diff --git a/Patches/Common/android_device_oneplus_msm8998-common/0001-No_Vorbis_Offload.patch b/Patches/Common/android_device_audio/0001-No_Vorbis_Offload.patch
similarity index 100%
rename from Patches/Common/android_device_oneplus_msm8998-common/0001-No_Vorbis_Offload.patch
rename to Patches/Common/android_device_audio/0001-No_Vorbis_Offload.patch
diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh
index 58b1d741..01b01dca 100644
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@@ -168,6 +168,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/andr
 
 enterAndClear "system/sepolicy";
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/26.0";
 
 enterAndClear "system/vold";
 patch -p1 < "$DOS_PATCHES/android_system_vold/0001-AES256.patch"; #Add a variable for enabling AES-256 bit encryption
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index 8920bd21..40adc192 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -166,6 +166,9 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/andr
 
 enterAndClear "system/sepolicy";
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/28.0";
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/27.0";
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/26.0";
 awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
 
 enterAndClear "vendor/lineage";
@@ -246,7 +249,7 @@ enterAndClear "device/oneplus/oneplus2";
 sed -i 's|etc/permissions/qti_libpermissions.xml|vendor/etc/permissions/qti_libpermissions.xml|' proprietary-files.txt;
 
 enterAndClear "device/oneplus/msm8998-common";
-patch -p1 < "$DOS_PATCHES_COMMON/android_device_oneplus_msm8998-common/0001-No_Vorbis_Offload.patch"; #Fix Ogg Vorbis playback
+patch -p1 < "$DOS_PATCHES_COMMON/android_device_audio/0001-No_Vorbis_Offload.patch"; #Fix Ogg Vorbis playback
 awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation
 
 enterAndClear "device/oppo/common";
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
index d2c30dec..6574978c 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
@@ -88,12 +88,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2264/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2333/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2341/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11494/^5.6.2/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11565/^5.6.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
-editKernelLocalversion "-dos.p95"
+editKernelLocalversion "-dos.p93"
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh
index deced8ac..9945d71e 100644
--- a/Scripts/LineageOS-17.1/Functions.sh
+++ b/Scripts/LineageOS-17.1/Functions.sh
@@ -62,7 +62,7 @@ buildAll() {
 	#SD800
 	buildDevice d802;
 	#SD801
-	buildDevice d852; #XXX: no boot
+	buildDevice d852;
 	buildDevice d855;
 	buildDevice FP2;
 	buildDevice m8;
@@ -87,8 +87,7 @@ patchWorkspace() {
 	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
 
 	source build/envsetup.sh;
-	repopick 274320; #CarrierDefaultapp: Fix WebView vulnerability by disallowing file access
-	repopick 274321; #MediaProvider: Less spam
+	repopick -it g3-crypt;
 
 	source "$DOS_SCRIPTS/Patch.sh";
 	source "$DOS_SCRIPTS/Defaults.sh";
diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh
index 435ba801..2249c07d 100644
--- a/Scripts/LineageOS-17.1/Patch.sh
+++ b/Scripts/LineageOS-17.1/Patch.sh
@@ -161,7 +161,11 @@ patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts
 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
 
 enterAndClear "system/sepolicy";
-#patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices #XXX 17REBASE
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/29.0";
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/28.0";
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/27.0";
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/26.0";
 awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
 
 enterAndClear "vendor/lineage";
@@ -192,6 +196,8 @@ echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #All
 #
 #START OF DEVICE CHANGES
 #
+enterAndClear "device/essential/mata";
+patch -p1 < "$DOS_PATCHES_COMMON/android_device_audio/0001-No_Vorbis_Offload.patch"; #Fix Ogg Vorbis playback
 
 enterAndClear "device/google/marlin";
 git revert --no-edit 777dafa35f185b1f501e3c80b8ab495191583444; #remove some carrier blobs
@@ -200,13 +206,13 @@ enterAndClear "device/htc/m8-common";
 awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools
 
 enterAndClear "device/lge/g2-common";
-#sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
 awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools
 
 enterAndClear "device/lge/g3-common";
 echo "vendor/lib/hw/nfc_nci.msm8974.so|7dcb79a385dd1155cb9b6310a3e7b85b7dc8db13" >> proprietary-files.txt; #g3-common: Add NFC HAL to proprietary-files (254249)
-#sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
-#sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
+sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
 
 enterAndClear "device/lge/d852";
 git revert --no-edit dbebbce20b2b303fe13f7078ef54154f9dd5d9e2; #fix nfc path
diff --git a/Scripts/LineageOS-17.1/Rebrand.sh b/Scripts/LineageOS-17.1/Rebrand.sh
index 6a3097df..9c27f77c 100644
--- a/Scripts/LineageOS-17.1/Rebrand.sh
+++ b/Scripts/LineageOS-17.1/Rebrand.sh
@@ -21,7 +21,7 @@
 echo "Rebranding...";
 
 enter "bootable/recovery";
-git revert --no-edit 7e46bc14b15fdeabfd16871137f403f89486b83c;
+git revert --no-edit 2e0e35734f65035d24014dcce7aceda6e4b1e222 1423e5792837f204e535efd75fd44a2970899a7d 7e46bc14b15fdeabfd16871137f403f89486b83c;
 sed -i 's/if (lineage_logo_/if (false/' recovery_ui/*ui.cpp;
 mogrify -format png -fill "#FF5722" -opaque "#167C80" -fuzz 10% res-*/images/*sel.png; #Recolor icons
 sed -i 's|0x16, 0x7c, 0x80|0x03, 0xa9, 0xf4|' recovery_ui/*ui.cpp; #Recolor text