support android-16.0.0_r2

android-16.0.0_r2/external/minijail/0001-disable-seccomp.patch

@@ -0,0 +1,32 @@
+From d0a81eab5bafdc3f446d921965a0fd555abe4170 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Mon, 26 Apr 2021 22:55:03 +0800
+Subject: [PATCH] disable seccomp
+
+---
+ libminijail.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libminijail.c b/libminijail.c
+index de59b8a..15016a1 100644
+--- a/libminijail.c
++++ b/libminijail.c
+@@ -2702,6 +2702,7 @@ static void set_seccomp_filter(const struct minijail *j)
+ 	/*
+ 	 * Install the syscall filter.
+ 	 */
++#if 0 // HACKED
+ 	if (j->flags.seccomp_filter) {
+ 		if (j->flags.seccomp_filter_tsync ||
+ 		    j->flags.seccomp_filter_allow_speculation) {
+@@ -2723,6 +2724,7 @@ static void set_seccomp_filter(const struct minijail *j)
+ 			}
+ 		}
+ 	}
++#endif
+ }
+ 
+ static pid_t forward_pid = -1;
+-- 
+2.49.0
+

android-16.0.0_r2/external/selinux/0001-ignore-selinux.patch

@@ -0,0 +1,165 @@
+From a35002efe9fb08f04e6ddeb4c986d8498a140119 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 9 May 2021 23:44:12 +0800
+Subject: [PATCH] ignore selinux
+
+---
+ libselinux/include/selinux/selinux.h | 4 ++++
+ libselinux/src/checkAccess.c         | 1 +
+ libselinux/src/getenforce.c          | 1 +
+ libselinux/src/getfilecon.c          | 1 +
+ libselinux/src/getpeercon.c          | 1 +
+ libselinux/src/init.c                | 1 +
+ libselinux/src/label.c               | 1 +
+ libselinux/src/lgetfilecon.c         | 1 +
+ libselinux/src/lsetfilecon.c         | 1 +
+ libselinux/src/procattr.c            | 2 ++
+ libselinux/src/sestatus.c            | 1 +
+ 11 files changed, 15 insertions(+)
+
+diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
+index 50419a7..01e4a3f 100644
+--- a/libselinux/include/selinux/selinux.h
++++ b/libselinux/include/selinux/selinux.h
+@@ -4,6 +4,10 @@
+ #include <sys/types.h>
+ #include <stdarg.h>
+ 
++#define SE_HACK
++#define se_hack() if (1) return
++#define se_hack1(p) if (1) return p
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c
+index 022cd6b..a23bffc 100644
+--- a/libselinux/src/checkAccess.c
++++ b/libselinux/src/checkAccess.c
+@@ -20,6 +20,7 @@ static void avc_init_once(void)
+ }
+ 
+ int selinux_check_access(const char *scon, const char *tcon, const char *class, const char *perm, void *aux) {
++    se_hack1(0);
+ 	int rc;
+ 	security_id_t scon_id;
+ 	security_id_t tcon_id;
+diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c
+index 3f1e200..bf16227 100644
+--- a/libselinux/src/getenforce.c
++++ b/libselinux/src/getenforce.c
+@@ -11,6 +11,7 @@
+ 
+ int security_getenforce(void)
+ {
++	se_hack1(0);
+ 	int fd, ret, enforce = 0;
+ 	char path[PATH_MAX];
+ 	char buf[20];
+diff --git a/libselinux/src/getfilecon.c b/libselinux/src/getfilecon.c
+index 4bee313..f8b159a 100644
+--- a/libselinux/src/getfilecon.c
++++ b/libselinux/src/getfilecon.c
+@@ -52,6 +52,7 @@ int getfilecon_raw(const char *path, char ** context)
+ 
+ int getfilecon(const char *path, char ** context)
+ {
++    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext = NULL;
+ 
+diff --git a/libselinux/src/getpeercon.c b/libselinux/src/getpeercon.c
+index a9dca73..10771cb 100644
+--- a/libselinux/src/getpeercon.c
++++ b/libselinux/src/getpeercon.c
+@@ -46,6 +46,7 @@ int getpeercon_raw(int fd, char ** context)
+ 
+ int getpeercon(int fd, char ** context)
+ {
++    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext;
+ 
+diff --git a/libselinux/src/init.c b/libselinux/src/init.c
+index 439da41..41268a7 100644
+--- a/libselinux/src/init.c
++++ b/libselinux/src/init.c
+@@ -139,6 +139,7 @@ void fini_selinuxmnt(void)
+ 
+ void set_selinuxmnt(const char *mnt)
+ {
++    se_hack();
+ 	selinux_mnt = strdup(mnt);
+ }
+ 
+diff --git a/libselinux/src/label.c b/libselinux/src/label.c
+index 08bbac2..c87f05a 100644
+--- a/libselinux/src/label.c
++++ b/libselinux/src/label.c
+@@ -303,6 +303,7 @@ bool selabel_hash_all_partial_matches(struct selabel_handle *rec,
+ int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
+ 			      const char *key, const char **aliases, int type)
+ {
++    se_hack1((*con = calloc(7, 1), memcpy(*con, "HACKED", 6), 0));
+ 	struct selabel_lookup_rec *lr;
+ 
+ 	if (!rec->func_lookup_best_match) {
+diff --git a/libselinux/src/lgetfilecon.c b/libselinux/src/lgetfilecon.c
+index d1fb821..0d3b0ac 100644
+--- a/libselinux/src/lgetfilecon.c
++++ b/libselinux/src/lgetfilecon.c
+@@ -52,6 +52,7 @@ int lgetfilecon_raw(const char *path, char ** context)
+ 
+ int lgetfilecon(const char *path, char ** context)
+ {
++    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext = NULL;
+ 
+diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c
+index 213fb68..c73c152 100644
+--- a/libselinux/src/lsetfilecon.c
++++ b/libselinux/src/lsetfilecon.c
+@@ -28,6 +28,7 @@ int lsetfilecon_raw(const char *path, const char * context)
+ 
+ int lsetfilecon(const char *path, const char *context)
+ {
++    se_hack1(0);
+ 	int ret;
+ 	char * rcontext;
+ 
+diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
+index b7a93a2..a1478c7 100644
+--- a/libselinux/src/procattr.c
++++ b/libselinux/src/procattr.c
+@@ -175,6 +175,7 @@ static int getprocattrcon_raw(char **context, pid_t pid, const char *attr,
+ static int getprocattrcon(char **context, pid_t pid, const char *attr,
+ 			  const char *prev_context)
+ {
++    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext;
+ 
+@@ -239,6 +240,7 @@ out:
+ static int setprocattrcon(const char *context, const char *attr,
+ 			  char **prev_context)
+ {
++    se_hack1(0);
+ 	int ret;
+ 	char * rcontext;
+ 
+diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
+index fbe6430..bafe6bb 100644
+--- a/libselinux/src/sestatus.c
++++ b/libselinux/src/sestatus.c
+@@ -277,6 +277,7 @@ static int fallback_cb_policyload(int policyload)
+  */
+ int selinux_status_open(int fallback)
+ {
++    se_hack1(0);
+ 	int		fd;
+ 	char		path[PATH_MAX];
+ 	long		pagesize;
+-- 
+2.49.0
+

