ruled out:
- Stop implicitly marking mappings as mergeable
- Make __stack_chk_guard read-only at runtime
- On 64-bit, zero the leading stack canary byte
Leaves 11+1 patches remaining that need to be tested
But I don't have either of the two known impacted devices.

Signed-off-by: Tad <tad@spotco.us>
 2022-03-19 16:19:00 -04:00
Tad
3207cde72e Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-19 12:41:49 -04:00
Tad
09353cdcd2 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-18 00:07:18 -04:00
Tad
1603092c50 Not all kernels have (working) getrandom support 
hammerhead 16.0 was reported not booting
and shamu 18.1 was reported to take ~15+ minutes to boot

hammerhead does not have getrandom so it failed immediately

shamu does have getrandom BUT it blocks during init
meaning it'll wait until the entropy pool slowly fills

In tested I did not discovery this
I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita
All the newer ones have working getrandom
All the older ones included a patch to make getrandom non blocking on init

Signed-off-by: Tad <tad@spotco.us>
 2022-03-17 13:21:52 -04:00
Tad
a9f6672fed hardened_malloc fixes for broken devices 
- enable the patchset for 18.1
- add an ugly patch that extends the Pixel 3* camera workaround to all camera executables

Signed-off-by: Tad <tad@spotco.us>
 2022-03-16 02:01:19 -04:00
Tad
1df7c7f1d4 Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 19:16:19 -04:00
Tad
181519cf38 Add bionic hardening patchsets from GrapheneOS 
11 b3a0c2c5db
11 5412c37195 #explicit zero
11 31456ac632 #brk
11 58ebc243ea #random
11 5323b39f7e #undefined
11 6a91d9dddb #merge
11 a042b5a0ba #vla formatting
11 9ec639de1b #pthread
11 49571a0a49 #read only
11 149cc5ccb8 #zero
11 2e613ccbe7 #fork mmap
11 e239c7dff8 #memprot pthread
11 0b03d92b7f #xor
11 de08419b82 #junk
11 897d4903e2 #guard
11 648cd68ca3 #ptrhread guard
11 0bc4dbcbd2 #stack rand
10 aa9cc05d07
10 a8cdbb6352 #explicit zero
10 b28302c668 #brk
10 9f8be7d07c #random
10 cb91a7ee3a #undefined
10 08279e2fdd #merge
10 6a18bd565d #vla formatting
10 2f392c2d08 #pthread
10 8bbce1bc50 #read only
10 725f61db82 #zero
10 4cd257135f #fork mmap
10 9220cf622b #memprot pthread
10 8ef71d1ffd #memprot exit
10 0eaef1abbd #xor
10 64f1cc2148 #junk
10 5c42a527cf #guard
10 5cc8c34e60 #pthread guard
10 7f61cc8a1c #stack rand
9  abdf523d26
9  e4b9b31e6f #explicit zero
9  a3a22a63d2 #brk
9  7444dbc3cf #random
9  dcd3b72ac9 #undefined
9  543e1df342 #merge
9  611e5691f7 #vla formatting
9  8de97ce864 #pthread
9  a475717042 #read only
9  7f0947cc0e #zero
9  e9751d3370 #fork mmap
9  83cd86d0d5 #memprot pthread
9  1ebb165455 #memprot exit
9  488ba483cf #xor
9  f9351d884b #junk
9  85e5bca0a5 #move

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 16:56:46 -04:00
Tad
209481c53e Fix/Add exec based spawning patchsets from GrapheneOS 
11 14c3c1d4cd
   ac1943345e
   1abb805041
   2e07ab8c24
   0044836677
   c561811fad
   7a848373ef
   89646bdeb1
   2a70bbac4a
   d414dcaa35
   b4cd877e3a
   98634286bb
11 4c2635390c
11 add34a4bc6
11 a2b51906de
10 527787f3c8
   ffde474ad7
   aa87e487c4
   c906fe9722
   c69c3eecd4
   b2303adccc
   5bb05db6f7
   536b497688
   24802a832b
   ce6dcc2368
   3d3d5c4d38
   2eda592b79
10 29f28b53c0
10 13a992c716
9  750efbf6bc
   ed563b6f26
   aad3c7d750
   da3180f9a8
   68773a29b7
   283b3fa09c
   f133136b65
   01a01ce5f6
   17c309c098
   8806ec3ef1

