This is a brief guide on how I patched the CVE-2015-1474 for my Nexus 5 - 5.0.1. This involes downloading and building AOSP with the patch for the vuln applied. I have attached a pre-built patched version of libui.so for the Nexus5 5.0.1 in the case you are too lazy to build it yourself (and you trust me).
repo init -u https://android.googlesource.com/platform/manifest -b android-5.0.1_r1
repo sync -j16
cd frameworks/native
# https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091%5E%21/#F0
git cherry-pick 2bc5e811a817a8c667bca4318ae98582b0ee6dc6
cd ../../
. build/envsetup
lunch #Select the device you are building for .. in my case : 22. aosp_hammerhead-userdebug
make -j8
adb shell su -c "mount -o rw,remount /dev/block/platform/msm_sdcc.1/by-name/system"
adb push out/target/product/hammerhead/system/lib/libui.so /data/local/tmp/
adb shell su -c "mv /system/lib/libui.so /system/lib/libui.so.bak"
adb shell su -c "cp /data/local/tmp/libui.so /system/lib/libui.so"
adb shell su -c "rm /data/local/tmp/libui.so"
adb shell su -c "chown 0.0 /system/lib/libui.so"
adb shell su -c "chmod 644 /system/lib/libui.so"
adb reboot
note: I did not manually test these instructions:
#Put the device into fastboot mode either `adb reboot bootloader` or by holding vol down + pwr
# Boot CWM recovery:
fastboot boot <CWMRecovery
#Example: fastboot boot recovery-clockwork-touch-6.0.4.5-hammerhead.img
mount /system
adb shell mv /system/lib/libui.so /system/lib/libui.so.bak
adb push out/target/product/hammerhead/system/lib/libui.so /system/lib/libui.so
adb shell chown 0.0 /system/lib/libui.so
adb shell chmod 644 /system/lib/libui.so
#Reboot device
Check out Trustable as it should now show the GraphicsBuffer overflow as patched:
