grapheneos.org
Open in
urlscan Pro
2001:41d0:304:200::a087
Public Scan
Submitted URL: http://releases.grapheneos.org/
Effective URL: https://grapheneos.org/releases
Submission: On December 02 via manual from US — Scanned from FR
Effective URL: https://grapheneos.org/releases
Submission: On December 02 via manual from US — Scanned from FR
Form analysis 0 forms found in the DOM
Text Content
* GrapheneOS
* Features
* Install
* Build
* Usage
* FAQ
* Releases
* Source
* History
* Articles
* Donate
* Contact
RELEASES
TABLE OF CONTENTS
* About the releases
* Release announcements
* Stable channel
* Pixel 6 Pro (experimental)
* Pixel 6 (experimental)
* Pixel 5a
* Pixel 5
* Pixel 4a (5G)
* Pixel 4a
* Pixel 4 XL
* Pixel 4
* Pixel 3a XL
* Pixel 3a
* Pixel 3 XL (legacy)
* Pixel 3 (legacy)
* Beta channel
* Pixel 6 Pro (experimental)
* Pixel 6 (experimental)
* Pixel 5a
* Pixel 5
* Pixel 4a (5G)
* Pixel 4a
* Pixel 4 XL
* Pixel 4
* Pixel 3a XL
* Pixel 3a
* Pixel 3 XL (legacy)
* Pixel 3 (legacy)
* Changelog
* 2021112404
* 2021112123
* 2021112021
* 2021111414
* 2021110617
* 2021110507
* 2021110122
* 2021102613
* 2021102503
* 2021102300
* 2021102203
* 2021102020
* 2021100606
* 2021100502
* 2021100103
* 2021092612
* 2021092220
* 2021091407
* 2021090819
* 2021090401
* 2021082501
* 2021081822
* 2021081411
* 2021.08.09.02
* 2021.08.03.03
* 2021.07.26.20
* 2021.07.19.18
* 2021.07.16.19
* 2021.07.07.19
* 2021.06.20.20
* 2021.06.09.13
* 2021.06.08.06
* 2021.05.29.09
* 2021.05.19.06
* 2021.05.16.04
* 2021.05.04.01
* 2021.04.22.20
* 2021.04.16.04
* 2021.04.05.20
* 2021.03.30.02
* 2021.03.19.14
* 2021.03.06.00
* 2021.03.02.10
* 2021.02.26.16
* 2021.02.23.15
* 2021.02.19.15
* 2021.02.07.17
* 2021.02.06.05
* 2021.02.02.09
* 2021.01.23.03
* 2021.01.05.03
* 2020.12.12.03
* 2020.12.08.08
* 2020.11.27.15
* 2020.11.25.22 preview
* 2020.11.05.18
* 2020.11.03.03
* 2020.10.23.04
* 2020.10.06.02
* 2020.10.01.23
* 2020.09.29.20
* 2020.09.25.00
* 2020.09.18.13 preview
* 2020.09.11.14
* 2020.09.10.05 preview
* 2020.08.07.01
* 2020.08.03.22
* 2020.07.06.20
* 2020.06.22.21
* 2020.06.02.02
* 2020.05.29.00
* 2020.05.23.12
* 2020.05.05.02
* 2020.04.14.23
* 2020.04.13.21
* 2020.04.07.10
* 2020.03.23.22
* 2020.03.04.16
* 2020.03.03.03
* 2020.02.07.19
* 2020.02.04.01
* 2020.01.06.21
* 2019.12.02.23
* 2019.11.05.23
* 2019.11.04.23
* 2019.10.07.21
* 2019.09.25.00
* 2019.09.23.19
* 2019.09.21.18 preview
* 2019.09.18.14 preview
* 2019.08.25.15
* 2019.08.05.19
* 2019.07.16.22
* 2019.07.01.21
* 2019.06.23.05
* 2019.06.14.02
* 2019.06.03.18
* 2019.05.18.20
* 2019.05.08.15
* 2019.05.07.00
* 2019.04.01.19
* 2019.03.05.03
ABOUT THE RELEASES
These releases are available as both tags in the source code repositories and
official builds.
The factory images are used for the initial installation and can be verified
with signify. See the installation page for details.
GrapheneOS uses automatic over-the-air updates, but full update packages are
listed below for uncommon use cases like never connecting the device to the
internet. A full update package can upgrade from any past version to the new
version. The over-the-air updates use delta update packages when available.
Those aren't currently linked below but may be in the future once they're being
used more consistently. Update packages are not for performing the initial
installation and you should ignore incorrect guides trying to use them to
install the OS.
The update packages have an internal signature verified by the update client (or
recovery when sideloading). Downgrade attacks are also prevented, and downgrades
cannot be done unless a special downgrade update package has been signed with
the release key. The internal payload for update_engine is also signed,
providing another layer of signature verification and downgrade protection.
Verified boot and the hardware-backed keystore also act as a final layer of
protection.
Releases are tested by the developers and are then pushed out via the Beta
channel. The release is then pushed out via the Stable channel after being
tested by some users using the Beta channel. In some cases, problems are caught
during Beta channel testing and a new release is made via the Beta channel to
replace the aborted one. In general, it's not possible to downgrade unless a
downgrade update package is generated, so use the Stable channel if you cannot
tolerate dealing with temporary issues while a new release for the Beta channel
is being created.
RELEASE ANNOUNCEMENTS
Releases are announced on this page including via an atom feed, via our
@GrapheneOS Twitter account, on the official subreddit and in the official
GrapheneOS chat room A release announcement indicates that the source code tags
are available and that the official builds will soon be pushed out via the Beta
channel.
STABLE CHANNEL
JavaScript is required to fetch the current list of releases from the update
server. The list you're seeing below is a pre-generated template and may not be
updated for the latest set of releases yet.
PIXEL 6 PRO (EXPERIMENTAL)
Version: SD1A.210817.037.2021120117
* raven-factory-2021120117.zip
* raven-factory-2021120117.zip.sig
* raven-ota_update-2021120117.zip
PIXEL 6 (EXPERIMENTAL)
Version: SD1A.210817.037.2021120117
* oriole-factory-2021120117.zip
* oriole-factory-2021120117.zip.sig
* oriole-ota_update-2021120117.zip
PIXEL 5A
Version: SP1A.211105.003.2021112404
* barbet-factory-2021112404.zip
* barbet-factory-2021112404.zip.sig
* barbet-ota_update-2021112404.zip
PIXEL 5
Version: SP1A.211105.004.2021112404
* redfin-factory-2021112404.zip
* redfin-factory-2021112404.zip.sig
* redfin-ota_update-2021112404.zip
PIXEL 4A (5G)
Version: SP1A.211105.004.2021112404
* bramble-factory-2021112404.zip
* bramble-factory-2021112404.zip.sig
* bramble-ota_update-2021112404.zip
PIXEL 4A
Version: SP1A.211105.004.2021112404
* sunfish-factory-2021112404.zip
* sunfish-factory-2021112404.zip.sig
* sunfish-ota_update-2021112404.zip
PIXEL 4 XL
Version: SP1A.211105.004.2021112404
* coral-factory-2021112404.zip
* coral-factory-2021112404.zip.sig
* coral-ota_update-2021112404.zip
PIXEL 4
Version: SP1A.211105.004.2021112404
* flame-factory-2021112404.zip
* flame-factory-2021112404.zip.sig
* flame-ota_update-2021112404.zip
PIXEL 3A XL
Version: SP1A.211105.002.2021112404
* bonito-factory-2021112404.zip
* bonito-factory-2021112404.zip.sig
* bonito-ota_update-2021112404.zip
PIXEL 3A
Version: SP1A.211105.002.2021112404
* sargo-factory-2021112404.zip
* sargo-factory-2021112404.zip.sig
* sargo-ota_update-2021112404.zip
PIXEL 3 XL (LEGACY)
Version: SP1A.210812.015.2021112404
* crosshatch-factory-2021112404.zip
* crosshatch-factory-2021112404.zip.sig
* crosshatch-ota_update-2021112404.zip
PIXEL 3 (LEGACY)
Version: SP1A.210812.015.2021112404
* blueline-factory-2021112404.zip
* blueline-factory-2021112404.zip.sig
* blueline-ota_update-2021112404.zip
BETA CHANNEL
JavaScript is required to fetch the current list of releases from the update
server. The list you're seeing below is a pre-generated template and may not be
updated for the latest set of releases yet.
PIXEL 6 PRO (EXPERIMENTAL)
Version: SD1A.210817.037.2021120117
* raven-factory-2021120117.zip
* raven-factory-2021120117.zip.sig
* raven-ota_update-2021120117.zip
PIXEL 6 (EXPERIMENTAL)
Version: SD1A.210817.037.2021120117
* oriole-factory-2021120117.zip
* oriole-factory-2021120117.zip.sig
* oriole-ota_update-2021120117.zip
PIXEL 5A
Version: SP1A.211105.003.2021112404
* barbet-factory-2021112404.zip
* barbet-factory-2021112404.zip.sig
* barbet-ota_update-2021112404.zip
PIXEL 5
Version: SP1A.211105.004.2021112404
* redfin-factory-2021112404.zip
* redfin-factory-2021112404.zip.sig
* redfin-ota_update-2021112404.zip
PIXEL 4A (5G)
Version: SP1A.211105.004.2021112404
* bramble-factory-2021112404.zip
* bramble-factory-2021112404.zip.sig
* bramble-ota_update-2021112404.zip
PIXEL 4A
Version: SP1A.211105.004.2021112404
* sunfish-factory-2021112404.zip
* sunfish-factory-2021112404.zip.sig
* sunfish-ota_update-2021112404.zip
PIXEL 4 XL
Version: SP1A.211105.004.2021112404
* coral-factory-2021112404.zip
* coral-factory-2021112404.zip.sig
* coral-ota_update-2021112404.zip
PIXEL 4
Version: SP1A.211105.004.2021112404
* flame-factory-2021112404.zip
* flame-factory-2021112404.zip.sig
* flame-ota_update-2021112404.zip
PIXEL 3A XL
Version: SP1A.211105.002.2021112404
* bonito-factory-2021112404.zip
* bonito-factory-2021112404.zip.sig
* bonito-ota_update-2021112404.zip
PIXEL 3A
Version: SP1A.211105.002.2021112404
* sargo-factory-2021112404.zip
* sargo-factory-2021112404.zip.sig
* sargo-ota_update-2021112404.zip
PIXEL 3 XL (LEGACY)
Version: SP1A.210812.015.2021112404
* crosshatch-factory-2021112404.zip
* crosshatch-factory-2021112404.zip.sig
* crosshatch-ota_update-2021112404.zip
PIXEL 3 (LEGACY)
Version: SP1A.210812.015.2021112404
* blueline-factory-2021112404.zip
* blueline-factory-2021112404.zip.sig
* blueline-ota_update-2021112404.zip
CHANGELOG
List of tagged releases. Snapshot releases without tags such as early releases
of the project and early device support releases are not listed.
The changelog is also available as an atom feed usable in any standard feed
reader.
The legacy changelog page has the release notes from before the rebranding of
the project in 2018 and 2019.
