pkg: debian: Drop anbox patches

They don't build on 6.8 anymore. Ubuntu has stopped shipping them and
enables binderfs instead, which can be used instead of the old binder
modules.

pkg/debian/kernel/0001-Export-symbols-needed-by-Android-drivers.patch

@@ -1,132 +0,0 @@
-From 408551029a78a655c5fea864b45a8e370d7d9e8c Mon Sep 17 00:00:00 2001
-From: Ben Hutchings <ben@decadent.org.uk>
-Date: Mon, 7 Sep 2020 02:51:53 +0100
-Subject: [PATCH 1/2] Export symbols needed by Android drivers
-
-We want to enable use of the Android ashmem and binder drivers to
-support Anbox, but they should not be built-in as that would waste
-resources and increase security attack surface on systems that don't
-need them.
-
-Export the currently un-exported symbols they depend on.
----
- fs/file.c           | 1 +
- kernel/sched/core.c | 1 +
- kernel/sched/wait.c | 1 +
- kernel/task_work.c  | 1 +
- mm/memory.c         | 1 +
- mm/shmem.c          | 1 +
- security/security.c | 4 ++++
- 7 files changed, 10 insertions(+)
-
-diff --git a/fs/file.c b/fs/file.c
-index 3e4a4dfa38fca..bdded3fcdbd87 100644
---- a/fs/file.c
-+++ b/fs/file.c
-@@ -816,6 +816,7 @@ struct file *close_fd_get_file(unsigned int fd)
- 
- 	return file;
- }
-+EXPORT_SYMBOL_GPL(close_fd_get_file);
- 
- void do_close_on_exec(struct files_struct *files)
- {
-diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 802551e0009bf..2698c78062b2f 100644
---- a/kernel/sched/core.c
-+++ b/kernel/sched/core.c
-@@ -7253,6 +7253,7 @@ static bool is_nice_reduction(const struct task_struct *p, const int nice)
- 
- 	return (nice_rlim <= task_rlimit(p, RLIMIT_NICE));
- }
-+EXPORT_SYMBOL_GPL(can_nice);
- 
- /*
-  * can_nice - check if a task can reduce its nice value
-diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c
-index 802d98cf2de31..8eec46f066d86 100644
---- a/kernel/sched/wait.c
-+++ b/kernel/sched/wait.c
-@@ -252,6 +252,7 @@ void __wake_up_pollfree(struct wait_queue_head *wq_head)
- 	/* POLLFREE must have cleared the queue. */
- 	WARN_ON_ONCE(waitqueue_active(wq_head));
- }
-+EXPORT_SYMBOL_GPL(__wake_up_pollfree);
- 
- /*
-  * Note: we use "set_current_state()" _after_ the wait-queue add,
-diff --git a/kernel/task_work.c b/kernel/task_work.c
-index 95a7e1b7f1dab..972c3280337e8 100644
---- a/kernel/task_work.c
-+++ b/kernel/task_work.c
-@@ -73,6 +73,7 @@ int task_work_add(struct task_struct *task, struct callback_head *work,
- 
- 	return 0;
- }
-+EXPORT_SYMBOL_GPL(task_work_add);
- 
- /**
-  * task_work_cancel_match - cancel a pending work added by task_work_add()
-diff --git a/mm/memory.c b/mm/memory.c
-index 517221f013035..b747095cfea68 100644
---- a/mm/memory.c
-+++ b/mm/memory.c
-@@ -1770,6 +1770,7 @@ void zap_page_range_single(struct vm_area_struct *vma, unsigned long address,
- 	tlb_finish_mmu(&tlb);
- 	hugetlb_zap_end(vma, details);
- }
-+EXPORT_SYMBOL_GPL(zap_page_range_single);
- 
- /**
-  * zap_vma_ptes - remove ptes mapping the vma
-diff --git a/mm/shmem.c b/mm/shmem.c
-index 69595d3418829..e155894de651c 100644
---- a/mm/shmem.c
-+++ b/mm/shmem.c
-@@ -4871,6 +4871,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
- 
- 	return 0;
- }
-+EXPORT_SYMBOL_GPL(shmem_zero_setup);
- 
- /**
-  * shmem_read_folio_gfp - read into page cache, using specified page allocation flags.
-diff --git a/security/security.c b/security/security.c
-index 23b129d482a7c..eeb7162a02674 100644
---- a/security/security.c
-+++ b/security/security.c
-@@ -799,6 +799,7 @@ int security_binder_set_context_mgr(const struct cred *mgr)
- {
- 	return call_int_hook(binder_set_context_mgr, 0, mgr);
- }
-+EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
- 
- /**
-  * security_binder_transaction() - Check if a binder transaction is allowed
-@@ -814,6 +815,7 @@ int security_binder_transaction(const struct cred *from,
- {
- 	return call_int_hook(binder_transaction, 0, from, to);
- }
-+EXPORT_SYMBOL_GPL(security_binder_transaction);
- 
- /**
-  * security_binder_transfer_binder() - Check if a binder transfer is allowed
-@@ -829,6 +831,7 @@ int security_binder_transfer_binder(const struct cred *from,
- {
- 	return call_int_hook(binder_transfer_binder, 0, from, to);
- }
-+EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
- 
- /**
-  * security_binder_transfer_file() - Check if a binder file xfer is allowed
-@@ -845,6 +848,7 @@ int security_binder_transfer_file(const struct cred *from,
- {
- 	return call_int_hook(binder_transfer_file, 0, from, to, file);
- }
-+EXPORT_SYMBOL_GPL(security_binder_transfer_file);
- 
- /**
-  * security_ptrace_access_check() - Check if tracing is allowed
--- 
-2.42.1
-