android-16.0.0_r2/frameworks/av/0001-workaround-for-mesa-video-playback.patch

@@ -0,0 +1,48 @@
+From 955729e06e1e47a7c62a4b40c347ddf6f6d0001c Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Mon, 20 Sep 2021 18:22:20 +0000
+Subject: [PATCH 1/2] ? workaround for mesa video playback
+
+---
+ media/libstagefright/colorconversion/SoftwareRenderer.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/media/libstagefright/colorconversion/SoftwareRenderer.cpp b/media/libstagefright/colorconversion/SoftwareRenderer.cpp
+index 2409315..1e3ec7b 100644
+--- a/media/libstagefright/colorconversion/SoftwareRenderer.cpp
++++ b/media/libstagefright/colorconversion/SoftwareRenderer.cpp
+@@ -130,6 +130,7 @@ void SoftwareRenderer::resetFormatIfChanged(
+     // hardware has YUV12 and RGBA8888 support, so convert known formats
+     {
+         switch (mColorFormat) {
++#if 0 // HACKED
+             case OMX_COLOR_FormatYUV420Planar:
+             case OMX_COLOR_FormatYUV420SemiPlanar:
+             case OMX_TI_COLOR_FormatYUV420PackedSemiPlanar:
+@@ -139,6 +140,7 @@ void SoftwareRenderer::resetFormatIfChanged(
+                 bufHeight = (mCropHeight + 1) & ~1;
+                 break;
+             }
++#endif
+             case OMX_COLOR_Format24bitRGB888:
+             {
+                 halFormat = HAL_PIXEL_FORMAT_RGB_888;
+@@ -154,6 +156,7 @@ void SoftwareRenderer::resetFormatIfChanged(
+                 bufHeight = (mCropHeight + 1) & ~1;
+                 break;
+             }
++#if 0 // HACKED
+             case OMX_COLOR_FormatYUV420Planar16:
+             {
+                 if (((dataSpace & HAL_DATASPACE_STANDARD_MASK) == HAL_DATASPACE_STANDARD_BT2020)
+@@ -170,6 +173,7 @@ void SoftwareRenderer::resetFormatIfChanged(
+                 bufHeight = (mCropHeight + 1) & ~1;
+                 break;
+             }
++#endif
+             default:
+             {
+                 break;
+-- 
+2.49.0
+

android-16.0.0_r2/frameworks/base/0001-ignore-cgroup-error.patch

@@ -0,0 +1,25 @@
+From 3a364f05e246121b795300d56b42e6e0ae8c10b4 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 11 Nov 2023 10:30:11 +0800
+Subject: [PATCH] ignore cgroup error
+
+---
+ services/core/java/com/android/server/am/ProcessList.java | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java
+index ad47e67b9..e464f74dc 100644
+--- a/services/core/java/com/android/server/am/ProcessList.java
++++ b/services/core/java/com/android/server/am/ProcessList.java
+@@ -2594,7 +2594,7 @@ public final class ProcessList {
+                                         "Unable to create process group for "
+                                         + app.processName + " (" + startResult.pid + ")");
+                             } else {
+-                                throw new AssertionError("Unable to create process group for "
++                                Slog.e(ActivityManagerService.TAG, "Unable to create process group for "
+                                     + app.processName + " (" + startResult.pid + ")");
+                             }
+                         } else {
+-- 
+2.49.0
+