2021112404
Tags:
* SP1A.210812.015.2021112404 (Pixel 3, Pixel 3 XL) — extended support release
for legacy devices with frozen 2021-11-01 patch level
* SP1A.211105.002.2021112404 (Pixel 3a, Pixel 3a XL)
* SP1A.211105.003.2021112404 (Pixel 5a)
* SP1A.211105.004.2021112404 (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G),
Pixel 5, emulator, generic, other targets)
* SD1A.210817.037.2021112404 (Pixel 6, Pixel 6 Pro) — incomplete support for
6th generation Pixels (no official builds)
Changes since the 2021112123 release:
* Sandboxed Play services compatibility layer: add another UserManager shim to
fix issue with FCM in secondary user profiles
* Sandboxed Play services compatibility layer: mark the compatibility layer's
Play Store confirmation notification as ongoing to avoid users dismissing the
notification and then being unable to accept or reject the
install/update/uninstall action
* Camera: update to version 6
2021112123
Tags:
* SP1A.210812.015.2021112123 (Pixel 3, Pixel 3 XL) — extended support release
for legacy devices with frozen 2021-11-01 patch level
* SP1A.211105.002.2021112123 (Pixel 3a, Pixel 3a XL)
* SP1A.211105.003.2021112123 (Pixel 5a)
* SP1A.211105.004.2021112123 (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G),
Pixel 5, emulator, generic, other targets)
* SD1A.210817.037.2021112123 (Pixel 6, Pixel 6 Pro) — incomplete support for
6th generation Pixels (no official builds)
Changes since the 2021112021 release:
* PDF Viewer: update to version 7
* Camera: update to version 5
2021112021
Tags:
* SP1A.210812.015.2021112021 (Pixel 3, Pixel 3 XL) — extended support release
for legacy devices with frozen 2021-11-01 patch level
* SP1A.211105.002.2021112021 (Pixel 3a, Pixel 3a XL)
* SP1A.211105.003.2021112021 (Pixel 5a)
* SP1A.211105.004.2021112021 (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G),
Pixel 5, emulator, generic, other targets)
Changes since the 2021111414 release:
* Sandboxed Play services compatibility layer: expand Play Store compatibility
layer to fully support app installation, uninstallation and unattended
updates via the standard unprivileged APIs
* Sandboxed Play services compatibility layer: expand Play Store compatibility
layer to support the Play Store updating itself via the standard unprivileged
APIs
* Settings: clearer wording for the default GrapheneOS per-connection MAC
randomization
* Vanadium: update Chromium base to 96.0.4664.45
* Auditor: update to version 35
* Auditor: update to version 36
* Auditor: update to version 37
* Camera: update to version 4
* TalkBack (screen reader): update dependencies and tools
2021111414
Tags:
* SP1A.210812.015.2021111414 (Pixel 3, Pixel 3 XL) — extended support release
for legacy devices with frozen 2021-11-01 patch level
* SP1A.211105.002.2021111414 (Pixel 3a, Pixel 3a XL)
* SP1A.211105.003.2021111414 (Pixel 5a)
* SP1A.211105.004.2021111414 (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G),
Pixel 5, emulator, generic, other targets)
Changes since the 2021110617 release:
* Sandboxed Play services compatibility layer: improve AppOps compatibility
layer for long-lived operations via the new startProxyOp/finishProxyOp API
which previously had to be mimicked via the existing APIs
* Updater: only allow privileged apps including Settings to open the settings
activity since other apps like the launcher have no reason to open it
* android-prepare-vendor carriersettings-extractor: strip out carrier
provisioning configuration (OMA device management is not included in
GrapheneOS so this references an app that's not present)
* android-prepare-vendor carriersettings-extractor: always enable the ability
to disable 2G
* android-prepare-vendor carriersettings-extractor: remove unused Google Dialer
configuration for Wi-Fi calling
* android-prepare-vendor: improve Pixel 5a support
* add CameraX vendor extensions library to compile-time class loader path for
GrapheneOS Camera to make dexpreopt usable
2021110617
Tags:
* SP1A.210812.015.2021110617 (Pixel 3, Pixel 3 XL) — extended support release
for legacy devices with frozen 2021-11-01 patch level
* SP1A.211105.002.2021110617 (Pixel 3a, Pixel 3a XL)
* SP1A.211105.003.2021110617 (Pixel 5a)
* SP1A.211105.004.2021110617 (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G),
Pixel 5, emulator, generic, other targets)
Changes since the 2021110507 release:
* Camera: update to version 3
* revert hard-wiring camera gesture handler as a workaround for AOSP 12 bug
with the gesture on the lockscreen (only has an impact when multiple camera
apps are installed and can be worked around, so we'll just wait for an
upstream resolution)
* Vanadium: add workaround for upstream bug with login when sandboxed Play
services is present
* android-prepare-vendor: overhaul Pixel 4a (5G), Pixel 5 and Pixel 5a support
including building more AOSP modules
2021110507
Tags:
* SP1A.210812.015.2021110507 (Pixel 3, Pixel 3 XL) — extended support release
for legacy devices with frozen 2021-11-01 patch level
* SP1A.211105.002.2021110507 (Pixel 3a, Pixel 3a XL)
* SP1A.211105.003.2021110507 (Pixel 5a)
* SP1A.211105.004.2021110507 (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G),
Pixel 5, emulator, generic, other targets)
Changes since the 2021110122 release:
* replace AOSP Camera app with next-generation GrapheneOS Camera app
* set GrapheneOS Camera app as the hard-wired handler for camera gesture,
similar to Android 11+ hard-wiring it as the camera media intent handler
(should work around AOSP 12 lockscreen camera bugs) — note: this will be
undone in a follow-up release before this reaches the Stable channel
* invalidate icon cache between OS releases instead of only between major
Android versions so that system theme/icon changes take effect immediately
* system theme: switch to a more unique blue Material You color palette based
around #1565C0
* Updater: adjust colors to match Settings app
* Vanadium: update Chromium base to 95.0.4638.74
2021110122
Tags:
* SP1A.210812.015.2021110122 (Pixel 3, Pixel 3 XL) — extended support release
for legacy devices with frozen 2021-11-01 patch level
* SP1A.211105.002.2021110122 (Pixel 3a, Pixel 3a XL)
* SP1A.211105.003.2021110122 (Pixel 5a)
* SP1A.211105.004.2021110122 (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G),
Pixel 5, emulator, generic, other targets)
Changes since the 2021102613 release:
* full 2021-11-01 security patch level
* full 2021-11-05 security patch level
* full 2021-11-06 security patch level
* rebased onto SP1A.211105.004 release
* system theme: switch to pure blue Material You color palette as a starting
point for a GrapheneOS theme
* Updater: drop unused androidx legacy support library
* Updater: raise minSdkVersion to 31 (Android 12)
* Updater: stop marking settings activity as direct boot aware since it's never
used before unlocking
* Updater: remove obsolete receiver from manifest
* android-prepare-vendor: overhaul Pixel 4, Pixel 4 XL and Pixel 4a support
including building more AOSP modules
2021102613
Tags:
* SP1A.210812.015.2021102613 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, emulator, generic,
other targets)
Changes since the 2021102503 release:
* Updater: split up install progress notification into stages
* include standard display cutout overlays across all devices
* temporarily disable broken 'Render apps below cutout area' display cutout
developer option to avoid it breaking loading SystemUI on boot
* temporarily disable user-facing crash reporting for com.android.systemui due
to an upstream AOSP 12 bug causing false positive reports of it being frozen
(this change didn't end up successfully silencing the false positives so a
different approach will be needed)
2021102503
Tags:
* SP1A.210812.015.2021102503 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, emulator, generic,
other targets)
Changes since the 2021102300 release:
* enable gestural navigation overlay to match default nav mode (fixes
navigation bar style after factory reset or provisioning new users)
* Launcher: temporarily disable new animation feature flags (these appear to be
buggy)
* Clock: roll back to GrapheneOS Android 11 Clock app since the AOSP 12 Clock
app is buggy
* Dialer: revert to prior visual voicemail configuration until the new
configuration is properly handled
2021102300
Tags:
* SP1A.210812.015.2021102300 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, emulator, generic,
other targets)
Changes since the 2021102203 release:
* revert our change enabling the legacy wifi/cellular quick tiles until the
upstream code is fixed
* improve delta generation script
* Messaging: add built-in battery optimization exception
* Messaging: fix cellbroadcast package name
* Messaging: stop using platform certificate
* Dialer: update visual voicemail configuration for SP1A.210812.015
* keep PIN scrambling keypad number descriptions in sync with digits
* update PIN UI appearance for Android 12 in PIN scrambling implementation
2021102203
Tags:
* SP1A.210812.015.2021102203 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, emulator, generic,
other targets)
Changes since the 2021102020 release:
* Settings: add back reset text change lost in the port to Android 12
* fix inclusion of up-to-date per-device APN database for Pixels
* Pixel 4a: fix build system issue causing device specific APN / carrier
configuration to be omitted
* support using the legacy wifi/cellular quick tiles (combined internet quick
tile will still be used by default)
* Dialer: improve swipe to accept/reject calls
* Dialer: fix issue with USB headset audio routing
* Dialer: add dark theme and fix issues tied to it
* improve release signing and delta generation scripts
2021102020
This is the initial production release of GrapheneOS based on Android 12. It's
already fully functional and quite stable. Android 12 brings substantial
improvements to privacy, security, functionality, performance and aesthetics.
GrapheneOS features have been fully ported to Android 12 and also substantially
improved as part of the migration process. The release notes below cover the
full port of our features to Android 12 as a single entry in the list and
improvements beyond porting are listed separately.
Tags:
* SP1A.210812.015.2021102020 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, emulator, generic,
other targets)
Changes since the 2021100606 release:
* full port of all existing GrapheneOS features to Android 12
* full 2021-10-05 security patch level for userspace device support code
(kernel already on 2021-10-05)
* rebased onto SP1A.210812.015 release
* Sandboxed Play services compatibility layer: add support for Play services
Android 12 releases (Android 11 releases still mostly work but we'll be
recommending/mirroring the Android 12 releases)
* make release signing otacerts.zip generation reproducible
* Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a: target
ARMv8.2-DotProd architecture and Cortex-A76 CPU for ART and native code
instead of producing generic ARMv8 code
* use modern rounded corners by default
* use new privacy indicators for location
* raise permission usage history from 1 day to 7 days
* enable permission history for all permission groups
* use speed compiler filter for dexpreopt by default (converted from build
configuration to build system to cover product/vendor/system_ext)
* temporarily disable user-facing crash reporting for
com.android.statementservice (Intent Filter Verification Service) due to an
upstream AOSP 12 bug causing an uncaught exception when it tries to send too
much data in the intents for jobs it runs via WorkManager
* Launcher: backport multiple fixes from AOSP master
* Launcher: enable new app open/close animations
* Launcher: enable crossfade when changing theme
* Launcher: enable new keyguard-to-launcher animation
* Launcher: add Settings to center of default 5x5 dock
* Launcher: add 2x2 workspace grid option
* Launcher: reduce app label text size
* Launcher: fix upstream issue causing missing screenshot button
* Launcher: add ripple animation to task menu items
* Launcher: fix all apps header color in dark mode
* Launcher: fix Personal/Work profile tab colors in All Apps
* Launcher: improve search bar UI in All Apps
* SystemUI: change default quick tiles and quick tile order
* Settings: update screen reader configuration for TalkBack so it shows up as a
system screen reader again
* Settings: add dark mode support for app installation restriction icon
* SetupWizard: update to latest upstream code
* SetupWizard: remove mention of pattern unlock in strings
* Updater: update to target API level 31 (Android 12)
* Updater: use Android 12 foreground service setup
* Vanadium: update Chromium base to 94.0.4606.80
* Vanadium: update Chromium base to 94.0.4606.85
* Vanadium: update Chromium base to 95.0.4638.50
* Vanadium: temporarily disable dexpreopt for browser and WebView (but not the
library) due to lack of support in the Android 12 dexpreopt system
* Seedvault: update to latest revision
* TalkBack (screen reader): set app label to TalkBack
* Auditor: update to version 34
2021100606
Tags:
* RQ3A.211001.001.2021100606 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic, other
targets)
* RD2A.211001.002.2021100606 (Pixel 5a)
Changes since the 2021100502 release:
* backport of the Android 12 GrapheneOS Pixel kernels to Android 11 GrapheneOS
including the full 2021-10-05 kernel patch level (full set of fixes for
firmware and userspace aren't public yet and will be provided by the upcoming
release of Android 12 for Pixels)
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL,
Pixel 5, Pixel 5a): rebase onto Android 12 SP1A.210812.016 kernel releases
* kernel (Pixel 4, Pixel 4 XL, Pixel 5, Pixel 5a): temporarily disable
unnecessary DEBUG_NOTIFIERS feature (type-based CFI obsoletes it as a
security feature) due to an incompatibility with the updated Android 12
kernel LLVM toolchain (discovered issue is benign but we'll be fixing it in a
future release)
2021100502
Tags:
* RQ3A.211001.001.2021100502 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic, other
targets)
* RD2A.211001.002.2021100502 (Pixel 5a)
Changes since the 2021100103 release:
* full 2021-10-01 security patch level
* partial 2021-10-05 security patch level (full set of fixes aren't public yet
and will be provided by the upcoming release of Android 12 for Pixels)
* rebased onto RQ3A.211001.001 and RD2A.211001.002 releases
* drop our downstream workaround for use-after-free vulnerability in init now
that the issue we reported is fixed upstream
2021100103
Tags:
* RQ3A.210905.001.2021100103 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic, other
targets)
* RD2A.210905.003.2021100103 (Pixel 5a)
Changes since the 2021092612 release:
* Vanadium: update Chromium base to 94.0.4606.71
* change generated carrier configurations to always allow editing APNs
* always show APN settings on CDMA carriers
* automate APN / carrier settings updates
2021092612
Tags:
* RQ3A.210905.001.2021092612 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic, other
targets)
* RD2A.210905.003.2021092612 (Pixel 5a)
Changes since the 2021092220 release:
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): apply upstream fix for
ION use-after-free vulnerability
* Vanadium: update Chromium base to 94.0.4606.61
* android-prepare-vendor: remove a bunch of unused code / functionality
* android-prepare-vendor: skip all kernel modules
2021092220
Tags:
* RQ3A.210905.001.2021092220 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic, other
