diff --git a/Manifests/Manifest_LAOS-11.0.xml b/Manifests/Manifest_LAOS-11.0.xml
new file mode 100644
index 00000000..d3d3a18d
--- /dev/null
+++ b/Manifests/Manifest_LAOS-11.0.xml
@@ -0,0 +1,94 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Patches/LineageOS-11.0/android_external_sqlite/0001-Secure_Delete.patch b/Patches/LineageOS-11.0/android_external_sqlite/0001-Secure_Delete.patch
new file mode 100644
index 00000000..1f5c8e6d
--- /dev/null
+++ b/Patches/LineageOS-11.0/android_external_sqlite/0001-Secure_Delete.patch
@@ -0,0 +1,27 @@
+From de55e0158ad3a6f89718c1d9fb19d336dea34937 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 10 Jul 2018 08:09:29 -0400
+Subject: [PATCH] Enable secure_delete by default
+
+Change-Id: Iad6cea9f6489759faee04926213163a56dab1b9b
+---
+ dist/Android.mk | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/dist/Android.mk b/dist/Android.mk
+index 96e3035..4692f3f 100644
+--- a/dist/Android.mk
++++ b/dist/Android.mk
+@@ -28,7 +28,8 @@ common_sqlite_flags := \
+ -DSQLITE_OMIT_COMPILEOPTION_DIAGS \
+ -DSQLITE_OMIT_LOAD_EXTENSION \
+ -DSQLITE_DEFAULT_FILE_PERMISSIONS=0600 \
+- -Dfdatasync=fdatasync
++ -Dfdatasync=fdatasync \
++ -DSQLITE_SECURE_DELETE
+
+ common_src_files := sqlite3.c
+
+--
+2.18.0
+
diff --git a/Patches/LineageOS-11.0/android_frameworks_base/0001-Signature_Spoofing.patch b/Patches/LineageOS-11.0/android_frameworks_base/0001-Signature_Spoofing.patch
new file mode 100644
index 00000000..5571a587
--- /dev/null
+++ b/Patches/LineageOS-11.0/android_frameworks_base/0001-Signature_Spoofing.patch
@@ -0,0 +1,66 @@
+diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
+index e6da288..66684d3 100644
+--- a/core/java/android/content/pm/PackageParser.java
++++ b/core/java/android/content/pm/PackageParser.java
+@@ -447,10 +447,23 @@ public class PackageParser {
+ }
+ }
+ if ((flags&PackageManager.GET_SIGNATURES) != 0) {
+- int N = (p.mSignatures != null) ? p.mSignatures.length : 0;
+- if (N > 0) {
+- pi.signatures = new Signature[N];
+- System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N);
++ boolean handledFakeSignature = false;
++ try {
++ if (p.requestedPermissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") && p.mAppMetaData != null
++ && p.mAppMetaData.get("fake-signature") instanceof String) {
++ pi.signatures = new Signature[] {new Signature(p.mAppMetaData.getString("fake-signature"))};
++ handledFakeSignature = true;
++ }
++ } catch (Throwable t) {
++ // We should never die because of any failures, this is system code!
++ Log.w("PackageParser.FAKE_PACKAGE_SIGNATURE", t);
++ }
++ if (!handledFakeSignature) {
++ int N = (p.mSignatures != null) ? p.mSignatures.length : 0;
++ if (N > 0) {
++ pi.signatures = new Signature[N];
++ System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N);
++ }
+ }
+ }
+ return pi;
+diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
+index 558a475..4e7aa65 100644
+--- a/core/res/AndroidManifest.xml
++++ b/core/res/AndroidManifest.xml
+@@ -1562,6 +1562,13 @@
+ android:label="@string/permlab_getPackageSize"
+ android:description="@string/permdesc_getPackageSize" />
+
++
++
++
+
+diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
+index 790e166..8e66470 100644
+--- a/core/res/res/values/strings.xml
++++ b/core/res/res/values/strings.xml
+@@ -1135,6 +1135,11 @@
+ Allows the app to retrieve its code, data, and cache sizes
+
+
++ mimic package signature
++
++ Allows the app to use mimic another app\'s package signature.
++
++
+ directly install apps
+
+ Allows the app to install new or updated
diff --git a/Patches/LineageOS-11.0/android_frameworks_base/0002-Harden_Sig_Spoofing.patch b/Patches/LineageOS-11.0/android_frameworks_base/0002-Harden_Sig_Spoofing.patch
new file mode 100644
index 00000000..2a4976e9
--- /dev/null
+++ b/Patches/LineageOS-11.0/android_frameworks_base/0002-Harden_Sig_Spoofing.patch
@@ -0,0 +1,26 @@
+From 79c65fa6741cecda0b38a4881a07ec54a4896b69 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Tue, 10 Jul 2018 08:13:23 -0400
+Subject: [PATCH] Harden signature spoofing
+
+Change-Id: Iad362df358cb9cdf6e2ce9d511f09ee6b77a90e2
+---
+ core/res/AndroidManifest.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
+index 1e5a7ad1f9..224fea23c8 100644
+--- a/core/res/AndroidManifest.xml
++++ b/core/res/AndroidManifest.xml
+@@ -1598,7 +1598,7 @@
+
+
+
+--
+2.18.0
+
diff --git a/Patches/LineageOS-11.0/android_kernel_zte_msm8930/0001-MDP-Fix.patch b/Patches/LineageOS-11.0/android_kernel_zte_msm8930/0001-MDP-Fix.patch
new file mode 100644
index 00000000..50df78a2
--- /dev/null
+++ b/Patches/LineageOS-11.0/android_kernel_zte_msm8930/0001-MDP-Fix.patch
@@ -0,0 +1,24 @@
+From f67900ad9370a7e7f0186b3f459dad2c74db7aae Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Sun, 11 Dec 2016 23:15:20 -0500
+Subject: [PATCH] Fixes
+
+Change-Id: I55eb4f1af258b649ddc36bd822d9b28f9fd64ce9
+---
+ include/linux/msm_mdp.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/linux/msm_mdp.h b/include/linux/msm_mdp.h
+index 8f829ef..cf6d3d0 100644
+--- a/include/linux/msm_mdp.h
++++ b/include/linux/msm_mdp.h
+@@ -574,6 +574,7 @@ struct mdp_buf_sync {
+ uint32_t acq_fen_fd_cnt;
+ int *acq_fen_fd;
+ int *rel_fen_fd;
++ int *retire_fen_fd;
+ };
+
+ struct mdp_buf_fence {
+--
+2.9.3
diff --git a/Patches/LineageOS-11.0/android_packages_apps_Settings/0001-CMStats.patch b/Patches/LineageOS-11.0/android_packages_apps_Settings/0001-CMStats.patch
new file mode 100644
index 00000000..86f87a54
--- /dev/null
+++ b/Patches/LineageOS-11.0/android_packages_apps_Settings/0001-CMStats.patch
@@ -0,0 +1,673 @@
+From 587a8d5cfc2db51381303579b73854f06ef99d66 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Mon, 6 Nov 2017 19:01:08 -0500
+Subject: [PATCH] Remove CMStats
+
+Change-Id: I073b062a3e71c33dab4379c7c60a016595579562
+---
+ AndroidManifest.xml | 8 --
+ res/xml/security_settings_cyanogenmod.xml | 30 -----