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 15:55:13 -04:00
Tad
f015dd348f Add the JNINativeMethod table constification patchsets from GrapheneOS 
11 63b9f96a12
11 d8a62b5156
11 e3a4d64f29
11 e41f1d7f8e
11 c34b037486
11 dce2d0f64f
11 c99c35cb2a
10 07071814db
10 a48ba29b98
10 157fa78115
10 b914409e05
10 20a51f508b
10 b8afb8af37
10 e1b6653db7
9 ff688b68a7
9 866f0df315
9 77c9fa981a
9 fbf620e59c
9 ceaf63c790
9 253247fc39
9 76bf4c46f0

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 15:26:48 -04:00
Tad
ad579b6681 Misc hardening from GrapheneOS 
11 62f81c237b

11 1f05db99ab

11 f242089d3f
10 abcf485dcf
9x c5db5a9f9e

Signed-off-by: Tad <tad@spotco.us>
 2022-03-15 14:40:05 -04:00
Tad
e61e288b4a Optionally allow the official Bromite WebView to be used, credit @MSe1969 
This also replaces the overrides for all versions
And should allow the Google WebView on 14/15/16
And lastly only leaves the bundled version as default

This is a merge of the LineageOS 14/15/16 and 17/18 overlay
With the addition of the Bromite signature from @MSe1969

Signed-off-by: Tad <tad@spotco.us>
 2022-03-14 22:59:40 -04:00
Tad
f65c7a4ccd Tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-12 11:48:23 -05:00
Tad
015799737e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-09 17:16:47 -05:00
Tad
4f75a8272a Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-09 11:59:30 -05:00
Tad
902239e2b5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-08 23:20:43 -05:00
Tad
de764885b3 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-08 12:56:52 -05:00
Tad
54dbcd9e43 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-07 19:12:10 -05:00
Tad
bda848a0a1 Fixup 057bedb6 
Sadly this means the option was never enabled :(
Note: these options are only available on 4.4+ kernels

Signed-off-by: Tad <tad@spotco.us>
 2022-03-06 23:05:13 -05:00
Tad
ac1e89f0c8 Update CVE patchers [the big fixup] 
This removes many duplicately or wrongly applied patches.

Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely

Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once	to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev

Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
  then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
  This was seemingly fixed with a hand merged patch in patch repo.

Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames

Signed-off-by: Tad <tad@spotco.us>
 2022-03-04 00:42:28 -05:00
Tad
927b9bfbc5 Fix random reboots on broken kernels when an app has data restricted 
I don't like this

Reading:
- 24b3bdcf71
- https://review.lineageos.org/c/LineageOS/android_kernel_essential_msm8998/+/320470
- https://review.lineageos.org/c/LineageOS/android_system_bpf/+/264702
- https://gitlab.com/LineageOS/issues/android/-/issues/2514
- https://gitlab.com/LineageOS/issues/android/-/issues/3144
- https://gitlab.com/LineageOS/issues/android/-/issues/3287

Test:
- restrict mobile data for an app
- toggle wifi on and off a few times
- watch systemui crash and soft-reboot

Tested working on cheeseburger

Signed-off-by: Tad <tad@spotco.us>
 2022-03-03 17:51:46 -05:00
Tad
0d0104b4bb Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-02 22:57:34 -05:00
Tad
5e1521700f Port the GrapheneOS NETWORK permission to 17.1 and 18.1 
Some patches were ported from 12 to 10/11
Some patches from 11 were ported to 10
This 10/11 port should be very close to 12

BOUNS: 16.0 patches, disabled

Signed-off-by: Tad <tad@spotco.us>
 2022-02-25 16:52:51 -05:00
Tad
f4fbe65756 Various changes 
- 15.1: asb picks
- 17.1: drop marlin, sailfish, z2_plus, m8
- 4.9 loose versioning fixes
 2022-02-24 19:51:44 -05:00
Tad
8b39498b1c Initial loose versioning work for 4.9 
This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL

Untested, but looks mild

Signed-off-by: Tad <tad@spotco.us>
 2022-02-22 13:44:47 -05:00
Tad
5245109cc1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-19 23:22:19 -05:00
Tad
48b009a02e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-12 06:56:28 -05:00
Tad
b6da59d24f Drop FairEmail, Vanilla, and their AOSP equivalents 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-11 14:25:30 -05:00
Tad
55cdea3c9b 17.1: small fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-11 14:05:14 -05:00
Tad
f767a8ea87 Hopefully fix the broken radio on Pixels 
Thank you Google for all these great proprietary apps.

Signed-off-by: Tad <tad@spotco.us>
 2022-02-10 15:36:44 -05:00
Tad
65584e96ce Switch to official Etar 
The Lineage forks have fallen behind

Signed-off-by: Tad <tad@spotco.us>
 2022-02-08 14:10:04 -05:00
Tad
ee0bd8625f Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-07 14:43:05 -05:00
Tad
0a664cc22c Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-03 21:12:02 -05:00
Tad
c0aac415aa Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-29 09:35:59 -05:00
Tad
58b53de17a Multi user tweaks from GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-24 06:30:39 -05:00
Tad
2400cf0964 App updates 
- Drops Calendar, Eleven, and Email
- Adds a variable for Silence inclusion
- Adds a NONE option for microG inclusion flag to disable NLP inclusion

Signed-off-by: Tad <tad@spotco.us>
 2022-01-24 06:30:15 -05:00
Tad
6329922104 Disable the Hamper Analytics patches 
Rely on the HOSTS to do any blocking.
With the last update this causes app crashes, due to boolean/string mismatch.
Need to figure out exactly how string in manifest can become a boolean when wanted.

Signed-off-by: Tad <tad@spotco.us>
 2022-01-23 16:55:24 -05:00
Tad
dbd2a71722 Update CVE patchers 
Hopefully fixes boot breakage

Signed-off-by: Tad <tad@spotco.us>
 2022-01-17 01:23:10 -05:00
Tad
6ec0c63126 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-13 11:08:22 -05:00
Tad
208c7800c8 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-12 17:44:18 -05:00
Tad
ce6ee9d8e4 Update CVE patchers 
CVE-2021-0961 should be fine now

Signed-off-by: Tad <tad@spotco.us>
 2022-01-11 05:41:26 -05:00
Tad
b9c7839110 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-11 01:19:31 -05:00
Tad
b05823bb20 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-04 21:00:25 -05:00
Tad
e08349a202 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-29 11:51:58 -05:00
Tad
3c1931bcc9 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-19 05:15:32 -05:00
Tad
11141d3bc9 Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-17 14:31:13 -05:00
Tad
20e1023627 Small changes 
- 16.0: drop wallpaper optimization patch, questionable source
- deblobber: don't remove libmmparser_lite.so, potentially used by camera
- 17.1: pick Q_asb_2021-12, excluding a broken patch
- clark 17.1: some camera denial fixes
- alioth: unmark broken
- 17.1: switch to upstream glibc fix
- 17.1/18.1: disable per app sensors permission patchset, potential camera issues

Signed-off-by: Tad <tad@spotco.us>
 2021-12-13 20:28:54 -05:00
Tad
8b85bf9719 Small change 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-12 12:10:47 -05:00
Tad
8cf90d055e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-11 01:12:41 -05:00
Tad
359ce4608f Small updates 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-07 20:57:54 -05:00
Tad
ed1c151ce5 Update CVE patchers 
CVE-2021-0961/ANY/0001.patch likely causes breakage

Signed-off-by: Tad <tad@spotco.us>
 2021-12-06 17:43:34 -05:00
Tad
c5c3998593 Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝ 
Tested on 14.1 and 15.1 targets