targets)
* RD2A.210905.003.2021092220 (Pixel 5a)
Changes since the 2021091407 release:
* Auditor: update to version 32
* Auditor: update to version 33
* Vanadium: update Chromium base to 94.0.4606.50
* TalkBack (screen reader): update SDK and build tools versions
* clean up build scripts
2021091407
Tags:
* RQ3A.210905.001.2021091407 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic, other
targets)
* RD2A.210905.003.2021091407 (Pixel 5a)
Changes since the 2021090819 release:
* Sandboxed Play services compatibility layer: stub out DeviceConfig APIs by
ignoring device configuration writes instead of throwing a SecurityException
* Sandboxed Play services compatibility layer: stub out DropBoxManager API by
pretending no crash dumps, logs, etc. are available instead of throwing a
SecurityException
* Sandboxed Play services compatibility layer: stub out getImei API by
pretending IMEI cannot be retrieved instead of throwing a SecurityException
* Seedvault: add missing permission needed for UserManager restriction security
fix in the last release
* Seedvault: update to latest revision
* TalkBack (screen reader): update base version to 370044210 and port our
changes (Switch Access service has been dropped upstream)
* Auditor: update to version 30
* Auditor: update to version 31
* Vanadium: update Chromium base to 93.0.4577.82
2021090819
Tags:
* RQ3A.210905.001.2021090819 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel
4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic, other
targets)
* RD2A.210905.003.2021090819 (Pixel 5a)
Changes since the 2021090401 release:
* full 2021-09-01 security patch level
* full 2021-09-05 security patch level
* rebased onto RQ3A.210905.001 and RD2A.210905.003 releases
* kernel (Pixel 4a (5G), Pixel 5): use device-specific dtbo.img
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5, Pixel 5a: update APNs
* Pixel 5a: add missing configuration for biometric sensors (fingerprint
sensor)
* Pixel 5a: declare Pixel features are available so that apps with
Pixel-specific features will use them
* Seedvault: respect UserManager restrictions on app installation to avoid
providing a way to bypass device management restrictions
* Seedvault: show experimental restore backup option in backup settings instead
of only supporting restore in the initial setup wizard
2021090401
Tags:
* RQ3A.210805.001.A1.2021090401 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
* RD2A.210605.007.2021090401 (Pixel 5a)
Changes since the 2021082501 release:
* add experimental Pixel 5a support via device support branch
* Settings: add back past GrapheneOS feature for toggling whether secondary
users can install new apps
* Vanadium: update Chromium base to 92.0.4515.166
* Vanadium: update Chromium base to 93.0.4577.62
* Vanadium: hide sign in preference when disallowed
* Vanadium: disable using Play services as a source for certain Google fonts
* automatically disable UART debugging when flashing factory images (GrapheneOS
already extends the notification about it to production builds)
* Auditor: update to version 29
* SetupWizard: properly disable system UI navigation for the entire setup
process
* kernel (Pixel 4a (5G), Pixel 5): drop unnecessary Wi-Fi driver change from
our previous downstream security fixes
* Pixel 4, Pixel 4 XL: enable saturated color option
2021082501
Tags:
* RQ3A.210805.001.A1.2021082501 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021081822 release:
* Updater: move settings into a preference category
* Updater: add detailed information to the error messages
* Auditor: update to version 28
* Vanadium: move search suggestions toggle to privacy menu
* Vanadium: remove empty account category and Services menu from the main menu
* Sandboxed Play services compatibility layer: add shim to make Play services
use the regular cellular geolocation API instead of attempting and failing to
use a special API requiring MODIFY_PHONE_STATE to attribute power consumption
to the app responsible for the request to Play services
* Sandboxed Play services compatibility layer: add shims making Play services
use the unprivileged AppOps proxy API instead of attempting and failing to
use the privileged APIs for blaming other apps (it can still blame other apps
via the proxy API, but the OS treats it as an untrusted claim)
* Sandboxed Play services compatibility layer: add shim making Play services
use UserManager.hasUserRestriction instead of
UserManager.hasBaseUserRestriction to avoid requiring privileged permissions
and to return correct answers since it can't bypass device management
2021081822
Tags:
* RQ3A.210805.001.A1.2021081822 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021081411 release:
* Vanadium: update Chromium base to 92.0.4515.159
* Vanadium: improved implementation of not giving the default search engine
permissions now that Chromium has support for it
* Updater: avoid error messages being truncated by using expandable
notifications for them
* Settings: fix upstream bug preventing setting pictures for user profiles
* Settings: backport upstream fix for user edit dialog breaking from rotation
* Settings: add LTE only mode entry when carrier enables world mode too
* Sandboxed Play services compatibility layer: fix detection of system
processes in secondary users
* Sandboxed Play services compatibility layer: handle edge case of packages
without data directories
2021081411
Tags:
* RQ3A.210805.001.A1.2021081411 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.08.09.02 release:
* remove periods from build number (2nd half of the full version) to improve
compatibility with apps wrongly assuming they can parse it as an integer
(including Google Camera for Night Sight feature detection)
* Settings: add 3rd option to connectivity check setting for disabling it (will
prevent falling back to other networks from a broken one and handling captive
portals)
* Settings: ignore carrier asking the OS not to show the preferred network
setting, similar to how we already ignore being instructed to disallow
tethering
* further fixes for the upstream code implementing the eBPF-based INTERNET
permission (fixes cases where it was overly restrictive for secondary users,
but we already prevented it from being overly permissive by adding back the
simpler pre-eBPF approach as a 2nd layer of enforcement)
* Sandboxed Google Play compatibility layer: disable shared user id check since
it isn't relevant to GrapheneOS and it appears that it may be causing issues
2021.08.09.02
Tags:
* RQ3A.210805.001.A1.2021.08.09.02 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.08.03.03 release:
* Sandboxed Google Play compatibility layer: add infrastructure / shims to
support dynamite modules (dynamically loaded modules including Maps API
support)
* Vanadium: update Chromium base to 92.0.4515.131
* Vanadium: disable trials of privacy-aware analytics/advertising APIs
* Vanadium: remove unwanted sync and services link
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: update APNs
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: update CarrierConfig vendor.xml
2021.08.03.03
Tags:
* RQ3A.210805.001.A1.2021.08.03.03 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.07.26.20 release:
* full 2021-08-01 security patch level
* full 2021-08-05 security patch level
* rebased onto RQ3A.210805.001.A1 release
* kernel (Pixel 4a (5G), Pixel 5): backport implementation of IPv6 temporary
addresses (RFC4941) as a replacement for the legacy privacy address
implementation, removing the need for our work on mitigating the issues with
them (still used for older generation devices)
* Updater: use System Updater as the app name
* Updater: show when status notifications occurred
* Updater: add notification settings shortcut to update settings
* Sandboxed Google Play compatibility layer: add compatibility shims for
secondary user support
* Sandboxed Google Play compatibility layer: use unified GmsCompat/ prefix for
log tags
* Sandboxed Google Play compatibility layer: add shim for
AppOpsManager#startOpNoThrow
* Sandboxed Google Play compatibility layer: move foreground service
notification channel to dedicated Compatibility notification channel group
* Sandboxed Google Play compatibility layer: add proper description to
foreground service notification
* Sandboxed Google Play compatibility layer: add shortcut for opening the
notification channel settings from the foreground service notifications
2021.07.26.20
Tags:
* RQ3A.210705.001.2021.07.26.20 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.07.19.18 release:
* Updater: add detailed failure / success notifications. The next release will
enable the timestamp to show when it happened. You can turn off the 'Already
Updated' notification channel if you don't want those minimum priority
notifications with no status icon collapsed at the bottom.
* Vanadium: update Chromium base to 92.0.4515.105
* Vanadium: update Chromium base to 92.0.4515.115
* Vanadium: drop removal of speculative service worker start for search
* init: fix use-after-free from event handling callbacks (issue uncovered by
hardened_malloc in certain situations like unplugging a USB keyboard, etc.)
* fix PermissionController UI for Sensors/Network permissions with legacy API <
23 apps (i.e. apps without proper support for Android Marshmallow and beyond)
* Sandboxed Google Play compatibility layer: disable badge for foreground
service notification by default
* Settings: drop support for showing nearby devices from Play since it can't
function without Play having any special privileges
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL):
improve support for hosting servers by enabling SYN cookies for denial of
service resistance like newer generation devices
* hardened_malloc: update libdivide to 5.0.0
2021.07.19.18
Tags:
* RQ3A.210705.001.2021.07.19.18 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.07.16.19 release:
* Settings: fix displaying setting for GrapheneOS USB accessory policy (deny
new usb)
* Settings: hide insecure pattern lock option (either use a randomly generated
6-8 digit PIN for secure encryption based on secure element throttling or a
strong randomly generated passphrase to avoid depending on the secure
element, not this misguided pattern option with ridiculously low entropy)
* Sandboxed Google Play compatibility layer: return false for SIM card lock
check rather than throwing a SecurityException
* Sandboxed Google Play compatibility layer: avoid throwing an exception in
certain edge cases for secondary users when checking whether the
compatibility shims should be enabled for a process (i.e. when checking if
the process is one of the 3 core Play apps)
* Vanadium: update Chromium base to 91.0.4472.164
2021.07.16.19
Tags:
* RQ3A.210705.001.2021.07.16.19 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.07.07.19 release:
* add experimental support for running Play services and friends as sandboxed
user-installed apps without any special privileges
* Settings: use alternate implementation of Wi-Fi auto-turn-off setting
matching the Bluetooth auto-turn-off UX
* overhaul Wi-Fi auto-turn-off implementation including handling the case of
Wi-Fi being turned on without connecting to a network
* add lower auto-reboot timeout options
* display notification when UART is enabled in the bootloader configuration for
user builds too (where it isn't supported by userspace, but still provides
firmware and kernel logs) rather than only in userdebug builds
* Seedvault: update to latest revision
* Seedvault: switch to GrapheneOS fork with intent access restricted to prevent
other apps from spawning the activities
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: set product brand to hardware brand
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: remove aosp_ prefix from product names
2021.07.07.19
Tags:
* RQ3A.210705.001.2021.07.07.19 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.06.20.20 release:
* full 2021-07-01 security patch level
* full 2021-07-05 security patch level
* rebased onto RQ3A.210705.001 release
* reimplement Bluetooth auto-turn-off feature to avoid using the Settings app
for the implementation (fixes reliability issues)
* add experimental Wi-Fi auto-turn-off feature based on reimplementation of
Bluetooth auto-turn-off (will not kick in when Wi-Fi is turned on without
connecting to a network until the next release)
* Updater: display progress for the short phase of verifying the update
* Updater: reuse the same progress notification for downloading, verifying and
installing the update
* Updater: only alert once for progress notifications if the user raises the
notification importance level
* Updater: use foreground service via progress notification
* Vanadium: update Chromium base to 91.0.4472.120
* Vanadium: update Chromium base to 91.0.4472.134
* Seedvault: update to latest revision
2021.06.20.20
Tags:
* RQ3A.210605.005.2021.06.20.20 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.06.09.13 release:
* Vanadium: update Chromium base to 91.0.4472.101
* Vanadium: update Chromium base to 91.0.4472.114
* Vanadium: add toggle to Privacy and security settings for disabling JIT
compilation and using fully interpreted JavaScript via fast interpreter
* kernel (Pixel 4a (5G), Pixel 5): fix upstream module load order issues when
modules are built into the kernel
* kernel (Pixel 4a (5G), Pixel 5): build in every module and disable dynamic
kernel module support again to restore finer-grained Control Flow Integrity
(CFI) and attack surface reduction
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL,
Pixel 4a, Pixel 4a (5G), Pixel 5): generate a new privacy address when
connecting to a network as a temporary partial workaround for the broken
upstream privacy address implementation before Linux 5.8 (the privacy address
standard itself was flawed and Linux 5.8+ has an implementation of the fixed
standard, which we've suggested that Android backport in our upstream report)
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: declare Pixel features are available so that apps
with Pixel-specific features will use them
2021.06.09.13
Tags:
* RQ3A.210605.005.2021.06.09.13 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.06.08.06 release:
* re-enable current camera/microphone privacy indicator implementation
* kernel (Pixel 4a (5G), Pixel 5): use new GNU assembler (gas) prebuilts and
drop all other usage of the GNU toolchain since LLVM provides everything else
(LLVM assembler is used for userspace, but can't yet handle the Linux kernel)
* kernel (Pixel 4a (5G), Pixel 5): temporarily move to building and using
dynamic kernel modules (same list as AOSP) to work around new issues with
monolithic builds until we have time to resolve it to improve CFI granularity
again
* android-prepare-vendor (Pixel 4a (5G), Pixel 5): remove previously unused
stock OS kernel modules now that we're temporarily enabling dynamic kernel
module support so that only our builds of kernel modules are being used
* Updater: add support for custom accent color
2021.06.08.06
Tags:
* RQ3A.210605.005.2021.06.08.06 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.05.29.09 release:
* full 2021-06-01 security patch level
* full 2021-06-05 security patch level
* rebased onto RQ3A.210605.005 release, initial release of Android 11 QPR3
(Quarterly Platform Release 3)
* experimental new feature for configuring auto-reboot after N hours of the
device being locked to put all logged in user profiles back at rest (i.e.