android-16.0.0_r2/frameworks/native/0001-fix-booting.patch

@@ -0,0 +1,59 @@
+From 37e20b445a0a05fa8e01678d1266d10214ed8af4 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 9 May 2021 23:04:00 +0800
+Subject: [PATCH] fix booting
+
+---
+ libs/binder/Binder.cpp         | 1 +
+ libs/binder/IPCThreadState.cpp | 2 +-
+ libs/binder/ProcessState.cpp   | 3 +++
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libs/binder/Binder.cpp b/libs/binder/Binder.cpp
+index 9883eb2..6b0e1c8 100644
+--- a/libs/binder/Binder.cpp
++++ b/libs/binder/Binder.cpp
+@@ -524,6 +524,7 @@ void BBinder::setRequestingSid(bool requestingSid)
+                         "setRequestingSid() should not be called after a binder object "
+                         "is parceled/sent to another process");
+ 
++    requestingSid = false; // HACKED
+     Extras* e = mExtras.load(std::memory_order_acquire);
+ 
+     if (!e) {
+diff --git a/libs/binder/IPCThreadState.cpp b/libs/binder/IPCThreadState.cpp
+index 1c1b6f3..bc1aec0 100644
+--- a/libs/binder/IPCThreadState.cpp
++++ b/libs/binder/IPCThreadState.cpp
+@@ -1460,7 +1460,7 @@ status_t IPCThreadState::executeCommand(int32_t cmd)
+             clearPropagateWorkSource();
+ 
+             mCallingPid = tr.sender_pid;
+-            mCallingSid = reinterpret_cast<const char*>(tr_secctx.secctx);
++            mCallingSid = "HACKED";
+             mCallingUid = tr.sender_euid;
+             mHasExplicitIdentity = false;
+             mLastTransactionBinderFlags = tr.flags;
+diff --git a/libs/binder/ProcessState.cpp b/libs/binder/ProcessState.cpp
+index 0bec379..7a9c411 100644
+--- a/libs/binder/ProcessState.cpp
++++ b/libs/binder/ProcessState.cpp
+@@ -229,12 +229,15 @@ bool ProcessState::becomeContextManager()
+ {
+     std::unique_lock<std::mutex> _l(mLock);
+ 
++#if 0
+     flat_binder_object obj {
+         .flags = FLAT_BINDER_FLAG_TXN_SECURITY_CTX,
+     };
+ 
+     int result = ioctl(mDriverFD, BINDER_SET_CONTEXT_MGR_EXT, &obj);
++#endif
+ 
++    int result = 1;
+     // fallback to original method
+     if (result != 0) {
+         android_errorWriteLog(0x534e4554, "121035042");
+-- 
+2.49.0
+

android-16.0.0_r2/packages/modules/Connectivity/0001-fix-booting.patch

@@ -0,0 +1,58 @@
+From 2650f80257f4c2eb73ab1b81e7c0eea23bb1c02a Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Thu, 5 Oct 2023 22:18:09 +0800
+Subject: [PATCH 1/2] fix booting
+
+---
+ bpf/loader/NetBpfLoad.cpp                                 | 8 ++++++--
+ .../com_android_server_connectivity_ClatCoordinator.cpp   | 1 +
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/bpf/loader/NetBpfLoad.cpp b/bpf/loader/NetBpfLoad.cpp
+index bdc2e8c..1527b99 100644
+--- a/bpf/loader/NetBpfLoad.cpp
++++ b/bpf/loader/NetBpfLoad.cpp
+@@ -1865,12 +1865,14 @@ static int doLoad(char** argv, char * const envp[]) {
+         //  kernel does not have CONFIG_BPF_JIT=y)
+         // BPF_JIT is required by R VINTF (which means 4.14/4.19/5.4 kernels),
+         // but 4.14/4.19 were released with P & Q, and only 5.4 is new in R+.
+-        if (writeProcSysFile("/proc/sys/net/core/bpf_jit_enable", "1\n")) return 1;
++        if (writeProcSysFile("/proc/sys/net/core/bpf_jit_enable", "1\n"))
++            ALOGE("write 1 to /proc/sys/net/core/bpf_jit_enable FAILED");
+ 
+         // Enable JIT kallsyms export for privileged users only
+         // (Note: this (open) will fail with ENOENT 'No such file or directory' if
+         //  kernel does not have CONFIG_HAVE_EBPF_JIT=y)
+-        if (writeProcSysFile("/proc/sys/net/core/bpf_jit_kallsyms", "1\n")) return 1;
++        if (writeProcSysFile("/proc/sys/net/core/bpf_jit_kallsyms", "1\n"))
++            ALOGE("write 1 to /proc/sys/net/core/bpf_jit_kallsyms FAILED");
+     }
+ 
+     // Create all the pin subdirectories
+@@ -1899,9 +1901,11 @@ static int doLoad(char** argv, char * const envp[]) {
+             ALOGE("If this triggers reliably, you're probably missing kernel options or patches.");
+             ALOGE("If this triggers randomly, you might be hitting some memory allocation "
+                   "problems or startup script race.");
++            #if 0 // HACKED
+             ALOGE("--- DO NOT EXPECT SYSTEM TO BOOT SUCCESSFULLY ---");
+             sleep(20);
+             return 2;
++            #endif
+         }
+     }
+ 
+diff --git a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+index 622fba8..fcb7fa0 100644
+--- a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
++++ b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+@@ -132,6 +132,7 @@ static void verifyClatPerms() {
+ 
+ #undef V2
+ 
++    fatal = false;
+     if (fatal) abort();
+ }
+ 
+-- 
+2.49.0
+