Signed-off-by: Tad <tad@spotco.us>
 2021-11-29 21:14:00 -05:00
Tad
bf129b729d 17.1: extreme loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 23:25:35 -05:00
Tad
c4dbc73c56 Alter the glibc fix 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 15:52:09 -05:00
Tad
9b84cebf92 17.1: loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 15:50:11 -05:00
Tad
62166d1ea5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-26 11:54:59 -05:00
Tad
f950398fa1 glibc 2.34 fix 
Tested working to compile mako on Fedora 35

Signed-off-by: Tad <tad@spotco.us>
 2021-11-14 20:16:48 -05:00
Tad
b8f5d8a510 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-12 11:51:02 -05:00
Tad
ebab5c9407 17.1: add harpia and merlin 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-11 10:22:00 -05:00
Tad
9c105b799f O_asb_2021-11 
Based off of:
https://review.lineageos.org/q/topic:P_asb_2021-11

Missing:
https://review.lineageos.org/c/LineageOS/android_packages_apps_Settings/+/318655

Maybe missing:
https://review.lineageos.org/c/LineageOS/android_hardware_nxp_nfc/+/318653

Doesn't exist:
https://review.lineageos.org/c/LineageOS/android_frameworks_native/+/318652

Untested

Signed-off-by: Tad <tad@spotco.us>
 2021-11-08 17:19:50 -05:00
Tad
e882cf16c7 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-06 18:47:57 -04:00
Tad
f2b9eb8e8b Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-06 11:22:43 -04:00
Tad
5c8250bbdd Disable the per-app sensor permission patches 
Breaks camera on angler

Signed-off-by: Tad <tad@spotco.us>
 2021-11-05 14:46:32 -04:00
Tad
6567937b05 ASB picks 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-05 13:29:50 -04:00
Tad
f7295a0f74 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 23:50:35 -04:00
Tad
f3277f3c07 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 12:01:36 -04:00
Tad
809e03833e Verity enablement overhaul 
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita

Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 10:24:07 -04:00
Tad
bc77ca416c Verity fixups 
Not sure how I missed all of these?

Signed-off-by: Tad <tad@spotco.us>
 2021-11-01 20:55:22 -04:00
Tad
ecc4688ce0 Denial fixes for clark, osprey, surnia, and g3-common 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-28 00:47:59 -04:00
Tad
ec043e961e Update CVE patchers 
CVE-2021-20317 might need to be disabled due to QC timer breakage.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-27 15:26:53 -04:00
Tad
fe8e8201a9 Add more 'Private DNS' options 
Based off of patches from CalyxOS as noted in each included patch.

Tested and verified working on klte and mata 18.1

Signed-off-by: Tad <tad@spotco.us>
 2021-10-21 23:39:46 -04:00
Tad
5d7d710076 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-20 15:01:18 -04:00
Tad
b78944933c More fixes 
Ensure new shells have the correct settings too.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 22:57:43 -04:00
Tad
042b9063d1 More fixes 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 17:12:13 -04:00
Tad
256b1db98b Hard fail on error 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 16:08:43 -04:00
Tad
a5cdb9ab58 Fix patch ordering 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 15:21:22 -04:00
Tad
f7194d1f13 Switch to applyPatch 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-16 14:01:44 -04:00
Tad
7ba42f052a Small changes 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-14 15:58:22 -04:00
Tad
df60bfceda Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-13 12:20:44 -04:00
Tad
d5d3846f2c Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-10 19:44:59 -04:00
Tad
939c6aa7ed Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-07 20:07:49 -04:00
Tad
2af0e1201e Re-enable the recovery downgrade check 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 17:03:22 -04:00
Tad
f2e1d32eba Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 16:54:45 -04:00
Tad
7b28a193f1 Include the Support app 
This is a very basic app with zero permissions and has quick links to
various related resources.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-06 06:21:38 -04:00
Tad
59bd09a807 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-05 14:44:23 -04:00
Tad
5658b56424 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-03 20:00:52 -04:00
Tad
870382ff40 Switch to the Mulch WebView 
Signed-off-by: Tad <tad@spotco.us>
 2021-10-02 01:44:46 -04:00
Tad
27fe558b76 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-29 16:47:50 -04:00
Tad
c6df37ca23 Expose the Sensors Off tile 
This removes the hidden development 'Sensors off' tile from Settings app,
adds it back to SystemUI, and enables it by default.

