diff --git a/Manifests/Manifest_LAOS-14.1.xml b/Manifests/Manifest_LAOS-14.1.xml
index 318e5111..276cb3c3 100644
--- a/Manifests/Manifest_LAOS-14.1.xml
+++ b/Manifests/Manifest_LAOS-14.1.xml
@@ -219,8 +219,11 @@
-
+
+
+
+
diff --git a/Patches/Common/android_vendor_divested/divestos.mk b/Patches/Common/android_vendor_divested/divestos.mk
index c2efcc56..2c0d70f2 100644
--- a/Patches/Common/android_vendor_divested/divestos.mk
+++ b/Patches/Common/android_vendor_divested/divestos.mk
@@ -16,11 +16,13 @@ PRODUCT_PROPERTY_OVERRIDES += \
ro.config.alarm_alert=Alarm_Buzzer.ogg \
keyguard.no_require_sim=true \
ro.build.selinux=1 \
- ro.storage_manager.enabled=true
+ ro.storage_manager.enabled=true \
+ ro.control_privapp_permissions=log
#Copy extra files
PRODUCT_COPY_FILES += \
- vendor/divested/prebuilts/etc/additional_fdroid_repos.xml:system/etc/org.fdroid.fdroid/additional_repos.xml
+ vendor/divested/prebuilts/etc/additional_fdroid_repos.xml:system/etc/org.fdroid.fdroid/additional_repos.xml \
+ vendor/divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml:system/etc/permissions/permissions_org.fdroid.fdroid.privileged.xml
#Include packages
#PRODUCT_PACKAGES += ModuleBlocker
diff --git a/Patches/Common/android_vendor_divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml b/Patches/Common/android_vendor_divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml
new file mode 100644
index 00000000..3a7d4426
--- /dev/null
+++ b/Patches/Common/android_vendor_divested/prebuilts/etc/permissions_org.fdroid.fdroid.privileged.xml
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
diff --git a/Patches/LineageOS-14.1/android_device_samsung_tuna/0005-fix_denial.patch b/Patches/LineageOS-14.1/android_device_samsung_tuna/0005-fix_denial.patch
new file mode 100644
index 00000000..f940b2c8
--- /dev/null
+++ b/Patches/LineageOS-14.1/android_device_samsung_tuna/0005-fix_denial.patch
@@ -0,0 +1,84 @@
+From c11a7f1d4f05a13cacb8c6ebbaeee0400b6654e6 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Wed, 13 Feb 2019 21:14:04 -0500
+Subject: [PATCH] audit2allow sepolicies
+
+Change-Id: I8a43008d22b302ed54838251e328619de5c1f890
+---
+ sepolicy/init.te | 3 +++
+ sepolicy/logd.te | 1 +
+ sepolicy/netd.te | 1 +
+ sepolicy/platform_app.te | 1 +
+ sepolicy/rild.te | 5 +++++
+ sepolicy/sysinit.te | 1 +
+ sepolicy/system_server.te | 2 ++
+ 7 files changed, 14 insertions(+)
+ create mode 100644 sepolicy/logd.te
+ create mode 100644 sepolicy/netd.te
+ create mode 100644 sepolicy/sysinit.te
+
+diff --git a/sepolicy/init.te b/sepolicy/init.te
+index 13c8bd4..c0980a6 100644
+--- a/sepolicy/init.te
++++ b/sepolicy/init.te
+@@ -7,3 +7,6 @@ allow init tmpfs:lnk_file create;
+
+ # For 'cpuset' module requests
+ allow init kernel:system module_request;
++
++allow init block_device:lnk_file relabelfrom;
++allow init perfprofd_exec:file getattr;
+diff --git a/sepolicy/logd.te b/sepolicy/logd.te
+new file mode 100644
+index 0000000..2e9f1eb
+--- /dev/null
++++ b/sepolicy/logd.te
+@@ -0,0 +1 @@
++allow logd unlabeled:dir search;
+diff --git a/sepolicy/netd.te b/sepolicy/netd.te
+new file mode 100644
+index 0000000..af9fbc1
+--- /dev/null
++++ b/sepolicy/netd.te
+@@ -0,0 +1 @@
++allow netd kernel:system module_request;
+diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
+index 4d92e6b..dadb55e 100644
+--- a/sepolicy/platform_app.te
++++ b/sepolicy/platform_app.te
+@@ -1 +1,2 @@
+ allow platform_app nfc_service:service_manager find;
++allow platform_app system_app_data_file:dir getattr;
+diff --git a/sepolicy/rild.te b/sepolicy/rild.te
+index 7c72874..5e35cf9 100644
+--- a/sepolicy/rild.te
++++ b/sepolicy/rild.te
+@@ -19,3 +19,8 @@ allow rild logcat_exec:file { getattr read open execute execute_no_trans };
+ # Device-specific calls could be moved into their respective device trees
+ # in the future.
+ allowxperm rild self:unix_stream_socket ioctl { 0x89a0 0x89a2 0x89a3 0x89f0 };
++allow rild system_file:file execmod;
++allow rild toolbox_exec:file getattr;
++allow rild toolbox_exec:file execute;
++allow rild toolbox_exec:file { open read };
++allow rild toolbox_exec:file execute_no_trans;
+diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
+new file mode 100644
+index 0000000..5cd8eb3
+--- /dev/null
++++ b/sepolicy/sysinit.te
+@@ -0,0 +1 @@
++allow sysinit userinit_exec:file execute;
+diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
+index e59d7c6..d78ffbb 100644
+--- a/sepolicy/system_server.te
++++ b/sepolicy/system_server.te
+@@ -1,3 +1,5 @@
+ # system_server
+
+ # Needed for /system/vendor/lib/hw/gps.omap4.so
++
++allow system_server wifi_log_prop:property_service set;
+--
+2.20.1
+
diff --git a/PrebuiltApps b/PrebuiltApps
index 0add8d90..c36aabfb 160000
--- a/PrebuiltApps
+++ b/PrebuiltApps
@@ -1 +1 @@
-Subproject commit 0add8d90b47dce0fc13356146666405a9459ee89
+Subproject commit c36aabfba7d338166ea996167f24acb3d839f94c
diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
index 5ee71b5f..3499b29f 100644
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@@ -251,9 +251,12 @@ echo "Deblobbing..."
