android-14.0.0_r2 patches

android-14.0.0_r2/external/minijail/0001-disable-seccomp.patch

@@ -0,0 +1,32 @@
+From fce354d9875fb0296fb6fc24a3dcbaa1801793ad Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Mon, 26 Apr 2021 22:55:03 +0800
+Subject: [PATCH] disable seccomp
+
+---
+ libminijail.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libminijail.c b/libminijail.c
+index bb60904..efe8be2 100644
+--- a/libminijail.c
++++ b/libminijail.c
+@@ -2487,6 +2487,7 @@ static void set_seccomp_filter(const struct minijail *j)
+ 	/*
+ 	 * Install the syscall filter.
+ 	 */
++#if 0 // HACKED
+ 	if (j->flags.seccomp_filter) {
+ 		if (j->flags.seccomp_filter_tsync ||
+ 		    j->flags.seccomp_filter_allow_speculation) {
+@@ -2508,6 +2509,7 @@ static void set_seccomp_filter(const struct minijail *j)
+ 			}
+ 		}
+ 	}
++#endif
+ }
+ 
+ static pid_t forward_pid = -1;
+-- 
+2.34.1
+

android-14.0.0_r2/external/selinux/0001-ignore-selinux.patch

@@ -0,0 +1,165 @@
+From 25c1521451ebcf5733fa7893bf76d7ffb659dc37 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 9 May 2021 23:44:12 +0800
+Subject: [PATCH] ignore selinux
+
+---
+ libselinux/include/selinux/selinux.h | 4 ++++
+ libselinux/src/checkAccess.c         | 1 +
+ libselinux/src/getenforce.c          | 1 +
+ libselinux/src/getfilecon.c          | 1 +
+ libselinux/src/getpeercon.c          | 1 +
+ libselinux/src/init.c                | 1 +
+ libselinux/src/label.c               | 1 +
+ libselinux/src/lgetfilecon.c         | 1 +
+ libselinux/src/lsetfilecon.c         | 1 +
+ libselinux/src/procattr.c            | 2 ++
+ libselinux/src/sestatus.c            | 1 +
+ 11 files changed, 15 insertions(+)
+
+diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
+index a0948853..3ddeee2d 100644
+--- a/libselinux/include/selinux/selinux.h
++++ b/libselinux/include/selinux/selinux.h
+@@ -4,6 +4,10 @@
+ #include <sys/types.h>
+ #include <stdarg.h>
+ 
++#define SE_HACK
++#define se_hack() if (1) return
++#define se_hack1(p) if (1) return p
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c
+index 022cd6b5..a23bffc9 100644
+--- a/libselinux/src/checkAccess.c
++++ b/libselinux/src/checkAccess.c
+@@ -20,6 +20,7 @@ static void avc_init_once(void)
+ }
+ 
+ int selinux_check_access(const char *scon, const char *tcon, const char *class, const char *perm, void *aux) {
++    se_hack1(0);
+ 	int rc;
+ 	security_id_t scon_id;
+ 	security_id_t tcon_id;
+diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c
+index 3f1e2002..bf162279 100644
+--- a/libselinux/src/getenforce.c
++++ b/libselinux/src/getenforce.c
+@@ -11,6 +11,7 @@
+ 
+ int security_getenforce(void)
+ {
++	se_hack1(0);
+ 	int fd, ret, enforce = 0;
+ 	char path[PATH_MAX];
+ 	char buf[20];
+diff --git a/libselinux/src/getfilecon.c b/libselinux/src/getfilecon.c
+index 4bee3137..f8b159a0 100644
+--- a/libselinux/src/getfilecon.c
++++ b/libselinux/src/getfilecon.c
+@@ -52,6 +52,7 @@ int getfilecon_raw(const char *path, char ** context)
+ 
+ int getfilecon(const char *path, char ** context)
+ {
++    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext = NULL;
+ 
+diff --git a/libselinux/src/getpeercon.c b/libselinux/src/getpeercon.c
+index a9dca73e..10771cbf 100644
+--- a/libselinux/src/getpeercon.c
++++ b/libselinux/src/getpeercon.c
+@@ -46,6 +46,7 @@ int getpeercon_raw(int fd, char ** context)
+ 
+ int getpeercon(int fd, char ** context)
+ {
++    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext;
+ 
+diff --git a/libselinux/src/init.c b/libselinux/src/init.c
+index 439da417..41268a74 100644
+--- a/libselinux/src/init.c
++++ b/libselinux/src/init.c
+@@ -139,6 +139,7 @@ void fini_selinuxmnt(void)
+ 
+ void set_selinuxmnt(const char *mnt)
+ {
++    se_hack();
+ 	selinux_mnt = strdup(mnt);
+ }
+ 
+diff --git a/libselinux/src/label.c b/libselinux/src/label.c
+index e0ed68d5..2c22c04f 100644
+--- a/libselinux/src/label.c
++++ b/libselinux/src/label.c
+@@ -310,6 +310,7 @@ bool selabel_hash_all_partial_matches(struct selabel_handle *rec,
+ int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
+ 			      const char *key, const char **aliases, int type)
+ {
++    se_hack1((*con = calloc(7, 1), memcpy(*con, "HACKED", 6), 0));
+ 	struct selabel_lookup_rec *lr;
+ 
+ 	if (!rec->func_lookup_best_match) {
+diff --git a/libselinux/src/lgetfilecon.c b/libselinux/src/lgetfilecon.c
+index d1fb821b..0d3b0acd 100644
+--- a/libselinux/src/lgetfilecon.c
++++ b/libselinux/src/lgetfilecon.c
+@@ -52,6 +52,7 @@ int lgetfilecon_raw(const char *path, char ** context)
+ 
+ int lgetfilecon(const char *path, char ** context)
+ {
++    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext = NULL;
+ 
+diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c
+index 213fb684..c73c152f 100644
+--- a/libselinux/src/lsetfilecon.c
++++ b/libselinux/src/lsetfilecon.c
+@@ -28,6 +28,7 @@ int lsetfilecon_raw(const char *path, const char * context)
+ 
+ int lsetfilecon(const char *path, const char *context)
+ {
++    se_hack1(0);
+ 	int ret;
+ 	char * rcontext;
+ 
+diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
+index b7a93a2b..a1478c7f 100644
+--- a/libselinux/src/procattr.c
++++ b/libselinux/src/procattr.c
+@@ -175,6 +175,7 @@ static int getprocattrcon_raw(char **context, pid_t pid, const char *attr,
+ static int getprocattrcon(char **context, pid_t pid, const char *attr,
+ 			  const char *prev_context)
+ {
++    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext;
+ 
+@@ -239,6 +240,7 @@ out:
+ static int setprocattrcon(const char *context, const char *attr,
+ 			  char **prev_context)
+ {
++    se_hack1(0);
+ 	int ret;
+ 	char * rcontext;
+ 
+diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
+index fbe64301..bafe6bb6 100644
+--- a/libselinux/src/sestatus.c
++++ b/libselinux/src/sestatus.c
+@@ -277,6 +277,7 @@ static int fallback_cb_policyload(int policyload)
+  */
+ int selinux_status_open(int fallback)
+ {
++    se_hack1(0);
+ 	int		fd;
+ 	char		path[PATH_MAX];
+ 	long		pagesize;
+-- 
+2.34.1
+

