profile
viewpoint
Daniel Micay thestinger Toronto, Ontario, Canada https://twitter.com/DanielMicay Security researcher

thestinger/termite 2694

A keyboard-centric VTE-based terminal, aimed at use within a window manager with tiling and/or tabbing support.

thestinger/playpen 292

A secure application sandbox built with modern Linux sandboxing features - no longer actively developed, but still works fine, use bubblewrap if you need more functionality

thestinger/vte-ng 115

enhanced vte terminal widget

thestinger/allocator 46

experimental high performance, low fragmentation memory allocator

thestinger/paxd-archive 42

PaX exception daemon - Temporarily abandoned due to the PaX and grsecurity patches becoming private

thestinger/hardening-wrapper-deprecated 27

Wrapper scripts for building hardened executables by default (deprecated, replaced by standard Arch Linux toolchain changes)

thestinger/wiki 9

toy wiki implementation

GrapheneOS/device_google_bonito 6

Pixel 3a and Pixel 3a XL device sources.

thestinger/util 6

various utility functions and classes

GrapheneOS/branding_extra 5

Branding for everything outside the OS. This is not used as part of the OS.

push eventGrapheneOS/Auditor

Daniel Micay

commit sha 555b951159c3c42e6647a0d4fbe2661ddd61b725

add Pixel 4a support

view details

push time in 21 minutes

create barnchGrapheneOS/Auditor

branch : 4a

created branch time in 25 minutes

issue commentGrapheneOS/os_issue_tracker

Investigate why memory initialization hardening is broken for pixel 4a kernel and if zero init is fine and only pattern init is broken

Going to close this because we don't have confirmation this was ever an issue for zero-based initialization. Google decided to use non-zero-based, perhaps because their kernel team didn't want to use an option supposedly (but not really) marked for removal.

anupritaisno1

comment created time in 28 minutes

push eventGrapheneOS/kernel_google_sunfish

Dmitry Dmitriev

commit sha fc65efd80426c66f1c9755ca7ff8eaf2e13a388d

avoid Android build system conflicts Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha c2ceea82c18457cc188e277db5d46f18a19b3183

sunfish: disable module support Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha 215c258b54e8892e5017e59c3464a03a5f67051e

add qcacld submodules Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 8fc1d0acb307a6e188b5d23e5029b3bccddced50

add qcacld-3.0 driver to staging Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha d9bd41c021891c43006fd0b1b60e164d0a566b94

defconfig: sunfish: enable qcacld driver Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 1e8740f650c6e6653eed50d15cf551201d9dbcc4

remove techpack gitignore rules Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha 25112eba697a01dfbd264d08692f0f36ecb2fb2b

add techpack/audio submodule Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha 71481d5ff44219c8e423bff74dae0bafca6cfcdf

add fts_touch submodule Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Dmitry Dmitriev

commit sha 6ee5d641b48abb4a939e1022c61906b0b573711a

add fts_touch driver to input/touchscreen Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha 65429b6220cda8d1948589d3eb882d3679aa3688

defconfig: sunfish: enable FTS_TOUCH Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 3a85774e789ae88b6517bee3dbd4032273a0c07d

add build script Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 0735121f7be99a26a5a514118e7cf1b1f6080331

mark qcedev data const Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha b372d2f151d0adeac5fe878d7a0452547c60cdab

disable SLAB_MERGE_DEFAULT Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 3c6ee947b84d1afb46b85e437f4631d8dff36a35

add toggle for disabling newly added USB devices Based on the public grsecurity patches. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha 81b5365e9641623778b02a31e10e3fab19f918dd

replace SECURITY_SMACK with SECURITY_NETWORK Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha ee15111fe2aa50eb89cc990465fcc67482af567a

enable SLAB_FREELIST_RANDOM Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

anupritaisno1

commit sha d77a8cfba045565f55cf602a52580e76edde87e3

enable SLAB_FREELIST_HARDENED Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha a499553b62da188a4784b31ae5c0c5445627fef7

add a SLAB_HARDENED configuration option Signed-off-by: Daniel Micay <danielmicay@gmail.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha bba9691e3c71ed72debbfe5eb189283549a724c6

add missing cache_from_obj !PageSlab check Taken from PaX. Signed-off-by: Daniel Micay <danielmicay@gmail.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha a11b645c022edfc09d0a582ca1edd62b64da7a49

real slab_equal_or_root check for !MEMCG_KMEM Signed-off-by: Daniel Micay <danielmicay@gmail.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in an hour

push eventGrapheneOS/script

Daniel Micay

commit sha a78b3ffd5041edad686400388f83d90d04624a55

release.sh: add sunfish support

view details

push time in 2 hours

push eventGrapheneOS/grapheneos.org

Daniel Micay

commit sha 2e0d0deb02f1dda7dadd479411cecfcd066a14cf

hardened_malloc logcat support

view details

push time in 3 hours

push eventGrapheneOS/hardened_malloc

Daniel Micay

commit sha 8d0314295ebf2a84604aeb7eef3b759daef92f1a

support Android's logging system for fatal_error

view details

Daniel Micay

commit sha cbf5366c32d43211fa97671cbf00591b82df2051

temporary workarounds for bugs

view details

Daniel Micay

commit sha f2d7032082ce8b8dbb1bf1c18cc8236cf7f987b8

workaround for audio service sorting bug

view details

push time in 4 hours

push eventGrapheneOS/hardened_malloc

Daniel Micay

commit sha 8d0314295ebf2a84604aeb7eef3b759daef92f1a

support Android's logging system for fatal_error

view details

push time in 4 hours

push eventGrapheneOS/hardened_malloc

Daniel Micay

commit sha b5735c57cd92cee11f32098a71a3c14aa68ace3f

support Android's logging system for fatal_error

view details

Daniel Micay

commit sha fad461fc631dc11e9262ea0bab2fbc62150dd61c

temporary workarounds for bugs

view details

Daniel Micay

commit sha 8635c7b19116ec115b8d02bac6730616807c270f

workaround for audio service sorting bug

view details

push time in 4 hours

push eventGrapheneOS/hardened_malloc

Daniel Micay

commit sha b5735c57cd92cee11f32098a71a3c14aa68ace3f

support Android's logging system for fatal_error

view details

push time in 4 hours

push eventGrapheneOS/hardened_malloc

Daniel Micay

commit sha d100b85de0c529058484336f6daf91bfc74da8c6

support the system log on Android

view details

Daniel Micay

commit sha 39b4d12f1ddabdd3552a32f85d45f8b1eb07a4ce

temporary workarounds for bugs

view details

Daniel Micay

commit sha d46bdf3a242dd300d5ea906826e33bafca838c76

workaround for audio service sorting bug

view details

push time in 4 hours

push eventGrapheneOS/hardened_malloc

Daniel Micay

commit sha d100b85de0c529058484336f6daf91bfc74da8c6

support the system log on Android

view details

push time in 4 hours

push eventGrapheneOS/hardened_malloc

Daniel Micay

commit sha 63bf0486fbee30074b7a8188f54cc01c32a969a7

test async log

view details

push time in 4 hours

push eventGrapheneOS/hardened_malloc

Daniel Micay

commit sha c7370cd825187fb8528570598da08840a6a38ed5

test async log

view details

push time in 4 hours

push eventGrapheneOS/kernel_google_sunfish_techpack_audio

Yaroslav Furman

commit sha 5aedd6ce353266f9645f02839252bed4b544edb7

techpack/pinctrl-lpi: initialise at late_initcall Fixes booting with techpack built-in to the kernel. Without this it spits out a nasty NULL pointer dereference. Signed-off-by: Yaroslav Furman <yaro330@gmail.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 9 hours

push eventGrapheneOS/kernel_google_sunfish_techpack_audio

Yaroslav Furman

commit sha 4054173649005f2e7ea27628cf676fa0ddb7ba4c

techpack/pinctrl-lpi: initialise at late_initcall Fixes booting with techpack online and modules disabled. Without this it spits out a nasty NULL pointer dereference. Signed-off-by: Yaroslav Furman <yaro330@gmail.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 10 hours

PR merged GrapheneOS/kernel_google_sunfish_techpack_audio

techpack/pinctrl-lpi: initialise at late_initcall

Fixes booting with techpack online and modules disabled. Without this it spits out a nasty NULL pointer dereference.

