- cross-posted to:
- androidfoss@infosec.pub
- cross-posted to:
- androidfoss@infosec.pub
Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn’t be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.
Tags:
- 2024083100-redfin (Pixel 4a (5G), Pixel 5)
- 2024083100 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)
- 2024083100-caimito (Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold)
Changes since the 2024082200 release:
- don’t hide Exploit protection Safety Center item in secondary users
- Settings: improve UI for GrapheneOS app toggles including adding a screen for viewing the values across apps for each toggle
- add more infrastructure for blocking dynamic code loading
- Settings: add per-app memory dynamic code loading restriction toggle (applies to both native code and Android Runtime class loading for Java/Kotlin)
- Settings: add per-app storage dynamic code loading restriction toggle (applies to both native code and Android Runtime class loading for Java/Kotlin), temporarily without a global toggle until Google phases out the old dynamite module system for Google Play due to many apps temporarily depending on this through it
- Settings: add per-app WebView JIT restriction toggle
- add production support for the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL
- add experimental support for the Pixel 9 Pro Fold (we haven’t received our preordered device for testing yet)
- add support for enabling app association restrictions without exemptions (currently for use with Pixel Thermometer)
- add support for Pixel Thermometer app available from our App Store for the Pixel 8 Pro, Pixel 9 Pro and Pixel 9 Pro XL with strict isolation from other apps
- add missing feature compatibility matrix definitions (mainly for 9th generation Pixels)
- Contact Scopes: explicitly set initialization order after ContactsProvider2 to avoid uncaught exceptions from a race
- kernel (6.1): disable unused hibernation support
- kernel (6.1, 6.6): enable struct randomization in the full mode with a deterministic seed based on kernel commit timestamp (we plan to also incorporate the device family and eventually make the seed specific to each device model, but it will increase our build/testing workload)
- kernel (6.6): enable random kmalloc caches
- kernel (5.10): update to latest GKI LTS branch revision
- kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.96
- kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.46
- Vanadium: update to version 128.0.6613.88.1
- Vanadium: update to version 128.0.6613.99.0
- Auditor: update to version 84
- GmsCompatConfig: update to version 131
- GmsCompatConfig: update to version 132
- GmsCompatConfig: update to version 133
- drop restriction on modifying GrapheneOS-specific per-package settings via ADB shell since it makes certain important testing require debug builds and has no real security value
- flash-all.sh: restore POSIX sh compatibility to allow using sh instead of bash on systems where sh is dash or another non-bash-compatible shell
- add support for using backslashes in the passphrases for encrypting the keys for signing OS releases
You must log in or register to comment.