+ src/com/android/settings/Settings.java | 1 -
+ .../android/settings/cmstats/AnonymousStats.java | 127 ------------------
+ src/com/android/settings/cmstats/PreviewData.java | 49 -------
+ .../android/settings/cmstats/ReportingService.java | 149 ---------------------
+ .../settings/cmstats/ReportingServiceManager.java | 113 ----------------
+ src/com/android/settings/cmstats/Utilities.java | 99 --------------
+ .../settings/cyanogenmod/PrivacySettings.java | 1 -
+ 9 files changed, 577 deletions(-)
+ delete mode 100644 res/xml/security_settings_cyanogenmod.xml
+ delete mode 100644 src/com/android/settings/cmstats/AnonymousStats.java
+ delete mode 100644 src/com/android/settings/cmstats/PreviewData.java
+ delete mode 100644 src/com/android/settings/cmstats/ReportingService.java
+ delete mode 100644 src/com/android/settings/cmstats/ReportingServiceManager.java
+ delete mode 100644 src/com/android/settings/cmstats/Utilities.java
+
+diff --git a/AndroidManifest.xml b/AndroidManifest.xml
+index 3f53b75d5..f0f89bec5 100644
+--- a/AndroidManifest.xml
++++ b/AndroidManifest.xml
+@@ -1871,14 +1871,6 @@
+
+
+
+-
+-
+-
+-
+
+
+
+diff --git a/res/xml/security_settings_cyanogenmod.xml b/res/xml/security_settings_cyanogenmod.xml
+deleted file mode 100644
+index 68aba9510..000000000
+--- a/res/xml/security_settings_cyanogenmod.xml
++++ /dev/null
+@@ -1,30 +0,0 @@
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+diff --git a/src/com/android/settings/Settings.java b/src/com/android/settings/Settings.java
+index 81b8cf65e..464258166 100644
+--- a/src/com/android/settings/Settings.java
++++ b/src/com/android/settings/Settings.java
+@@ -1403,7 +1403,6 @@ public class Settings extends PreferenceActivity
+ public static class PaymentSettingsActivity extends Settings { /* empty */ }
+ public static class PrintSettingsActivity extends Settings { /* empty */ }
+ public static class PrintJobSettingsActivity extends Settings { /* empty */ }
+- public static class AnonymousStatsActivity extends Settings { /* empty */ }
+ public static class ApnSettingsActivity extends Settings { /* empty */ }
+ public static class ApnEditorActivity extends Settings { /* empty */ }
+ public static class BlacklistSettingsActivity extends Settings { /* empty */ }
+diff --git a/src/com/android/settings/cmstats/AnonymousStats.java b/src/com/android/settings/cmstats/AnonymousStats.java
+deleted file mode 100644
+index 2e6d016b7..000000000
+--- a/src/com/android/settings/cmstats/AnonymousStats.java
++++ /dev/null
+@@ -1,127 +0,0 @@
+-/*
+- * Copyright (C) 2012 The CyanogenMod Project
+- *
+- * Licensed under the Apache License, Version 2.0 (the "License");
+- * you may not use this file except in compliance with the License.
+- * You may obtain a copy of the License at
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS,
+- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- * See the License for the specific language governing permissions and
+- * limitations under the License.
+- */
+-
+-package com.android.settings.cmstats;
+-
+-import android.app.AlertDialog;
+-import android.app.Dialog;
+-import android.content.Context;
+-import android.content.DialogInterface;
+-import android.content.Intent;
+-import android.content.SharedPreferences;
+-import android.net.Uri;
+-import android.os.Bundle;
+-import android.preference.CheckBoxPreference;
+-import android.preference.Preference;
+-import android.preference.PreferenceScreen;
+-
+-import android.provider.Settings;
+-import com.android.settings.R;
+-import com.android.settings.SettingsPreferenceFragment;
+-
+-public class AnonymousStats extends SettingsPreferenceFragment implements
+- DialogInterface.OnClickListener, DialogInterface.OnDismissListener,
+- Preference.OnPreferenceChangeListener {
+- private static final String VIEW_STATS = "pref_view_stats";
+-
+- private static final String PREF_FILE_NAME = "CMStats";
+- /* package */ static final String ANONYMOUS_OPT_IN = "pref_anonymous_opt_in";
+- /* package */ static final String ANONYMOUS_LAST_CHECKED = "pref_anonymous_checked_in";
+-
+- private CheckBoxPreference mEnableReporting;
+- private Preference mViewStats;
+-
+- private Dialog mOkDialog;
+- private boolean mOkClicked;
+-
+- private SharedPreferences mPrefs;
+-
+- public static SharedPreferences getPreferences(Context context) {
+- return context.getSharedPreferences(PREF_FILE_NAME, 0);
+- }
+-
+- @Override
+- public void onCreate(Bundle savedInstanceState) {
+- super.onCreate(savedInstanceState);
+-
+- addPreferencesFromResource(R.xml.anonymous_stats);
+-
+- mPrefs = getPreferences(getActivity());
+-
+- PreferenceScreen prefSet = getPreferenceScreen();
+- mEnableReporting = (CheckBoxPreference) prefSet.findPreference(ANONYMOUS_OPT_IN);
+- mViewStats = (Preference) prefSet.findPreference(VIEW_STATS);
+- }
+-
+- @Override
+- public boolean onPreferenceTreeClick(PreferenceScreen preferenceScreen, Preference preference) {
+- if (preference == mEnableReporting) {
+- if (mEnableReporting.isChecked()) {
+- // Display the confirmation dialog
+- mOkClicked = false;
+- if (mOkDialog != null) {
+- mOkDialog.dismiss();
+- }
+- mOkDialog = new AlertDialog.Builder(getActivity())
+- .setMessage(R.string.anonymous_statistics_warning)
+- .setTitle(R.string.anonymous_statistics_warning_title)
+- .setIconAttribute(android.R.attr.alertDialogIcon)
+- .setPositiveButton(android.R.string.yes, this)
+- .setNeutralButton(R.string.anonymous_learn_more, this)
+- .setNegativeButton(android.R.string.no, this)
+- .show();
+- mOkDialog.setOnDismissListener(this);
+- } else {
+- // Disable reporting
+- Utilities.setStatsCollectionEnabled(getActivity(), false);
+- }
+- } else if (preference == mViewStats) {
+- // Display the stats page
+- Uri uri = Uri.parse("http://stats.cyanogenmod.org");
+- startActivity(new Intent(Intent.ACTION_VIEW, uri));
+- } else {
+- // If we didn't handle it, let preferences handle it.