Tested working on 18.1

Signed-off-by: Tad <tad@spotco.us>
 2021-09-26 16:36:15 -04:00
Tad
84c7d230ab Permission for sensors access patches from @MSe1969 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-24 23:35:33 -04:00
Tad
f5a58bd35f Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-23 20:56:00 -04:00
Tad
7e093e0500 Ensure all used defconfigs are altered 2021-09-18 21:28:13 -04:00
Tad
83efa5fe7d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-18 13:43:41 -04:00
Tad
4917af86cc Update copyright dates 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-15 10:30:08 -04:00
Tad
cf3a12cb5a Move some changes into a new Post.sh 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-15 10:26:37 -04:00
Tad
bf5d9bc778 Small tweaks 
- disable disablement of PROC_PAGE_MONITOR to fix memory stats calculation
- enable slub_nomerge, similar to slab_nomerge for pre 3.18 kernels
  slub_nomerge was already default enabled on many 3.10 devices via:
  0006-AndroidHardening-Kernel_Hardening/3.10/0010.patch

Signed-off-by: Tad <tad@spotco.us>
 2021-09-13 10:39:33 -04:00
Tad
907dc0f040 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-11 16:06:57 -04:00
Tad
faf681a0c6 17.1: add davinci 
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/10

Signed-off-by: Tad <tad@spotco.us>
 2021-09-11 14:55:27 -04:00
Tad
35036e694d Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-08 22:59:33 -04:00
Tad
0ade46cc8e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-07 16:57:15 -04:00
Tad
e84111aaa8 Small changes 
- Include TalkBack
- Fixup hosts inclusion, due to path mismatch
- 14.1: bump patch level to match the picked ASB
- 14.1: m7-common: deblobber fix

Signed-off-by: Tad <tad@spotco.us>
 2021-09-06 14:32:37 -04:00
Tad
e0d300a651 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-09-03 22:52:24 -04:00
Tad
043b194210 17.1: add surnia + other changes 
- 17.1: fixup invalid line in marlin from deblobber
- 18.1: fixup audiofx removal
- all: change repo sync to 8 threads from 20, for google HTTP 429 error

Signed-off-by: Tad <tad@spotco.us>
 2021-08-26 21:02:28 -04:00
Tad
792cb89ed7 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-26 12:17:46 -04:00
Tad
0dbabac59a Update CVE patchers 
Maybe breakage?

Signed-off-by: Tad <tad@spotco.us>
 2021-08-23 15:27:53 -04:00
Tad
c0debe55c4 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-18 08:54:30 -04:00
Tad
4ae1402229 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-13 23:54:19 -04:00
Tad
79132fddef Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-13 11:07:07 -04:00
Tad
2d468d9da2 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-09 14:44:48 -04:00
Tad
3f311f84ad Changes 
- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes

Signed-off-by: Tad <tad@spotco.us>
 2021-08-06 18:36:57 -04:00
Tad
189cf4d801 Update comments 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 22:18:00 -04:00
Tad
2db8ac7c70 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 14:57:55 -04:00
Tad
6f1512b63a crackling for 17.1 - try 2 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 14:22:16 -04:00
Tad
477b0a1a62 More fixes 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-04 10:58:22 -04:00
Tad
9e548cabf5 Fixup 3d69ad87 
Tested to compile bacon, ether, and griffin kernels

Signed-off-by: Tad <tad@spotco.us>
 2021-08-03 18:46:38 -04:00
Tad
3d69ad873e \"\'FIXES\'\" PART 2 
There will likely be some breakage here.
Many of these patches have been here since the start and never used.