android-14.0.0_r2/frameworks/av/0001-workaround-for-mesa-video-playback.patch

@@ -0,0 +1,48 @@
+From 929c5fbe4b57b7682c8fe1f02b289431b08ec39f Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Mon, 20 Sep 2021 18:22:20 +0000
+Subject: [PATCH 1/2] ? workaround for mesa video playback
+
+---
+ media/libstagefright/colorconversion/SoftwareRenderer.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/media/libstagefright/colorconversion/SoftwareRenderer.cpp b/media/libstagefright/colorconversion/SoftwareRenderer.cpp
+index 240931591d..1e3ec7bf41 100644
+--- a/media/libstagefright/colorconversion/SoftwareRenderer.cpp
++++ b/media/libstagefright/colorconversion/SoftwareRenderer.cpp
+@@ -130,6 +130,7 @@ void SoftwareRenderer::resetFormatIfChanged(
+     // hardware has YUV12 and RGBA8888 support, so convert known formats
+     {
+         switch (mColorFormat) {
++#if 0 // HACKED
+             case OMX_COLOR_FormatYUV420Planar:
+             case OMX_COLOR_FormatYUV420SemiPlanar:
+             case OMX_TI_COLOR_FormatYUV420PackedSemiPlanar:
+@@ -139,6 +140,7 @@ void SoftwareRenderer::resetFormatIfChanged(
+                 bufHeight = (mCropHeight + 1) & ~1;
+                 break;
+             }
++#endif
+             case OMX_COLOR_Format24bitRGB888:
+             {
+                 halFormat = HAL_PIXEL_FORMAT_RGB_888;
+@@ -154,6 +156,7 @@ void SoftwareRenderer::resetFormatIfChanged(
+                 bufHeight = (mCropHeight + 1) & ~1;
+                 break;
+             }
++#if 0 // HACKED
+             case OMX_COLOR_FormatYUV420Planar16:
+             {
+                 if (((dataSpace & HAL_DATASPACE_STANDARD_MASK) == HAL_DATASPACE_STANDARD_BT2020)
+@@ -170,6 +173,7 @@ void SoftwareRenderer::resetFormatIfChanged(
+                 bufHeight = (mCropHeight + 1) & ~1;
+                 break;
+             }
++#endif
+             default:
+             {
+                 break;
+-- 
+2.34.1
+