data inaccessible to the OS until logged in again) when the device isn't in
your possession
* kernel (Pixel 4a (5G), Pixel 5): apply fixes for 2 Qualcomm Wi-Fi driver
vulnerabilities from CAF missed in the upstream December 2020 security update
for Pixels
* Vanadium: update Chromium base to 91.0.4472.88
* android-prepare-vendor: fix resuming image downloads due to broken HTTP/2
server semantics
* Settings: fix hardcoded black text in storage summary
* remove redundant property for disabling OpenGL preloading
* update kernel build tools used for Pixel 4a (5G), Pixel 5 and beyond
2021.05.29.09
Tags:
* RQ2A.210505.002.2021.05.29.09 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a)
* RQ2A.210505.003.2021.05.29.09 (Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.05.19.06 release:
* prevent DHCP (IPv4) from reusing state across connections to the same network
when full MAC randomization is enabled
* Vanadium: update Chromium base to 91.0.4472.77
* Vanadium: enable opportunistic HTTPS by default
* Vanadium: disable mobile identity consistency by default
* revert our change adding the screenshot button to the power menu for 3-button
navigation since it's provided by the recent apps activity for both gesture
and 3-button navigation (we originally added it back for both 2-button and
3-button navigation even though it was only needed for 2-button navigation,
and then the stock OS implemented the same fix only for 2-button navigation,
which makes more sense)
2021.05.19.06
Tags:
* RQ2A.210505.002.2021.05.19.06 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a)
* RQ2A.210505.003.2021.05.19.06 (Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.05.16.04 release:
* Settings: remove field referencing the mainline module (APEX) version (also
known as the Google Play system update version) since we ship these changes
as part of the OS and have out-of-band module updates disabled since we have
no use for them
* remove legacy Calendar widget
* add toggle for disabling fingerprint unlock while having fingerprints
registered for usage in apps (authentication and protecting hardware keystore
keys)
* Auditor: update to version 27
2021.05.16.04
Tags:
* RQ2A.210505.002.2021.05.16.04 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a)
* RQ2A.210505.003.2021.05.16.04 (Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.05.04.01 release:
* enable gesture navigation by default (see our guide on system navigation for
details on using gesture navigation and switching to a button-based
navigation)
* Updater: fix minor theme issue for light theme when pressing preferences
* replace our workaround for an upstream user profile crash issue with a proper
upstream fix from Sony
* replace our workaround for another upstream user profile crash issue with a
proper fix based on the approach of the fix from Sony
* Vanadium: update Chromium base to 90.0.4430.210
* hardened_malloc: purge memory even if VMA exhaustion causes munmap or
MAP_FIXED mmap calls to fail
* hardened_malloc: increase class region size on x86_64 to 32GiB
* hardened_malloc: increase class region size on arm64 to 2GiB (should be 32GiB
on devices where we've enabled 4-level page tables but that requires setting
up build configuration infrastructure)
* raise vm.max_map_count further to have even more leeway before VMA exhaustion
occurs from fine-grained guard regions
* kernel (Pixel 4a (5G), Pixel 5): fix build reproducibility issue by
backporting upstream fix
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL,
Pixel 4a, Pixel 4a (5G), Pixel 5): make CONFIG_LOCALVERSION_AUTO ignore Git
tags so adding tags doesn't change the result of a build
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL,
Pixel 4a, Pixel 4a (5G), Pixel 5): apply fixes for 2 Qualcomm audio driver
vulnerabilities from CAF including one missed in the upstream May 2021
security update for Pixels
* kernel (Pixel 4a): apply fix for use-after-free in GPU driver missed in the
upstream security updates for the Pixel 4a
* switch HTTPS network time URL from / to /generate_204 to allow for a future /
redirect
2021.05.04.01
Tags:
* RQ2A.210505.002.2021.05.04.01 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a)
* RQ2A.210505.003.2021.05.04.01 (Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.04.22.20 release:
* full 2021-05-01 security patch level
* full 2021-05-05 security patch level
* rebased onto RQ2A.210505.003 release
* enable backup service for non-owner users so that secondary users can be
backed up
* add SetupWizard activities for secondary users including support for
restoring backups
* Settings (Accessibility): add Monochromacy (grayscale) option to color
correction
* improve the newer generation eBPF-based implementation of the INTERNET
permission to properly support revoking the permission in secondary profiles
(we'll be keeping our restoration of the much simpler non-eBPF-based approach
to avoid relying on this on devices using our hardened kernels)
* Vanadium: update Chromium base to 90.0.4430.91
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: set slot number for eSIM (still need an eSIM
activation app since it's one of the remaining missing components from not
including Google apps and services)
* hardened_malloc: use 1 slot for all extended size classes (reduces memory
usage and improves security in combination with the guard slab feature)
* use system theme accent color for fingerprint dialog instead of teal
* integrate modern Android theme and wallpaper configuration
* remove legacy WallpaperPicker app
* Updater: modernize update settings via androidx preference library (new theme
has minor quirks we'll be fixing in the next release)
* use alternate grapheneos.online domain for connectivity check / captive
portal fallback URLs to improve handling of future issues comparable to Quad9
temporarily blocking grapheneos.network due to some kind of false positive
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: update APNs
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: update CarrierConfig vendor.xml
2021.04.22.20
Tags:
* RQ2A.210405.005.2021.04.22.20 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.04.16.04 release:
* kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): update our
change to use max ASLR entropy before the init process enables it for the
larger address space enabled by GrapheneOS
* kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): add back
hard-wired check for the INTERNET permission on socket creation at least
until the eBPF code is improved and fixed to work properly for secondary
profiles
* Vanadium: disable unused FLOC feature
* Vanadium: update Chromium base to 90.0.4430.82
2021.04.16.04
Tags:
* RQ2A.210405.005.2021.04.16.04 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.04.05.20 release:
* kernel (Pixel 4a (5G), Pixel 5): rebuild with updated techpack/camera
submodule
* add back support for fully disabling native debugging (ptrace) support in
Settings → Security
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL,
Pixel 4a, Pixel 4a (5G), Pixel 5): enable support for native debugging
(ptrace) toggle via Yama
* Settings: add back extra field with bootloader version
* Settings: only allow disabling Vanadium WebView library via developer tools
since disabling it breaks app compatibility and almost always results in
crashes rather than user friendly errors, including for base OS components
using it
* Vanadium: update Chromium base to 90.0.4430.66
* Vanadium: fully disable autofill assistant
* Vanadium: disable unused autofill assistant configuration
* Vanadium: disable speculative service worker start by default
* Vanadium: disable safety check for Android by default
* Vanadium: disable new interest feed feature too
* Vanadium: disable unused password check feature
2021.04.05.20
Tags:
* RQ2A.210405.005.2021.04.05.20 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.03.30.02 release:
* full 2021-04-01 security patch level
* full 2021-04-05 security patch level
* rebased onto RQ2A.210405.005 release
* SetupWizard: rebrand to GrapheneOS for other languages
2021.03.30.02
Tags:
* RQ2A.210305.006.2021.03.30.02 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.03.19.14 release:
* hardened_malloc: add initial malloc_trim slab quarantine purging to reduce
system memory usage from the slab quarantine without sacrificing security
* Vanadium: update Chromium base to 89.0.4389.105
* android-prepare-vendor (Pixel 4a (5G), Pixel 5): stop incorrectly treating
new vendor_boot partition as a firmware partition and use our own build
* SetupWizard: update to latest upstream code
2021.03.19.14
Tags:
* RQ2A.210305.006.2021.03.19.14 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.03.06.00 release:
* integrate the latest open source release of TalkBack and Switch Access as
first party accessibility services again (a text-to-speech service like
RHVoice needs to be installed, configured and enabled to be able to use
TalkBack)
* SELinux policy: add back removing tmpfs execute for all base system app
domains
* SELinux policy: expand exception from ashmem execute restriction to legacy
non-base system app domains (was more strict than currently intended since we
don't want to break app compatibility)
* add Bluetooth timeout feature with a security fix applied to the original
implementation
* Updater: rename title of the management activity launched via Settings
* set GrapheneOS launcher as a default notification listener on fresh installs
so that the default enabled notification integration is permitted by default
like the stock OS (existing users still need to manually enable the
permission for the built-in launcher)
* add back removing DUN requirement for tethering
* add back ignoring tethering provisioning requirement
* enable app compaction by default
* enable app freezer by default
* enable camera/microphone usage indicators by default
* kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): switch from
standard 39-bit address space to 48-bit address space via 4-level page tables
* Vanadium: update Chromium base to 89.0.4389.86
* Vanadium: update Chromium base to 89.0.4389.90
* Vanadium: enable partitioning connections by default
* hardened_malloc: update libdivide to 4.0.0
* hardened_malloc: use longer region quarantine random array (256 regions
instead of 128)
* Auditor: update to version 26
2021.03.06.00
Tags:
* RQ2A.210305.006.2021.03.06.00 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.03.02.10 release:
* Vanadium: update Chromium base to 89.0.4389.72
* Vanadium: enable user agent freeze by default
* Vanadium: disable building code as dynamic feature modules
* kernel (Pixel 4a): fix techpack/audio build reproducibility issue
* backport upstream fix for building on compressed filesystems
* Calendar: remove launcher icon since the app exists for compatibility /
testing
* Seedvault: update to latest revision
2021.03.02.10
Tags:
* RQ2A.210305.006.2021.03.02.10 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.02.26.16 release:
* full 2021-03-01 security patch level
* full 2021-03-05 security patch level
* rebased onto RQ2A.210305.006 release, initial release of Android 11 QPR2
(Quarterly Platform Release 2)
* Settings (Pixel 4, Pixel 4 XL, Pixel 5): enable refresh rate control
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: update APNs
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: update CarrierConfig vendor.xml
* Pixel 4a: fix SystemUI memory pinning
2021.02.26.16
Tags:
* RQ1A.210205.004.2021.02.26.16 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.02.23.15 release:
* hardened_malloc: add back workarounds for camera driver bugs on the Pixel 3,
Pixel 3 XL, Pixel 3a and Pixel 3a XL
2021.02.23.15
Tags:
* RQ1A.210205.004.2021.02.23.15 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.02.19.15 release:
* Camera: set flash mode to off by default (camera flash causes a substantial
delay and substantially lower image quality so it generally isn't desirable)
* system theme: use black for settings background in the dark theme
* drop legacy code for setting Seedvault as the enabled backup service
* hardened_malloc: drop workarounds for camera driver bugs on the Pixel 3,
Pixel 3 XL, Pixel 3a and Pixel 3a XL
* hardened_malloc: drop workaround for USB audio bug
2021.02.19.15
Tags:
* RQ1A.210205.004.2021.02.19.15 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.02.07.17 release:
* Vanadium: update Chromium base to 88.0.4324.181
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: update APNs
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a,
Pixel 4a (5G), Pixel 5: update CarrierConfig vendor.xml
* Auditor: update to version 24
* Auditor: update to version 25
* Pixel 4a: set boot security patch level to leverage the YYYY-MM-01 vs.