pkg/debian/kernel/0002-android-Enable-building-ashmem-and-binder-as-modules.patch

@@ -1,71 +0,0 @@
-From 2802d75f2b216a35c6a976c0064fcc0e20d82e4b Mon Sep 17 00:00:00 2001
-From: Ben Hutchings <ben@decadent.org.uk>
-Date: Fri, 22 Jun 2018 17:27:00 +0100
-Subject: [PATCH 2/2] android: Enable building ashmem and binder as modules
-
-We want to enable use of the Android ashmem and binder drivers to
-support Anbox, but they should not be built-in as that would waste
-resources and increase security attack surface on systems that don't
-need them.
-
-- Add a MODULE_LICENSE declaration to ashmem
-- Change the Makefiles to build each driver as an object with the
-  "_linux" suffix (which is what Anbox expects)
-- Change config symbol types to tristate
-
-Update:
-In upstream commit 721412ed3d titled "staging: remove ashmem" the ashmem
-driver was removed entirely. Secondary commit message:
-"The mainline replacement for ashmem is memfd, so remove the legacy
-code from drivers/staging/"
-Consequently, the ashmem part of this patch has been removed.
----
- drivers/android/Kconfig        | 2 +-
- drivers/android/Makefile       | 7 ++++---
- drivers/android/binder_alloc.c | 2 +-
- 3 files changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig
-index 07aa8ae0a058c..94a3a86f9bd4f 100644
---- a/drivers/android/Kconfig
-+++ b/drivers/android/Kconfig
-@@ -2,7 +2,7 @@
- menu "Android"
- 
- config ANDROID_BINDER_IPC
--	bool "Android Binder IPC Driver"
-+	tristate "Android Binder IPC Driver"
- 	depends on MMU
- 	default n
- 	help
-diff --git a/drivers/android/Makefile b/drivers/android/Makefile
-index c9d3d0c99c257..55411d9a9c2a1 100644
---- a/drivers/android/Makefile
-+++ b/drivers/android/Makefile
-@@ -1,6 +1,7 @@
- # SPDX-License-Identifier: GPL-2.0-only
- ccflags-y += -I$(src)			# needed for trace events
- 
--obj-$(CONFIG_ANDROID_BINDERFS)		+= binderfs.o
--obj-$(CONFIG_ANDROID_BINDER_IPC)	+= binder.o binder_alloc.o
--obj-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
-+obj-$(CONFIG_ANDROID_BINDER_IPC)	+= binder_linux.o
-+binder_linux-y := binder.o binder_alloc.o
-+binder_linux-$(CONFIG_ANDROID_BINDERFS)	+= binderfs.o
-+binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
-diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
-index e3db8297095a2..eef695eff0025 100644
---- a/drivers/android/binder_alloc.c
-+++ b/drivers/android/binder_alloc.c
-@@ -38,7 +38,7 @@ enum {
- };
- static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR;
- 
--module_param_named(debug_mask, binder_alloc_debug_mask,
-+module_param_named(alloc_debug_mask, binder_alloc_debug_mask,
- 		   uint, 0644);
- 
- #define binder_alloc_debug(mask, x...) \
--- 
-2.42.1
-

pkg/debian/kernel/ubuntu.config

@@ -40,14 +40,15 @@ CONFIG_SYSTEM_TRUSTED_KEYS=""
 CONFIG_SYSTEM_REVOCATION_KEYS=""
 
 ##
-## Additional options from upstream (not in PPA)
+## Modules required for running Android apps
+##
+## Ubuntu builds binder as a module by patching the Makefile. To keep it
+## simple, we just put it into vmlinux. One patch less to keep track of.
 ##
 
-CONFIG_ASHMEM=m
-CONFIG_ANDROID=y
-CONFIG_ANDROID_BINDER_IPC=m
-# CONFIG_ANDROID_BINDERFS is not set
-CONFIG_ANDROID_BINDER_DEVICES="binder"
+CONFIG_ANDROID_BINDER_IPC=y
+CONFIG_ANDROID_BINDERFS=y
+CONFIG_ANDROID_BINDER_DEVICES=""
 # CONFIG_ANDROID_BINDER_IPC_SELFTEST is not set
 
 ##