Signed-off-by: Yaroslav Furman yaro330@gmail.com

+11 -1

0 comment

1 changed file

anupritaisno1

pr closed time in 10 hours

pull request commentGrapheneOS/platform_build

set device specific build ids

This is for the Pixel 4a (5G), not the Pixel 4a. The Pixel 4a (5G) would be more accurately called the Pixel 5a.

theaeonsolution

comment created time in 14 hours

push eventGrapheneOS/platform_system_sepolicy

Renlord

commit sha 59d63410aeee1f81b6c0ac59d6793ed1f2530b48

split base isolated app Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 9e18bc81f1d8df66033e95c09c2151f74add73ca

remove base system app execmod Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha c04db37bcc20b8a2eb8381aa8cf6b84f76cd0652

remove base system app execmem GrapheneOS doesn't use the ART JIT compiler. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha fc40440110ffffabfd11c9fdc23154f9ae243859

remove base app app_data_file execute_no_trans Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha e5e242e39ac109d79cb4ecf874cf290103800ae3

remove base system app app_data_file execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 279b176e764749088e743dc6f3628bc5dbfbfb89

remove base system app ashmem execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 5649820e3c5d72bd8e67c86a1e2ea613a0a83976

remove base system app tmpfs execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 3905884b9b59f802c73a0efb354ada4113bf9258

auditallow apk_data_file execute For libraries, apps should be migrating to the more modern approach of storing them in the apk uncompressed and mapping them directly from it. This is the most modern approach available for executables and is better than using app data, but ideally it wouldn't be done. For now, audit use of `execute_no_trans` anyway while this is given more thought. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha d10aa8d24f7be33b14c441e8ea50db9b889a917a

remove base system app apk_data_file execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha e5bde8e0a26b69d4df2dea54e564df953dee6a17

remove zygote execmem GrapheneOS doesn't use the ART JIT compiler. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 38df6fe25e00a113fbc5f3986a9359a5d84f50b8

remove zygote access to apk_data_file GrapheneOS doesn't use out-of-band updates for base system apps (with a few exceptions) or APEX, so the zygote should never require this access. GrapheneOS also uses exec-based app spawning so it doesn't benefit from preloading in the standard code path. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 9565882147579ef8955322c2873f9f4ca2046a7e

remove system_server_startup domain APEX isn't used for out-of-band updates by GrapheneOS, so this extra attack surface is not required. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 2 days

push eventGrapheneOS/platform_system_sepolicy

inthewaves

commit sha a0f61b1cf7a9bdac1fe1762fc5ac9d6ef24a8699

add isolated_base_app type to compatibility mapping Fixes the build

view details

push time in 2 days

PR merged GrapheneOS/platform_system_sepolicy

add isolated_base_app type to compatibility mapping

Fixes the build

FAILED: out/target/product/sargo/obj/FAKE/treble_sepolicy_tests_29.0_intermediates/treble_sepolicy_tests_29.0
/bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l          out/host/linux-x86/lib64/libsepolwrap.so  -f out/target/product/sargo/system/etc/selinux/p
lat_file_contexts  -f out/target/product/sargo/vendor/etc/selinux/vendor_file_contexts  -f out/target/product/sargo/product/etc/selinux/product_file_contexts           -
b out/target/product/sargo/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/sargo/obj/FAKE/treble_sepolicy_tests_29.0_intermedi
ates/29.0_mapping.combined.cil          -o out/target/product/sargo/obj/FAKE/treble_sepolicy_tests_29.0_intermediates/built_29.0_plat_sepolicy -p out/target/produ
ct/sargo/obj/ETC/sepolicy_intermediates/sepolicy                -u out/target/product/sargo/obj/ETC/built_plat_sepolicy_intermediates/base_plat_pub_policy.cil ) &
& (touch out/target/product/sargo/obj/FAKE/treble_sepolicy_tests_29.0_intermediates/treble_sepolicy_tests_29.0 )"
SELinux: The following public types were found added to the policy without an entry into the compatibility mapping file(s) found in private/compat/V.v/V.v[.ignore
].cil, where V.v is the latest API level.
isolated_base_app

See examples of how to fix this:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/781036
https://android-review.googlesource.com/c/platform/system/sepolicy/+/852612

03:30:06 ninja failed with: exit status 1
+1 -0

0 comment

1 changed file

inthewaves

pr closed time in 2 days

issue commentGrapheneOS/os_issue_tracker

Visual voicemail broken after update to A11

I also have to seriously question why you are using GrapheneOS in the first place if you're willing to use an OS without full security updates for serious security issues. If you expected that kind of comment to encourage a developer to work on this, you couldn't be more wrong. If anything, you've done the opposite.

solaslux

comment created time in 3 days

issue commentGrapheneOS/os_issue_tracker

No LTE on Sprint

Or use a carrier with standard LTE that does not require remote access backdoors (which LineageOS includes) to activate devices on their network properly. If you care about privacy and security, it's hard to understand why you would want to use Sprint.

Washnugget

comment created time in 3 days

issue commentGrapheneOS/os_issue_tracker

Visual voicemail broken after update to A11

Expressing that you want the issue fixed won't get it fixed any faster. It's a carrier issue and not something that I can work on without access to one of the carriers with the issue. It needs someone with the issue like you to work on it.

solaslux

comment created time in 3 days

issue commentGrapheneOS/os_issue_tracker

provide updated Pixel 4a APNs

This is implemented.

thestinger

comment created time in 4 days

issue commentGrapheneOS/os_issue_tracker

notification/ringtone/alarm sounds don't work without regular sound playing

Your reasoning about ringtones isn't correct.

privateseabass

comment created time in 4 days

issue commentGrapheneOS/os_issue_tracker

notification/ringtone/alarm sounds don't work without regular sound playing

Can you please test if one of the speakers is broken?

privateseabass

comment created time in 4 days

issue closedGrapheneOS/os_issue_tracker

No LTE on Sprint

I'm on Sprint and I'm am having an Issue with LTE on the Pixel 3. After flashing to the latest blueline-factory-2020.10.06.02.zip I no longer get a LTE signal. If I revert back to stock ROM, the LTE signal is there. I've tried flashing GrapheneOS over top of the following stock ROMS 10.0.0 (QQ3A.200805.001, Aug 2020), 11.0.0 (RP1A.200720.009, Sep 2020), 11.0.0 (RP1A.201005.004, Oct 2020) ROMS with no joy.

edit: I would also like to add I tried both stable and beta versions.

closed time in 4 days

Washnugget

issue commentGrapheneOS/os_issue_tracker

No LTE on Sprint

Sprint has been discontinued and no longer provides proper support for devices. You should switch to the regular T-Mobile network or another carrier with support for standard LTE.