YYYY-MM-05 distinction for attestation
* Pixel 4a (5G), Pixel 5: complete initial device support including porting
hardening features
* kernel (Pixel 4a (5G), Pixel 5): enable slab canary feature
* kernel (Pixel 4a (5G), Pixel 5): set correct variable for 32-bit vdso
toolchain
* kernel (Pixel 5): disable unnecessary touch driver
* kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): use LLVM
toolchain for everything other than the assembler
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): use LLVM toolchain for
everything other than the assembler and target linker
* kernel (Pixel 4a (5G), Pixel 5): use new kernel build-tools prebuilts
repository
2021.02.07.17
Tags:
* RQ1A.210205.004.2021.02.07.17 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.02.06.05 release:
* fix added error reporting code for HTTPS-based network time updates
* Seedvault: update to latest revision
2021.02.06.05
Tags:
* RQ1A.210205.004.2021.02.06.05 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, emulator, generic,
other targets)
Changes since the 2021.02.02.09 release:
* Vanadium: update Chromium base to 88.0.4324.152
* rework the GrapheneOS HTTPS-based network time updates to enforce certificate
expiry based on the OS build date for the whole certificate chain to avoid
failing to fix significant time sync issues while still having a reasonable
expiry check
2021.02.02.09
Tags:
* RQ1A.210205.004.2021.02.02.09 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, emulator, generic, other targets)
Changes since the 2021.01.23.03 release:
* full 2021-02-01 security patch level
* full 2021-02-05 security patch level
* rebased onto RQ1A.210205.004 release
* Vanadium: update Chromium base to 88.0.4324.141
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): make more data read-only
per newer device kernels
2021.01.23.03
Tags:
* RQ1A.210105.002.2021.01.23.03 (Pixel 3a, Pixel 3a XL, Pixel 4a)
* RQ1A.210105.003.2021.01.23.03 (Pixel 3, Pixel 3 XL, Pixel 4, Pixel 4 XL,
emulator, generic, other targets)
Changes since the 2021.01.05.03 release:
* system theme: use slightly different accent color for the dark theme
* Dialer: add carrier-specific visual voicemail configurations
* Vanadium: update Chromium base to 87.0.4280.141
* Vanadium: update Chromium base to 88.0.4324.93
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL,
Pixel 4a): use UTC for kernel timestamp to make reproducible builds easier
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL,
Pixel 4a): update toolchain's toybox prebuilt for various fixes including
fixing an issue with the date command causing a build reproducibility issue
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL,
Pixel 4a): apply upstream patch avoiding truncation of kernel debug symbol
names generated when using Clang type-based CFI
* adjust kernel configuration tests to permit disabling dynamic kernel modules
for new kernel variants
* fix dark theme issue with Settings app search panel
* Camera2: backport fix for interaction with lockscreen
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a:
update APNs with carriersettings-extractor
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a:
add CarrierConfig vendor.xml from the stock OS with entries depending on
Google and carrier apps stripped out
2021.01.05.03
Tags:
* RQ1A.210105.002.2021.01.05.03 (Pixel 3a, Pixel 3a XL, Pixel 4a)
* RQ1A.210105.003.2021.01.05.03 (Pixel 3, Pixel 3 XL, Pixel 4, Pixel 4 XL,
emulator, generic, other targets)
Changes since the 2020.12.12.03 release:
* full 2021-01-01 security patch level
* full 2021-01-05 security patch level
* rebased onto RQ1A.210105.003 release
* Settings: update GrapheneOS connectivity check URLs to match NetworkStack
* Camera: remove unused Wi-Fi state permissions
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a:
update APNs with carriersettings-extractor
* adjust kernel configuration tests to permit not having BPF_JIT since we don't
have it enabled
* add check for empty TTS engine name to address upstream bug
* Vanadium: enable split cache by default
* Vanadium: add back legacy media file access support for now
* Vanadium: rename WebView and library apps based on the vanadium.app domain
* Seedvault: update to latest revision
* remove unnecessary vendor overlays
* SetupWizard: change OS name to GrapheneOS for backup activity strings again
* fix use-after-free in adbd authentication which was breaking support for
persistently trusting keys due to zero-on-free
* system theme: use blue accent color
* replace default AOSP wallpaper with a solid black wallpaper — may get a bit
fancier in the near future
* update round icon mask
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a:
always use dark theme for boot chain firmware
* Pixel 3a, Pixel 3a XL: disable unused dynamic kernel module support to match
other devices
* Updater: disconnect keepalive connection when service is done
2020.12.12.03
Tags:
* RQ1A.201205.003.2020.12.12.03 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL)
* RQ1A.201205.008.2020.12.12.03 (Pixel 4, Pixel 4 XL, Pixel 4a)
* RQ1A.201205.010.2020.12.12.03 (emulator, generic, other targets)
Changes since the 2020.12.08.08 release:
* Vanadium: disable WebView variations support
* SetupWizard: update to latest upstream code
* NetworkStack: switch to grapheneos.network for connectivity checks to improve
compatibility with captive portals lacking support for the built-in login
interface (HSTS preloading for grapheneos.org breaks the fallback browser
login notification)
2020.12.08.08
Tags:
* RQ1A.201205.003.2020.12.08.08 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL)
* RQ1A.201205.008.2020.12.08.08 (Pixel 4, Pixel 4 XL, Pixel 4a)
* RQ1A.201205.010.2020.12.08.08 (emulator, generic, other targets)
Changes since the 2020.11.27.15 release:
* full 2020-12-01 security patch level
* full 2020-12-05 security patch level
* rebased onto RQ1A.201205.010 release
* script: support any number of source versions for deltas
* set read timeout for HTTPS network time connections
* disable keepalive for HTTPS network time connections
* always disconnect HTTPS network time connections
* remove unnecessary Accept-Charset header for HTTPS network time requests
* Vanadium: ask permission to play protected media by default
* Vanadium: disable autofill server communication by default
* Vanadium: update Chromium base to 87.0.4280.86
* Vanadium: update Chromium base to 87.0.4280.101
* Settings: remove partial MAC randomization translations
* Auditor: update to version 23
* downstream fix for VPN lockdown being overridden when stopping users replaced
by upstream fix
2020.11.27.15
Tags:
* RP1A.201105.002.2020.11.27.15 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, emulator, generic, other targets)
Changes since the 2020.11.25.22 release:
* Vanadium: disable autofill assistant by default (restores previous Vanadium
behavior)
* Vanadium: backport upstream fix for missing manifest changes (this fixes
issues with opening URLs in external apps)
* Vanadium: disable component updater pings by default
* Settings: disallow configuring connectivity checks for users disallowed to
configure Private DNS by the administrator (in theory, it could be a separate
option, but we need to use one that's already part of the public API)
2020.11.25.22 PREVIEW
Tags:
* RP1A.201105.002.2020.11.25.22 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, emulator, generic, other targets)
Changes since the 2020.11.05.18 release:
* PDF Viewer: update to version 6
* NFC: backport compatibility fix for certain broken apps from AOSP master
* Bluetooth: backport fix for Bluetooth capacity string
* Vanadium: update Chromium base to 86.0.4240.198
* Vanadium: update Chromium base to 87.0.4280.66
* Vanadium: disable new high-level functionality for fetching variations
* Vanadium: disable unused Omaha update check support
* Vanadium: disable GaiaAuthFetcher code due to upstream bug
* Vanadium: disable deprecated FTP support by default
* Pixel 4 XL: correctly mark certain unsupported features as unavailable per
the Pixel 4
* Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a:
use device-specific NFC configuration
* add initial runtime flags handling for exec-based spawning to improve
compatibility
* Pixel 3, Pixel 3 XL, Pixel 4, Pixel 4 XL, Pixel 4a: disable chained vbmeta to
simplify verified boot and improve attestation (Pixel 3a and Pixel 3a XL
never used this)
* Seedvault: update to latest revision
* NetworkStack: remove change to connectivity check handling that's no longer
required with Android 11
* use GrapheneOS connectivity check server by default for connectivity checks
in the OS
* Settings: add setting to toggle between GrapheneOS connectivity check server
and the standard Android connectivity check URLs to continue supporting
blending in with other Android devices without a VPN
* Updater: remove unused READ_PHONE_STATE permission
2020.11.05.18
While waiting for this release to become available, you can manually add a
battery optimization exemption for the Clock app via Settings ➔ Apps &
notifications ➔ Special app access ➔ Battery optimization where you can select
"All apps", scroll down to the Clock app and manually add an exemption. Should
get this added upstream.
Tags:
* RP1A.201105.002.2020.11.05.18 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, emulator, generic, other targets)
Changes since the 2020.11.03.03 release:
* Clock: add battery optimization exemption required for the new target API
level (this is missing in AOSP)
2020.11.03.03
Pixel 2 and Pixel 2 XL support will now be provided via separate extended
support releases for obsolete devices. We'll be making the first one based on an
official release in the near future. They can only reach the 2020-11-01 security
patch this month due to the lack of a release with changes outside the scope of
AOSP such as new GPU firmware.
Tags:
* RP1A.201105.002.2020.11.03.03 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a, emulator, generic, other targets)
Changes since the 2020.10.23.04 release:
* full 2020-11-01 security patch level
* full 2020-11-05 security patch level
* rebased onto RP1A.201105.002 release
* Vanadium: update Chromium base to 86.0.4240.110
* Vanadium: update Chromium base to 86.0.4240.114
* Vanadium: update Chromium base to 86.0.4240.185
* Vanadium: enable prefetch privacy changes by default
* Vanadium: enable reduced referrer granularity by default
* Camera: request fine location instead of coarse location for the
disabled-by-default geotagging feature
* Camera: remove unused INTERNET permission
* Clock: apply assorted fixes from upstream
* add explicit detection of fastboot being missing to the factory images
flash-all scripts
* Gallery: apply upstream fix from NXP for null pointer dereference bug
* Auditor: update to version 22
* script: make generate_deltas ask for the password only once
* enable screenshot action for 3 button nav too (the upstream release limited
it to being enabled for 2 button navigation)
2020.10.23.04
Tags:
* RP1A.201005.004.2020.10.23.04 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL)
* RP1A.201005.006.2020.10.23.04 (Pixel 4a, emulator, generic, other targets)
Changes since the 2020.10.06.02 release:
* Vanadium: update Chromium base to 86.0.4240.75
* Vanadium: update Chromium base to 86.0.4240.99
* Vanadium: remove deprecated, unused storage permissions
* replace standard WebView with Vanadium WebView again
* Pixel 4, Pixel 4 XL: disable unsupported aware feature so that ambient
display is available
* Seedvault: switch to upstream development branch now that it supports Android
11
* SELinux policy: port hardening from Android 10
* hardened_malloc: log fatal errors (detected memory corruption bugs) to
Android's log system
* fix minor issues with Android 11 port of Wi-Fi and Bluetooth quick tile
unlock requirement
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL, Pixel 4a): apply Bluetooth fixes from the stable kernel
branch including fixes for CVE-2020-12351, CVE-2020-12352 and CVE-2020-24490
* improve experimental support for the Pixel 4a including porting most
device-specific changes implemented for other devices
2020.10.06.02
Tags:
* RP1A.201005.004.2020.10.06.02 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL)
* RP1A.201005.006.2020.10.06.02 (emulator, generic, other targets)
Changes since the 2020.10.01.23 release:
* full 2020-10-01 security patch level
* full 2020-10-05 security patch level
* rebased onto RP1A.201005.006 release
* hardened_malloc: optimize and harden initialization sanity checks
* work around upstream bug causing null pointer crashes from media
notifications in secondary profiles
* enable secondary user logout support by default (purges credential encrypted
storage keys from memory)
* add back screenshot action to global action list as an alternative to the key
chord (power button + volume down) and screenshot button in the gesture
navigation recent apps list
* reject received unix timestamps before build unix time for HTTPS-based
network time implementation
* Clock: apply fixes for various upstream issues
* Updater: harden PendingIntent usage
2020.10.01.23
Tags:
* RP1A.200720.009.2020.10.01.23 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL)
* RP1A.200720.011.2020.10.01.23 (emulator, generic, other targets)
Changes since the 2020.09.29.20 release:
* Pixel 4 (non-XL): stop overriding default Bluetooth toggle to disable it by
default like other devices
* use otatools.zip for generating delta updates
* Settings: fix integration of LTE only mode option to preferred network
setting
* Auditor: update to version 21
2020.09.29.20
Tags:
* RP1A.200720.009.2020.09.29.20 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL)
* RP1A.200720.011.2020.09.29.20 (emulator, generic, other targets)
Changes since the 2020.09.25.00 release:
* add overlay to show 2 button navigation option in Settings again
* Calculator: gesture compatibility fix
* Auditor: update to version 20
* WebView: update to 85.0.4183.120
* WebView: update to 85.0.4183.127
* Vanadium: update Chromium base to 85.0.4183.127
* fix syncing time for the port of our HTTPS-based network time update
implementation to Android 11
* stop using dedicated keys for signing OsuLogin and ServiceWifiResources
rather than simply using the regular testkey/releasekey
2020.09.25.00
Tags:
* RP1A.200720.009.2020.09.25.00 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL)
* RP1A.200720.011.2020.09.25.00 (emulator, generic, other targets)
Changes since the 2020.09.18.13 release:
* fix Wi-Fi MAC randomization settings for translations that were missing our
added option
* Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4,
Pixel 4 XL: add missing configuration for biometric sensors in Android 11
* fix upstream bug in the NFC quick settings tile for Android 11 breaking it
after reboot
* fix NFC quick settings tile icon handling for Android 11
* Settings: fix upstream NFC preference so that it listens for changes and can
see it being toggled via the NFC tile
* Vanadium: update Chromium base to 85.0.4183.120
* Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4,
Pixel 4 XL: update APNs with carriersettings-extractor
* add back SetupWizard
* Settings: fix launching WifiSettings
We're no longer going to be listing out restored past features in a separate
section for the release notes.
2020.09.18.13 PREVIEW
Tags:
* RP1A.200720.009.2020.09.18.13 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL)
* RP1A.200720.011.2020.09.18.13 (emulator, generic, other targets)
Changes since the 2020.09.11.14 release:
* initial port to Android 11 with most GrapheneOS changes ported over (missing
most SELinux policy hardening, some Pixel 4 / 4 XL kernel side channel
mitigations, finer-grained Pixel 4 kernel Control Flow Integrity and the
setup wizard)
* full 2020-09-05 security patch level
* temporarily use stock WebView until the next release of Chromium is available
with public support for Android 11 to provide the WebView via Vanadium again
* fix VPN lockdown setting getting overridden on user stop
* SELinux policy: disable gmscore_app domain
* SELinux policy: use dedicated SELinux domain for Updater app based on the
modern untrusted_app domain
* stop disabling support for stable local privacy addresses since Android 11
handles it better by only using it when MAC randomization is disabled
* update to a new version of Seedvault for Android 11
* build and use otatools.zip for signing releases instead of an ad-hoc approach
* Auditor: update to version 19
* Updater: update targetSdkVersion to 30
* disable Scudo on 64-bit since we use the substantially more secure
hardened_malloc
* fully replace jemalloc with Scudo on 32-bit
* hardened_malloc: improve stats implementation
Installations made before this project was renamed to GrapheneOS and before the
first official release of the Android Hardening project will be forced to
factory reset as part of this upgrade, due to lack of backwards compatibility
with the unaltered AOSP encryption format.