Signed-off-by: Tad <tad@spotco.us>
 2021-08-03 15:14:02 -04:00
Tad
4fae8d0445 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-08-03 12:37:28 -04:00
Tad
2c05482872 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-07-31 09:17:08 -04:00
Tad
702ea9c91f Move FP3 to 18.1 
Signed-off-by: Tad <tad@spotco.us>
 2021-07-30 11:55:03 -04:00
Tad
36331d6d62 Update CVE patchers 2021-07-28 10:08:52 -04:00
Tad
b61264e3b9 Update CVE patchers 2021-07-27 00:17:14 -04:00
Tad
ca51db0be0 Update CVE patchers 2021-07-21 22:48:29 -04:00
Tad
ac4d8ab822 17.1: move fp2 to 18.1 2021-07-19 14:42:37 -04:00
Tad
9a4c02c3dc Tiny tweaks 2021-07-19 12:05:18 -04:00
Tad
48ff571fbb Small updates and fixes 2021-07-13 16:10:30 -04:00
Tad
3d67f9e25c Update CVE patchers 2021-07-12 06:31:38 -04:00
Tad
c2b2aa5830 16.0+: Add captive portal toggle from @MSe1969 
Source:
0045a97cb4
b483b4e9ab
18.1 is the 17.1 patch rebased

Wording was altered.