Washnugget

comment created time in 4 days

push eventGrapheneOS/device_google_sunfish

anupritaisno1

commit sha 711427860636d9d06e692b9a626c52d4cc855561

add apns for sunfish Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 4 days

issue closedGrapheneOS/os_issue_tracker

Pixel 3a reboots sometimes when user profile is changed

Behaviour as discribed above, running latest beta release

closed time in 4 days

Lalu-sys

issue commentGrapheneOS/os_issue_tracker

Pixel 3a reboots sometimes when user profile is changed

You'll need to provide more information. This isn't happening for others so you need to narrow down what about your installed apps, OS configuration, etc. is causing the issue. It could be a hardware problem. Try to get logs showing what happened. Also, you need to distinguish between a reboot and an issue like the system UI restarting.

For now, I have to assume this is the same issue as https://github.com/GrapheneOS/os_issue_tracker/issues/357 unless there is more information to distinguish it from that.

Lalu-sys

comment created time in 4 days

issue closedGrapheneOS/os_issue_tracker

possibility to change user profiles during a call

It would make handling of different user profiles much more usable

closed time in 4 days

Lalu-sys

issue commentGrapheneOS/os_issue_tracker

possibility to change user profiles during a call

This isn't something we want to implement since it would require creating a major hole in the boundaries between profiles.

Lalu-sys

comment created time in 4 days

issue commentGrapheneOS/os_issue_tracker

provide kernel prebuilts to ease minimal building process

Not going to be doing this for the Pixel 2 and Pixel 2 XL.

thestinger

comment created time in 5 days

push eventGrapheneOS/platform_external_seedvault

Torsten Grote

commit sha 2d5f00adae43fbb9cdd7808997fa88744d4ec83f

Add Seedvault backup parser to README Closes #104

view details

Torsten Grote

commit sha 948cd597d8eab58e110d73c81ed561969417c4fb

Show proper transport labels for OS transport selection If an AOSP-based ROM allows the user to choose a backup transport, these labels will be shown.

view details

Torsten Grote

commit sha 4387353227dc0a3ab7ea6cb648f40dd6381001fa

Enable StrictMode for userdebug builds

view details

Torsten Grote

commit sha 1d2c74bf2cb68cf0d10af3f5393d4d91058d54e4

Ensure that metadata cache streams get closed

view details

Torsten Grote

commit sha 0612f79195bd8fac6c0ede404e28752220ef2cbf

Fix or permit certain disk reads on UI thread

view details

Torsten Grote

commit sha fbdfa40300e009a79e81658aa0aa7746fe303d8f

Load app status data off the UI thread Previously, the data was loaded on the UI thread which produced a visible freeze after clicking "App backup status".

view details

Torsten Grote

commit sha 9ae3c6e835bfe920ec20da984df8aff7b82f1284

Add some documentation to the transport methods

view details

Torsten Grote

commit sha 741e5ef1a0a4c5ab776930849564821090ba4af3

Fix storage chooser title if the translation is long

view details

Torsten Grote

commit sha 46e8a46c63903312eae3fbe1aa03f12499914147

Pull out code in ApkBackup and ApkRestore into own methods

view details

Torsten Grote

commit sha af2bf4f60a4bf152c217d8c27283f510ec051d5a

Support APK splits in metadata

view details

Torsten Grote

commit sha 3a31e09a04e8e28b43d6ad136206c66e21e92324

Back up split APKs as well and store them in the metadata This will enable us to check compatibility of the splits with the restore device and if compatible, re-install them.

view details

Torsten Grote

commit sha 9830d2db95317490456697403ffb95a01a1f88a1

Show different app state messages for backup and restore

view details

Torsten Grote

commit sha f45411d81b5003752a0130ff8c5d3a05e49a14c6

Refactor code related to APK installs as preparation for upcoming changes

view details

Torsten Grote

commit sha 747384fb59e3fb8ed5fe4d5e398be763d39eb08d

Refactor InstallResult to be more extensible

view details

Torsten Grote

commit sha d6cb34c2115e1125fb2cfe3ea058a216d5eab636

Allow the user to manually re-install apps before data restore starts When one or more apps fail to install, the user is shown a dialog explaining that we need the apps installed in order for restore to work. After the dialog is dismissed, the list of apps is resorted so failed apps are at the top. They are made clickable and the user is brought to an app store to re-install them.

view details

Torsten Grote

commit sha 1a81e2ddd680b645d4e22aa8879c37caeb771c45

If possible, open the app store an app was originally installed with When an app fails to install during restore, we offer the option to manually install it. If this doesn't happen with the same app store, it is likely that the installed app will have a different signature (e.g. Aurora vs. F-Droid). If the signature doesn't match, the data restore will fail. Therefore, we attempt to let the user only use the same store for re-install. There's a known issue that F-Droid doesn't report the proper package name: https://gitlab.com/fdroid/fdroidclient/-/issues/2085

view details

Torsten Grote

commit sha a9402f46442055105457f5b7b1281dee6c4b2215

Update app install state after user comes back from manually installing an app This way, the list of failed apps ideally keeps shrinking, allowing the user to see which apps are still left in a failed state.

view details

Torsten Grote

commit sha 0a8a286826d43a626001eef0b9e8af3b64cffeaf

Update state of opt-out apps, even if they never had any state

view details

Torsten Grote

commit sha 0971c5db19bf97ea780aec5b19445bc67f82bd04

Do not back up APKs of test-only apps, as we can not re-install them anyway The flag to allow installation gets filtered out after we set it: http://aosp.opersys.com/xref/android-11.0.0_r5/xref/frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java#544

view details

Torsten Grote

commit sha 643247b6005afb81dcb020b0a19fa0d3d8b09ddc

Change UI for re-installation of system apps We are re-installing system apps if they are present on the restore device as a system app and have a newer version code. Before, when one of those conditions is not true, we were showing a failure and gave the user the option to re-install the app from an app store. Now, we don't offer the manual re-install option anymore and only show a success when a newer or same version of the system app is already installed.

