dichgrem/GKI-build
1
0
Fork 0
mirror of https://github.com/Dichgrem/GKI-build.git synced 2025-12-17 14:11:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat:lsm_bbg_support

Browse Source
This commit is contained in:
dichgrem
2025-10-09 12:40:06 +08:00
parent e7b2b4892a
commit 51c3213124
2 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.github/workflows/build-gki-kernel.yml vendored
View File

@@ -23,6 +23,11 @@ on:
required: false required: false
default: "false" default: "false"
type: boolean type: boolean
enable_lsm:
description: "Enable LSM_BBG support"
required: false
default: "false"
type: boolean
lto_solution: lto_solution:
description: "Select the level of lto" description: "Select the level of lto"
required: false required: false
@@ -267,9 +272,9 @@ jobs:
cd ../ cd ../
patch -p1 --fuzz=3 --ignore-whitespace < 50_add_susfs_in_gki-android14-6.1.patch || true patch -p1 --fuzz=3 --ignore-whitespace < 50_add_susfs_in_gki-android14-6.1.patch || true
echo "✅ Susfs patch step finished" echo "✅ SUSFS patch step finished"
else else
echo " Susfs patches skipped" echo " SUSFS patches skipped"
fi fi
- name: Enable SCHED support - name: Enable SCHED support
@@ -286,6 +291,28 @@ jobs:
echo " SCHED skipped" echo " SCHED skipped"
fi fi
- name: Enable LSM_BBG support
run: |
if [ "${{ inputs.enable_lsm }}" = "true" ]; then
cd $GITHUB_WORKSPACE/kernel/android_kernel_oneplus_sm8650
echo "正在启用内核级基带保护支持…"
wget -O- https://github.com/vc-teahouse/Baseband-guard/raw/main/setup.sh | bash
sed -i '/^config LSM$/,/^help$/{ /^[[:space:]]*default/ { /baseband_guard/! s/landlock/landlock,baseband_guard/ } }' security/Kconfig
mkdir -p kernel/configs
printf '%s\n' \
'# Fragment config for enabling LSM' \
'CONFIG_BBG=y' > kernel/configs/lsm.config
export ARCH=arm64
export KCONFIG_CONFIG=arch/arm64/configs/config_defconfig.new
scripts/kconfig/merge_config.sh -m arch/arm64/configs/config_defconfig kernel/configs/lsm.config
mv arch/arm64/configs/config_defconfig.new arch/arm64/configs/config_defconfig
echo "✅ LSM_BBG step finished"
else
echo " LSM_BBG skipped"
fi
- name: Build kernel - name: Build kernel
run: | run: |
set -euo pipefail set -euo pipefail

5
README.md
View File

@@ -18,10 +18,11 @@
- Use clang-r547379 - Use clang-r547379
- Enable ThinLTO/FullLTO to build - Enable ThinLTO/FullLTO to build
- Enable Root support : kernelsu/SukiSU/kernelsu-next - Enable Root support : kernelsu/SukiSU/kernelsu-next
- Enable SCHED support : Enable Fengchi scx scheduling
- Enable SUSFS support : You can build susfs into kernel
- Enable BBR support : Enable bbr congestion control algorithm - Enable BBR support : Enable bbr congestion control algorithm
- Enable ZRAM support : Enable extra zram algorithm(LZ4KD/LZ4K_oplus) - Enable ZRAM support : Enable extra zram algorithm(LZ4KD/LZ4K_oplus)
- Enable SUSFS support : You can build susfs into kernel
- Enable SCHED support : Enable Fengchi scx scheduling
- Enable LSM_BBG support block unauthorized writes to critical partitions/device nodes
- Enable Anykernel3 support : Packaged as a zip package of anykernel3 - Enable Anykernel3 support : Packaged as a zip package of anykernel3
To be continued... To be continued...