+- return super.onPreferenceTreeClick(preferenceScreen, preference);
+- }
+- return true;
+- }
+-
+- @Override
+- public boolean onPreferenceChange(Preference preference, Object newValue) {
+- return false;
+- }
+-
+- @Override
+- public void onDismiss(DialogInterface dialog) {
+- if (!mOkClicked) {
+- mEnableReporting.setChecked(false);
+- }
+- }
+-
+- @Override
+- public void onClick(DialogInterface dialog, int which) {
+- if (which == DialogInterface.BUTTON_POSITIVE) {
+- mOkClicked = true;
+- Utilities.setStatsCollectionEnabled(getActivity(), true);
+- ReportingServiceManager.launchService(getActivity());
+- } else if (which == DialogInterface.BUTTON_NEGATIVE) {
+- mEnableReporting.setChecked(false);
+- } else {
+- Uri uri = Uri.parse("http://www.cyanogenmod.org/blog/cmstats-what-it-is-and-why-you-should-opt-in");
+- startActivity(new Intent(Intent.ACTION_VIEW, uri));
+- }
+- }
+-}
+diff --git a/src/com/android/settings/cmstats/PreviewData.java b/src/com/android/settings/cmstats/PreviewData.java
+deleted file mode 100644
+index 7a78aea51..000000000
+--- a/src/com/android/settings/cmstats/PreviewData.java
++++ /dev/null
+@@ -1,49 +0,0 @@
+-/*
+- * Copyright (C) 2012 The CyanogenMod Project
+- *
+- * Licensed under the Apache License, Version 2.0 (the "License");
+- * you may not use this file except in compliance with the License.
+- * You may obtain a copy of the License at
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS,
+- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- * See the License for the specific language governing permissions and
+- * limitations under the License.
+- */
+-
+-package com.android.settings.cmstats;
+-
+-import android.content.Context;
+-import android.os.Bundle;
+-import android.preference.Preference;
+-import android.preference.PreferenceScreen;
+-
+-import com.android.settings.R;
+-import com.android.settings.SettingsPreferenceFragment;
+-
+-public class PreviewData extends SettingsPreferenceFragment {
+- private static final String UNIQUE_ID = "preview_id";
+- private static final String DEVICE = "preview_device";
+- private static final String VERSION = "preview_version";
+- private static final String COUNTRY = "preview_country";
+- private static final String CARRIER = "preview_carrier";
+-
+- @Override
+- public void onCreate(Bundle savedInstanceState) {
+- super.onCreate(savedInstanceState);
+-
+- addPreferencesFromResource(R.xml.preview_data);
+-
+- final PreferenceScreen prefSet = getPreferenceScreen();
+- final Context context = getActivity();
+-
+- prefSet.findPreference(UNIQUE_ID).setSummary(Utilities.getUniqueID(context));
+- prefSet.findPreference(DEVICE).setSummary(Utilities.getDevice());
+- prefSet.findPreference(VERSION).setSummary(Utilities.getModVersion());
+- prefSet.findPreference(COUNTRY).setSummary(Utilities.getCountryCode(context));
+- prefSet.findPreference(CARRIER).setSummary(Utilities.getCarrier(context));
+- }
+-}
+diff --git a/src/com/android/settings/cmstats/ReportingService.java b/src/com/android/settings/cmstats/ReportingService.java
+deleted file mode 100644
+index 32db82011..000000000
+--- a/src/com/android/settings/cmstats/ReportingService.java
++++ /dev/null
+@@ -1,149 +0,0 @@
+-/*
+- * Copyright (C) 2012 The CyanogenMod Project
+- *
+- * Licensed under the Apache License, Version 2.0 (the "License");
+- * you may not use this file except in compliance with the License.
+- * You may obtain a copy of the License at
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS,
+- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- * See the License for the specific language governing permissions and
+- * limitations under the License.
