2022013010

Tags:

Changes since the 2022011423 release:

  • make DownloadManager friendlier to apps with the Network permission revoked instead of triggering SecurityException
  • Sandboxed Google Play compatibility layer: revert marking location service as a foreground location service (not necessary)
  • Sandboxed Google Play compatibility layer: add compatibility shims enabling full support for using Play services geolocation
  • Sandboxed Google Play compatibility layer: add GmsCompat app providing infrastructure for the compatibility layer and shortcuts to Google Play configuration activities (will toggle for redirecting the Google Play geolocation API in a future release)
  • Sandboxed Google Play compatibility layer: replace converting Google Play services to foreground services with keeping them alive using the GmsCompat app
  • Dialer: update visual voicemail configuration based on Google Phone 73.0.414822266
  • Messaging: replace obsolete AOSP MMS configuration database with one generated from the stock OS app
  • Vanadium: update Chromium base to 97.0.4692.98
  • Vanadium: use Google Chrome branding for client hints to help with blending in
  • Vanadium: enable HTTPS-only mode by default (can connect via HTTP through the warning screen if HTTPS upgrade fails)
  • Vanadium: enable strict origin isolation by default
  • Vanadium: disable appending variations header
  • Camera: update to version 10
  • Auditor: update to version 41
  • hardened_malloc: code cleanup and micro-optimizations
  • adevtool: initial public release replacing pre-generated vendor trees
  • adevtool: overhaul of GrapheneOS specific configuration

Twitter / Nitter | Reddit / Teddit

    • KindnessInfinityM
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      Sorry for such a long wait in ever getting a reply to your comment.

      in case you were unaware, An explanation on why so few devices are supported

      "Devices are carefully chosen based on their merits rather than the project aiming to have broad device support. Broad device support is counter to the aims of the project, and the project will eventually be engaging in hardware and firmware level improvements rather than only offering suggestions and bug reports upstream for those areas. Much of the work on the project involves changes that are specific to different devices, and officially supported devices are the ones targeted by most of this ongoing work.

      Devices need to be meeting the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there’s not much that the OS can do to provide an alternative. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported." from: https://grapheneos.org/faq#future-devices

      Hopefully someday in the future the device makers will properly handle the requirements needed for GOS