2020.09.11.14
Tags:
* QQ3A.200805.001.2020.09.11.14 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, emulator, generic, other targets)
Testing the Android 11 kernels was useful, but we weren't able to ship the
previous release due to issues uncovered during testing. The Android 11 kernels
have minor backwards incompatible changes in the drivers for at least a subset
of the devices so we'll need to ship them with the rest of the changes. Thanks
to our testers for helping us with this. This will be the new final Android 10
release, assuming no further problems are uncovered during testing.
Changes since the 2020.09.10.05 release:
* revert to using the Android 10 kernels on the devices that were switched over
early due to backwards incompatible changes in some drivers
2020.09.10.05 PREVIEW
Tags:
* QQ3A.200805.001.2020.09.10.05 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, emulator, generic, other targets)
This should be the final GrapheneOS release based on Android 10. It ships the
device-independent monthly security patches and migrates over to using the
Android 11 branch of the GrapheneOS kernels for most devices, which brings all
the upstream kernel hardening in Android 11 along with the full September kernel
updates. The remaining patches for the full 2020-09-05 patch level require
finishing the migration to Android 11 in order to ship the September update for
the other device support code. It's possible we could ship some of this early,
but instead we're going to be focusing on finishing the enormous task of
migrating to Android 11. Further help with bringing up support for the devices
with Android 11 and porting over each of the GrapheneOS hardening features to it
would be greatly appreciated. Donations are also extremely helpful. GrapheneOS
has brought on another full time developer using donated funds and there are 3
part time developers helping with Android 11.
Changes since the 2020.08.07.01 release:
* full 2020-09-01 security patch level
* partial 2020-09-05 security patch level (missing userspace device support
changes until port to Android 11 is finished)
* Vanadium: update Chromium base to 84.0.4147.125
* Vanadium: update Chromium base to 85.0.4183.81
* Vanadium: update Chromium base to 85.0.4183.101
* Vanadium: remove unused learn more link from Incognito page
* recovery: reject updates with serialno constraints to match the GrapheneOS
Updater app
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
update base kernel to Android 11
* SetupWizard: update to latest upstream code
* conscrypt: drop temporary upstream revert of version code which was
accidentally kept during a rebase
* backport fix for USB audio regression from Android 11
Restoration of past features since the 2020.07.06.20 release:
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL):
enable intra-object FORTIFY_SOURCE overflow checks
2020.08.07.01
Tags:
* QQ3A.200805.001.2020.08.07.01 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, emulator, generic, other targets)
Changes since the 2020.08.03.22 release:
* SELinux policy: fix executing apk libraries as executables for third party
applications
2020.08.03.22
Tags:
* QQ3A.200805.001.2020.08.03.22 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, emulator, generic, other targets)
Changes since the 2020.07.06.20 release:
* full 2020-08-01 security patch level
* full 2020-08-05 security patch level
* rebased onto QQ3A.200805.001 release
* fix build for Pixel 3 when Pixel 3 XL kernel is not built
* fix secondary stack hardening when a non-page-size multiple stack size is
specified
* fix picking up previous build date when doing incremental builds
* Vanadium: update Chromium base to 84.0.4147.89
* Vanadium: update Chromium base to 84.0.4147.105
* Vanadium: update Chromium base to 84.0.4147.111
* Vanadium: remove Chromium logo in chrome://version
Restoration of past features since the 2020.07.06.20 release:
* kernel (Pixel 4, Pixel 4 XL): read-only data expansion
2020.07.06.20
Tags:
* QQ3A.200705.002.2020.07.06.20 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, emulator, generic, other targets)
Changes since the 2020.06.22.21 release:
* full 2020-07-01 security patch level
* full 2020-07-05 security patch level
* rebased onto QQ3A.200705.002 release
* change TrichromeLibrary package name
* drop MAC randomization preference migration code
* Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4,
Pixel 4 XL: update APNs with carriersettings-extractor
* disable network time refresh when network time is disabled (previous behavior
inherited from upstream)
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL): make reproducible builds simpler
* kernel (Pixel 4, Pixel 4 XL): use max ASLR entropy before the init process
enables it
Restoration of past features since the 2020.06.22.21 release:
* kernel (Pixel 4, Pixel 4 XL): enable UNMAP_KERNEL_AT_EL0 Meltdown mitigation
(KPTI)
* kernel (Pixel 4, Pixel 4 XL): enable ARM64_SSBD Spectre v4 mitigation
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL):
enable PANIC_ON_OOPS
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
Pixel 4, Pixel 4 XL): set PANIC_TIMEOUT to -1
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL):
disable SECURITY_SELINUX_DEVELOP
2020.06.22.21
Tags:
* QQ3A.200605.001.2020.06.22.21 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 4, Pixel 4 XL)
* QQ3A.200605.002.2020.06.22.21 (Pixel 3a, Pixel 3a XL, emulator, generic,
other targets)
Changes since the 2020.06.02.02 release:
* SystemUI: handle non-SRGB wallpapers
* Vanadium: update Chromium base to 83.0.4103.96
* Vanadium: update Chromium base to 83.0.4103.101
* Vanadium: update Chromium base to 83.0.4103.106
* script/generate_metadata.py: add channel name to update channel metadata
* Updater: sanity check channel name in update channel metadata
* Updater: raise minSdkVersion to 29
* Updater: extract care_map.pb rather than care_map.txt
* Updater: use a different zip for streaming updates (still an experimental /
hidden feature)
* disable RFC 7217 support (stable link-local IPv6 privacy addresses) and stick
to link-local IP addresses based on the (random) MAC addresses
* SetupWizard: update to latest upstream code
* SetupWizard: use system captive portal URL, rather than a custom Google URL
* NetworkStack: ignore captive portal fallbacks when one is set at runtime
* factory images flash-all script: reboot to bootloader after installing update
* make_key: use 4096-bit RSA keys
* script/release.sh: auto-detect AVB algorithm to support 4096-bit RSA keys for
verified boot
* add experimental Pixel 4 and Pixel 4 XL support
* Auditor: update to version 18
Restoration of past features since the 2020.06.02.02 release:
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add back FORTIFY_SOURCE
enhancements
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add back userspace ASLR
improvements
2020.06.02.02
Tags:
* QQ3A.200605.001.2020.06.02.02 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL)
* QQ3A.200605.002.2020.06.02.02 (Pixel 3a, Pixel 3a XL, emulator, generic,
other targets)
Changes since the 2020.05.29.00 release:
* full 2020-06-01 security patch level
* full 2020-06-05 security patch level
* rebased onto QQ3A.200605.002 release
* Vanadium: update Chromium base to 83.0.4103.83
* factory images: add fastboot version detection to flash-all.bat on Windows
2020.05.29.00
Tags:
* QQ2A.200501.001.B2.2020.05.29.00 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL)
* QQ2A.200501.001.B3.2020.05.29.00 (Pixel 2, Pixel 2 XL, emulator, generic,
other targets)
Changes since the 2020.05.23.12 release:
* PDF Viewer: update to version 4
* PDF Viewer: update to version 5
* revert attempt at fixing audio DeviceDescriptor sorting
* hardened_malloc: temporarily disable SLOT_RANDOMIZE for audioserver to work
around DeviceDescriptor sorting bug
2020.05.23.12
Tags:
* QQ2A.200501.001.B2.2020.05.23.12 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL)
* QQ2A.200501.001.B3.2020.05.23.12 (Pixel 2, Pixel 2 XL, emulator, generic,
other targets)
Changes since the 2020.05.05.02 release:
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): use
Clang for compiling code for the host too
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add
build-tools prebuilts to PATH to reduce external dependencies and avoid
potential reproducibility issues
* add build-tools prebuilts to PATH in the release signing and delta generation
scripts to reduce external dependencies and avoid potential reproducibility
issues
* fix upstream bug relying on malloc addresses for sort order of 3 items,
causing Bluetooth A2DP audio to fail 2/3 of the time with hardened_malloc
when the expected item isn't first
* use the same datetime for build number and build date
* always use UTC as the time zone for build dates
* update GrapheneOS fork of android-prepare-vendor to the collaborative
AOSPAlliance fork
* raise minimum supported API level to 28 from 23, producing a warning for apps
targeting API < 28 (the Play Store disallows uploading new apps or app
updates targeting API < 28 so this isn't an aggressive warning)
* Vanadium: update Chromium base to 81.0.4044.138
* Vanadium: update Chromium base to 83.0.4103.60
* Vanadium: disable media DRM preprovisioning
* Vanadium: most private WebRTC IP handling policy by default
* set SCHED_BATCH in the kernel build scripts
Restoration of past features since the 2020.05.05.02 release:
* Settings: allow disabling Vanadium browser app via the Settings UI now that
Trichrome (browser, WebView, shared library) has replaced Monochrome
(monolithic app) for providing the WebView without having 2 copies of the
browser engine
2020.05.05.02
Tags:
* QQ2A.200501.001.B2.2020.05.05.02 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL)
* QQ2A.200501.001.B3.2020.05.05.02 (Pixel 2, Pixel 2 XL, emulator, generic,
other targets)
Changes since the 2020.04.14.23 release:
* full 2020-05-01 security patch level
* full 2020-05-05 security patch level
* rebased onto QQ2A.200501.001.B3 release
* Vanadium: update Chromium base to 81.0.4044.111
* Vanadium: update Chromium base to 81.0.4044.117
* disable safe volume feature everywhere instead of only the US
* hardened_malloc: implement slab allocation memory corruption checks for
malloc_usable_size
* set SCHED_BATCH in the build system and release generation scripts instead of
the interactive shell
* use more sensible factory images zip naming scheme
* Settings: add missing title for top_level_settings to fix showing it as null
in search results
Restoration of past features since the 2020.04.14.23 release:
* Vanadium: use 64-bit Trichrome browser processes
2020.04.14.23
Tags:
* QQ2A.200405.005.2020.04.14.23 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2020.04.13.21 release:
* Settings: adjust wifi_privacy_values to the new values
* Settings: remove unnecessary workaround for MAC randomization preference
* Settings: tweak MAC randomization preference wording
2020.04.13.21
Tags:
* QQ2A.200405.005.2020.04.13.21 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2020.04.07.10 release:
* Vanadium: update Chromium base to 81.0.4044.96
* Vanadium: remove unsupported password leak detection option
* Vanadium: expand automated string rebranding
* Vanadium: remove Google prefix from storage settings label
* reword random MAC options to make them clearer
* start the final phase of the migration process for random MAC preference
values
* generate manifests for stable releases directly referencing revisions by hash
instead of tag name to simplify signature verification for the sources
Restoration of past features since the 2020.04.07.10 release:
* globally enable -ftrivial-auto-var-init=zero rather than porting our
downstream -fsanitize=local-init feature
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
globally enable -ftrivial-auto-var-init=zero rather than porting our
downstream -fsanitize=local-init feature
* Vanadium: enable -ftrivial-auto-var-init=zero rather than porting our
downstream -fsanitize=local-init feature
2020.04.07.10
Tags:
* QQ2A.200405.005.2020.04.07.10 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2020.03.23.22 release:
* full 2020-04-01 security patch level
* full 2020-04-05 security patch level
* rebased onto QQ2A.200405.005 release
* Pixel 3a, Pixel 3a XL: fix SystemUI paths in memory pinning configuration
* only include Updater app when OFFICIAL_BUILD=true is set in the environment
to avoid accidental use of the default update server with unofficial builds
that are not compatible
* Vanadium: update Chromium base to 80.0.3987.162
* PDF Viewer: update to version 3
* update SELinux policy for officially supported devices based on isolated_app
domain split
* raise protected_fifos / protected_regular from 1 (world-writable directories)
to 2 (group-writable directories too)
* remove use of "Hey Google" as an example feature for battery saver in
Settings
2020.03.23.22
Tags:
* QQ2A.200305.002.2020.03.23.22 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2020.03.04.16 release:
* integrate Seedvault backup app as the default backup service
* integrate SetupWizard app to support restoring with Seedvault and other
initial setup
* Vanadium: disable unused safe browsing feature by default (Safe Browsing is
currently a no-op due to the lack of Play services, and support for using the
local database backend hasn't been implemented. Various changes would be
needed to make it available and to make sure that privacy is preserved.)