view details

push time in 5 days

delete branch GrapheneOS/platform_external_seedvault

delete branch : upgrade-to-1.0.0

delete time in 5 days

push eventGrapheneOS/AttestationServer

Daniel Micay

commit sha a1808b38a7e5cd2d3c9c5da6377e566479e6283e

update static site generation dependencies

view details

push time in 5 days

push eventGrapheneOS/grapheneos.org

Daniel Micay

commit sha 0f81c81d7c15d9c7c9801d6e340763603357d9e2

update static site generation dependencies

view details

push time in 5 days

push eventGrapheneOS/platform_manifest

Daniel Micay

commit sha 5df3a1c9029e62cec9f6ded75e3b88fd4d891d84

remove legacy packages/apps/Gallery

view details

Daniel Micay

commit sha d845df6a7ca1ed50c055ef092a4ff41f7b8e6917

remove unused platform/packages/apps/LegacyCamera

view details

Daniel Micay

commit sha 4dc7fd2bdbb44c51e7ebde5b42f87a6866808daa

use fork of device/generic/goldfish

view details

Daniel Micay

commit sha 5c43c6f19399c87f8ff3b6f875a5d47979614af3

use fork of device/google/wahoo

view details

Daniel Micay

commit sha 8d8ad01d7a8ac35f44b85f3f12f991e8562fae03

use fork of device/google/muskie

view details

Daniel Micay

commit sha 2c0900456591a8429c456a194ddd19e6da312a2b

use fork of device/google/taimen

view details

Daniel Micay

commit sha 570bd9a8c947f27dc420ea97500d8909bafcb1c7

use fork of device/google/crosshatch

view details

Daniel Micay

commit sha 71eef18563171e82b17f338a3a284631c779f8b1

use fork of device/google/crosshatch-sepolicy

view details

Daniel Micay

commit sha 36140a371cd8956d6847221ab1c1646feae742d0

use fork of device/google/bonito

view details

Daniel Micay

commit sha 7c9a85fdd1ed75efb13758d2a12f160424315d8d

use fork of device/google/bonito-sepolicy

view details

Daniel Micay

commit sha 2dd113b5c557624a2d88cc803320c5b38ee2e6e3

use fork of device/google/coral

view details

Daniel Micay

commit sha 1ff08b31655a2553a93f27a86a39e3043a3bd5c2

use fork of device/google/coral-sepolicy

view details

Daniel Micay

commit sha 5e7635dc2253855f15ea5216bf1bb4fd03fc5d36

use fork of device/google/sunfish

view details

Daniel Micay

commit sha c962b97ed551c4fa4e1cb1c0dbcc7baf07278a88

use fork of device/google/sunfish-sepolicy

view details

Daniel Micay

commit sha 9411a35d53ca16b645af756f46eaddbf573d71fc

use fork of device/linaro/hikey

view details

Daniel Micay

commit sha 7df9d8cbf2479290b2edd53345902d4fbdf62498

add kernel/google/wahoo

view details

Daniel Micay

commit sha 7d8bfcd63bdbed9ee2ab8a97b0f71f90d0c72494

add kernel/google/crosshatch

view details

Daniel Micay

commit sha 23ab21dc4c738ebfc1f5602606cd2c1580234a50

add kernel/google/coral

view details

Daniel Micay

commit sha ce41e97c415228c155b83623c4afa8070be2f4b5

add kernel/google/sunfish

view details

Daniel Micay

commit sha cb5cfa1637d5df3bd4541ebd6c360b08ce0da293

use fork of platform/build

view details

push time in 5 days

push eventGrapheneOS/platform_manifest

Daniel Micay

commit sha aa9aff78119c792dc15dee1808b0f98a942957f9

use fork of device/generic/goldfish

view details

Daniel Micay

commit sha 9d37ee9d61f0aedcc03f470a87771b8a4351436d

use fork of device/google/wahoo

view details

Daniel Micay

commit sha d88a22ad965e96f73c7e9f4ddc4a39035ad3bc38

use fork of device/google/muskie

view details

Daniel Micay

commit sha 6470c907b5e79ed8a554ea8480fb483c9126154d

use fork of device/google/taimen

view details

Daniel Micay

commit sha 34e7ed44d5352d30b4fb02686b67feef3f47360b

use fork of device/google/crosshatch

view details

Daniel Micay

commit sha 11edba0afa36a089aacf44ad9a742524ceb74db3

use fork of device/google/crosshatch-sepolicy

view details

Daniel Micay

commit sha 0cd0976c5251fa6d2cabceacb1f3d82d9c6990b4

use fork of device/google/bonito

view details

Daniel Micay

commit sha 1732a7faf481fdf3c192b7aa10b413226f5d8236

use fork of device/google/bonito-sepolicy

view details

Daniel Micay

commit sha 59f7ca194642a7ce11d0b4ad472c2771fa11ee67

use fork of device/google/coral

view details

Daniel Micay

commit sha fefbf7e80b8fe6bab160a3bb36d011f32bdfdf95

use fork of device/google/coral-sepolicy

view details

Daniel Micay

commit sha 4c060158540fe7d172577b015bb4ebde29415b85

add kernel/google/wahoo

view details

Daniel Micay

commit sha ce4284c776e2837a8b952ebdc2885af3e5d526bb

add kernel/google/crosshatch

view details

Daniel Micay

commit sha 9b4515ab371b01fa19c2595b0a70e2cb89670e58

add kernel/google/coral

view details

Daniel Micay

commit sha 22c2a4b56b24f987e31afef41ac1fed3ce73c9f1

use fork of platform/build

view details

Daniel Micay

commit sha b704f4d5fb09f571169d71b32497e8a68deecaf7

use fork of platform/frameworks/base

view details

Daniel Micay

commit sha 9f6590ca408f775c751fa9eb13e3215ab34bd19d

use fork of platform/bionic

view details

Daniel Micay

commit sha 4242def9d2aa6780846f425933855500f2364b39

add platform/external/vanadium

view details

Daniel Micay

commit sha 677281ce9b19393497fb4e09210abca2350abdf9

remove separate WebView repository

view details

Daniel Micay

commit sha 40566803af55f7d1ddc29bacd0c92a4890a4deee

use fork of platform/packages/apps/Launcher3

view details

Daniel Micay

commit sha 09f91e747ab0d0818318c2334a739980a0acc47f

add android-prepare-vendor

view details

push time in 5 days

push eventGrapheneOS/platform_manifest

Daniel Micay

commit sha 762dc6b555a7c833984c5bbab3c1104e874222a4

use fork of device/google/sunfish-sepolicy

view details

push time in 5 days

push eventGrapheneOS/platform_system_sepolicy

Daniel Micay

commit sha 998aa10097dec5abaf99883e02a6e2dbd346c5eb

auditallow app ashmem execute Moving back towards an exception system. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 52d5d2fa21908ee08f6dead58fac201448224e19

add base system seinfo for shared/release keys Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 3afbdf2da9ca01250f87774837d4f77a95a41756

split out untrusted base app domains Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 34eb83ee20a56488b9adf9ba3015c090fac22748

split base isolated app Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 68d88f23d119e65c419e0d69407d4c461e0f1dbc

remove base system app execmod Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 87cce271beec9a1d0e9398e886868275e0aa58a0

remove base system app execmem GrapheneOS doesn't use the ART JIT compiler. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha b161885b894ca24dbfba9947c0aa2d35428b7320

remove base app app_data_file execute_no_trans Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 51c4a4e35b8ced2c4e18ee0bdc587bedbd9c7bdb

remove base system app app_data_file execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha ca928e3f19daa64165948866054088cfc20bc3a7

remove base system app ashmem execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha f3c81ea3c280226c7802f3c94c33e0e6ac5bac76

remove base system app tmpfs execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha a150707ea81106ef0bf5958dffe08353c6ab50f7

