/android-cve-checker

Python tool to check your Android kernel for missing CVE patches.

Primary LanguagePython

CVE toolchain

This toolchain is meant for fully automated patching of your Linux kernel.

It consists of four main scripts:

  • cve_check.py
  • cve_apply.py
  • cve_push.py
  • sync_patches.py

All those are combined by the main.py script.
The arguments for main.py are as follows:

print("usage: main.py <OPTIONS> kernel_repo\n")
print("<OPTIONS>")
print("\t -h          Print this text\n" +
      "\t -i          Path to the directory containing the CVE patches\n" +
      "\t -o          Where to store the tool output files\n" +
      "\t -p          Specify this if you want to push to Gerrit\n" +
      "\t -u          Your Gerrit user name\n" +
      "\t -b          The destination branch\n")
      
  ./main.py -i ../patches -o out kernel_folder

CVE patches

As we currently have no way to fetch the CVE git patches directly from the tracker (cve.lineageos.org), we keep them around in this repository for now.
They reside in the "patches" directory and are split up according to the Linux version they apply to.

Use for update local patches ./sync_patches.py ../patches

BUGS

  • Only 3.4, 3.10, 3.18, 4.4 and 4.9 kernels
  • Can't parse lineageos gerrit (skipping)