* Vanadium: disable unused Google VR support
* Vanadium: disable content feed suggestions by default
* Vanadium: update Chromium base to 80.0.3987.149
* Settings: fix broken upstream MAC randomization value mapping uncovered by
the always randomize option value
* make_key: use scrypt for key derivation used to encrypt keys
* add script/encrypt_keys.sh and script/decrypt_keys.sh for handling key
encryption
* improve UX, performance and algorithm support for encrypted keys in
script/release.sh and script/generate_delta.sh
* dexpreopt: disable BOARD_USES_SYSTEM_OTHER_ODEX for mainline devices, which
was causing odex files to be unintentionally omitted from the system image
for modern devices
* dexpreopt: use speed filter for boot images and non-prebuilts rather than
unintentionally only setting it for prebuilts
* dexpreopt: disable pre-optimization for apps bundled by
android-prepare-vendor to work around unresolved issues with conflicting
inlined definitions
2020.03.04.16
Tags:
* QQ2A.200305.002.2020.03.04.16 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2020.03.03.03 release:
* Vanadium: backport upstream fix for Android 10 downloads
* Vanadium: update Chromium base to 80.0.3987.132
* Settings: avoid overriding MAC address with random persistent MAC address
when viewing MAC address
* finish porting support for per-connection random MAC rather than using the
per-network random address
2020.03.03.03
Tags:
* QQ2A.200305.002.2020.03.03.03 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2020.02.07.19 release:
* full 2020-03-01 security patch level
* full 2020-03-05 security patch level
* rebased onto QQ2A.200305.002 release
* use time.grapheneos.org instead of grapheneos.org for HTTPS-based time
updates
* Vanadium: migrate to Trichrome for unified builds of separate browser and
WebView apps with a shared library app
* Vanadium: use org.grapheneos.vanadium.webview instead of com.android.webview
as the WebView package name
* Vanadium: rename WebView to Vanadium System WebView from Android System
WebView
* Vanadium: update Chromium base to 80.0.3987.99
* Vanadium: update Chromium base to 80.0.3987.117
* Vanadium: update Chromium base to 80.0.3987.119
* SELinux policy: remove base system app apk_data_file execute
* SELinux policy: remove zygote access to apk_data_file
Restoration of past features since the 2020.02.07.19 release:
* Vanadium: stop replacing signature from the Vanadium signing key with the OS
release key
* Settings: add back control over camera access while the screen is locked
* fix MAC randomization after reboot for the always randomize MAC option
* SELinux policy: split out base system untrusted_app (normal unprivileged
apps) and isolated_app (isolatedProcess sandbox) SELinux policy domains for
future work
* SELinux policy: remove base system app execmod
* SELinux policy: remove base system app execmem
* SELinux policy: remove base system app execute_no_trans
* SELinux policy: remove base system app app_data_file execute
* SELinux policy: remove base system app ashmem execute
* SELinux policy: remove base system app tmpfs execute
* SELinux policy: remove zygote execmem
* SELinux policy: remove system_server_startup domain
* add LTE only mobile network configuration option
2020.02.07.19
Tags:
* QQ1A.200205.002.2020.02.07.19 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2020.02.04.01 release:
* rebuild crosshatch kernel to correct build environment issue
* Vanadium (including WebView): update Chromium base to 80.0.3987.87
* Vanadium (including WebView): drop partially working AImageReader workarounds
* fully work around bug with AImageReader caught by CFI on 64-bit to fix
crashes during video rendering in Vanadium, Bromite, etc.
Restoration of past features since the 2020.02.04.01 release:
* WebView: use Vanadium WebView as provider
2020.02.04.01
Tags:
* QQ1A.200205.002.2020.02.04.01 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2019.01.06.21 release:
* full 2020-02-01 security patch level
* full 2020-02-05 security patch level
* rebased onto QQ1A.200205.002 release
* remove obsolete Email app
* Vanadium: update Chromium base to 79.0.3945.116
* WebView: update to 79.0.3945.116
* Vanadium: update Chromium base to 79.0.3945.136
* WebView: update to 79.0.3945.136
* Vanadium: fully disable AImageReader to fix remaining issues with video
playback uncovered by CFI on 64-bit
* Settings: fix MAC randomization setting for other locales by removing
incomplete translations
Restoration of past features since the 2019.01.06.21 release:
* add PIN scrambling feature
2020.01.06.21
Tags:
* QQ1A.200105.002.2020.01.06.21 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2019.12.02.23 release:
* full 2020-01-01 security patch level
* full 2020-01-05 security patch level
* rebased onto QQ1A.200105.002 release
* Vanadium: update Chromium base to 79.0.3945.93
* Vanadium: disable hiding trivial subdomains
* WebView: update to 79.0.3945.93
* add the option to randomize the MAC address for each connection instead of
per-network
* authenticated network time updates via HTTPS
Restoration of past features since the 2019.12.02.23 release:
* Settings: expose control over USB peripheral denial feature
2019.12.02.23
Tags:
* QQ1A.191205.008.2019.12.02.23 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL)
* QQ1A.191205.011.2019.12.02.23 (Pixel 3a, Pixel 3a XL, emulator, generic,
other targets)
Changes since the 2019.11.05.23 release:
* full 2019-12-01 security patch level
* full 2019-12-05 security patch level
* rebased onto QQ1A.191205.011 release
* Pixel 3a, Pixel 3a XL: fix userspace hw_random stirring service
* Vanadium: update Chromium base to 78.0.3904.96
* WebView: update to 78.0.3904.96
* Vanadium: update Chromium base to 78.0.3904.108
* WebView: update to 78.0.3904.108
* Auditor: update to version 17
* QuickSearchBox: disable widget
* QuickSearchBox: disable launcher icon
* Launcher: rebranding
* require unlocking to use work tile
2019.11.05.23
Tags:
* QP1A.191105.003.2019.11.05.23 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL)
* QP1A.191105.004.2019.11.05.23 (Pixel 2, Pixel 2 XL, emulator, generic, other
targets)
Changes since the 2019.11.04.23 release:
* Vanadium: fix Services preferences menu
* WebView: avoid incompatibility due to wrong apk variant
2019.11.04.23
Tags:
* QP1A.191105.003.2019.11.04.23 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL)
* QP1A.191105.004.2019.11.04.23 (Pixel 2, Pixel 2 XL, emulator, generic, other
targets)
Changes since the 2019.09.25.00 release:
* full 2019-11-01 security patch level
* full 2019-11-05 security patch level
* rebased onto QP1A.191105.004 release
* Settings: disable legacy suggestions mode
* recovery: GrapheneOS branding for fastboot mode
* Vanadium: update Chromium base to 77.0.3865.116
* WebView: update to 77.0.3865.116
* Vanadium: update Chromium base to 78.0.3904.62
* WebView: update to 78.0.3904.62
* Vanadium: update Chromium base to 78.0.3904.90
* WebView: update to 78.0.3904.90
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): mark functions with
address taken via assembly (this fixes compatibility with CFI in a build with
!CONFIG_MODULES)
* protect static TLS from stack buffer overflows
* drop legacy Pixel and Pixel XL support due to absence of any GrapheneOS
device maintainers, the end of vendor support and an increasingly large
security gap with current generation devices for the hardware, firmware and
device / generation specific software
Restoration of past features since the 2019.09.25.00 release:
* Bluetooth: add alloc_size attribute to OSI allocator
* protect pthread_internal_t from stack buffer overflows
* add secondary stack randomization
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): disable dynamic kernel
module support (resulting in substantially improved CFI granularity)
2019.10.07.21
Tags:
* QP1A.191005.007.A1.2019.10.07.21 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL,
emulator, generic, other targets)
* QP1A.191005.007.2019.10.07.21 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL)
Changes since the 2019.09.25.00 release:
* full 2019-10-01 security patch level
* full 2019-10-05 security patch level
* full 2019-10-06 security patch level
* rebased onto QP1A.191005.007.A1 release
* add changes to support disabling full preloading with exec spawning to the
public libcore API
* add OTHER_SENSORS to the public frameworks/base API
* Messaging app: fix notifications with a backport
* Vanadium: switch back to ChromeModern (standalone browser app) from
Monochrome (monolithic browser + WebView app, no longer supported for Android
10) until Vanadium is moved to Trichrome (separate browser and WebView apps
with a third shared library app)
* unified kernel tree (kernel/google/crosshatch) for Pixel 3, Pixel 3 XL, Pixel
3a and Pixel 3a XL
Restoration of past features since the 2019.09.25.00 release:
* begin generating / uploading delta updates from the last release to the
current release
2019.09.25.00
Tags:
* QP1A.190711.020.C3.2019.09.25.00 (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL,
emulator, generic, other targets)
* QP1A.190711.020.2019.09.25.00 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)
Changes since the 2019.09.23.19 release:
* update to QP1A.190711.020.C3 bug fix release
* fix granting Network and Sensors permissions at install time
* fix wording for Network permission group
2019.09.23.19
Tags:
* QP1A.190711.020.2019.09.23.19 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3,
Pixel 3 XL, Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2019.09.21.18 release:
* disable enforcing Runtime Resource Overlays for baseline overlays to work
around incompatibility with exec spawning
* enable exec spawning for com.android.phone again
2019.09.21.18 PREVIEW
Tags:
* QP1A.190711.020.2019.09.21.18 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3,
Pixel 3 XL, Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2019.09.18.14 release:
* Settings: use Mainline branding for APEX components
* Vanadium: update Chromium base to 77.0.3865.92
* WebView: update to 77.0.3865.92
* temporarily disable exec spawning for com.android.phone
* Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, mainline:
disable updatable apex for simplicity
* Pixel 2, Pixel 2 XL: enable increased system.img inode count
* script: replace networkstack key
2019.09.18.14 PREVIEW
Tags:
* QP1A.190711.020.2019.09.18.14 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3,
Pixel 3 XL, Pixel 3a, Pixel 3a XL, emulator, generic, other targets)
Changes since the 2019.08.25.15 release:
* full port to Android 10 with some exceptions (listed below)
* full 2019-08-05 security patch level
* full 2019-09-01 security patch level
* full 2019-09-05 security patch level
* temporarily add back standalone WebView (77.0.3865.73) until Vanadium
supports it for Android 10
* Vanadium: update Chromium base to 76.0.3809.132
* Vanadium: update Chromium base to 77.0.3865.73
* Updater: update targetSdkVersion to 29
* retrofit dynamic partitions for Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
* disable GSI keys
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): temporarily disable slab
canary implementation until an issue is narrowed down and addressed
* kernel (Pixel 3, Pixel 3 XL): temporarily re-enable dynamic kernel module
support until an issue is narrowed down and addressed (no dynamic kernel
modules are ever actually loaded but something breaks internally with it
disabled)
* add guard page between the stack and the new static TLS region
* bionic: pthread_internal_t changes have not yet been ported over so that
feature is temporarily gone
2019.08.25.15
Tags:
* PQ3A.190801.002.2019.08.25.15 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3,
Pixel 3 XL, emulator, generic, other targets)
* PQ3B.190801.002.2019.08.25.15 (Pixel 3a, Pixel 3a XL)
Changes since the 2019.08.05.19 release:
* add missing privileged permission whitelist for SdkSetup in SDK emulator
builds
* set up Vanadium for other architectures (arm, x86, x86_64)
* hardened_malloc (GrapheneOS only): remove workaround for use-after-free in
the citadel (Titan M) driver's key attestation support since it was fixed
upstream
* hardened_malloc: update libdivide to 2.0
* Vanadium (browser and WebView): update Chromium base to 76.0.3809.111
* Vanadium: redirect settings help icon
* Vanadium: set default search engine to DuckDuckGo
* apply partial fix for package manager original-package feature
* PDF Viewer: update to version 2
* Auditor: update to version 16
* add Vanadium to the apps that cannot be disabled via Settings (can still be
disabled) since the warning isn't enough to deter people from unknowingly
breaking apps using the WebView
* Updater: add settings entry to manually trigger check for updates
* Updater: reschedule update check job on channel change
* arm, x86 and x86_64 are now supported / tested architectures
* generic and emulator build targets are now supported / tested for development
usage (not suitable for secure production releases)
2019.08.05.19
Tags:
* PQ3A.190801.002.2019.08.05.19 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3,
Pixel 3 XL, other devices)
* PQ3B.190801.002.2019.08.05.19 (Pixel 3a, Pixel 3a XL)
Changes since the 2019.07.16.22 release:
* full 2019-08-01 security patch level
* partial 2019-08-05 security patch level (not yet fully available)
* Vanadium (browser and WebView): update Chromium base to 76.0.3809.89
* Vanadium: expand string rebranding including covering translations
* Vanadium: rename Sync and Google services to Services
* Vanadium: remove data reduction preference
* Vanadium: remove translate offer preference
* Vanadium: remove sync preferences
* Vanadium: remove navigation error preference
* Vanadium: remove safe browsing reporting preference
* Vanadium: remove usage and crash reports preference
* Vanadium: remove url keyed anonymized data preference
* Vanadium: disable contextual search by default
* Vanadium: remove redundant services preference category
* Vanadium (browser and WebView): use a unified Vanadium signing key instead of