android-14.0.0_r2/frameworks/av/0002-NOT-skip-OMX-nodes.patch

@@ -0,0 +1,26 @@
+From e1853e0b73fca06ee2f53da7e71047b2c630afdd Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 6 Aug 2022 10:17:12 +0800
+Subject: [PATCH 2/2] NOT skip OMX nodes
+
+users may use legacy kernel without `ION` / `DMABUF_HEAP` enabled,
+enable OMX nodes to support this.
+---
+ media/libstagefright/omx/OMXStore.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/media/libstagefright/omx/OMXStore.cpp b/media/libstagefright/omx/OMXStore.cpp
+index 0906433a8a..8ea62b6e3d 100644
+--- a/media/libstagefright/omx/OMXStore.cpp
++++ b/media/libstagefright/omx/OMXStore.cpp
+@@ -161,7 +161,6 @@ void OMXStore::addPlugin(OMXPluginBase *plugin) {
+                 }
+             }
+             if (skip) {
+-                continue;
+             }
+         }
+ 
+-- 
+2.34.1
+

android-14.0.0_r2/frameworks/native/0001-fix-booting.patch

@@ -0,0 +1,59 @@
+From d284d0be72c01ce3f712a201baf023f356826de8 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 9 May 2021 23:04:00 +0800
+Subject: [PATCH] fix booting
+
+---
+ libs/binder/Binder.cpp         | 1 +
+ libs/binder/IPCThreadState.cpp | 2 +-
+ libs/binder/ProcessState.cpp   | 3 +++
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libs/binder/Binder.cpp b/libs/binder/Binder.cpp
+index 3e49656575..8b91975ca3 100644
+--- a/libs/binder/Binder.cpp
++++ b/libs/binder/Binder.cpp
+@@ -506,6 +506,7 @@ void BBinder::setRequestingSid(bool requestingSid)
+                         "setRequestingSid() should not be called after a binder object "
+                         "is parceled/sent to another process");
+ 
++    requestingSid = false; // HACKED
+     Extras* e = mExtras.load(std::memory_order_acquire);
+ 
+     if (!e) {
+diff --git a/libs/binder/IPCThreadState.cpp b/libs/binder/IPCThreadState.cpp
+index da58251149..4a18b4297d 100644
+--- a/libs/binder/IPCThreadState.cpp
++++ b/libs/binder/IPCThreadState.cpp
+@@ -1393,7 +1393,7 @@ status_t IPCThreadState::executeCommand(int32_t cmd)
+             clearPropagateWorkSource();
+ 
+             mCallingPid = tr.sender_pid;
+-            mCallingSid = reinterpret_cast<const char*>(tr_secctx.secctx);
++            mCallingSid = "HACKED";
+             mCallingUid = tr.sender_euid;
+             mHasExplicitIdentity = false;
+             mLastTransactionBinderFlags = tr.flags;
+diff --git a/libs/binder/ProcessState.cpp b/libs/binder/ProcessState.cpp
+index 5f1f50672a..adc451a148 100644
+--- a/libs/binder/ProcessState.cpp
++++ b/libs/binder/ProcessState.cpp
+@@ -211,12 +211,15 @@ bool ProcessState::becomeContextManager()
+ {
+     AutoMutex _l(mLock);
+ 
++#if 0 // HACKED (?)
+     flat_binder_object obj {
+         .flags = FLAT_BINDER_FLAG_TXN_SECURITY_CTX,
+     };
+ 
+     int result = ioctl(mDriverFD, BINDER_SET_CONTEXT_MGR_EXT, &obj);
++#endif
+ 
++    status_t result = 1;
+     // fallback to original method
+     if (result != 0) {
+         android_errorWriteLog(0x534e4554, "121035042");
+-- 
+2.34.1
+