auditallow apk_data_file execute For libraries, apps should be migrating to the more modern approach of storing them in the apk uncompressed and mapping them directly from it. This is the most modern approach available for executables and is better than using app data, but ideally it wouldn't be done. For now, audit use of `execute_no_trans` anyway while this is given more thought. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 9480f0a6220dffe3b80c6a3604080f97ef3aaabc

remove base system app apk_data_file execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha d0c9310ad780a16269b7d2b352ad75f719c32a4e

remove zygote execmem GrapheneOS doesn't use the ART JIT compiler. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 621b2daed48ad044864543b280f15c7e8289b195

remove zygote access to apk_data_file GrapheneOS doesn't use out-of-band updates for base system apps (with a few exceptions) or APEX, so the zygote should never require this access. GrapheneOS also uses exec-based app spawning so it doesn't benefit from preloading in the standard code path. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 6dfb56882a757215fff62a8e78292570f44d8567

remove system_server_startup domain APEX isn't used for out-of-band updates by GrapheneOS, so this extra attack surface is not required. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 5 days

push eventGrapheneOS/platform_system_sepolicy

Daniel Micay

commit sha afd15d3c98d04de973bbd952f33699b6299134de

remove healthd ashmem execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha f42714a537b379565c1a5e43a3ca40f1ba6a44b6

auditallow app execmem Moving back towards an exception system. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 91def01b3c390745a9aba8e88fa6cd1267bf8285

auditallow app { ashmem ashmem_libcutils_device } execute Moving back towards an exception system. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 95a3fe46bf1e7f099fc608917f3cf33b9fabc564

add base system seinfo for shared/release keys Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 710e0acd1abcbb2a3bbd67b955744bb11039d381

split out untrusted base app domains Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 92108a3c7fd1ae3303213379f1551041e078c582

split base isolated app Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 57690dc25ccf5cd4cd450f11264391e65e51ecb0

remove base system app execmod Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 6a844baccef98a34f7e73d1a56ae610b14706f51

remove base system app execmem GrapheneOS doesn't use the ART JIT compiler. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 4a1f041587acb081c62a19f807618ec1eeb3cb35

remove base app app_data_file execute_no_trans Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha f44a2d77946b4354fabe31a3329009993e89a81f

remove base system app app_data_file execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 497baaf841c1e5b14df40967ab6e3615424289f8

remove base system app ashmem execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 00c456e55414043c20d1e55bf9f342485a66d377

remove base system app tmpfs execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha d4f0f29b12bc83de37c3eb9cf2a1a804e1d5d587

auditallow apk_data_file execute For libraries, apps should be migrating to the more modern approach of storing them in the apk uncompressed and mapping them directly from it. This is the most modern approach available for executables and is better than using app data, but ideally it wouldn't be done. For now, audit use of `execute_no_trans` anyway while this is given more thought. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha f121c2fd84f9c3d1df75b8746129720f0cfb5353

remove base system app apk_data_file execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 417c5f75c5942edcf134228709fac64d8877d288

remove zygote execmem GrapheneOS doesn't use the ART JIT compiler. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha edead2999cb7b950db6938947415310b2da3fef6

remove zygote access to apk_data_file GrapheneOS doesn't use out-of-band updates for base system apps (with a few exceptions) or APEX, so the zygote should never require this access. GrapheneOS also uses exec-based app spawning so it doesn't benefit from preloading in the standard code path. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha c2b13ed17ec2494bdb36f097de85c2db2c39a653

remove system_server_startup domain APEX isn't used for out-of-band updates by GrapheneOS, so this extra attack surface is not required. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 5 days

issue commentGrapheneOS/os_issue_tracker

SSBD and KPTI are broken in the Android 11 kernel for Pixel 4 devices

Going to mark the Android 11 port as done even though this isn't completed since it's not directly related to migrating to Android 11. It's caused by changes they made to ShadowCallStack, CFI, etc. which were shipped in the next major release (Android 11) but are specific to these kernels rather than being an inherent part of Android 11.

anupritaisno1

comment created time in 5 days

issue commentGrapheneOS/os_issue_tracker

SSBD and KPTI are broken in the Android 11 kernel for Pixel 4 devices

Removing the Android 11 port label since this is a Pixel 4 specific issue caused by kernel changes not directly related to Android 11.

anupritaisno1

comment created time in 5 days

issue openedGrapheneOS/os_issue_tracker

provide updated Pixel 4a APNs

created time in 5 days

issue openedGrapheneOS/os_issue_tracker

Pixel 4a custom kernel

created time in 5 days

push eventGrapheneOS/grapheneos.org

Daniel Micay

commit sha 2c43033f5dc8da215d5f439036e6727c8ac6ae58

Pixel 4a support is experimental

view details

push time in 5 days

push eventGrapheneOS/grapheneos.org

Daniel Micay

commit sha 78708ae5dbd096c259b21129fbb37d5fcef723ef

initial Pixel 4a releases will be experimental

view details

push time in 5 days

push eventGrapheneOS/grapheneos.org

Daniel Micay

commit sha 761a7f019184b0104d501a3e88cd1a4dc25f8065

add Pixel 4a to next build tags list

view details

push time in 5 days

push eventGrapheneOS/device_google_sunfish

Daniel Micay

commit sha b490955bad127037f4da6f33bd34671c184c99fc

disable GSI keys

view details

push time in 5 days

push eventGrapheneOS/device_google_sunfish

Daniel Micay

commit sha cbc718b015c796f863b93765125c8ae8f5b97c8e

raise maximum users to 16

view details

push time in 5 days

push eventGrapheneOS/device_google_sunfish

Daniel Micay

commit sha 21418cb92a2612301232b56e62ec90cfb0544bad

SystemUIGoogle -> SystemUI

view details

push time in 5 days

push eventGrapheneOS/device_google_sunfish

Daniel Micay

commit sha ec5025770f6f14d7a139dcbdf446986fa7a32d00

disable system_other odex

view details

push time in 5 days

push eventGrapheneOS/device_google_sunfish-sepolicy

Daniel Micay

commit sha 0510011d062f96683ee923282a91ae882d5dcb95

update for isolated app split

view details

push time in 5 days

push eventGrapheneOS/grapheneos.org

Daniel Micay

commit sha cdb3284040bf356a3ac88ee3d41732c2d987092c

basic SELinux policy hardening added back

view details

push time in 5 days

push eventGrapheneOS/device_google_crosshatch-sepolicy

Daniel Micay

commit sha e67d01dac4917f8413118b6ba1d9ddc45e998c40

update for isolated_app split Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 5 days

push eventGrapheneOS/device_google_coral-sepolicy

anupritaisno1

commit sha bde429f13a9737b3e5ff074d4a27dc879c0c3e29

update for isolated app split Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 5 days

push eventGrapheneOS/device_google_bonito-sepolicy

Daniel Micay

commit sha 2304fe5f0496a28158ef543dcecb3eab6d5bf3e1

update for isolated_app split b246b6eb5aa78348798794edef258ab7816742fb removed the need for one of the policy updates Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 5 days

PR merged GrapheneOS/device_google_bonito-sepolicy

update for isolated_app split

b246b6eb5aa78348798794edef258ab7816742fb removed the need for one of the policy updates

Signed-off-by: anupritaisno1 www.anuprita804@gmail.com

+1 -1

0 comment

1 changed file

anupritaisno1

pr closed time in 5 days

PR closed GrapheneOS/platform_system_sepolicy

remove base system app execmem

https://github.com/GrapheneOS/platform_system_sepolicy/commit/8db1b750a6b09608b829cce5170f9ae5fc16bef9

Signed-off-by: Ashley (Trapacid) meowiee@archlinux.email

+68 -9

1 comment

33 changed files

Trapacid

pr closed time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

remove base system app execmem

Going to be using https://github.com/GrapheneOS/platform_system_sepolicy/pull/25.