android-16.0.0_r2/packages/modules/Connectivity/0002-ignore-nativeSynchronizeKernelRCU-error.patch

@@ -0,0 +1,24 @@
+From ba7f80bea4177bc442cd9ccf0e9456de1cda32f1 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Thu, 5 Sep 2024 19:11:19 +0800
+Subject: [PATCH 2/2] ignore nativeSynchronizeKernelRCU error
+
+---
+ .../native/bpfmapjni/com_android_net_module_util_BpfMap.cpp      | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp b/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp
+index d862f6b..8f5ecdf 100644
+--- a/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp
++++ b/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp
+@@ -140,7 +140,6 @@ static void com_android_net_module_util_BpfMap_nativeSynchronizeKernelRCU(JNIEnv
+     const int pfSocket = socket(AF_KEY, SOCK_RAW | SOCK_CLOEXEC, PF_KEY_V2);
+ 
+     if (pfSocket < 0) {
+-        jniThrowErrnoException(env, "nativeSynchronizeKernelRCU:socket", errno);
+         return;
+     }
+ 
+-- 
+2.49.0
+

android-16.0.0_r2/system/bpf/0001-fix-booting.patch

@@ -0,0 +1,29 @@
+From 55e045ad4fe9121a13dd12799a5ad77e0b43ec42 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 15 Jun 2025 19:29:19 +0800
+Subject: [PATCH] fix booting
+
+Change-Id: I01e3abbbd3e879f9880177f1bb43ab634df0aec8
+---
+ loader/Loader.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/loader/Loader.cpp b/loader/Loader.cpp
+index 940ce19..336bb6a 100644
+--- a/loader/Loader.cpp
++++ b/loader/Loader.cpp
+@@ -990,9 +990,11 @@ void legacyBpfLoader() {
+             ALOGE("If this triggers reliably, you're probably missing kernel options or patches.");
+             ALOGE("If this triggers randomly, you might be hitting some memory allocation "
+                   "problems or startup script race.");
++            #if 0
+             ALOGE("--- DO NOT EXPECT SYSTEM TO BOOT SUCCESSFULLY ---");
+             sleep(20);
+             exit(121);
++            #endif
+         }
+     }
+ }
+-- 
+2.49.0
+