android-14.0.0_r2/packages/modules/Connectivity/0001-fix-booting.patch

@@ -0,0 +1,24 @@
+From 329d11797edbf1a86266aef49b38a16d341f79da Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Thu, 5 Oct 2023 22:18:09 +0800
+Subject: [PATCH] fix booting
+
+---
+ service/jni/com_android_server_connectivity_ClatCoordinator.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+index 059b7168ff..79f5270afe 100644
+--- a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
++++ b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+@@ -143,6 +143,7 @@ static void verifyClatPerms() {
+         return;
+     }
+ 
++    fatal = false; // HACKED
+     if (fatal) abort();
+ }
+ 
+-- 
+2.34.1
+

android-14.0.0_r2/system/bpf/0001-fix-booting.patch

@@ -0,0 +1,45 @@
+From 118f5f96200087f43707f0bc75e5c196f73ca3c7 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Thu, 5 Oct 2023 23:27:52 +0800
+Subject: [PATCH] fix booting
+
+---
+ bpfloader/BpfLoader.cpp | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp
+index e53669a..98686c0 100644
+--- a/bpfloader/BpfLoader.cpp
++++ b/bpfloader/BpfLoader.cpp
+@@ -271,13 +271,15 @@ int main(int argc, char** argv) {
+     // BPF_JIT is required by R VINTF (which means 4.14/4.19/5.4 kernels),
+     // but 4.14/4.19 were released with P & Q, and only 5.4 is new in R+.
+     if (writeProcSysFile("/proc/sys/net/core/bpf_jit_enable", "1\n") &&
+-        android::bpf::isAtLeastKernelVersion(5, 4, 0)) return 1;
++        android::bpf::isAtLeastKernelVersion(5, 4, 0))
++            PLOG(ERROR) << "change /proc/sys/net/core/bpf_jit_enable to 1 failed";
+ 
+     // Enable JIT kallsyms export for privileged users only
+     // (Note: this (open) will fail with ENOENT 'No such file or directory' if
+     //  kernel does not have CONFIG_HAVE_EBPF_JIT=y)
+     if (writeProcSysFile("/proc/sys/net/core/bpf_jit_kallsyms", "1\n") &&
+-        android::bpf::isAtLeastKernelVersion(5, 4, 0)) return 1;
++        android::bpf::isAtLeastKernelVersion(5, 4, 0))
++            PLOG(ERROR) << "change /proc/sys/net/core/bpf_jit_kallsyms to 1 failed";
+ 
+     // Create all the pin subdirectories
+     // (this must be done first to allow selinux_context and pin_subdir functionality,
+@@ -302,8 +304,10 @@ int main(int argc, char** argv) {
+             ALOGE("If this triggers randomly, you might be hitting some memory allocation "
+                   "problems or startup script race.");
+             ALOGE("--- DO NOT EXPECT SYSTEM TO BOOT SUCCESSFULLY ---");
++#if 0 // HACKED
+             sleep(20);
+             return 2;
++#endif
+         }
+     }
+ 
+-- 
+2.34.1
+