Trapacid

comment created time in 5 days

PR closed GrapheneOS/platform_system_sepolicy

remove priv_app app_data_file execute

Based on eb3db5dbeae55845fb63fc50ba11d0515b0e0d0f in 10. See: https://github.com/GrapheneOS/os_issue_tracker/issues/273

+36 -29

1 comment

21 changed files

flawedworld

pr closed time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

remove priv_app app_data_file execute

Going to be using https://github.com/GrapheneOS/platform_system_sepolicy/pull/25.

flawedworld

comment created time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

drop support for preloads_copy

Going to be using https://github.com/GrapheneOS/platform_system_sepolicy/pull/25.

theaeonsolution

comment created time in 5 days

PR closed GrapheneOS/platform_system_sepolicy

remove base system app app_data_file execute

Based on 182ecb0fa5e67ecb5707bdc5e3e9f3bca4b2cb42 in 10. See: https://github.com/GrapheneOS/os_issue_tracker/issues/273

+92 -15

1 comment

29 changed files

flawedworld

pr closed time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

remove base system app app_data_file execute

Going to be using https://github.com/GrapheneOS/platform_system_sepolicy/pull/25.

flawedworld

comment created time in 5 days

PR closed GrapheneOS/platform_system_sepolicy

remove base system app ashmem execute

Based on 926a1a64343c1ff8823476c35965221c1db643b5 in 10. See: https://github.com/GrapheneOS/os_issue_tracker/issues/273

+46 -9

1 comment

25 changed files

flawedworld

pr closed time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

remove base system app ashmem execute

Going to be using https://github.com/GrapheneOS/platform_system_sepolicy/pull/25.

flawedworld

comment created time in 5 days

PR closed GrapheneOS/platform_system_sepolicy

remove base system app tmpfs execute

This pull requires #16 to be merged first. Based on 45002682b252717204796ac1d485c21b7db4ae4f in 10. See: https://github.com/GrapheneOS/os_issue_tracker/issues/273

+1084 -113

1 comment

70 changed files

flawedworld

pr closed time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

remove base system app tmpfs execute

Going to be using https://github.com/GrapheneOS/platform_system_sepolicy/pull/25.

flawedworld

comment created time in 5 days

PR closed GrapheneOS/platform_system_sepolicy

remove base system app apk_data_file execute

Based on 1b3fbfa2bb71fb902e812f164dbe50951f03edc1 in 10. See: https://github.com/GrapheneOS/os_issue_tracker/issues/273

+74 -5

1 comment

33 changed files

flawedworld

pr closed time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

remove base system app apk_data_file execute

Going to be using https://github.com/GrapheneOS/platform_system_sepolicy/pull/25.

flawedworld

comment created time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

remove zygote execmem

Going to be using https://github.com/GrapheneOS/platform_system_sepolicy/pull/25.

flawedworld

comment created time in 5 days

PR closed GrapheneOS/platform_system_sepolicy

remove zygote execmem

Based on 03b9b2d953a2ff26030a0de554b39bd223ce8c66 in 10. See: https://github.com/GrapheneOS/os_issue_tracker/issues/273

+36 -25

1 comment

25 changed files

flawedworld

pr closed time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

remove zygote execmem

https://github.com/GrapheneOS/platform_system_sepolicy/pull/25

flawedworld

comment created time in 5 days

PR closed GrapheneOS/platform_system_sepolicy

APEX breaking commits

See: https://github.com/GrapheneOS/os_issue_tracker/issues/273

+44 -75

3 comments

33 changed files

flawedworld

pr closed time in 5 days

pull request commentGrapheneOS/platform_system_sepolicy

APEX breaking commits

Going to be using https://github.com/GrapheneOS/platform_system_sepolicy/pull/25.

flawedworld

comment created time in 5 days

issue closedGrapheneOS/os_issue_tracker

port SELinux policy hardening from Android 10 to Android 11

This meta-issue does not cover hardening that was not present in Android 10 GrapheneOS. A lot of past features that were already lost before the release of Android 10 and the port to Android 11 is not concerned with those.

closed time in 5 days

thestinger

push eventGrapheneOS/platform_system_sepolicy

Daniel Micay

commit sha 9998aabbf448e70a731aedaaeadd62301a3ecf7b

drop support for preloads_copy Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha ae1243a7e450db63c595bf8a1262475fb7323d83

remove priv_app app_data_file execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 8a6ee10f33bd6c72863a8064cb3a59f6277c1b90

remove healthd ashmem execute *execmem was removed upstream Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha a69af2bf3bbece0a783684d962dc853e9bf3abae

auditallow app execmem Moving back towards an exception system. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 23b4105867f55a031dc2b7c8daff2c33b4890878

auditallow app { ashmem ashmem_libcutils_device } execute Moving back towards an exception system. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha dbfeaa02e9f25561d9b897c1fe314aaa1588f74d

add base system seinfo for shared/release keys Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 359884855fa68cb1a2962d00b061937f76e3b569

split out untrusted base app domains Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha fd7638e6bbebc5b58a6396a37134f47c2fc2032d

split base isolated app Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 65bc32ae15d318cc4aed98a3c948517315f0bcf1

remove base system app execmod Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 7bbff0390bf52301a8eaa7fc43809d2dfcdfe2c9

remove base system app execmem GrapheneOS doesn't use the ART JIT compiler. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha af05d2d27d113c5d9434b34d795f7f9d25e35051

remove base app app_data_file execute_no_trans Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha a1b506e54dfa402cf1f75e0fec6413d4ba02d77e

remove base system app app_data_file execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 8737fb79a2e43db965c5d5748e4a1fb40a808f13

remove base system app ashmem execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha 6245be09f95bacd39faffc9eb4bb1676b0df969d

remove base system app tmpfs execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 66168a21f78473161b3c3e4a2c644c1f8401ef22

auditallow apk_data_file execute For libraries, apps should be migrating to the more modern approach of storing them in the apk uncompressed and mapping them directly from it. This is the most modern approach available for executables and is better than using app data, but ideally it wouldn't be done. For now, audit use of `execute_no_trans` anyway while this is given more thought. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Renlord

commit sha b2b52c7bf7639d7a8e01987265231699b584bcc6

remove base system app apk_data_file execute Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha ce0fe6cea1a5230312c71eba50616228951fbe8c

remove zygote execmem GrapheneOS doesn't use the ART JIT compiler. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha 25123b076f1cf33e68e132c3dd3519e669ac1854

remove zygote access to apk_data_file GrapheneOS doesn't use out-of-band updates for base system apps (with a few exceptions) or APEX, so the zygote should never require this access. GrapheneOS also uses exec-based app spawning so it doesn't benefit from preloading in the standard code path. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