android-16.0.0_r2/system/core/0001-fix-booting.patch

@@ -0,0 +1,147 @@
+From a74c433d22faa74ec7d16fd7b7f5cdbcbc4aaef8 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 9 May 2021 23:09:00 +0800
+Subject: [PATCH 1/7] fix booting
+
+---
+ fs_mgr/libfstab/boot_config.cpp |  6 ++++--
+ init/first_stage_init.cpp       | 18 +++++++++++++++---
+ init/init.cpp                   |  0
+ init/property_service.cpp       |  0
+ init/service.cpp                |  1 +
+ libcutils/ashmem-dev.cpp        |  2 +-
+ rootdir/init.rc                 |  2 +-
+ 7 files changed, 22 insertions(+), 7 deletions(-)
+ mode change 100644 => 100755 init/init.cpp
+ mode change 100644 => 100755 init/property_service.cpp
+
+diff --git a/fs_mgr/libfstab/boot_config.cpp b/fs_mgr/libfstab/boot_config.cpp
+index b21495e..7993d15 100644
+--- a/fs_mgr/libfstab/boot_config.cpp
++++ b/fs_mgr/libfstab/boot_config.cpp
+@@ -154,13 +154,15 @@ bool GetKernelCmdlineFromString(const std::string& cmdline, const std::string& k
+ 
+ void ImportKernelCmdline(const std::function<void(std::string, std::string)>& fn) {
+     std::string cmdline;
+-    android::base::ReadFileToString("/proc/cmdline", &cmdline);
++    android::base::ReadFileToString("/proc/self/cmdline", &cmdline); // HACKED
++    std::replace(cmdline.begin(), cmdline.end(), '\0', ' '); // HACKED
+     ImportKernelCmdlineFromString(android::base::Trim(cmdline), fn);
+ }
+ 
+ bool GetKernelCmdline(const std::string& key, std::string* out) {
+     std::string cmdline;
+-    android::base::ReadFileToString("/proc/cmdline", &cmdline);
++    android::base::ReadFileToString("/proc/self/cmdline", &cmdline); // HACKED
++    std::replace(cmdline.begin(), cmdline.end(), '\0', ' '); // HACKED
+     return GetKernelCmdlineFromString(android::base::Trim(cmdline), key, out);
+ }
+ 
+diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
+index e06a645..6406662 100644
+--- a/init/first_stage_init.cpp
++++ b/init/first_stage_init.cpp
+@@ -36,6 +36,7 @@
+ #include <android-base/chrono_utils.h>
+ #include <android-base/file.h>
+ #include <android-base/logging.h>
++#include <android-base/strings.h>
+ #include <android-base/stringprintf.h>
+ #include <android/avf_cc_flags.h>
+ #include <fs_mgr.h>
+@@ -352,6 +353,8 @@ int FirstStageMain(int argc, char** argv) {
+     CHECKCALL(mkdir("/dev/pts", 0755));
+     CHECKCALL(mkdir("/dev/socket", 0755));
+     CHECKCALL(mkdir("/dev/dm-user", 0755));
++    mount("/system/etc", "/etc", "none", MS_BIND, NULL); // cgroup fix
++    unshare(CLONE_NEWCGROUP);
+     CHECKCALL(mount("devpts", "/dev/pts", "devpts", 0, NULL));
+ #define MAKE_STR(x) __STRING(x)
+     CHECKCALL(mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)));
+@@ -420,7 +423,6 @@ int FirstStageMain(int argc, char** argv) {
+         for (const auto& [error_string, error_errno] : errors) {
+             LOG(ERROR) << error_string << " " << strerror(error_errno);
+         }
+-        LOG(FATAL) << "Init encountered errors starting first stage, aborting";
+     }
+ 
+     LOG(INFO) << "init first stage started!";
+@@ -557,12 +559,22 @@ int FirstStageMain(int argc, char** argv) {
+            1);
+ 
+     const char* path = "/system/bin/init";
+-    const char* args[] = {path, "selinux_setup", nullptr};
++    std::vector<const char *> args = {path, "second_stage"};
++    std::string init_cmdline;
++    android::base::ReadFileToString("/proc/self/cmdline", &init_cmdline);
++    std::replace(init_cmdline.begin(), init_cmdline.end(), '\0', ' ');
++    auto cmd_vector = android::base::Split(android::base::Trim(init_cmdline), " ");
++    int i = 0;
++    for (const auto& entry : cmd_vector) {
++        if (i++ == 0) continue; // ignore first arg '/init'
++        args.push_back(entry.c_str());
++    }
++    args.push_back(nullptr);
+     auto fd = open("/dev/kmsg", O_WRONLY | O_CLOEXEC);
+     dup2(fd, STDOUT_FILENO);
+     dup2(fd, STDERR_FILENO);
+     close(fd);
+-    execv(path, const_cast<char**>(args));
++    execv(path, const_cast<char**>(args.data()));
+ 
+     // execv() only returns if an error happened, in which case we
+     // panic and never fall through this conditional.
+diff --git a/init/init.cpp b/init/init.cpp
+old mode 100644
+new mode 100755
+diff --git a/init/property_service.cpp b/init/property_service.cpp
+old mode 100644
+new mode 100755
+diff --git a/init/service.cpp b/init/service.cpp
+index 5630020..bd1f43f 100644
+--- a/init/service.cpp
++++ b/init/service.cpp
+@@ -77,6 +77,7 @@ namespace android {
+ namespace init {
+ 
+ static Result<std::string> ComputeContextFromExecutable(const std::string& service_path) {
++    se_hack1("HACKED");
+     std::string computed_context;
+ 
+     char* raw_con = nullptr;
+diff --git a/libcutils/ashmem-dev.cpp b/libcutils/ashmem-dev.cpp
+index 80c4f4c..f4d9e2a 100644
+--- a/libcutils/ashmem-dev.cpp
++++ b/libcutils/ashmem-dev.cpp
+@@ -176,7 +176,7 @@ static int __ashmem_open_locked() {
+         return -1;
+     }
+ 
+-    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(ashmem_device_path.c_str(), O_RDWR | O_CLOEXEC)));
++    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open("/dev/ashmem", O_RDWR | O_CLOEXEC)));
+     if (!fd.ok()) {
+         ALOGE("Unable to open ashmem device: %m");
+         return -1;
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 471059b..52c967d 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -15,6 +15,7 @@ import /system/etc/init/hw/init.${ro.zygote}.rc
+ on early-init
+     # Disable sysrq from keyboard
+     write /proc/sys/kernel/sysrq 0
++    mount sysfs sysfs /sys remount rw nodev
+ 
+     # Android doesn't need kernel module autoloading, and it causes SELinux
+     # denials.  So disable it by setting modprobe to the empty string.  Note: to
+@@ -541,7 +542,6 @@ on post-fs
+ 
+     # Once everything is setup, no need to modify /.
+     # The bind+remount combination allows this to work in containers.
+-    mount rootfs rootfs / remount bind ro nodev
+ 
+     # Mount default storage into root namespace
+     mount none /mnt/user/0 /storage bind rec
+-- 
+2.49.0
+