+- */
+-
+-package com.android.settings.cmstats;
+-
+-import android.app.Service;
+-import android.content.Context;
+-import android.content.Intent;
+-import android.content.SharedPreferences;
+-import android.os.AsyncTask;
+-import android.os.IBinder;
+-import android.util.Log;
+-
+-import com.android.settings.R;
+-import com.android.settings.Settings;
+-
+-import com.google.analytics.tracking.android.GoogleAnalytics;
+-import com.google.analytics.tracking.android.Tracker;
+-
+-import org.apache.http.NameValuePair;
+-import org.apache.http.client.HttpClient;
+-import org.apache.http.client.entity.UrlEncodedFormEntity;
+-import org.apache.http.client.methods.HttpPost;
+-import org.apache.http.impl.client.DefaultHttpClient;
+-import org.apache.http.message.BasicNameValuePair;
+-
+-import java.io.IOException;
+-import java.util.ArrayList;
+-import java.util.List;
+-
+-public class ReportingService extends Service {
+- /* package */ static final String TAG = "CMStats";
+-
+- private StatsUploadTask mTask;
+-
+- @Override
+- public IBinder onBind(Intent intent) {
+- return null;
+- }
+-
+- @Override
+- public int onStartCommand (Intent intent, int flags, int startId) {
+- Log.d(TAG, "User has opted in -- reporting.");
+-
+- if (mTask == null || mTask.getStatus() == AsyncTask.Status.FINISHED) {
+- mTask = new StatsUploadTask();
+- mTask.execute();
+- }
+-
+- return Service.START_REDELIVER_INTENT;
+- }
+-
+- private class StatsUploadTask extends AsyncTask {
+- @Override
+- protected Boolean doInBackground(Void... params) {
+- String deviceId = Utilities.getUniqueID(getApplicationContext());
+- String deviceName = Utilities.getDevice();
+- String deviceVersion = Utilities.getModVersion();
+- String deviceCountry = Utilities.getCountryCode(getApplicationContext());
+- String deviceCarrier = Utilities.getCarrier(getApplicationContext());
+- String deviceCarrierId = Utilities.getCarrierId(getApplicationContext());
+-
+- Log.d(TAG, "SERVICE: Device ID=" + deviceId);
+- Log.d(TAG, "SERVICE: Device Name=" + deviceName);
+- Log.d(TAG, "SERVICE: Device Version=" + deviceVersion);
+- Log.d(TAG, "SERVICE: Country=" + deviceCountry);
+- Log.d(TAG, "SERVICE: Carrier=" + deviceCarrier);
+- Log.d(TAG, "SERVICE: Carrier ID=" + deviceCarrierId);
+-
+- // report to google analytics
+- GoogleAnalytics ga = GoogleAnalytics.getInstance(ReportingService.this);
+- Tracker tracker = ga.getTracker(getString(R.string.ga_trackingId));
+- tracker.sendEvent(deviceName, deviceVersion, deviceCountry, null);
+-
+- // this really should be set at build time...
+- // format of version should be:
+- // version[-date-type]-device
+- String[] parts = deviceVersion.split("-");
+- String deviceVersionNoDevice = null;
+- if (parts.length == 2) {
+- deviceVersionNoDevice = parts[0];
+- } else if (parts.length == 4) {
+- deviceVersionNoDevice = parts[0] + "-" + parts[2];
+- }
+-
+- if (deviceVersionNoDevice != null) {
+- tracker.sendEvent("checkin", deviceName, deviceVersionNoDevice, null);
+- }
+- tracker.close();
+-
+- // report to the cmstats service
+- HttpClient httpClient = new DefaultHttpClient();
+- HttpPost httpPost = new HttpPost("https://stats.cyanogenmod.org/submit");
+- boolean success = false;
+-
+- try {
+- List kv = new ArrayList(5);
+- kv.add(new BasicNameValuePair("device_hash", deviceId));
+- kv.add(new BasicNameValuePair("device_name", deviceName));
+- kv.add(new BasicNameValuePair("device_version", deviceVersion));
+- kv.add(new BasicNameValuePair("device_country", deviceCountry));
+- kv.add(new BasicNameValuePair("device_carrier", deviceCarrier));
+- kv.add(new BasicNameValuePair("device_carrier_id", deviceCarrierId));
+-
+- httpPost.setEntity(new UrlEncodedFormEntity(kv));
+- httpClient.execute(httpPost);
+-
+- success = true;
+- } catch (IOException e) {
+- Log.w(TAG, "Could not upload stats checkin", e);
+- }
+-
+- return success;
+- }
+-
+- @Override
+- protected void onPostExecute(Boolean result) {
+- final Context context = ReportingService.this;
+- long interval;
+-
+- if (result) {
+- final SharedPreferences prefs = AnonymousStats.getPreferences(context);
+- prefs.edit().putLong(AnonymousStats.ANONYMOUS_LAST_CHECKED,
+- System.currentTimeMillis()).apply();
+- // use set interval
+- interval = 0;
+- } else {
+- // error, try again in 3 hours
+- interval = 3L * 60L * 60L * 1000L;
+- }
+-
+- ReportingServiceManager.setAlarm(context, interval);
+- stopSelf();
+- }
+- }
+-}
+diff --git a/src/com/android/settings/cmstats/ReportingServiceManager.java b/src/com/android/settings/cmstats/ReportingServiceManager.java
+deleted file mode 100644
+index 540f55e4d..000000000
+--- a/src/com/android/settings/cmstats/ReportingServiceManager.java
++++ /dev/null
+@@ -1,113 +0,0 @@
+-/*
+- * Copyright (C) 2012 The CyanogenMod Project
+- *
+- * Licensed under the Apache License, Version 2.0 (the "License");
+- * you may not use this file except in compliance with the License.
+- * You may obtain a copy of the License at
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS,
+- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- * See the License for the specific language governing permissions and
+- * limitations under the License.
+- */
+-
+-package com.android.settings.cmstats;
+-
+-import android.app.AlarmManager;
+-import android.app.PendingIntent;
+-import android.content.BroadcastReceiver;
+-import android.content.Context;
+-import android.content.Intent;
+-import android.content.SharedPreferences;
+-import android.net.ConnectivityManager;
+-import android.net.NetworkInfo;
+-import android.provider.Settings;
+-import android.util.Log;
+-
+-public class ReportingServiceManager extends BroadcastReceiver {
+- private static final long MILLIS_PER_HOUR = 60L * 60L * 1000L;
+- private static final long MILLIS_PER_DAY = 24L * MILLIS_PER_HOUR;
+- private static final long UPDATE_INTERVAL = 1L * MILLIS_PER_DAY;
+-
+- @Override
+- public void onReceive(Context context, Intent intent) {
+- if (intent.getAction().equals(Intent.ACTION_BOOT_COMPLETED)) {
+- setAlarm(context, 0);
+- } else {
+- launchService(context);
+- }
+- }
+-
+- public static void setAlarm(Context context, long millisFromNow) {
+- SharedPreferences prefs = AnonymousStats.getPreferences(context);
+- if (prefs.contains(AnonymousStats.ANONYMOUS_OPT_IN)) {
+- migrate(context, prefs);
+- }
+- if (!Utilities.isStatsCollectionEnabled(context)) {
+- return;
+- }
+-
+- if (millisFromNow <= 0) {
+- long lastSynced = prefs.getLong(AnonymousStats.ANONYMOUS_LAST_CHECKED, 0);
+- if (lastSynced == 0) {
+- // never synced, so let's fake out that the last sync was just now.