Daniel Micay

commit sha ba965c8d484013d2ac761eb3248336dda328e081

remove system_server_startup domain APEX isn't used for out-of-band updates by GrapheneOS, so this extra attack surface is not required. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 5 days

push eventGrapheneOS/platform_external_vanadium

Daniel Micay

commit sha d73197a71ede7e89e0e7f2c061531872ee7c87f4

x86_64: update to 86.0.4240.99

view details

push time in 5 days

push eventGrapheneOS/platform_system_sepolicy

Daniel Micay

commit sha ee4afd9342f5964bf483cc9a2f656d73898761a3

deny_new_usb sysctl and system property policy

view details

inthewaves

commit sha 9b28a095b48e8e15fe4f96000d65917dc2da565c

allow system to use persist.keyguard.camera

view details

Daniel Micay

commit sha 4d9425c73aa37b91fae12ad5f4221e52087ed59d

label protected_{fifos,regular} as proc_security This is needed for init to override the default values. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>

view details

push time in 5 days

push eventGrapheneOS/platform_external_vanadium

Daniel Micay

commit sha 7d5d13eb1e82192a62b5107baf86c46852811fc1

arm64: update to 86.0.4240.99

view details

push time in 5 days

push eventGrapheneOS/grapheneos.org

Daniel Micay

commit sha 371641d0b7c1bcb16fefd3ca7680c840dfa77558

next Chromium update

view details

push time in 5 days

push eventGrapheneOS/Vanadium

Daniel Micay

commit sha 2f6ec874c2e839a7a5b1e921ff4dcd90c7875578

update to 86.0.4240.99

view details

push time in 5 days

push eventGrapheneOS/platform_external_seedvault

Torsten Grote

commit sha 42ab8ffba5b6953539f7096f55b3da8fb82cce5c

Cache folder contents in K/V backup/restore This speeds up things significantly and was needed due to poor performance of call log backup.

view details

Torsten Grote

commit sha 9f49a39514a9c601786a84aeb12a55d191730c87

Don't use Kotlin reflection if not really necessary

view details

Torsten Grote

commit sha b594d30e2cdef8cfe0b63b7bebf8b8cca7070653

Fix auto-service warning in instrumentation tests

view details

Torsten Grote

commit sha 9f2b56e4cead64b38eec2d510a6cf7da56e4e936

Fix bug where we could not do two subsequent restores This probably never showed in practice, but it can be triggered easily when testing with `adb shell bmgr restore`.

view details

Torsten Grote

commit sha 3e176c8e1c64c5a0a360f6f8821340a1f165f74a

Fix opt-out apps showing up as not yet backed up This bug also caused APKs of opt-out apps not getting backed up.

view details

Torsten Grote

commit sha 77550a9860bcfd2f5495a8af5ae0de3965e43c87

Treat stopped apps different from opt-out apps Apps that have FLAG_STOPPED will not get backed up, just like apps without flag ALLOW_BACKUP will not get backed up. In the UI both cases are shown the same way: app does not allow backup This can be confusing for the user as it is not true for stopped apps. Therefore, this commit introduces a new stopped state for apps, so we can differentiate between both cases.

view details

Torsten Grote

commit sha 7f4761816e046879feb0ae72c25362cf3d8ef651

Show a different text for stopped apps in app backups status page

view details

Torsten Grote

commit sha 8185b6af6e5d6b3fabaa2cae1f8c05af43241c4f

Bring the user to app system settings when long tapping apps

view details

Torsten Grote

commit sha d7ca8151fd4c221d0b5b674ba0c550766c3b678f

User-initiated backups should also be incremental

view details

Torsten Grote

commit sha c5aca6dd51fca59be400b03e0176a28d209cc5ee

Fix status reporting of failed system app restore

view details

Torsten Grote

commit sha e3406613a63b7fe5b3e8150a7ff75fe7b418dbdd

Always show Nextcloud as an option, offer to install or set up account Outside of SetupWizard restore, we don't offer to set up an account, because we don't know if one already exists and the app was locked with a passcode.