android-14.0.0_r2/system/core/0001-fix-booting.patch

@@ -0,0 +1,126 @@
+From 38a49840b16cab5b0c6fe10ad87abc78b39c341d Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 9 May 2021 23:09:00 +0800
+Subject: [PATCH 1/7] fix booting
+
+---
+ init/first_stage_init.cpp | 18 +++++++++++++++---
+ init/init.cpp             |  0
+ init/property_service.cpp |  0
+ init/service.cpp          |  3 ++-
+ init/util.cpp             |  3 ++-
+ rootdir/init.rc           |  1 -
+ 6 files changed, 19 insertions(+), 6 deletions(-)
+ mode change 100644 => 100755 init/init.cpp
+ mode change 100644 => 100755 init/property_service.cpp
+
+diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
+index 107e99a31..649f3ec76 100644
+--- a/init/first_stage_init.cpp
++++ b/init/first_stage_init.cpp
+@@ -35,6 +35,7 @@
+ #include <android-base/chrono_utils.h>
+ #include <android-base/file.h>
+ #include <android-base/logging.h>
++#include <android-base/strings.h>
+ #include <modprobe/modprobe.h>
+ #include <private/android_filesystem_config.h>
+ 
+@@ -243,6 +244,8 @@ int FirstStageMain(int argc, char** argv) {
+     CHECKCALL(mkdir("/dev/pts", 0755));
+     CHECKCALL(mkdir("/dev/socket", 0755));
+     CHECKCALL(mkdir("/dev/dm-user", 0755));
++    mount("/system/etc", "/etc", "none", MS_BIND, NULL); // cgroup fix
++    unshare(CLONE_NEWCGROUP);
+     CHECKCALL(mount("devpts", "/dev/pts", "devpts", 0, NULL));
+ #define MAKE_STR(x) __STRING(x)
+     CHECKCALL(mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)));
+@@ -306,7 +309,6 @@ int FirstStageMain(int argc, char** argv) {
+         for (const auto& [error_string, error_errno] : errors) {
+             LOG(ERROR) << error_string << " " << strerror(error_errno);
+         }
+-        LOG(FATAL) << "Init encountered errors starting first stage, aborting";
+     }
+ 
+     LOG(INFO) << "init first stage started!";
+@@ -420,12 +422,22 @@ int FirstStageMain(int argc, char** argv) {
+            1);
+ 
+     const char* path = "/system/bin/init";
+-    const char* args[] = {path, "selinux_setup", nullptr};
++    std::vector<const char *> args = {path, "second_stage"};
++    std::string init_cmdline;
++    android::base::ReadFileToString("/proc/self/cmdline", &init_cmdline);
++    std::replace(init_cmdline.begin(), init_cmdline.end(), '\0', ' ');
++    auto cmd_vector = android::base::Split(android::base::Trim(init_cmdline), " ");
++    int i = 0;
++    for (const auto& entry : cmd_vector) {
++        if (i++ == 0) continue; // ignore first arg '/init'
++        args.push_back(entry.c_str());
++    }
++    args.push_back(nullptr);
+     auto fd = open("/dev/kmsg", O_WRONLY | O_CLOEXEC);
+     dup2(fd, STDOUT_FILENO);
+     dup2(fd, STDERR_FILENO);
+     close(fd);
+-    execv(path, const_cast<char**>(args));
++    execv(path, const_cast<char**>(args.data()));
+ 
+     // execv() only returns if an error happened, in which case we
+     // panic and never fall through this conditional.
+diff --git a/init/init.cpp b/init/init.cpp
+old mode 100644
+new mode 100755
+diff --git a/init/property_service.cpp b/init/property_service.cpp
+old mode 100644
+new mode 100755
+diff --git a/init/service.cpp b/init/service.cpp
+index 35beaad33..3bdf7c26c 100644
+--- a/init/service.cpp
++++ b/init/service.cpp
+@@ -75,6 +75,7 @@ namespace android {
+ namespace init {
+ 
+ static Result<std::string> ComputeContextFromExecutable(const std::string& service_path) {
++    se_hack1("HACKED");
+     std::string computed_context;
+ 
+     char* raw_con = nullptr;
+@@ -371,7 +372,7 @@ void Service::Reap(const siginfo_t& siginfo) {
+                     if (!GetBoolProperty("init.svc_debug.no_fatal." + name_, false)) {
+                         // Aborts into `fatal_reboot_target_'.
+                         SetFatalRebootTarget(fatal_reboot_target_);
+-                        LOG(FATAL) << "critical process '" << name_ << "' exited 4 times "
++                        LOG(ERROR) << "critical process '" << name_ << "' exited 4 times "
+                                    << exit_reason;
+                     }
+                 } else {
+diff --git a/init/util.cpp b/init/util.cpp
+index bc8ea6eaf..78d76a297 100644
+--- a/init/util.cpp
++++ b/init/util.cpp
+@@ -242,7 +242,8 @@ int wait_for_file(const char* filename, std::chrono::nanoseconds timeout) {
+ 
+ void ImportKernelCmdline(const std::function<void(const std::string&, const std::string&)>& fn) {
+     std::string cmdline;
+-    android::base::ReadFileToString("/proc/cmdline", &cmdline);
++    android::base::ReadFileToString("/proc/self/cmdline", &cmdline); // HACKED
++    std::replace(cmdline.begin(), cmdline.end(), '\0', ' '); // HACKED
+ 
+     for (const auto& entry : android::base::Split(android::base::Trim(cmdline), " ")) {
+         std::vector<std::string> pieces = android::base::Split(entry, "=");
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 1e6918d00..5806d142e 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -571,7 +571,6 @@ on post-fs
+ 
+     # Once everything is setup, no need to modify /.
+     # The bind+remount combination allows this to work in containers.
+-    mount rootfs rootfs / remount bind ro nodev
+ 
+     # Mount default storage into root namespace
+     mount none /mnt/user/0 /storage bind rec
+-- 
+2.34.1
+