+- // this will allow the user tFrame time to opt out before it will start
+- // sending up anonymous stats.
+- lastSynced = System.currentTimeMillis();
+- prefs.edit().putLong(AnonymousStats.ANONYMOUS_LAST_CHECKED, lastSynced).apply();
+- Log.d(ReportingService.TAG, "Set alarm for first sync.");
+- }
+- millisFromNow = (lastSynced + UPDATE_INTERVAL) - System.currentTimeMillis();
+- }
+-
+- Intent intent = new Intent(ConnectivityManager.CONNECTIVITY_ACTION);
+- intent.setClass(context, ReportingServiceManager.class);
+-
+- AlarmManager alarmManager = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);
+- alarmManager.set(AlarmManager.RTC_WAKEUP, System.currentTimeMillis() + millisFromNow,
+- PendingIntent.getBroadcast(context, 0, intent, 0));
+- Log.d(ReportingService.TAG, "Next sync attempt in : " + millisFromNow / MILLIS_PER_HOUR + " hours");
+- }
+-
+- public static void launchService(Context context) {
+- ConnectivityManager cm = (ConnectivityManager)
+- context.getSystemService(Context.CONNECTIVITY_SERVICE);
+-
+- NetworkInfo networkInfo = cm.getActiveNetworkInfo();
+- if (networkInfo == null || !networkInfo.isConnected()) {
+- return;
+- }
+-
+- SharedPreferences prefs = AnonymousStats.getPreferences(context);
+-
+- if (!Utilities.isStatsCollectionEnabled(context)) {
+- return;
+- }
+-
+- long lastSynced = prefs.getLong(AnonymousStats.ANONYMOUS_LAST_CHECKED, 0);
+- if (lastSynced == 0) {
+- setAlarm(context, 0);
+- return;
+- }
+- long timeElapsed = System.currentTimeMillis() - lastSynced;
+- if (timeElapsed < UPDATE_INTERVAL) {
+- long timeLeft = UPDATE_INTERVAL - timeElapsed;
+- Log.d(ReportingService.TAG, "Waiting for next sync : " + timeLeft / MILLIS_PER_HOUR + " hours");
+- return;
+- }
+-
+- Intent intent = new Intent();
+- intent.setClass(context, ReportingService.class);
+- context.startService(intent);
+- }
+-
+- private static void migrate(Context context, SharedPreferences prefs) {
+- Utilities.setStatsCollectionEnabled(context,
+- prefs.getBoolean(AnonymousStats.ANONYMOUS_OPT_IN, true));
+- prefs.edit().remove(AnonymousStats.ANONYMOUS_OPT_IN).commit();
+- }
+-
+-}
+diff --git a/src/com/android/settings/cmstats/Utilities.java b/src/com/android/settings/cmstats/Utilities.java
+deleted file mode 100644
+index 4d4ff48fa..000000000
+--- a/src/com/android/settings/cmstats/Utilities.java
++++ /dev/null
+@@ -1,99 +0,0 @@
+-/*
+- * Copyright (C) 2012 The CyanogenMod Project
+- *
+- * Licensed under the Apache License, Version 2.0 (the "License");
+- * you may not use this file except in compliance with the License.
+- * You may obtain a copy of the License at
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS,
+- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- * See the License for the specific language governing permissions and
+- * limitations under the License.
+- */
+-
+-package com.android.settings.cmstats;
+-
+-import android.content.Context;
+-import android.os.SystemProperties;
+-import android.provider.Settings;
+-import android.telephony.TelephonyManager;
+-import android.text.TextUtils;
+-
+-import java.math.BigInteger;
+-import java.net.NetworkInterface;
+-import java.security.MessageDigest;
+-
+-public class Utilities {
+- public static String getUniqueID(Context context) {
+- final String id = Settings.Secure.getString(context.getContentResolver(), Settings.Secure.ANDROID_ID);
+- return digest(context.getPackageName() + id);
+- }
+-
+- public static String getCarrier(Context context) {
+- TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
+- String carrier = tm.getNetworkOperatorName();
+- if (TextUtils.isEmpty(carrier)) {
+- carrier = "Unknown";
+- }
+- return carrier;
+- }
+-
+- public static String getCarrierId(Context context) {
+- TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
+- String carrierId = tm.getNetworkOperator();
+- if (TextUtils.isEmpty(carrierId)) {
+- carrierId = "0";
+- }
+- return carrierId;
+- }
+-
+- public static String getCountryCode(Context context) {
+- TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
+- String countryCode = tm.getNetworkCountryIso();
+- if (TextUtils.isEmpty(countryCode)) {
+- countryCode = "Unknown";
+- }
+- return countryCode;
+- }
+-
+- public static String getDevice() {
+- return SystemProperties.get("ro.cm.device");
+- }
+-
+- public static String getModVersion() {
+- return SystemProperties.get("ro.cm.version");
+- }
+-
+- public static String digest(String input) {
+- try {
+- MessageDigest md = MessageDigest.getInstance("MD5");
+- return new BigInteger(1, md.digest(input.getBytes())).toString(16).toUpperCase();
+- } catch (Exception e) {
+- return null;
+- }
+- }
+-
+- /**
+- * Check to see if global stats are enabled.
+- * @param context
+- * @return Whether or not stats collection is enabled.
+- */
+- public static boolean isStatsCollectionEnabled(Context context) {
+- return Settings.System.getInt(context.getContentResolver(),
+- Settings.System.STATS_COLLECTION, 1) != 0;
+- }
+-
+- /**
+- * Enabled or disable stats collection
+- * @param context
+- * @param enabled Boolean that sets collection being enabled.
