Jump to content

Recommended Posts

  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

For those of you who are self-building, I thought I should provide some info about where to find the monthly ASB patches. Google is currently backporting security patches to all releases since Oreo (A

If you are using the same MindTheGapps and you have previously flashed it to both slots, it doesn't matter if you flash it or not as long as data hasn't been wiped. At least, that's what I think is go

I never had Gapps installed, but I am pretty sure that at the time LOS 16 was in testing phase,  @tdm always reminded people not to forget to reinstall them after flashing a new version via sideload.

Posted Images

7 hours ago, raymo said:

I don't know but in my phone I never sideload Gapps after OTA update, but Magisk every time.

Just for the record, after I decided to install LOS 18.1 with Magisk when I moved to 18.1 after had been using a non-rooted LOS 16.1, the first thing I tried was to just install the next OTA and see what comes out of it, and both GApps and Magisk were still there and working after the reboot. Has been that way for me ever since. 

  • Like 1
Link to post
Share on other sites
17 hours ago, Rob. S. said:

Just for the record, after I decided to install LOS 18.1 with Magisk when I moved to 18.1 after had been using a non-rooted LOS 16.1, the first thing I tried was to just install the next OTA and see what comes out of it, and both GApps and Magisk were still there and working after the reboot. Has been that way for me ever since. 

Really ? since LOS17 I have to flash magisk at every OTA update.
For Gapps I never reflash it.
edit : to clarify the whole things, this mean A/B slots are just for wiping partitions, (like a "transfer") but there are many slots, physically talking ? and so the priority order when flashing roms, Gapps, Magisk, etc... decide if it will be persistent on next update ? 

Edited by raymo
  • Like 1
Link to post
Share on other sites

ok I just remember, I have installed Magisk via the .apk, this mean, if I reinstall Magisk via sideload it will do the trick ? (If I understant correctly, magisk.apk could also be magisk.zip, I've just to rename it and sideload via adb).

 

 

  • Like 1
Link to post
Share on other sites
44 minutes ago, raymo said:

ok I just remember, I have installed Magisk via the .apk, this mean, if I reinstall Magisk via sideload it will do the trick ? (If I understant correctly, magisk.apk could also be magisk.zip, I've just to rename it and sideload via adb).

 

 

Yes, that is how I have installed Magisk.

  • Like 1
Link to post
Share on other sites
  • 2 weeks later...

For those of you who are self-building, I thought I should provide some info about where to find the monthly ASB patches. Google is currently backporting security patches to all releases since Oreo (Android 8.1), and there is a simple way to cherry-pick these patches from the AOSP source tree. You'll need to have synced the full tree first, following the instructions at

https://source.android.com/setup/build/downloading

tl;dr

repo init -u https://android.googlesource.com/platform/manifest -b master
repo sync

Once you have the full tree, you can easily display the patches included in each ASB by listing all of the commits between the current and the last security tag. For example, to list all the commits for the September 2021 ASB in Android 10:

repo forall -pc git log --oneline android-security-10.0.0_r57..android-security-10.0.0_r58 | grep -v 'Merge cherrypicks of \[' | less

This produces the following concise list:

Quote

project build/make/
ef0f74de59 Version bump to QSV1.210329.014 [core/build_id.mk]

project external/libavc/
b70ba0e Decoder: Update check for increment u2_cur_slice_num

project external/skia/
fa5458660a Only treat PNG_COLOR_TYPE_RGB as 565

project frameworks/base/
8e697062d092 Don't attach private Notification to A11yEvent when user locked
c64af40f7cf0 Improve ellipsize performance
ab14dac312f2 DO NOT MERGE Add cross-user check for getDefaultSmsPackage().
5dd2109eca6a Fix side effects of trace-ipc and dumpheap commands
4b747e6d3f29 Fix race condition between lockNow() and updateLockscreenTimeout
8fa3d1df4c2c [security] SubscriptionGroup is exposed to unprivileged callers

project frameworks/native/
f43b65c1b Do not modify vector after getting references

project frameworks/opt/telephony/
30ebc474d [security] SubscriptionGroup is exposed to unprivileged callers
565c04e7a filter deviceIdentifiers for subscriptionInfo if callers without perm

project packages/apps/Launcher3/
8d0d38b67 Forward fix for: Set FLAG_IMMUTABLE flag on FirstScreenBroadcast PendingIntent.
a69a4fa8b Set FLAG_IMMUTABLE flag on FirstScreenBroadcast PendingIntent.

project packages/apps/Nfc/
818ecc4b Add HIDE_NON_SYSTEM_OVERLAY_WINDOWS permission to Nfc

project packages/apps/Settings/
1e14a79fac RESTRICT AUTOMERGE Fix phishing attacks over Bluetooth due to unclear warning message
838e0b52c9 RESTRICT AUTOMERGE Update string

project system/bt/
5c72690ad SMP: Reject pairing if public_key.x match

Now you no longer need to wait for LineageOS to update their trees! 😉 

For the September ASB, these are the relevant branches and tags for each Android release:

Version Branch                          Tag                     
15.1    oreo-mr1-security-release       android-security-8.1.0_r92
16.0    pie-security-release            android-security-9.0.0_r72
17.1    android10-security-release      android-security-10.0.0_r58

 

  • Like 1
  • Thanks 7
Link to post
Share on other sites

If like me you get stuck in a reboot loop after updating your ROM and no amount of GApps sideload can fix it, try that:

https://gerrit.aicp-rom.com/c/AICP/device_google_wahoo/+/63092/1/device.mk

https://source.android.com/devices/tech/config/perms-allowlist

The logs during the reboot loop were mentioning: "Signature|privileged permissions not in privapp-permissions whitelist:"

Basically I just added the following lines to my device.mk:

# Bypass privapp-permissions whitelist
PRODUCT_PROPERTY_OVERRIDES += \
    ro.control_privapp_permissions=log

 

Edited by Slion
Link to post
Share on other sites
3 hours ago, Slion said:

# Bypass privapp-permissions whitelist PRODUCT_PROPERTY_OVERRIDES += \ ro.control_privapp_permissions=log

This has very obvious security implications, however. If you do this, you should be aware you are disabling some of the malware protection Google has built into Android. As an alternative, you might consider including gapps inside your custom OS image, like the OEMs do. For more details on how to do this, see:

https://github.com/opengapps/aosp_build

  • Like 1
  • Thanks 1
Link to post
Share on other sites
12 hours ago, Sean McCreary said:

This has very obvious security implications, however. If you do this, you should be aware you are disabling some of the malware protection Google has built into Android.

Me, I'm just happy it boots... However you have a point, if your phone does not boot I guess it's really secure 🥴 😁🤪

Edited by Slion
  • Haha 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

Terms