the device-specific release key
* rename WebView provider to Vanadium
* SELinux policy: label protected_{fifos,regular} as proc_security (this is
needed for init to override the default values)
2019.07.16.22
Tags:
* PQ3A.190705.001.2019.07.16.22 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)
* PQ3A.190705.003.2019.07.16.22 (Pixel 3, Pixel 3 XL, other devices)
* PQ3B.190705.003.2019.07.16.22 (Pixel 3a, Pixel 3a XL)
Changes since the 2019.07.01.21 release:
* Vanadium (browser and WebView): update Chromium base to 75.0.3770.143
* Vanadium: disable media router media remoting by default
* Vanadium: disable media router by default (avoids the triggering warning
about not having Play services)
* Vanadium: remove Help & feedback menu entry
* Vanadium: further string rebranding from Chromium / Chrome to Vanadium
* Vanadium: disable unused reporting feature at compile-time
* Vanadium: disable unused remoting feature at compile-time
* Vanadium (browser and WebView): move from external/chromium to
external/vanadium in the GrapheneOS source tree and rename module from
Chromium to Vanadium
* Vanadium: disable offering translations by default
* Vanadium: disable prefetching suggested pages by default
* Vanadium: disable browser sign in feature by default
* Vanadium: disable safe browsing reporting opt-in by default
* extend release.sh to call the script for signing factory images
* extend release.sh to call the script for generating update channel metadata
* kernel build script (Pixel, Pixel XL, Pixel 3a, Pixel 3a XL): verify that no
arguments are passed
* kernel build script (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): verify that a
single argument (device variant) is passed
* enable kernel mitigations for file spoofing
Restoration of past features since the 2019.07.01.21 release:
* Vanadium (browser and WebView): enable type-based CFI for virtual calls
* enable kernel mitigations for link races
* kernel (Pixel 2, Pixel 2 XL): backport fixes for SLAB_FREELIST_RANDOM
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
enable SLAB_FREELIST_RANDOM
* kernel (Pixel 2, Pixel 2 XL): backport slub dynamic DEBUG_PAGEALLOC setting
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
backport slub free list pointer obfuscation
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
backport slub free list pointer obfuscation prefetch fix
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
backport slub native double free detection
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
enable SLAB_FREELIST_HARDENED
* kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a,
Pixel 3a XL): enable DEBUG_LIST
* kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a,
Pixel 3a XL): enable DEBUG_SG
* kernel (Pixel, Pixel XL): reduce DEBUG_SG virt_addr_valid check to a warning
(this works around a bug in the legacy QCE driver)
* kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a,
Pixel 3a XL): enable DEBUG_NOTIFIERS
* kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a,
Pixel 3a XL): enable DEBUG_CREDENTIALS
* kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): enable
SCHED_STACK_END_CHECK
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): bug
on !PageSlab && !PageCompound in ksize
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
always perform cache_from_obj consistency checks
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): bug
on kmem_cache_free with the wrong cache
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
real slab_equal_or_root check for !MEMCG_KMEM
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add
missing cache_from_obj !PageSlab check
* kernel (Pixel 2, Pixel 2 XL): backport upstreamed FORTIFY_SOURCE
implementation
* kernel (Pixel 2, Pixel 2 XL): backport upstreamed leading zero byte for stack
canary
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add
simpler page sanitization
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add
support for verifying page sanitization
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
slub: add basic full slab sanitization
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
slub: add support for verifying slab sanitization
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL):
slub: add multi-purpose random canaries
2019.07.01.21
Tags:
* PQ3A.190705.001.2019.07.01.21 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)
* PQ3A.190705.003.2019.07.01.21 (Pixel 3, Pixel 3 XL, other devices)
* PQ3B.190705.003.2019.07.01.21 (Pixel 3a, Pixel 3a XL)
Changes since the 2019.06.23.05 release:
* full 2019-07-01 security patch level
* full 2019-07-05 security patch level
* rebased onto PQ3A.190705.003/PQ3B.190705.003 releases
* Auditor: update to version 15
Restoration of past features since the 2019.06.23.05 release:
* add GrapheneOS PDF Viewer app (version 1)
* Vanadium: stop ignoring download location prompt setting
* Vanadium: show download prompt again by default
2019.06.23.05
Tags:
* PQ3A.190605.003.2019.06.23.05 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3,
Pixel 3 XL, other devices)
* PQ3B.190605.006.2019.06.23.05 (Pixel 3a, Pixel 3a XL)
Changes since the 2019.06.14.02 release:
* hardened_malloc: use copy_size to check for canaries (tiny performance /
hardening fix and avoids an erroneous abort in a corner case with realloc
from 0 byte allocations)
* hardened_malloc: update libdivide to 1.1
* Pixel 3a, Pixel 3a XL: raise maximum users to 16
* Pixel 3a, Pixel 3a XL: disable system_other odex
* Pixel 3a, Pixel 3a XL: disable system_other preloads_copy
* Pixel 3a, Pixel 3a XL: show connected mac randomization feature
* Pixel 3a, Pixel 3a XL: move to custom kernel
* Pixel 3a, Pixel 3a XL: use monolithic kernel builds
* kernel (Pixel 3a, Pixel 3a XL): disable slab merging
* kernel (Pixel 3a, Pixel 3a XL): add toggle for disabling newly added USB
devices
* kernel (Pixel 3a, Pixel 3a XL): replace SECURITY_SMACK with SECURITY_NETWORK
* kernel (Pixel 3a, Pixel 3a XL): mark qcedev data const
* Vanadium (browser and WebView): update Chromium base to 75.0.3770.101
* Vanadium: disable sensors access by default
* Vanadium: disable third party cookies by default
* Vanadium: disable background sync by default
* Vanadium (browser and WebView): stub out battery API
* Vanadium: disable search logo
* Vanadium: always use local new tab page
* Vanadium: disable payment support by default
Restoration of past features since the 2019.06.14.02 release:
* Vanadium: do not enable default search engine notification permission by
default
2019.06.14.02
Tags:
* PQ3A.190605.003.2019.06.14.02 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3,
Pixel 3 XL, other devices)
* PQ3B.190605.006.2019.06.14.02 (Pixel 3a, Pixel 3a XL)
Changes since the 2019.06.03.18 release:
* Vanadium (browser and WebView): update Chromium base to 75.0.3770.67
* add back brk system call to the seccomp whitelist for compatibility with Go
* Auditor: update to version 13
* Auditor: update to version 14
* Music: backport bug fix for passing CTS
* Updater: replace seamlessupdate.app with releases.grapheneos.org alias
* add initial experimental support for the Pixel 3a and Pixel 3a XL
* Pixel 2, Pixel 2 XL: set AVB rollback index to security patch timestamp
(backport of the implementation for the Pixel 3)
Restoration of past features since the 2019.06.03.18 release:
* kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): replace SECURITY_SMACK
with SECURITY_NETWORK
2019.06.03.18
Tags:
* PQ3A.190605.003.2019.06.03.18 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3,
Pixel 3 XL, other devices)
Changes since the 2019.05.18.20 release:
* full 2019-06-01 security patch level
* full 2019-06-05 security patch level
* rebased onto PQ3A.190605.003 release
* Auditor: update to version 11
* Auditor: update to version 12
* hardened_malloc (GrapheneOS only): further expand workaround for Pixel 3 and
Pixel 3 XL camera issues
Restoration of past features since the 2019.05.18.20 release:
* disable exec spawning when using debugging options
* enable exec spawning by default
* enable Verizon visual voicemail support
* kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): add
toggle for disabling newly added USB devices
* add properties for controlling deny_new_usb
* implement dynamic deny_new_usb toggle mode
* set deny_new_usb feature to dynamic by default
* sepolicy: deny_new_usb sysctl and system property policy
2019.05.18.20
Tags:
* PQ3A.190505.001.2019.05.18.20 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)
* PQ3A.190505.002.2019.05.18.20 (Pixel 3, Pixel 3 XL, other devices)
Changes since the 2019.05.08.15 release:
* GrapheneOS logo mask
* Auditor: update to version 10
* add preload parameter for avoiding full preload with exec
* raise maximum users to 16
* Vanadium (browser and WebView): update Chromium base to 74.0.3729.157
* hardened_malloc (GrapheneOS only): apply temporary workaround for citadel HAL
use-after-free (need to start building vendor HALs from the sources to fix
issues like this)
Restoration of past features since the 2019.05.08.15 release:
* disable OpenGL preloading for exec spawning
* disable resource preloading for exec spawning
* disable ICU cache pinning for exec spawning
* disable class preloading for exec spawning
* disable WebView reservation for exec spawning
* disable JCA provider warm up for exec spawning
* avoid AssetManager errors with exec spawning
2019.05.08.15
Tags:
* PQ3A.190505.001.2019.05.08.15 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)
* PQ3A.190505.002.2019.05.08.15 (Pixel 3, Pixel 3 XL, other devices)
Changes since the 2019.05.07.00 release:
* fix cellular, hotspot and battery saver quick settings tiles (they became
no-ops when unlocked)
2019.05.07.00
Tags:
* PQ3A.190505.001.2019.05.07.00 (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)
* PQ3A.190505.002.2019.05.07.00 (Pixel 3, Pixel 3 XL, other devices)
Changes since the 2019.04.01.19 release:
* full 2019-05-01 security patch level
* full 2019-05-05 security patch level
* rebased onto PQ3A.190505.002 release
* add Pixel and Pixel XL support including standard changes to kernel and
device code
* Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL: fix hw_random
permissions
* bundle Auditor (version 9)
* Chromium (browser and WebView): update to 74.0.3729.136
* Chromium: enable strict site isolation by default
* Chromium: initial rebranding to Vanadium including icon recolor
* hardened_malloc: extensive work on refactoring, micro-optimization and
documentation (see commits for details)
* hardened_malloc: implement mallinfo and mallinfo extensions for Android
* hardened_malloc: implement Android API for requesting purging
* hardened_malloc: implement the option of large size classes (enabled by
default)
* hardened_malloc: support extended range of small size classes (enabled by
default)
* hardened_malloc: support for slabs with 1 slot for largest sizes
* hardened_malloc: use round-robin assignment to arenas
* hardened_malloc: disable current in-place growth code path
* hardened_malloc: harden arena implementation
* hardened_malloc: fix non-init size for malloc_object_size extension
* hardened_malloc: shrink initial region table size to fit in 1 page
* hardened_malloc (GrapheneOS only): expand workaround for Pixel 3 and Pixel 3
XL camera issues
* Pixel 3, Pixel 3 XL: change SystemUIGoogle pinning to SystemUI
Restoration of past features since the 2019.04.01.19 release:
* use -fwrapv when signed overflow checking is off
* add exec-based spawning support (disabled by default for now)
* require unlocking to use battery saver quick tile
* require unlocking to use cellular quick tile
* require unlocking to use hotspot quick tile
* require unlocking to use data saver quick tile
* require unlocking to use rotation lock quick tile
* require unlocking to use wifi quick tile
* require unlocking to use airplane mode quick tile
* require unlocking to use bluetooth quick tile
* require unlocking to use nfc quick tile
* add support for kernels without module support enabled to the VTS and
compatibility tests
* kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): disable
slab merging
* kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): disable
loadable kernel module support
* kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): mark
qcedev data const
* kernel (Pixel 2, Pixel 2 XL): disable unused ramdisk compression formats
* SELinux policy: remove priv_app app_data_file execute
* SELinux policy: remove dumpstate ashmem execute and execmem (GrapheneOS
doesn't use the ART JIT compiler)
* SELinux policy: remove healthd ashmem execute and execmem (GrapheneOS doesn't
use the ART JIT compiler)
* SELinux policy: auditallow app execmem (moving back towards an exception
system)
* SELinux policy: auditallow app ashmem execute (moving back towards an
exception system)
* SELinux policy: auditallow ephemeral_app app_data_file execute (moving back
towards an exception system)
* SELinux policy: auditallow untrusted_app_all execmod (moving back towards an
exception system)
* SELinux policy: auditallow untrusted_app_all app_data_file execute (moving
back towards an exception system)
* SELinux policy: auditallow untrusted_app_all app_data_file execute_no_trans
(moving back towards an exception system)
2019.04.01.19
Tags:
* PQ2A.190405.003.2019.04.01.19 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
other devices)
Initial release of GrapheneOS.
Detailed changelogs were not written at this point.
2019.03.05.03
Tags:
* PQ2A.190305.002.2019.03.05.03 (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL,
other devices)
Final and only tagged release of the AndroidHardening project before it was
renamed to GrapheneOS. Earlier AndroidHardening releases were only snapshots and
are not listed here. Prior to the AndroidHardening placeholder name, the project
was known as CopperheadOS. For more details, see the page on the project's
history.
Detailed changelogs were not written at this point.
GrapheneOS
* Twitter
* GitHub
* Reddit
* LinkedIn