+- */
+- public static void setStatsCollectionEnabled(Context context, boolean enabled) {
+- int enable = (enabled) ? 1 : 0;
+- Settings.System.putInt(context.getContentResolver(),
+- Settings.System.STATS_COLLECTION, enable);
+- }
+-}
+diff --git a/src/com/android/settings/cyanogenmod/PrivacySettings.java b/src/com/android/settings/cyanogenmod/PrivacySettings.java
+index 49bc7b497..6c6021f76 100644
+--- a/src/com/android/settings/cyanogenmod/PrivacySettings.java
++++ b/src/com/android/settings/cyanogenmod/PrivacySettings.java
+@@ -54,7 +54,6 @@ public class PrivacySettings extends SettingsPreferenceFragment {
+ mBlacklist = null;
+ }
+
+- addPreferencesFromResource(R.xml.security_settings_cyanogenmod);
+ }
+
+ @Override
+--
+2.15.0
+
diff --git a/Patches/LineageOS-11.0/android_system_core/0001-Harden_Mounts.patch b/Patches/LineageOS-11.0/android_system_core/0001-Harden_Mounts.patch
new file mode 100644
index 00000000..ac9ad436
--- /dev/null
+++ b/Patches/LineageOS-11.0/android_system_core/0001-Harden_Mounts.patch
@@ -0,0 +1,30 @@
+From f19ab3bce2115c6ddf24528885305c3ba038f29b Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 10 Jul 2018 08:22:08 -0400
+Subject: [PATCH] Harden mounts
+
+Change-Id: I2db94882224672cac3e54f7d8422d1e036828378
+---
+ init/init.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/init/init.c b/init/init.c
+index 53e0dae1..d022253b 100644
+--- a/init/init.c
++++ b/init/init.c
+@@ -1136,9 +1136,9 @@ int main(int argc, char **argv)
+ mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755");
+ mkdir("/dev/pts", 0755);
+ mkdir("/dev/socket", 0755);
+- mount("devpts", "/dev/pts", "devpts", 0, NULL);
+- mount("proc", "/proc", "proc", 0, NULL);
+- mount("sysfs", "/sys", "sysfs", 0, NULL);
++ mount("devpts", "/dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, NULL);
++ mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL);
++ mount("sysfs", "/sys", "sysfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL);
+
+ /* indicate that booting is in progress to background fw loaders, etc */
+ close(open("/dev/.booting", O_WRONLY | O_CREAT, 0000));
+--
+2.18.0
+
diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
old mode 100755
new mode 100644
diff --git a/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_asus_grouper.sh b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_asus_grouper.sh
new file mode 100644
index 00000000..112adf9e
--- /dev/null
+++ b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_asus_grouper.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/asus/grouper"
+git apply $DOS_PATCHES_LINUX_CVES/0014-GCC_Patches/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6689/^3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6701/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6704/^3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-2015/^3.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1739/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-2523/^3.13/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4656/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9420/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9683/^3.18/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9715/^3.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9895/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1534/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2686/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7550/^4.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8944/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0723/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0821/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2384/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2438/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2544/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2545/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2546/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3134/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4569/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5829/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6753/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6828/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7910/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7915/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8399/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8406/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9793/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9794/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0403/3.0-^3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6074/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7308/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
+editKernelLocalversion "-dos.p71"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh
new file mode 100644
index 00000000..22092626
--- /dev/null
+++ b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh
@@ -0,0 +1,136 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/zte/msm8930"
+git apply $DOS_PATCHES_LINUX_CVES/0012-Copperhead-Deny_USB/3.4/3.4-Backport.patch
+git apply $DOS_PATCHES_LINUX_CVES/0013-syskaller-Misc/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/0014-GCC_Patches/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6657/^3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6701/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6703/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6703/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6704/^3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-2015/^3.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-0196/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1739/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-2523/^3.13/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3153/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3153/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4323/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4655/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4656/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7822/3.2-^3.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7970/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8709/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9420/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9683/^3.18/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9715/^3.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9870/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9888/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1420/3.2-^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1593/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1805/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2686/ANY/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2922/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-3636/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7550/^4.