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
#[Sprint]
- blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk";
+ blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk|SDM.apk|SecPhone.apk";
ipcSec=$ipcSec"|238:4294967295:1001:3004";
+ #SyncML
+ blobs=$blobs"|SyncMLSvc.apk|libsyncml_core.so|libsyncml_port.so";
+
#Thermal Throttling [Qualcomm]
#blobs=$blobs"|libthermalclient.so|libthermalioctl.so|thermal-engine";
@@ -269,7 +272,7 @@ echo "Deblobbing..."
#blobs=$blobs"|venus.b00|venus.b01|venus.b02|venus.b03|venus.b04|venus.mbn|venus.mdt";
#[Verizon]
- blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml|VerizonAuthDialog.apk";
+ blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml|VerizonAuthDialog.apk|com.vzw.hardware.lte.xml|com.vzw.hardware.ehrpd.xml";
#Voice Recognition
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.*.so|libgcs.*.so|vendor.qti.voiceprint.*";
@@ -280,6 +283,7 @@ echo "Deblobbing..."
#Widevine (DRM) [Google]
blobs=$blobs"|com.google.widevine.software.drm.jar|com.google.widevine.software.drm.xml|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvhidl.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so|libdrmmtkutil.so";
+ #blobs=$blobs"|smc_pa_wvdrm.ift"; breaks toro boot
blobs=$blobs"|tzwidevine.*|tzwvcpybuf.*|widevine.*";
makes=$makes"|libshim_wvm";
diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh
index aa6417d6..9e30bd4a 100644
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@@ -50,7 +50,6 @@ buildAll() {
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
#Select devices are userdebug due to SELinux policy issues
brunch lineage_clark-user;
- brunch lineage_maguro-user; #deprecated
brunch lineage_thor-userdebug; #deprecated
brunch lineage_grouper-user; #deprecated and needs manual patching (one-repo vendor blob patch)
brunch lineage_h815-user; #deprecated
@@ -59,9 +58,12 @@ buildAll() {
brunch lineage_i9100-userdebug;
brunch lineage_i9305-user; #deprecated?
brunch lineage_jfltexx-user;
+ brunch lineage_maguro-user; #deprecated
brunch lineage_manta-user; #deprecated
brunch lineage_n5110-user;
brunch lineage_osprey-user;
+ #brunch lineage_toro-user; #deprecated
+ #brunch lineage_toroplus-user; #deprecated
brunch lineage_Z00T-user; #deprecated
#The following are all superseded, and should only be enabled if the newer version is broken (not building/booting/etc.)
@@ -117,7 +119,8 @@ export -f patchWorkspace;
enableDexPreOpt() {
cd "$DOS_BUILD_BASE$1";
- if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then #Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
+ #Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
+ if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
if [ -f BoardConfig.mk ]; then
echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh
index bc7a6692..4416752f 100644
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@@ -220,16 +220,18 @@ rm board-info.txt; #Never restrict installation
enterAndClear "device/oneplus/bacon";
sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
+enterAndClear "device/samsung/toroplus";
+awk -i inplace '!/additional_system_update/' overlay/packages/apps/Settings/res/values/config.xml;
+
+enableLowRam "device/samsung/tuna";
enterAndClear "device/samsung/tuna";
rm setup-makefiles.sh; #broken, deblobber will still function
-sed -i 's/arm-eabi-4.7/arm-eabi-4.8/' BoardConfig.mk; #fix toolchain
#See: https://review.lineageos.org/q/topic:%22tuna-sepolicies
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0001-fix_denial.patch";
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0002-fix_denial.patch";
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0003-fix_denial.patch";
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0004-fix_denial.patch";
-echo "allow rild system_file:file execmod;" >> sepolicy/rild.te;
-echo "allow rild toolbox_exec:file getattr;" >> sepolicy/rild.te;
+patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0005-fix_denial.patch";
enter "vendor/google";
echo "" > atv/atv-common.mk;
@@ -252,6 +254,11 @@ sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google
sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/motorola/msm8974/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
sed -i "s/CONFIG_ARM_SMMU=y/# CONFIG_ARM_SMMU is not set/" kernel/motorola/msm8992/arch/arm64/configs/*defconfig; #Breaks on compile
+#tuna fixes
+awk -i inplace '!/nfc_enhanced.mk/' device/samsung/toro*/lineage.mk;
+awk -i inplace '!/TARGET_RECOVERY_UPDATER_LIBS/' device/samsung/toro*/BoardConfig.mk;
+awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' device/samsung/toro*/BoardConfig.mk;
+sed -i "s/forceencrypt/encryptable/" device/samsung/tuna/rootdir/fstab.tuna; #first-boot encryption doesn't work
#
#END OF DEVICE CHANGES
#
diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh
index 07906c32..fd029d8b 100644
--- a/Scripts/LineageOS-15.1/Functions.sh
+++ b/Scripts/LineageOS-15.1/Functions.sh
@@ -101,7 +101,8 @@ export -f patchWorkspace;
enableDexPreOpt() {
cd "$DOS_BUILD_BASE$1";
- if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ]; then #Some devices won't compile, or have too small of a /system partition
+ #Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
+ if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
if [ -f BoardConfig.mk ]; then
echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;