android-16.0.0_r2/system/core/0002-allow-override-ro.-prop.patch

@@ -0,0 +1,25 @@
+From 810a90e48678b11038ad7982dd9bb1e04c1e1efb Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 26 Jun 2021 05:42:24 +0000
+Subject: [PATCH 2/7] allow override ro.* prop
+
+---
+ init/property_service.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/init/property_service.cpp b/init/property_service.cpp
+index 83e9a0d..bd55dcc 100755
+--- a/init/property_service.cpp
++++ b/init/property_service.cpp
+@@ -1391,6 +1391,8 @@ static void ProcessKernelCmdline() {
+     android::fs_mgr::ImportKernelCmdline([&](const std::string& key, const std::string& value) {
+         if (StartsWith(key, ANDROIDBOOT_PREFIX)) {
+             InitPropertySet("ro.boot." + key.substr(ANDROIDBOOT_PREFIX.size()), value);
++        } else if (StartsWith(key, "ro.")) {
++            InitPropertySet(key, value);
+         }
+     });
+ }
+-- 
+2.49.0
+

android-16.0.0_r2/system/core/0003-fix-first-stage-mount.patch

@@ -0,0 +1,35 @@
+From 01ea704105418bbf7bc45d1199bef3d36db0c58d Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 27 Jun 2021 09:49:22 +0000
+Subject: [PATCH 3/7] ? fix first stage mount
+
+---
+ init/first_stage_init.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
+index 6406662..13c7553 100644
+--- a/init/first_stage_init.cpp
++++ b/init/first_stage_init.cpp
+@@ -530,6 +530,7 @@ int FirstStageMain(int argc, char** argv) {
+         if (!fsm) {
+             fsm = CreateFirstStageMount(cmdline);
+         }
++        #if 0
+         if (!fsm) {
+             LOG(FATAL) << "FirstStageMount not available";
+         }
+@@ -539,8 +540,9 @@ int FirstStageMain(int argc, char** argv) {
+         }
+ 
+         if (!fsm->DoFirstStageMount()) {
+-            LOG(FATAL) << "Failed to mount required partitions early ...";
++            LOG(ERROR) << "Failed to mount required partitions early ...";
+         }
++        #endif
+     }
+ 
+     struct stat new_root_info {};
+-- 
+2.49.0
+

android-16.0.0_r2/system/core/0004-ignore-input-subsystem.patch

@@ -0,0 +1,26 @@
+From b3426e7aa82ad2ae5b0935fc53216335310310df Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Fri, 25 Jun 2021 15:56:47 +0000
+Subject: [PATCH 4/7] ignore input subsystem
+
+---
+ rootdir/ueventd.rc | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc
+index 3927501..404da8f 100644
+--- a/rootdir/ueventd.rc
++++ b/rootdir/ueventd.rc
+@@ -12,9 +12,6 @@ subsystem drm
+     devname uevent_devpath
+     dirname /dev/dri
+ 
+-subsystem input
+-    devname uevent_devpath
+-    dirname /dev/input
+ 
+ subsystem sound
+     devname uevent_devpath
+-- 
+2.49.0
+

android-16.0.0_r2/system/core/0005-ignore-devfs-mount.patch

@@ -0,0 +1,24 @@
+From ddb69215b3cd4ecee0993fa6bbd1752b71ac511b Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Fri, 17 Dec 2021 22:44:33 +0800
+Subject: [PATCH 5/7] ignore devfs mount
+
+---
+ init/first_stage_init.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
+index 13c7553..8485b3d 100644
+--- a/init/first_stage_init.cpp
++++ b/init/first_stage_init.cpp
+@@ -349,7 +349,6 @@ int FirstStageMain(int argc, char** argv) {
+     CHECKCALL(setenv("PATH", _PATH_DEFPATH, 1));
+     // Get the basic filesystem setup we need put together in the initramdisk
+     // on / and then we'll let the rc file figure out the rest.
+-    CHECKCALL(mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"));
+     CHECKCALL(mkdir("/dev/pts", 0755));
+     CHECKCALL(mkdir("/dev/socket", 0755));
+     CHECKCALL(mkdir("/dev/dm-user", 0755));
+-- 
+2.49.0
+

android-16.0.0_r2/system/core/0006-auto-alloc-binder-devices.patch

@@ -0,0 +1,24 @@
+From 4f325fbbcd4ff9c5ddedb6d3d3a1f587cfc950bd Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Thu, 6 Jan 2022 20:47:28 +0800
+Subject: [PATCH 6/7] auto alloc binder devices
+
+---
+ rootdir/init.rc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 52c967d..bc92e33 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -219,6 +219,7 @@ on init
+     mkdir /dev/binderfs
+     mount binder binder /dev/binderfs stats=global
+     chmod 0755 /dev/binderfs
++    exec -- /vendor/bin/binder_alloc /dev/binderfs/binder-control binder hwbinder vndbinder
+ 
+     # Mount fusectl
+     mount fusectl none /sys/fs/fuse/connections
+-- 
+2.49.0
+

