GrapheneOS v2023040400 Released
GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project.
TP1A.221005.002.B2.2023040400 (Pixel 4, Pixel 4 XL) — extended support release for legacy devices with frozen 2022-11-01 patch level:
- TQ2A.230305.008.E1.2023040400 (Pixel 6, Pixel 6 Pro, Pixel 6a)
- TQ2A.230305.008.2023040400 (Pixel 7)
- TQ2A.230305.008.C1.2023040400 (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 7 Pro, emulator, generic, other targets)
Changes since the 2023032600 release:
- Keyboard: apply fix for upstream spell checking bug causing words followed by periods to be flagged as invalid for some configurations
- enable auto-reboot feature by default with a very conservative 72 hour timer (i.e. the device will automatically reboot after 3 days without a successful unlock of any profile by default with users encouraged to set a shorter value to get their data automatically back at rest faster)
- Dialer: add modernized call recording implementation using modern Android storage (no files permission) and with unnecessary cruft removed including not locking availability or playing a recording tone based on region (users are responsible for respecting regional laws including informing the other party or obtaining explicit consent if required)
- Dialer: replace disabling bytecode optimization with a specific rule to keep fragment constructors
- add generic compatibility shim catching the exception from the Gservices provider being missing to enable apps like Google Camera and the Pixel eSIM firmware app (Google eSIM activation app is separate) to work without GSF installed since they don't have any actual hard dependency on either GSF or Play services
- remove unnecessary INTERNET (Network) permission from Pixel eSIM firmware app
- enable Pixel eSIM firmware app by default instead of it being part of the eSIM activation toggle which is now only used for the eSIM activation app (Google eUICC LPA)
- restrict Pixel eSIM firmware app from communication with non-system components to prevent it trying to get flags from GSF or a fake GSF
- Settings: add Pixel eSIM firmware app to the list of apps which can't be disabled via GUI since it updates firmware
- Launcher: hide "all apps" view when search starts to avoid upstream race condition where the wrong app can be opened when pressing too quickly
- Launcher, Keyboard: drop GrapheneOS prefix from naming to match other GrapheneOS apps
- update timezone data to Android mainline (based on tzdata 2022g)
- kernel (Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Generic 5.10, Generic 5.15): add back our slab allocator canary feature
- kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Generic 5.10, Generic 5.15): align with linux-hardened BPF JIT configuration (always on with JIT hardening enabled in all cases)
- kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.176
- kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.98
- Settings: reimplement remote attestation key provisioning toggle via modern GrapheneOS settings infrastructure
- Vanadium: update to version 112.0.5615.48.0
- GmsCompatConfig: update to version 44
- Sandboxed Google Play compatibility layer: improve support for compatibility layer development
