Jump to content

Recommended Posts

  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

For those of you who are self-building, I thought I should provide some info about where to find the monthly ASB patches. Google is currently backporting security patches to all releases since Oreo (A

If you are using the same MindTheGapps and you have previously flashed it to both slots, it doesn't matter if you flash it or not as long as data hasn't been wiped. At least, that's what I think is go

Build took 01:49:55 on Intel Core i7-11700K with 64GB of RAM though I don't think RAM usage got much over 20GB anyway. I used 100 GB ccache but it only contains 26GB after the build. Huge speed increa

Posted Images

7 hours ago, raymo said:

I don't know but in my phone I never sideload Gapps after OTA update, but Magisk every time.

Just for the record, after I decided to install LOS 18.1 with Magisk when I moved to 18.1 after had been using a non-rooted LOS 16.1, the first thing I tried was to just install the next OTA and see what comes out of it, and both GApps and Magisk were still there and working after the reboot. Has been that way for me ever since. 

  • Like 1
Link to post
Share on other sites
17 hours ago, Rob. S. said:

Just for the record, after I decided to install LOS 18.1 with Magisk when I moved to 18.1 after had been using a non-rooted LOS 16.1, the first thing I tried was to just install the next OTA and see what comes out of it, and both GApps and Magisk were still there and working after the reboot. Has been that way for me ever since. 

Really ? since LOS17 I have to flash magisk at every OTA update.
For Gapps I never reflash it.
edit : to clarify the whole things, this mean A/B slots are just for wiping partitions, (like a "transfer") but there are many slots, physically talking ? and so the priority order when flashing roms, Gapps, Magisk, etc... decide if it will be persistent on next update ? 

Edited by raymo
  • Like 1
Link to post
Share on other sites

ok I just remember, I have installed Magisk via the .apk, this mean, if I reinstall Magisk via sideload it will do the trick ? (If I understant correctly, magisk.apk could also be magisk.zip, I've just to rename it and sideload via adb).

 

 

  • Like 1
Link to post
Share on other sites
44 minutes ago, raymo said:

ok I just remember, I have installed Magisk via the .apk, this mean, if I reinstall Magisk via sideload it will do the trick ? (If I understant correctly, magisk.apk could also be magisk.zip, I've just to rename it and sideload via adb).

 

 

Yes, that is how I have installed Magisk.

  • Like 1
Link to post
Share on other sites
  • 2 weeks later...

For those of you who are self-building, I thought I should provide some info about where to find the monthly ASB patches. Google is currently backporting security patches to all releases since Oreo (Android 8.1), and there is a simple way to cherry-pick these patches from the AOSP source tree. You'll need to have synced the full tree first, following the instructions at

https://source.android.com/setup/build/downloading

tl;dr

repo init -u https://android.googlesource.com/platform/manifest -b master
repo sync

Once you have the full tree, you can easily display the patches included in each ASB by listing all of the commits between the current and the last security tag. For example, to list all the commits for the September 2021 ASB in Android 10:

repo forall -pc git log --oneline android-security-10.0.0_r57..android-security-10.0.0_r58 | grep -v 'Merge cherrypicks of \[' | less

This produces the following concise list:

Quote

project build/make/
ef0f74de59 Version bump to QSV1.210329.014 [core/build_id.mk]

project external/libavc/
b70ba0e Decoder: Update check for increment u2_cur_slice_num

project external/skia/
fa5458660a Only treat PNG_COLOR_TYPE_RGB as 565

project frameworks/base/
8e697062d092 Don't attach private Notification to A11yEvent when user locked
c64af40f7cf0 Improve ellipsize performance
ab14dac312f2 DO NOT MERGE Add cross-user check for getDefaultSmsPackage().
5dd2109eca6a Fix side effects of trace-ipc and dumpheap commands
4b747e6d3f29 Fix race condition between lockNow() and updateLockscreenTimeout
8fa3d1df4c2c [security] SubscriptionGroup is exposed to unprivileged callers

project frameworks/native/
f43b65c1b Do not modify vector after getting references

project frameworks/opt/telephony/
30ebc474d [security] SubscriptionGroup is exposed to unprivileged callers
565c04e7a filter deviceIdentifiers for subscriptionInfo if callers without perm

project packages/apps/Launcher3/
8d0d38b67 Forward fix for: Set FLAG_IMMUTABLE flag on FirstScreenBroadcast PendingIntent.
a69a4fa8b Set FLAG_IMMUTABLE flag on FirstScreenBroadcast PendingIntent.