android-14.0.0_r2/system/core/0002-allow-override-ro.-prop.patch

@@ -0,0 +1,25 @@
+From be0a3e8f8e6e3103c69577cff072d02a54c5f4df Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 26 Jun 2021 05:42:24 +0000
+Subject: [PATCH 2/7] allow override ro.* prop
+
+---
+ init/property_service.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/init/property_service.cpp b/init/property_service.cpp
+index 8da69822c..29418343b 100755
+--- a/init/property_service.cpp
++++ b/init/property_service.cpp
+@@ -1343,6 +1343,8 @@ static void ProcessKernelCmdline() {
+     ImportKernelCmdline([&](const std::string& key, const std::string& value) {
+         if (StartsWith(key, ANDROIDBOOT_PREFIX)) {
+             InitPropertySet("ro.boot." + key.substr(ANDROIDBOOT_PREFIX.size()), value);
++        } else if (StartsWith(key, "ro.")) {
++            InitPropertySet(key, value);
+         }
+     });
+ }
+-- 
+2.34.1
+

android-14.0.0_r2/system/core/0003-fix-first-stage-mount.patch

@@ -0,0 +1,25 @@
+From e28cc1e8fddc644f708ed2ca871ab6dfa42fa732 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 27 Jun 2021 09:49:22 +0000
+Subject: [PATCH 3/7] ? fix first stage mount
+
+---
+ init/first_stage_init.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
+index 649f3ec76..390b40979 100644
+--- a/init/first_stage_init.cpp
++++ b/init/first_stage_init.cpp
+@@ -403,7 +403,7 @@ int FirstStageMain(int argc, char** argv) {
+     }
+ 
+     if (!DoFirstStageMount(!created_devices)) {
+-        LOG(FATAL) << "Failed to mount required partitions early ...";
++        LOG(ERROR) << "Failed to mount required partitions early ..."; // HACKED
+     }
+ 
+     struct stat new_root_info;
+-- 
+2.34.1
+

android-14.0.0_r2/system/core/0004-ignore-input-subsystem.patch

@@ -0,0 +1,26 @@
+From 327be2d9ef3a973c9d4d29d9417edb9cdc33be03 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Fri, 25 Jun 2021 15:56:47 +0000
+Subject: [PATCH 4/7] ignore input subsystem
+
+---
+ rootdir/ueventd.rc | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc
+index 0b7ffb8ea..1b6bdb692 100644
+--- a/rootdir/ueventd.rc
++++ b/rootdir/ueventd.rc
+@@ -12,9 +12,6 @@ subsystem drm
+     devname uevent_devpath
+     dirname /dev/dri
+ 
+-subsystem input
+-    devname uevent_devpath
+-    dirname /dev/input
+ 
+ subsystem sound
+     devname uevent_devpath
+-- 
+2.34.1
+

android-14.0.0_r2/system/core/0005-ignore-devfs-mount.patch

@@ -0,0 +1,24 @@
+From bb1cd623a1f739179c89715e4114bb7be3a2b759 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Fri, 17 Dec 2021 22:44:33 +0800
+Subject: [PATCH 5/7] ignore devfs mount
+
+---
+ init/first_stage_init.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
+index 390b40979..10585bb12 100644
+--- a/init/first_stage_init.cpp
++++ b/init/first_stage_init.cpp
+@@ -240,7 +240,6 @@ int FirstStageMain(int argc, char** argv) {
+     CHECKCALL(setenv("PATH", _PATH_DEFPATH, 1));
+     // Get the basic filesystem setup we need put together in the initramdisk
+     // on / and then we'll let the rc file figure out the rest.
+-    CHECKCALL(mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"));
+     CHECKCALL(mkdir("/dev/pts", 0755));
+     CHECKCALL(mkdir("/dev/socket", 0755));
+     CHECKCALL(mkdir("/dev/dm-user", 0755));
+-- 
+2.34.1
+