view details

Hosted Weblate

commit sha f636831f9ea1b022e7cdd70dfca6c563e5d0510f

Update translation files Updated by "Cleanup translation files" hook in Weblate. Translated using Weblate (Portuguese (Brazil)) Currently translated at 100.0% (108 of 108 strings) Translated using Weblate (Portuguese (Brazil)) Currently translated at 79.6% (86 of 108 strings) Translated using Weblate (Spanish) Currently translated at 99.0% (107 of 108 strings) Translated using Weblate (Portuguese (Brazil)) Currently translated at 72.2% (78 of 108 strings) Translated using Weblate (Russian) Currently translated at 100.0% (108 of 108 strings) Translated using Weblate (Chinese (Simplified)) Currently translated at 14.8% (16 of 108 strings) Translated using Weblate (Norwegian Bokmål) Currently translated at 94.4% (102 of 108 strings) Translated using Weblate (Russian) Currently translated at 7.4% (8 of 108 strings) Translated using Weblate (Russian) Currently translated at 6.4% (7 of 108 strings) Translated using Weblate (Chinese (Simplified)) Currently translated at 3.7% (4 of 108 strings) Translated using Weblate (German) Currently translated at 70.3% (76 of 108 strings) Translated using Weblate (Icelandic) Currently translated at 100.0% (108 of 108 strings) Translated using Weblate (Spanish (American)) Currently translated at 97.2% (105 of 108 strings) Translated using Weblate (Spanish) Currently translated at 34.2% (37 of 108 strings) Translated using Weblate (Italian) Currently translated at 60.1% (65 of 108 strings) Translated using Weblate (Italian) Currently translated at 38.8% (42 of 108 strings) Translated using Weblate (Norwegian Bokmål) Currently translated at 94.4% (102 of 108 strings) Translated using Weblate (German) Currently translated at 10.1% (11 of 108 strings) Translated using Weblate (French) Currently translated at 100.0% (108 of 108 strings) Translated using Weblate (French) Currently translated at 65.7% (71 of 108 strings) Added translation using Weblate (Dutch) Added translation using Weblate (Zulu) Added translation using Weblate (Chinese (Traditional, Hong Kong)) Added translation using Weblate (Chinese (Traditional)) Added translation using Weblate (Chinese (Simplified)) Added translation using Weblate (Vietnamese) Added translation using Weblate (Uzbek) Added translation using Weblate (Urdu) Added translation using Weblate (Ukrainian) Added translation using Weblate (Turkish) Added translation using Weblate (Tagalog) Added translation using Weblate (Thai) Added translation using Weblate (Telugu) Added translation using Weblate (Tamil) Added translation using Weblate (Swahili) Added translation using Weblate (Swedish) Added translation using Weblate (Serbian (latin)) Added translation using Weblate (Serbian) Added translation using Weblate (Albanian) Added translation using Weblate (Slovenian) Added translation using Weblate (Slovak) Added translation using Weblate (Sinhala) Added translation using Weblate (Romanian) Added translation using Weblate (Portuguese (Portugal)) Added translation using Weblate (Portuguese (Brazil)) Added translation using Weblate (Portuguese) Added translation using Weblate (Polish) Added translation using Weblate (Punjabi) Added translation using Weblate (Odia) Added translation using Weblate (Nepali) Added translation using Weblate (Burmese) Added translation using Weblate (Malay) Added translation using Weblate (Marathi) Added translation using Weblate (Mongolian) Added translation using Weblate (Malayalam) Added translation using Weblate (Macedonian) Added translation using Weblate (Latvian) Added translation using Weblate (Lithuanian) Added translation using Weblate (Lao) Added translation using Weblate (Kyrgyz) Added translation using Weblate (Korean) Added translation using Weblate (Kannada) Added translation using Weblate (Central Khmer) Added translation using Weblate (Kazakh) Added translation using Weblate (Georgian) Added translation using Weblate (Japanese) Added translation using Weblate (Icelandic) Added translation using Weblate (Indonesian) Added translation using Weblate (Armenian) Added translation using Weblate (Hungarian) Added translation using Weblate (Croatian) Added translation using Weblate (Galician) Added translation using Weblate (French (Canada)) Added translation using Weblate (Finnish) Added translation using Weblate (Persian) Added translation using Weblate (Basque) Added translation using Weblate (Estonian) Added translation using Weblate (English (India)) Added translation using Weblate (English (United Kingdom)) Added translation using Weblate (English (Canada)) Added translation using Weblate (English (Australia)) Added translation using Weblate (Danish) Added translation using Weblate (Czech) Added translation using Weblate (Catalan) Added translation using Weblate (Bosnian) Added translation using Weblate (Bengali) Added translation using Weblate (Bulgarian) Added translation using Weblate (Belarusian) Added translation using Weblate (Azerbaijani) Added translation using Weblate (Assamese) Added translation using Weblate (Amharic) Added translation using Weblate (Afrikaans) Added translation using Weblate (Spanish (American)) Added translation using Weblate (Spanish) Added translation using Weblate (Arabic) Added translation using Weblate (Italian) Added translation using Weblate (Hebrew) Added translation using Weblate (Norwegian Bokmål) Added translation using Weblate (Hindi) Added translation using Weblate (Russian) Added translation using Weblate (German) Added translation using Weblate (Gujarati) Added translation using Weblate (French) Translated using Weblate (Greek) Currently translated at 29.6% (32 of 108 strings) Added translation using Weblate (Greek) Co-authored-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com> Co-authored-by: Allan Nordhøy <epost@anotheragency.no> Co-authored-by: Catherine Pierattini <catherine.pierattini@gmail.com> Co-authored-by: CatieC <catie@calyxinstitute.org> Co-authored-by: Chirayu Desai <chirayudesai1@gmail.com> Co-authored-by: Daniel <dan.ef1999@gmail.com> Co-authored-by: H <joaquinfc@protonmail.com> Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: J. Lavoie <j.lavoie@net-c.ca> Co-authored-by: Meili Huang <meilihuang1216@gmail.com> Co-authored-by: Michael Bestas <mkbestas@gmail.com> Co-authored-by: Mordur Aslaugarson <mordur@1984.is> Co-authored-by: Nikita Epifanov <nikgreens@protonmail.com> Co-authored-by: Robin Kunze <robinkunze@outlook.com> Co-authored-by: Samuel Carvalho de Araújo <samuelnegro12345@gmail.com> Co-authored-by: Santiago Cruz <scruz4@tuta.io> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/de/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/el/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/es/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/es_US/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/fr/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/is/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/it/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/nb_NO/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/pt_BR/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/ru/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/zh_Hans/ Translation: CalyxOS/Seedvault

view details

Samuel Carvalho de Araújo

commit sha fc35acadb96c65b66a27f51516ff7eb329fca745

Translated using Weblate (Portuguese (Brazil)) Currently translated at 100.0% (110 of 110 strings) Co-authored-by: Samuel Carvalho de Araújo <samuelnegro12345@gmail.com> Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/pt_BR/ Translation: CalyxOS/Seedvault

view details

Nikita Epifanov

commit sha a0c70293aa46c60bb2379c03400337b3447c69ec

Translated using Weblate (Russian) Currently translated at 100.0% (110 of 110 strings) Co-authored-by: Nikita Epifanov <nikgreens@protonmail.com> Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/ru/ Translation: CalyxOS/Seedvault

view details

H

commit sha 1aef02e1edce9d6227ab4d3d19a339b3506859f4

Translated using Weblate (Spanish) Currently translated at 99.0% (109 of 110 strings) Co-authored-by: H <joaquinfc@protonmail.com> Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/es/ Translation: CalyxOS/Seedvault

view details

Michael Bestas

commit sha 4dbb73aaaf89c4deffe8279494a51f3d7ba32bd7

Translated using Weblate (Greek) Currently translated at 100.0% (110 of 110 strings) Co-authored-by: Michael Bestas <mkbestas@gmail.com> Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/el/ Translation: CalyxOS/Seedvault

view details

Milo Ivir

commit sha 688753d55fb2f707be4bd3478c763869ae874714

Translated using Weblate (Croatian) Currently translated at 100.0% (110 of 110 strings) Co-authored-by: Milo Ivir <mail@milotype.de> Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/hr/ Translation: CalyxOS/Seedvault

view details

ssantos

commit sha d1e4cdb137d01f5c8a4b9a6a9e4cdab046ffd1e3

Translated using Weblate (Portuguese) Currently translated at 100.0% (110 of 110 strings) Co-authored-by: ssantos <ssantos@web.de> Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/pt/ Translation: CalyxOS/Seedvault

view details

Chirayu Desai

commit sha ddc13516d39dff3f70f9ba6f2040344e713cf8d5

Translated using Weblate (French) Currently translated at 80.3% (90 of 112 strings) Translated using Weblate (Icelandic) Currently translated at 81.8% (90 of 110 strings) Translated using Weblate (Spanish (American)) Currently translated at 80.9% (89 of 110 strings) Translated using Weblate (Norwegian Bokmål) Currently translated at 78.1% (86 of 110 strings) Translated using Weblate (French) Currently translated at 81.8% (90 of 110 strings) Co-authored-by: Chirayu Desai <chirayudesai1@gmail.com> Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/es_US/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/fr/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/is/ Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/nb_NO/ Translation: CalyxOS/Seedvault

view details

Hosted Weblate

commit sha 7af61ac92dce77bce6a2db2a84532bba6a6c0d06

Update translation files Updated by "Cleanup translation files" hook in Weblate. Co-authored-by: Hosted Weblate <hosted@weblate.org> Translate-URL: https://hosted.weblate.org/projects/calyxos/seedvault/ Translation: CalyxOS/Seedvault

view details

push time in 5 days

issue closedGrapheneOS/os_issue_tracker

Many unexpected system restart after android 11 update (Pixel 3A)

Summary:

After installing the 2020.10.06.02 update, the system reboots unexpectedly without an error message.

Repetition:

Varies between a few minutes and several hours.

When:

In any type of situation: screen locked, during use ...

Other:

Recent notification: "storage system full" 64 GB / 64 GB 20 GB of user data 46 GB used by android 11 system ...

Thanks!

closed time in 6 days

Ju-Brn

issue commentGrapheneOS/os_issue_tracker

Many unexpected system restart after android 11 update (Pixel 3A)

I doubt it has anything to do with Updater. Not going to be able to figure out what was happening now, and these are upstream bugs anyway, nothing to do with our changes.

Ju-Brn

comment created time in 6 days

more