android-16.0.0_r2/system/core/0007-skip-fusectl-mount.patch

@@ -0,0 +1,24 @@
+From 46eb689748f2c3d0ee19e0e247046249490a10b6 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 2 Sep 2023 17:10:16 +0800
+Subject: [PATCH 7/7] skip fusectl mount
+
+---
+ rootdir/init.rc | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index bc92e33..63ff049 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -222,7 +222,6 @@ on init
+     exec -- /vendor/bin/binder_alloc /dev/binderfs/binder-control binder hwbinder vndbinder
+ 
+     # Mount fusectl
+-    mount fusectl none /sys/fs/fuse/connections
+ 
+     symlink /dev/binderfs/binder /dev/binder
+     symlink /dev/binderfs/hwbinder /dev/hwbinder
+-- 
+2.49.0
+

android-16.0.0_r2/system/hwservicemanager/0001-fix-booting.patch

@@ -0,0 +1,28 @@
+From 20133571482acb99467b95058e393e19121bde44 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Tue, 24 Jun 2025 23:24:25 +0800
+Subject: [PATCH] fix booting
+
+Change-Id: I27f6ed25cb3b2364dbbc909ce795e13a9a6e194e
+---
+ ServiceManager.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ServiceManager.cpp b/ServiceManager.cpp
+index 73582d2..056edbe 100644
+--- a/ServiceManager.cpp
++++ b/ServiceManager.cpp
+@@ -47,8 +47,10 @@ AccessControl::CallingContext getBinderCallingContext() {
+             android_errorWriteLog(0x534e4554, "121035042");
+         }
+ 
++        #if 0 // HACKED
+         CHECK_EQ(nullptr, self->getServingStackPointer())
+                 << "Pid " << pid << " missing service context.";
++        #endif
+ 
+         return AccessControl::getCallingContext(pid);
+     } else {
+-- 
+2.49.0
+

android-16.0.0_r2/system/libhwbinder/0001-fix-booting.patch

@@ -0,0 +1,45 @@
+From 8d1808ead2eb6ccb2f87cf985a6879e8c8cf3c80 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 9 May 2021 23:44:12 +0800
+Subject: [PATCH] fix booting
+
+---
+ Binder.cpp       | 1 +
+ ProcessState.cpp | 3 +++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/Binder.cpp b/Binder.cpp
+index 6d26414..b657a0b 100644
+--- a/Binder.cpp
++++ b/Binder.cpp
+@@ -96,6 +96,7 @@ bool BHwBinder::isRequestingSid() {
+ }
+ 
+ void BHwBinder::setRequestingSid(bool requestingSid) {
++    requestingSid = false; // HACKED
+     Extras* e = mExtras.load(std::memory_order_acquire);
+ 
+     if (!e) {
+diff --git a/ProcessState.cpp b/ProcessState.cpp
+index 4b2f4fc..2c2c530 100644
+--- a/ProcessState.cpp
++++ b/ProcessState.cpp
+@@ -128,12 +128,15 @@ void ProcessState::becomeContextManager()
+ {
+     AutoMutex _l(mLock);
+ 
++#if 0 // HACKED (?)
+     flat_binder_object obj {
+         .flags = FLAT_BINDER_FLAG_TXN_SECURITY_CTX,
+     };
+ 
+     status_t result = ioctl(mDriverFD, BINDER_SET_CONTEXT_MGR_EXT, &obj);
++#endif
+ 
++    status_t result = 1;
+     // fallback to original method
+     if (result != 0) {
+         android_errorWriteLog(0x534e4554, "121035042");
+-- 
+2.49.0
+

android-16.0.0_r2/system/libvintf/0001-ignore-compatibility-check.patch

@@ -0,0 +1,24 @@
+From a9b5b360b730768adc58f0bd203c65d88915fe31 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 15 Oct 2022 09:12:31 +0800
+Subject: [PATCH 1/2] ignore compatibility check
+
+---
+ VintfObject.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/VintfObject.cpp b/VintfObject.cpp
+index 708e58c..fb0b72e 100644
+--- a/VintfObject.cpp
++++ b/VintfObject.cpp
+@@ -744,7 +744,6 @@ int32_t VintfObject::checkCompatibility(std::string* error, CheckFlags::Type fla
+                 error->insert(0,
+                               "Runtime info and framework compatibility matrix are incompatible: ");
+             }
+-            return INCOMPATIBLE;
+         }
+     }
+ 
+-- 
+2.49.0
+

android-16.0.0_r2/system/libvintf/0002-ignore-proc-config.gz-failed-read.patch

@@ -0,0 +1,24 @@
+From 2badf1f0d45dcd2619a6b05b396bb133f08cbc32 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Thu, 5 Sep 2024 19:05:14 +0800
+Subject: [PATCH 2/2] ignore /proc/config.gz failed read
+
+---
+ KernelConfigs.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/KernelConfigs.cpp b/KernelConfigs.cpp
+index 3de65ea..3583d66 100644
+--- a/KernelConfigs.cpp
++++ b/KernelConfigs.cpp
+@@ -34,6 +34,7 @@ status_t LoadKernelConfigs(std::map<std::string, std::string>* configs) {
+     gzFile f = gzopen("/proc/config.gz", "rb");
+     if (f == NULL) {
+         LOG(ERROR) << "Could not open /proc/config.gz: " << errno;
++        errno = 0; // HACKED
+         return -errno;
+     }
+ 
+-- 
+2.49.0
+