android-14.0.0_r2/system/core/0006-auto-alloc-binder-devices.patch

@@ -0,0 +1,24 @@
+From f626bc79fb34ffd6fc794fd66e354d4d3a410e7a Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Thu, 6 Jan 2022 20:47:28 +0800
+Subject: [PATCH 6/7] auto alloc binder devices
+
+---
+ rootdir/init.rc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 5806d142e..b8fff425b 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -251,6 +251,7 @@ on init
+     mkdir /dev/binderfs
+     mount binder binder /dev/binderfs stats=global
+     chmod 0755 /dev/binderfs
++    exec -- /vendor/bin/binder_alloc /dev/binderfs/binder-control binder hwbinder vndbinder
+ 
+     # Mount fusectl
+     mount fusectl none /sys/fs/fuse/connections
+-- 
+2.34.1
+

android-14.0.0_r2/system/core/0007-skip-fusectl-mount.patch

@@ -0,0 +1,24 @@
+From bea928df202803e4a3d016d90831fae79f5edc9e Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 2 Sep 2023 17:10:16 +0800
+Subject: [PATCH 7/7] skip fusectl mount
+
+---
+ rootdir/init.rc | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index b8fff425b..3516ce2b9 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -254,7 +254,6 @@ on init
+     exec -- /vendor/bin/binder_alloc /dev/binderfs/binder-control binder hwbinder vndbinder
+ 
+     # Mount fusectl
+-    mount fusectl none /sys/fs/fuse/connections
+ 
+     symlink /dev/binderfs/binder /dev/binder
+     symlink /dev/binderfs/hwbinder /dev/hwbinder
+-- 
+2.34.1
+

android-14.0.0_r2/system/libhwbinder/0001-fix-booting.patch

@@ -0,0 +1,45 @@
+From f9e29064297a1ac37642be195d033a3e70d9d936 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 9 May 2021 23:44:12 +0800
+Subject: [PATCH] fix booting
+
+---
+ Binder.cpp       | 1 +
+ ProcessState.cpp | 3 +++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/Binder.cpp b/Binder.cpp
+index 6d26414..b657a0b 100644
+--- a/Binder.cpp
++++ b/Binder.cpp
+@@ -96,6 +96,7 @@ bool BHwBinder::isRequestingSid() {
+ }
+ 
+ void BHwBinder::setRequestingSid(bool requestingSid) {
++    requestingSid = false; // HACKED
+     Extras* e = mExtras.load(std::memory_order_acquire);
+ 
+     if (!e) {
+diff --git a/ProcessState.cpp b/ProcessState.cpp
+index c2284f8..de37ead 100644
+--- a/ProcessState.cpp
++++ b/ProcessState.cpp
+@@ -121,12 +121,15 @@ void ProcessState::becomeContextManager()
+ {
+     AutoMutex _l(mLock);
+ 
++#if 0 // HACKED (?)
+     flat_binder_object obj {
+         .flags = FLAT_BINDER_FLAG_TXN_SECURITY_CTX,
+     };
+ 
+     status_t result = ioctl(mDriverFD, BINDER_SET_CONTEXT_MGR_EXT, &obj);
++#endif
+ 
++    status_t result = 1;
+     // fallback to original method
+     if (result != 0) {
+         android_errorWriteLog(0x534e4554, "121035042");
+-- 
+2.34.1
+

android-14.0.0_r2/system/libvintf/0001-ignore-compatibility-check.patch

@@ -0,0 +1,24 @@
+From 5b58748a41b0dc35d7f9b20a0af296aec561a418 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 15 Oct 2022 09:12:31 +0800
+Subject: [PATCH] ignore compatibility check
+
+---
+ VintfObject.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/VintfObject.cpp b/VintfObject.cpp
+index 77b28b9..fccceed 100644
+--- a/VintfObject.cpp
++++ b/VintfObject.cpp
+@@ -713,7 +713,6 @@ int32_t VintfObject::checkCompatibility(std::string* error, CheckFlags::Type fla
+                 error->insert(0,
+                               "Runtime info and framework compatibility matrix are incompatible: ");
+             }
+-            return INCOMPATIBLE;
+         }
+     }
+ 
+-- 
+2.34.1
+