project packages/apps/Nfc/
818ecc4b Add HIDE_NON_SYSTEM_OVERLAY_WINDOWS permission to Nfc

project packages/apps/Settings/
1e14a79fac RESTRICT AUTOMERGE Fix phishing attacks over Bluetooth due to unclear warning message
838e0b52c9 RESTRICT AUTOMERGE Update string

project system/bt/
5c72690ad SMP: Reject pairing if public_key.x match

Now you no longer need to wait for LineageOS to update their trees! 😉 

For the September ASB, these are the relevant branches and tags for each Android release:

Version Branch                          Tag                     
15.1    oreo-mr1-security-release       android-security-8.1.0_r92
16.0    pie-security-release            android-security-9.0.0_r72
17.1    android10-security-release      android-security-10.0.0_r58

 

  • Like 1
  • Thanks 7
Link to post
Share on other sites

If like me you get stuck in a reboot loop after updating your ROM and no amount of GApps sideload can fix it, try that:

https://gerrit.aicp-rom.com/c/AICP/device_google_wahoo/+/63092/1/device.mk

https://source.android.com/devices/tech/config/perms-allowlist

The logs during the reboot loop were mentioning: "Signature|privileged permissions not in privapp-permissions whitelist:"

Basically I just added the following lines to my device.mk:

# Bypass privapp-permissions whitelist
PRODUCT_PROPERTY_OVERRIDES += \
    ro.control_privapp_permissions=log

 

Edited by Slion
Link to post
Share on other sites
3 hours ago, Slion said:

# Bypass privapp-permissions whitelist PRODUCT_PROPERTY_OVERRIDES += \ ro.control_privapp_permissions=log

This has very obvious security implications, however. If you do this, you should be aware you are disabling some of the malware protection Google has built into Android. As an alternative, you might consider including gapps inside your custom OS image, like the OEMs do. For more details on how to do this, see:

https://github.com/opengapps/aosp_build

  • Like 1
  • Thanks 1
Link to post
Share on other sites
12 hours ago, Sean McCreary said:

This has very obvious security implications, however. If you do this, you should be aware you are disabling some of the malware protection Google has built into Android.

Me, I'm just happy it boots... However you have a point, if your phone does not boot I guess it's really secure 🥴 😁🤪

Edited by Slion
  • Haha 1
Link to post
Share on other sites
  • 1 month later...
On 9/1/2021 at 2:29 PM, daniel.schaaaf said:

I did, and I appreciate(d) your instructions 🙂. Although I don't quite get why fxtec doesn't provide a signed driver ...

Anyways, I only got fastboot to detect my phone. Any other command besides "fastboot devices" failed on Windows and Ubuntu, and all USB ports (four ports provided by four different controllers on my mainboard). Flashing boot.img (to boot, boot_a or boot_b) failed either because fastboot claimed the boot partition was too small, or because the phone stopped responding or rebooted. ADB worked without any problems.

Did you find a workaround?
I just got a new PC with Win 11, that requires drivers to be signed (unless going through all kind of hoops to loosen the security at bios-level to disable that).

With the default windows driver ADB works just fine.
But fastboot does not....
The driver I used on the previous PC (that worked fine) are not signed.
I tried downloading from Google, but they aren't signed either.
The force method mentioned on XDA does not work on Win 11. (I do not get the question to install it anyway, it is just denied)
I have not tried all the manufacturer on the list. Does anyone know if if a Pro1 fastboot-wise acts as a more widespread device?

Link to post
Share on other sites
15 hours ago, EskeRahn said:

Did you find a workaround?
I just got a new PC with Win 11, that requires drivers to be signed (unless going through all kind of hoops to loosen the security at bios-level to disable that).

With the default windows driver ADB works just fine.
But fastboot does not....
The driver I used on the previous PC (that worked fine) are not signed.
I tried downloading from Google, but they aren't signed either.
The force method mentioned on XDA does not work on Win 11. (I do not get the question to install it anyway, it is just denied)
I have not tried all the manufacturer on the list. Does anyone know if if a Pro1 fastboot-wise acts as a more widespread device?

No, I didn't find a workaround ... but I also stopped looking after a while :classic_biggrin:

Disabling the signature check in Windows did work, the driver installed correctly, but fastboot still refused to do more than list my device. I have no idea what else could be wrong and just hope that I never have to use fastboot ...

  • Sad 1
Link to post
Share on other sites
27 minutes ago, daniel.schaaaf said:

No, I didn't find a workaround ... but I also stopped looking after a while :classic_biggrin:

Disabling the signature check in Windows did work, the driver installed correctly, but fastboot still refused to do more than list my device. I have no idea what else could be wrong and just hope that I never have to use fastboot ...

I had the same, but adding an ancient usb-hub at the least allowed me to do the flashing, though with the speed down at the least a factor of five... It takes a whole minute to flash the 64K boot-image, and sort of forever to flash the main image *LOL*
So will see if I can find an old, but not THAT old hub, tucked away in a drawer somewhere...

  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

Terms