From d7ef9abf6104edc50d68bed7aef14799e4042cae Mon Sep 17 00:00:00 2001 From: Tad Date: Wed, 25 Mar 2020 22:08:25 -0400 Subject: [PATCH] Minor tweaks --- Misc/Features/CaptivePortalCheck.txt | 1 + Scripts/Common/Functions.sh | 2 +- Scripts/LineageOS-14.1/Functions.sh | 2 ++ Scripts/LineageOS-14.1/Patch.sh | 2 +- Scripts/LineageOS-15.1/Functions.sh | 3 ++- Scripts/LineageOS-16.0/Functions.sh | 3 ++- Scripts/LineageOS-16.0/Patch.sh | 6 ------ Scripts/init.sh | 7 +++++-- 8 files changed, 14 insertions(+), 12 deletions(-) diff --git a/Misc/Features/CaptivePortalCheck.txt b/Misc/Features/CaptivePortalCheck.txt index 7deeb3e8..c2aff3eb 100644 --- a/Misc/Features/CaptivePortalCheck.txt +++ b/Misc/Features/CaptivePortalCheck.txt @@ -19,6 +19,7 @@ There are multiple solutions: List of known connectivity check endpoints + DivestOS - 204 - http://divestos.org/gen204.php + + GrapheneOS - 204 - https://grapheneos.org/generate_204 - Google - 204 - https://www.google.com/generate_204 - Google - 204 - http://connectivitycheck.gstatic.com/generate_204 - Google - 204 - http://www.google.com/gen_204 diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 3680ca84..77c99a48 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -475,7 +475,7 @@ changeDefaultDNS() { dnsSecondary="1.1.1.1"; dnsSecondaryV6="2606:4700:4700::1111"; elif [[ "$DOS_DEFAULT_DNS_PRESET" == "OpenNIC" ]]; then #https://servers.opennicproject.org/edit.php?srv=ns3.any.dns.opennic.glue - dnsPrimary="169.239.202.202"; + dnsPrimary="169.239.202.202"; #FIXME dnsPrimaryV6="2a05:dfc7:5353::53"; dnsSecondary="185.121.177.177"; dnsSecondaryV6="2a05:dfc7:5::53"; diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index 5ab26fc9..0d8e567c 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -120,6 +120,8 @@ patchWorkspace() { repopick -it ibss-mode-nougat; repopick -it n-netd; repopick -i 268803 268804; #sqlite vulns + repopick -it n-asb-2020-03; + repopick -it CVE-2020-8597_cm-14.1; export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 9098bd23..7360f427 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -265,7 +265,7 @@ enterAndClear "device/samsung/tuna"; #git revert --no-edit e53eea6426da49dfb542929d5aa686667f4d416f; #restore releasetools #TODO rm setup-makefiles.sh; #broken, deblobber will still function sed -i 's|vendor/maguro/|vendor/|' libgps-shim/gps.c; #fix dlopen not found -#See: https://review.lineageos.org/q/topic:%22tuna-sepolicies +#See: https://review.lineageos.org/q/topic:tuna-sepolicies patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0001-fix_denial.patch"; patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0002-fix_denial.patch"; patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0003-fix_denial.patch"; diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 5342ed1d..5a033d9c 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -104,7 +104,8 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - #source build/envsetup.sh; + source build/envsetup.sh; + repopick -it CVE-2020-8597_lineage-15.1; export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index f7ee70df..1620eef2 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -117,7 +117,8 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - #source build/envsetup.sh; + source build/envsetup.sh; + repopick -it CVE-2020-8597_lineage-16.0; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Defaults.sh"; diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index a4746bdc..cb4b738f 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -227,9 +227,6 @@ git revert --no-edit 9a5739e66d0a44347881807c0cc44d7c318c02b8; #fix nfc path enterAndClear "device/lge/mako"; #git revert ; #restore releasetools #TODO smallerSystem; -echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot -echo "allow system_server sensors_data_file:dir search;" >> sepolicy/system_server.te; #Fix qcom_sensors log spam -echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/system_server.te; sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 40M free awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk; @@ -250,9 +247,6 @@ awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk; #rm setup-makefiles.sh; #broken, deblobber will still function #XXX: remove atfwd and cne from vendor makefiles -enterAndClear "device/motorola/griffin"; -git revert --no-edit 0a4257bd3b6f76010f4f7c564c4b3d7794af0640; #breaks build - enterAndClear "device/oneplus/oneplus2"; sed -i 's|etc/permissions/qti_libpermissions.xml|vendor/etc/permissions/qti_libpermissions.xml|' proprietary-files.txt; diff --git a/Scripts/init.sh b/Scripts/init.sh index 3f5ff874..c57cb9fd 100644 --- a/Scripts/init.sh +++ b/Scripts/init.sh @@ -24,7 +24,7 @@ export ANDROID_HOME="/home/$USER/Android/Sdk"; export DOS_WORKSPACE_ROOT="/mnt/dos/"; #XXX: THIS MUST BE CORRECT TO BUILD! #export DOS_BUILDS=$DOS_WORKSPACE_ROOT"Builds/"; -export DOS_BUILDS="/mnt/Drive-1r/DOS/Builds/"; +export DOS_BUILDS="/mnt/backup-1/DOS/Builds/"; export DOS_SIGNING_KEYS=$DOS_WORKSPACE_ROOT"Signing_Keys/4096pro"; #export USE_CCACHE=1; #export CCACHE_DIR=""; @@ -60,7 +60,7 @@ export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit export DOS_WIREGUARD_INCLUDED=false; #Switch to true to enable WireGuard kernel module inclusion #Servers -export DOS_DEFAULT_DNS_PRESET="OpenNIC"; #Sets default DNS. Options: CensurfriDNS, Cloudflare, OpenNIC, DNSWATCH, Google, Neustar(-NOBL), OpenDNS, Quad9(-NOBL), Verisign, Yandex(-NOBL) +export DOS_DEFAULT_DNS_PRESET="Cloudflare"; #Sets default DNS. Options: CensurfriDNS, Cloudflare, OpenNIC, DNSWATCH, Google, Neustar(-NOBL), OpenDNS, Quad9(-NOBL), Verisign, Yandex(-NOBL) export DOS_GPS_NTP_SERVER="1.android.pool.ntp.org"; #Options: Any NTP pool export DOS_GPS_SUPL_HOST="supl.google.com"; #Options: supl.{google,vodafone,sonyericsson}.com @@ -125,6 +125,9 @@ if [ ! -d "$DOS_BUILD_BASE" ]; then return 1; fi; +mkdir $DOS_BUILD_BASE"/out"; +chattr -f -c $DOS_BUILD_BASE"/out"; + export DOS_TMP_DIR="/tmp/dos_tmp"; mkdir -p "$DOS_TMP_DIR"; export DOS_HOSTS_FILE="$DOS_TMP_DIR/hosts";