android-14.0.0_r2/system/netd/0001-ignore-iptables-error.patch

@@ -0,0 +1,50 @@
+From 4d2d565742bc15b9c783b39ddf949b246145f92c Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 31 Jul 2021 06:14:33 +0000
+Subject: [PATCH 1/3] ignore iptables error
+
+---
+ server/BandwidthController.cpp       | 1 +
+ server/Controllers.cpp               | 1 -
+ server/IptablesRestoreController.cpp | 1 +
+ 3 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
+index 438dbb8d..8a4ffecb 100644
+--- a/server/BandwidthController.cpp
++++ b/server/BandwidthController.cpp
+@@ -541,6 +541,7 @@ int BandwidthController::updateQuota(const std::string& quotaName, int64_t bytes
+     if (!isOk(file)) {
+         int res = errno;
+         ALOGE("Updating quota %s failed (%s)", quotaName.c_str(), toString(file).c_str());
++        res = 0; // HACKED
+         return -res;
+     }
+     // TODO: should we propagate this error?
+diff --git a/server/Controllers.cpp b/server/Controllers.cpp
+index 43a2d1ee..4eafb117 100644
+--- a/server/Controllers.cpp
++++ b/server/Controllers.cpp
+@@ -284,7 +284,6 @@ void Controllers::init() {
+         // As such simply exit netd.  This may crash loop the system, but by failing
+         // to bootup we will trigger rollback and thus this offers us protection against
+         // a mainline update breaking things.
+-        exit(1);
+     }
+     gLog.info("Enabling bandwidth control: %" PRId64 "us", s.getTimeAndResetUs());
+ 
+diff --git a/server/IptablesRestoreController.cpp b/server/IptablesRestoreController.cpp
+index dc718309..160350ca 100644
+--- a/server/IptablesRestoreController.cpp
++++ b/server/IptablesRestoreController.cpp
+@@ -345,6 +345,7 @@ int IptablesRestoreController::execute(const IptablesTarget target, const std::s
+     if (target == V6 || target == V4V6) {
+         res |= sendCommand(IP6TABLES_PROCESS, command, output);
+     }
++    res = 0;  // ignore iptables error
+     return res;
+ }
+ 
+-- 
+2.34.1
+

android-14.0.0_r2/system/netd/0002-ignore-bpf-error.patch

@@ -0,0 +1,24 @@
+From 014758256e9401471725b089d5bed6d6cc34fed0 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 14 Aug 2022 11:53:19 +0800
+Subject: [PATCH 2/3] ignore bpf error
+
+---
+ server/main.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/server/main.cpp b/server/main.cpp
+index 3c6b0d52..7f845894 100644
+--- a/server/main.cpp
++++ b/server/main.cpp
+@@ -147,7 +147,6 @@ int main() {
+ 
+     if (libnetd_updatable_init(cg2_path.c_str())) {
+         ALOGE("libnetd_updatable_init failed");
+-        exit(1);
+     }
+     gLog.info("libnetd_updatable_init success");
+ 
+-- 
+2.34.1
+

android-14.0.0_r2/system/netd/0003-ignote-getTetherStats-error.patch

@@ -0,0 +1,28 @@
+From 3d5ca5d609e9e736ceded4be928ea5cf49f43e82 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 14 Aug 2022 11:57:11 +0800
+Subject: [PATCH 3/3] ignote getTetherStats error
+
+---
+ server/TetherController.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/server/TetherController.cpp b/server/TetherController.cpp
+index 79193574..826ef433 100644
+--- a/server/TetherController.cpp
++++ b/server/TetherController.cpp
+@@ -917,9 +917,11 @@ StatusOr<TetherController::TetherStatsList> TetherController::getTetherStats() {
+         }
+ 
+         if (int ret = addForwardChainStats(statsList, statsString, parsedIptablesOutput)) {
++#if 0
+             return statusFromErrno(-ret, StringPrintf("failed to parse %s tether stats:\n%s",
+                                                       target == V4 ? "IPv4": "IPv6",
+                                                       parsedIptablesOutput.c_str()));
++#endif
+         }
+     }
+ 
+-- 
+2.34.1
+

android-14.0.0_r2/system/vold/0001-ignore-project-quota-error.patch

@@ -0,0 +1,24 @@
+From ebaf7307f75a1646cabf8fef95def3943976061d Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sat, 6 Aug 2022 10:19:11 +0800
+Subject: [PATCH] ignore project quota error
+
+---
+ Utils.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Utils.cpp b/Utils.cpp
+index 40a182bc..30527c61 100644
+--- a/Utils.cpp
++++ b/Utils.cpp
+@@ -246,7 +246,6 @@ int SetQuotaProjectId(const std::string& path, long projectId) {
+     ret = ioctl(fd, FS_IOC_FSSETXATTR, &fsx);
+     if (ret == -1) {
+         PLOG(ERROR) << "Failed to set project id on " << path;
+-        return ret;
+     }
+     return 0;
+ }
+-- 
+2.34.1
+