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8937/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8944/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0723/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0774/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0821/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10233/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2384/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2438/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2544/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2545/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2546/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3134/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3854/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4569/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4805/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5829/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6728/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6753/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6791/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6828/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7910/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7915/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8399/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8406/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8463/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9793/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9794/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0403/3.0-^3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000251/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11089/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080-Extra/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080-Extra/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080-Extra/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080-Extra/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2671/^4.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6074/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6951/^3.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7308/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
+editKernelLocalversion "-dos.p132"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-11.0/Defaults.sh b/Scripts/LineageOS-11.0/Defaults.sh
new file mode 100644
index 00000000..d1e221e8
--- /dev/null
+++ b/Scripts/LineageOS-11.0/Defaults.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Changes various default settings
+#Last verified: 2018-07-10
+
+#Useful commands
+#nano $(find . -name "config.xml" | grep "values/" | grep -v "device" | grep -v "tests")
+#nano $(find . -name "defaults.xml" | grep "values/" | grep -v "device")
+
+echo "Changing default settings...";
+
+enter "packages/apps/Dialer";
+sed -i 's/ENABLE_FORWARD_LOOKUP, 1)/ENABLE_FORWARD_LOOKUP, 0)/' src/com/android/dialer/*/LookupSettings*.java; #Disable FLP
+sed -i 's/ENABLE_PEOPLE_LOOKUP, 1)/ENABLE_PEOPLE_LOOKUP, 0)/' src/com/android/dialer/*/LookupSettings*.java; #Disable PLP
+sed -i 's/ENABLE_REVERSE_LOOKUP, 1)/ENABLE_REVERSE_LOOKUP, 0)/' src/com/android/dialer/*/LookupSettings*.java; #Disable RLP
+
+enter "packages/apps/Nfc";
+sed -i 's/boolean NFC_ON_DEFAULT = true;/boolean NFC_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NFC
+sed -i 's/boolean NDEF_PUSH_ON_DEFAULT = true;/boolean NDEF_PUSH_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NDEF Push
+
+enter "packages/apps/Settings";
+sed -i 's/Float.parseFloat(newValue.toString()) : 1;/Float.parseFloat(newValue.toString()) : 0.5f;/' src/com/android/settings/DevelopmentSettings.java; #Always reset animation scales to 0.5
+
+enter "vendor/cm";
+sed -i 's/ro.config.notification_sound=Argon.ogg/ro.config.notification_sound=Pong.ogg/' config/common*.mk;
+sed -i 's/ro.config.alarm_alert=Hassium.ogg/ro.config.alarm_alert=Alarm_Buzzer.ogg/' config/common*.mk;
+
+cd "$DOS_BUILD_BASE";
+echo "Default settings changed!";
diff --git a/Scripts/LineageOS-11.0/Functions.sh b/Scripts/LineageOS-11.0/Functions.sh
new file mode 100644
index 00000000..00c405cb
--- /dev/null
+++ b/Scripts/LineageOS-11.0/Functions.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Last verified: 2018-07-10
+
+patchAllKernels() {
+ startPatcher "kernel_asus_grouper kernel_zte_msm8930";
+}
+export -f patchAllKernels;
+
+resetWorkspace() {
+ repo forall -c 'git add -A && git reset --hard' && rm -rf packages/apps/{FDroid,GmsCore} out && repo sync -j20 --force-sync;
+}
+export -f resetWorkspace;
+
+scanWorkspaceForMalware() {
+ scanQueue="$DOS_BUILD_BASE/abi $DOS_BUILD_BASE/android $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/ndk $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
+ scanQueue=$scanQueue" $DOS_BUILD_BASE/vendor/cm $DOS_BUILD_BASE/vendor/cmsdk";
+ scanForMalware true $scanQueue;
+}
+export -f scanWorkspaceForMalware;
+
+buildDevice() {
+ brunch "cm_$1-user";
+}
+export -f buildDevice;
+
+buildDeviceDebug() {
+ unset SIGNING_KEY_DIR;
+ unset OTA_PACKAGE_SIGNING_KEY;
+ brunch "cm_$1-eng";
+}
+export -f buildDeviceDebug;
+
+buildAll() {
+ if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
+ #Select devices are userdebug due to SELinux policy issues
+ brunch lineage_grouper-userdebug;
+ brunch lineage_nex-userdebug;
+}
+export -f buildAll;
+
+patchWorkspace() {
+ if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi;
+ #source build/envsetup.sh;
+
+ source "$DOS_SCRIPTS/Patch.sh";
+ source "$DOS_SCRIPTS/Defaults.sh";
+ source "$DOS_SCRIPTS/Rebrand.sh";
+ #if [ "$DOS_OVERCLOCKS_ENABLED" = true ]; then source "$DOS_SCRIPTS/Overclock.sh"; fi;
+ source "$DOS_SCRIPTS/Optimize.sh";
+ source "$DOS_SCRIPTS_COMMON/Deblob.sh";
+ source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
+ source build/envsetup.sh;
+}
+export -f patchWorkspace;
diff --git a/Scripts/LineageOS-11.0/Optimize.sh b/Scripts/LineageOS-11.0/Optimize.sh
new file mode 100644
index 00000000..01437c3b
--- /dev/null
+++ b/Scripts/LineageOS-11.0/Optimize.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Attempts to increase performance and battery life
+#Last verified: 2018-07-10
+
+echo "Optimizing...";
+
+enter "kernel"
+sed -i "s/#define VM_MAX_READAHEAD\t128/#define VM_MAX_READAHEAD\t512/" ./*/*/include/linux/mm.h; #Lee Susman : Change the VM_MAX_READAHEAD value from the default 128KB to 512KB. This will allow the readahead window to grow to a maximum size of 512KB, which greatly benefits to sequential read throughput.
+
+cd "$DOS_BUILD_BASE";
+echo "Optimizing complete!";
diff --git a/Scripts/LineageOS-11.0/Patch.sh b/Scripts/LineageOS-11.0/Patch.sh
new file mode 100644
index 00000000..6da47932
--- /dev/null
+++ b/Scripts/LineageOS-11.0/Patch.sh
@@ -0,0 +1,151 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2015-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Last verified: 2018-07-10
+
+#Initialize aliases
+#source ../../Scripts/init.sh
+
+#Delete Everything and Sync
+#resetWorkspace
+
+#Apply all of our changes
+#patchWorkspace
+
+#Build!
+#buildDevice [device]
+#buildAll
+
+#Generate an incremental
+#./build/tools/releasetools/ota_from_target_files --block -t 8 -i old.zip new.zip update.zip
+
+#Generate firmware deblobber
+#mka firmware_deblobber
+
+#
+#START OF PREPRATION
+#
+#Download some (non-executable) out-of-tree files for use later on
+cd "$DOS_TMP_DIR";
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi;
+cd "$DOS_BUILD_BASE";
+
+#Accept all SDK licences, not normally needed but Gradle managed apps fail without it
+mkdir -p "$ANDROID_HOME/licenses";
+echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license";
+echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license";
+#
+#END OF PREPRATION
+#
+
+#
+#START OF ROM CHANGES
+#
+
+#top dir
+cp -r "$DOS_PREBUILT_APPS""Fennec_DOS-Shim" "$DOS_BUILD_BASE""packages/apps/"; #Add a shim to install Fennec DOS without actually including the large APK
+gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packages";
+cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
+cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
+
+enterAndClear "build";
+#patch -p1 < "$DOS_PATCHES/android_build/0001-Automated_Build_Signing.patch"; #Automated build signing (CopperheadOS-13.0) #TODO
+sed -i 's/Mms/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence
+sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #TODO PR FIX ME
+sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
+
+enterAndClear "external/sqlite";
+patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0)
+
+enterAndClear "frameworks/base";
+sed -i 's/com.android.mms/org.smssecure.smssecure/' core/res/res/values/config.xml; #Change default SMS app to Silence
+sed -i 's|db_default_journal_mode">PERSIST|db_default_journal_mode">TRUNCATE|' core/res/res/values/config.xml; #Mirror SQLite secure_delete
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0001-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
+changeDefaultDNS;
+#patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries #TODO
+
+enterAndClear "packages/apps/Settings";
+sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
+#patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-CMStats.patch"; #Remove CMStats #TOOD
+
+
+enterAndClear "packages/apps/Trebuchet";
+#cp -r "$DOS_PATCHES_COMMON/android_packages_apps_Trebuchet/default_workspace/." "res/xml/"; #TODO
+sed -i 's/mCropView.setTouchEnabled(touchEnabled);/mCropView.setTouchEnabled(true);/' WallpaperPicker/src/com/android/launcher3/WallpaperCropActivity.java;
+
+enterAndClear "system/core";
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
+patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
+
+enterAndClear "vendor/cm";
+rm -rf terminal;
+awk -i inplace '!/50-cm.sh/' config/common.mk; #Make sure our hosts is always used
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then
+ awk -i inplace '!/DSPManager/' config/common.mk;
+fi;
+if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi;
+sed -i 's/CM_BUILDTYPE := UNOFFICIAL/CM_BUILDTYPE := dos/' config/common.mk; #Change buildtype
+if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/CM_BUILDTYPE := dos/CM_BUILDTYPE := dosNC/' config/common.mk; fi;
+sed -i 's/Mms/Silence/' config/telephony.mk; #Replace AOSP Messaging app with Silence
+echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
+
+enter "vendor/divested";
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi;
+if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi;
+#
+#END OF ROM CHANGES
+#
+
+#
+#START OF DEVICE CHANGES
+#
+enterAndClear "device/asus/grouper";
+mv cm.mk lineage.mk;
+sed -i 's/cm_/lineage_/' lineage.mk;
+#In proprietary/Android.mk
+# Remove widevine and tf_daemon
+
+enterAndClear "device/zte/nex"
+sed -i 's/ro.sf.lcd_density=240/ro.sf.lcd_density=180/' system.prop;
+echo "TARGET_DISPLAY_USE_RETIRE_FENCE := true" >> BoardConfig.mk;
+sed -i 's/libm libc/libm libc libutils/' charger/Android.mk;
+mv cm.mk lineage.mk;
+sed -i 's/cm_/lineage_/' lineage.mk vendorsetup.sh;
+awk -i inplace '!/WCNSS_qcom_wlan_nv_2.bin/' proprietary-files.txt;
+#In nex-vendor-blobs.mk
+# "system/lib/libtime_genoff.so" -> "obj/lib/libtime_genoff.so"
+
+enterAndClear "kernel/zte/msm8930"
+patch -p1 < $patches"/android_kernel_zte_msm8930/0001-MDP-Fix.patch";
+
+#Make changes to all devices
+cd "$DOS_BUILD_BASE";
+find "hardware/qcom/gps" -name "gps\.conf" -type f -exec bash -c 'hardenLocation "$0"' {} \;;
+find "device" -name "gps\.conf" -type f -exec bash -c 'hardenLocation "$0"' {} \;;
+find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenUserdata "$0"' {} \;;
+find "kernel" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenDefconfig "$0"' {} \;;
+cd "$DOS_BUILD_BASE";
+
+#Fixes
+#Fix broken options enabled by hardenDefconfig()
+#sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig;
+sed -i "s/# CONFIG_COMPAT_BRK is not set/CONFIG_COMPAT_BRK=y/" kernel/zte/msm8930/arch/arm/configs/msm8960-nex_defconfig;
+#
+#END OF DEVICE CHANGES
+#
diff --git a/Scripts/LineageOS-11.0/Rebrand.sh b/Scripts/LineageOS-11.0/Rebrand.sh
new file mode 100644
index 00000000..7dc89163
--- /dev/null
+++ b/Scripts/LineageOS-11.0/Rebrand.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Updates select user facing strings
+#Last verified: 2018-04-27
+
+echo "Rebranding...";
+
+enter "bootable/recovery-cm";
+sed -i 's|CyanogenMod Simple Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./recovery.cpp;
+
+enter "build";
+sed -i 's|echo "ro.build.user=$USER"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user
+sed -i 's|echo "ro.build.host=`hostname`"|echo "ro.build.host=dosbm"|' tools/buildinfo.sh; #Override build host
+sed -i '/CM_TARGET_PACKAGE/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' core/Makefile;
+
+enter "frameworks/base";
+generateBootAnimationMask "$DOS_BRANDING_NAME" "$DOS_BRANDING_BOOTANIMATION_FONT" core/res/assets/images/android-logo-mask.png;
+generateBootAnimationShine "$DOS_BRANDING_BOOTANIMATION_COLOR" "$DOS_BRANDING_BOOTANIMATION_STYLE" core/res/assets/images/android-logo-shine.png;
+
+enter "packages/apps/Settings";
+sed -i '/.*cmlicense_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml
+sed -i '/.*cmlicense_activity_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml
+sed -i '/.*cmupdate_settings_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml
+sed -i '/.*mod_version/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml
+sed -i '/.*privacy_settings_cyanogenmod_category/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml
+
+enter "packages/apps/CMUpdater";
+sed -i 's|https://download.cyanogenmod.org/api|'"$DOS_BRANDING_SERVER_OTA"'|' res/values/config.xml;
+
+enter "vendor/cm";
+sed -i 's|https://lineageos.org/legal|'"$DOS_BRANDING_LINK_ABOUT"'|' config/common.mk;
+sed -i '/.*ZIPPATH=/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/envsetup.sh;
+rm -rf bootanimation;
+
+cd "$DOS_BUILD_BASE";
+echo "Rebranding complete!";
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh
old mode 100755
new mode 100644
index db9a9e06..4bc31cb1
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@@ -86,7 +86,6 @@ changeDefaultDNS;
#patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
-rm -f core/res/res/*/*.orig;
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
enterAndClear "frameworks/opt/net/ims";
diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh
old mode 100755
new mode 100644
index 1208104e..ed34d77a
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@@ -87,7 +87,6 @@ changeDefaultDNS;
#patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
-rm -f core/res/res/*/*.orig;
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
enterAndClear "frameworks/opt/net/ims";
@@ -109,7 +108,6 @@ if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAud
enterAndClear "packages/apps/LineageParts";
rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml #Nuke part of the analytics
patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
-rm -f AndroidManifest.xml.orig res/*/*.orig;
enterAndClear "packages/apps/Settings";
git revert a96df110e84123fe1273bff54feca3b4ca484dcd; #don't hide oem unlock
@@ -117,7 +115,6 @@ patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Tog
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0004-PDB_Fixes.patch"; #Fix crashes when the PersistentDataBlockManager service isn't available
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
-rm -f res/*/*.orig;
enterAndClear "packages/apps/SetupWizard";
patch -p1 < "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch"; #Remove analytics