Already included in 14.1+15.1
 2021-07-10 22:48:45 -04:00
Tad
a43601e77b Update CVE patchers 
I expect breakage.
 2021-07-10 11:39:14 -04:00
Tad
ca857913ef Directory sanity 2021-07-09 07:09:27 -04:00
Tad
dd3a611d0e Cherrypicks 2021-07-08 20:08:24 -04:00
Tad
c13672b9b7 Update CVE patchers 2021-07-07 15:14:20 -04:00
Tad
12283124b5 Fixup last commit 2021-07-04 17:05:27 -04:00
Tad
f6357512a7 Update CVE patchers 2021-07-04 14:41:44 -04:00
Tad
44003bd2f5 Update CVE patchers 2021-06-30 17:05:59 -04:00
Tad
c2ce9572fa umask 0022 all the things 
umask 0077 breaks things in subtle ways
 2021-06-27 14:14:34 -04:00
Tad
d7287a6b94 Update CVE patchers 2021-06-27 11:50:15 -04:00
Tad
ef8573b29c Small fixes 2021-06-26 22:59:46 -04:00
Tad
08d522fd9b 17.1: drop mako 
18.1 is functional now
 2021-06-26 19:58:14 -04:00
Tad
881c24d8b2 Various patches from GrapheneOS 2021-06-26 18:57:46 -04:00
Tad
d6dca6e66d Small tweaks 2021-06-26 14:13:03 -04:00
Tad
eb3e51e7e3 Small tweaks 2021-06-23 13:00:43 -04:00
Tad
48f35901c2 Update CVE patchers 2021-06-16 23:17:37 -04:00
Tad
d42c8f033d Small changes 
- Fixup CVE-2020-36386 breakage
- Move some cherrypicks in tree (gerrit down right now, pulled from reflog)
- Update cherrypicks
 2021-06-15 05:46:30 -04:00
Tad
8af1c6a2ee 17.1: restore m8 for now 2021-06-14 02:06:49 -04:00
Tad
47ca4c5954 Tiny tweaks 2021-06-12 17:17:11 -04:00
Tad
71fe4d590e Small tweaks 
- 14.1: drop z00t, compiles on 15.1
- fix double patch breakage for CVE-2020-36386
- clark: fix recovery firmware extraction, hopefully
 2021-06-12 10:49:54 -04:00
Tad
4b044379ec Update CVE patchers 2021-06-11 11:00:54 -04:00
Tad
50c670c477 Small tweaks 
- June ASB cherrypicks
- Change default NTP. only 2*.pool.ntp.org supports IPv6
 2021-06-10 22:45:32 -04:00
Tad
94b91c6afd Incall privacy warning from CalyxOS 2021-06-08 12:11:13 -04:00
Tad
d9c49b56c3 Update CVE patchers 2021-06-07 22:30:33 -04:00
Tad
143bec97a9 Small tweaks 2021-06-07 21:32:10 -04:00
Tad
1e5df6f42e Update CVE patchers 2021-06-03 13:28:32 -04:00
Tad
8e32de7253 More oneplus2 camera fixes 
Closes https://github.com/divested-mobile/divestos-build/issues/9
 2021-05-31 13:37:46 -04:00
Tad
5c3d3b4d35 Reverts + disable mm-pp removal 
Revert d7fd127e5f
Partial revert 1c9a66f896
 2021-05-30 10:39:34 -04:00
Tad
d7fd127e5f Only dexpreopt boot and system server 
Full dexpreopt has repeatedly shown to cause many problems over the years.
The slight gains are not worth the headache it incurs.
 2021-05-30 00:36:57 -04:00
Tad
3052a52964 oneplus2 fix camera 2021-05-29 22:46:37 -04:00
Tad
1c9a66f896 Ensure mm-pp-daemon is disabled 
When not in late_start appears to break boot if not available.
Seems to fix oneplus2 and likely ether + others
 2021-05-29 18:24:37 -04:00
Tad
f89f0cb983 Small tweaks 
Fixes oneplus2 boot
https://github.com/Divested-Mobile/DivestOS-Build/issues/5
 2021-05-29 01:12:53 -04:00
Tad
4af81f4d66 Update CVE patchers 2021-05-27 14:54:07 -04:00
Tad
13bffe05e7 Update CVE patchers 2021-05-21 09:14:31 -04:00
Tad
1cde58eaa4 Tiny tweaks 2021-05-12 03:15:41 -04:00
Tad
ccce1fad9b Update CVE patchers 2021-05-11 17:11:41 -04:00
Tad
1f372eca69 17.1: drop support for all devices compiling on 18.1 2021-05-10 13:06:30 -04:00
Tad
4bbc70d5a8 17.1: drop support for all devices compiling on 18.1 2021-05-10 09:12:58 -04:00
Tad
731e0e995c Update CVE patchers 2021-05-07 21:48:29 -04:00
Tad
2cf0b314d8 Various changes 
- Cherrypick May ASB topics
- 18.1: bump enchilada, fajita, and guacamole
 2021-05-06 14:37:52 -04:00
Tad
4450921a10 Update CVE patchers 2021-05-03 20:41:32 -04:00
Tad
febec1b60a Update CVE patchers 2021-05-02 17:05:53 -04:00
Tad
82014e469a Update CVE patchers 2021-04-25 11:55:12 -04:00
Tad
3770bf469d Add a list of potentially bad commits from umn.edu addresses 2021-04-21 21:40:40 -04:00
Tad
81084a26d7 Update CVE patchers 2021-04-17 11:01:30 -04:00
Tad
83fe8f0434 More small tweaks 
- Really fix yylloc sed line
- Drop merged ASB cherrypicks
- Edit vendor gps.conf files too
 2021-04-16 20:31:57 -04:00
Tad
bdf990a638 Small tweaks 
- Remove some changes that have been commented for a while
- Don't remove the QCOM VR repos
- Adjust the default quick tiles
- Don't force hardware layers for recents
- Only generate deltas for update_engine devices
- Cherrypick: Update WebView to 90.0.4430.66
- Adjust yylloc sed line
- Add comments to 17.1 devices explaining why they aren't removed for 18.1 yet
 2021-04-14 21:29:12 -04:00
Tad
b07a8f3058 Move g3 to 18.1 
d852 tested working
 2021-04-14 13:42:03 -04:00
Tad
866f1c9b5f 17.1: drop support for devices broken that are also broken in 18.1 2021-04-13 13:33:53 -04:00
Tad
0c3c89ffc4 17.1: drop support for all devices compiling on 18.1 2021-04-13 13:29:45 -04:00
Tad
9c2002465c 17.1: drop support for all devices tested working on 18.1 
Try 2
 2021-04-13 13:20:36 -04:00
Tad
2f2d94c9b5 Small tweaks 2021-04-13 11:59:08 -04:00
Tad
a423f977ff Update CVE patchers 2021-04-12 20:53:35 -04:00
Tad
8e496341b5 Small tweaks + ASB cherrypicks 2021-04-08 05:40:22 -04:00
Tad
f48738f944 Update CVE patchers 2021-04-06 20:55:55 -04:00
Tad
9293f48b0c Revert "17.1: drop support for all devices tested working on 18.1" 
This reverts commit 2bbbd6d87f.