android-16.0.0_r2/system/netd/0001-fix-booting.patch

@@ -0,0 +1,89 @@
+From 0c2bc373eaea2c413570bc64471d2063c86209b4 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 31 Jul 2021 06:14:33 +0000
+Subject: [PATCH] fix booting
+
+Change-Id: I87b1c6fca9361a66a021a3dc484f4d69224744a8
+---
+ server/BandwidthController.cpp       | 1 +
+ server/Controllers.cpp               | 2 --
+ server/IptablesRestoreController.cpp | 1 +
+ server/TetherController.cpp          | 2 ++
+ server/main.cpp                      | 1 -
+ 5 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
+index 8a96738..f1cbf14 100644
+--- a/server/BandwidthController.cpp
++++ b/server/BandwidthController.cpp
+@@ -527,6 +527,7 @@ int BandwidthController::updateQuota(const std::string& quotaName, int64_t bytes
+     if (!isOk(file)) {
+         int res = errno;
+         ALOGE("Updating quota %s failed (%s)", quotaName.c_str(), toString(file).c_str());
++        res = 0; // HACKED
+         return -res;
+     }
+     // TODO: should we propagate this error?
+diff --git a/server/Controllers.cpp b/server/Controllers.cpp
+index 48d0c50..50b8408 100644
+--- a/server/Controllers.cpp
++++ b/server/Controllers.cpp
+@@ -326,7 +326,6 @@ void Controllers::init() {
+         // As such simply exit netd.  This may crash loop the system, but by failing
+         // to bootup we will trigger rollback and thus this offers us protection against
+         // a mainline update breaking things.
+-        exit(1);
+     }
+     gLog.info("Enabling bandwidth control: %" PRId64 "us", s.getTimeAndResetUs());
+ 
+@@ -339,7 +338,6 @@ void Controllers::init() {
+     netdutils::Status xStatus = XfrmController::Init();
+     if (!isOk(xStatus)) {
+         gLog.error("Failed to initialize XfrmController (%s)", netdutils::toString(xStatus).c_str());
+-        exit(3);
+     };
+     gLog.info("Initializing XfrmController: %" PRId64 "us", s.getTimeAndResetUs());
+ }
+diff --git a/server/IptablesRestoreController.cpp b/server/IptablesRestoreController.cpp
+index 49b48d3..07bdda4 100644
+--- a/server/IptablesRestoreController.cpp
++++ b/server/IptablesRestoreController.cpp
+@@ -349,6 +349,7 @@ int IptablesRestoreController::execute(const IptablesTarget target, const std::s
+     if (target == V6 || target == V4V6) {
+         res |= sendCommand(IP6TABLES_PROCESS, command, output);
+     }
++    res = 0;  // ignore iptables error
+     return res;
+ }
+ 
+diff --git a/server/TetherController.cpp b/server/TetherController.cpp
+index b159d95..a582cd8 100644
+--- a/server/TetherController.cpp
++++ b/server/TetherController.cpp
+@@ -913,9 +913,11 @@ StatusOr<TetherController::TetherStatsList> TetherController::getTetherStats() {
+         }
+ 
+         if (int ret = addForwardChainStats(statsList, statsString, parsedIptablesOutput)) {
++#if 0
+             return statusFromErrno(-ret, StringPrintf("failed to parse %s tether stats:\n%s",
+                                                       target == V4 ? "IPv4": "IPv6",
+                                                       parsedIptablesOutput.c_str()));
++#endif
+         }
+     }
+ 
+diff --git a/server/main.cpp b/server/main.cpp
+index d27fd76..1a79b83 100644
+--- a/server/main.cpp
++++ b/server/main.cpp
+@@ -142,7 +142,6 @@ int main() {
+ 
+     if (libnetd_updatable_init(cg2_path.c_str())) {
+         ALOGE("libnetd_updatable_init failed");
+-        exit(1);
+     }
+     gLog.info("libnetd_updatable_init success");
+ 
+-- 
+2.49.0
+

android-16.0.0_r2/system/vold/0001-ignore-project-quota-error.patch

@@ -0,0 +1,24 @@
+From c237d9bed4f26136f8687b539a8836a2ab07158c Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 6 Aug 2022 10:19:11 +0800
+Subject: [PATCH] ignore project quota error
+
+---
+ Utils.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Utils.cpp b/Utils.cpp
+index 9ad828c..b4ebc7a 100644
+--- a/Utils.cpp
++++ b/Utils.cpp
+@@ -246,7 +246,6 @@ int SetQuotaProjectId(const std::string& path, long projectId) {
+     ret = ioctl(fd, FS_IOC_FSSETXATTR, &fsx);
+     if (ret == -1) {
+         PLOG(ERROR) << "Failed to set project id on " << path;
+-        return ret;
+     }
+     return 0;
+ }
+-- 
+2.49.0
+