18.1 recovery is refusing to compile properly.
 2021-04-06 04:12:46 -04:00
Tad
f3e672fb18 Failed attempt at fixing signing 
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.

Override it at the source and set it explicitely as well.

This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.

11.0 signing is ignored.

This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.

--

After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
 2021-04-06 04:07:18 -04:00
Tad
ad178961e4 Improvements and fixes 
- 18.1: disable m8, thermanager is not yet ready
- 17.1: drop cheeseburger/dumpling, it is absolutely broken
- deblobber: remove euicc + others
- deblobber: hack to remove vintf fragments
 2021-04-05 18:09:22 -04:00
Tad
2a0e74864b 17.1: Add fugu 2021-04-02 15:41:28 -04:00
Tad
a2d6d77b4c Update CVE patchers 2021-04-02 12:20:40 -04:00
Tad
2bbbd6d87f 17.1: drop support for all devices tested working on 18.1 2021-04-02 02:32:15 -04:00
Tad
c3271c38da Small fixes 2021-04-01 20:58:04 -04:00
Tad
9db9215d6b Small changes 
- Disable generation of unused OTA to reduce compile time
- 17.1+: Disable APEX, breaks signing, and is also useless since no Play Store.
- 18.1: Fixup signing
 2021-03-31 01:30:17 -04:00
Tad
398f663e47 Small changes 2021-03-29 23:14:33 -04:00
Tad
9c70bfc6a3 Small fixes 
- Bring 17.1 recovery in line with 18.1
- flox: fix sensors on 17.1
- flo 15.1: sensors might still be broken due to denial
- flox 17.1: reboot issue is likely fixed
- 18.1: fix my Wi-Fi (wpa2-eap with a cert, but no domain)
 2021-03-27 13:48:55 -04:00
Tad
d8712ad62a Update CVE patchers 2021-03-24 16:31:25 -04:00
Tad
5d14e4b4f7 Small changes 
- Add m7 and avicii (untested)
- Use low_ram target on <2GB devices
  Silly me, this never did anything due to the git reset...
- Update Chromium WebView cherrypick
 2021-03-24 14:43:12 -04:00
Tad
08ea27fd00 Only include Silence when needed 
ie. not on tablets without cellular
 2021-03-23 21:11:08 -04:00
Tad
529b47039c 18.1: Initial bringup 
- Functionality tested on mako and klte
- In-place upgrade from 17.1 tested working on klte
- Compile tested on bacon and klte
- Recovery OTA key patch missing, unsure if still needed.
- Deblobber needs support for removing vintf manifest paths from vendor Android.bp
- Launcher needs more default_workspace grid variants (eg. 4x5)
 2021-03-23 12:36:31 -04:00
Tad
add30db605 Drop support for overclocking 
These patches have been disabled for years.
 2021-03-20 16:23:38 -04:00
Tad
92dcea3b7d Update CVE patchers 2021-03-20 16:04:14 -04:00
Tad
10b157418d 14.1: drop support for all devices compiling on 15.1 or 16.0 or 17.1 2021-03-20 14:28:41 -04:00
Tad
caeb3d5199 Add FP3 to 16.0 and 17.1 
Untested
 2021-03-19 21:53:28 -04:00
Tad
c6f2a5a06d Fixup ef0ee2c3 2021-03-15 01:06:23 -04:00
Tad
ef0ee2c316 Update CVE patchers 2021-03-14 21:59:19 -04:00
Tad
a3fbed9da5 Update cherrypicks and small tweaks 2021-03-07 03:04:44 -05:00
Tad
60070a19bd Update CVE patchers 
Consider splitting CVE-2020-27067 to restore basic patches.
 2021-03-04 15:10:24 -05:00
Tad
f02363ecb4 March 2021 Security Updates 2021-03-04 13:02:10 -05:00