GrapheneOS v2023041100 Released: April Security Patches

GrapheneOS is a private and secure mobile operating system with Android app compatibility that is developed as a non-profit open source project.

GrapheneOS v2023041100 Released: April Security Patches

"As with the March release, the monthly Android Open Source Project and stock Pixel OS release were rescheduled to the 2nd Monday of the month instead of the 1st Monday."


Changes since the 2023040400 release:

  • full 2023-04-01 security patch level
  • full 2023-04-05 security patch level
  • rebased onto TQ2A.230405.003.E1 release
  • Settings: add toggle for controlling direct access to Tensor hardware accelerators (TPU, GXP) by certain Google apps for users to choose whether Google apps can use more than the portable Android hardware acceleration features such as the neural net API
  • Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro: add dynamic control over direct TPU access
  • Pixel 7, Pixel 7 Pro: add dynamic control over GXP access by Google Camera
  • add support for providing Camera vendor extensions on Pixels via Pixel Camera Services app (at the moment, only the Camera2 Night extension is available for certain devices and CameraX extensions aren't available yet)
  • add support for runtime resource overlays (RROs) to exec spawning
  • remove support for disabling app visibility filtering since our Pixel eSIM firmware app integration depends on it
  • change standard Android package installer behavior to preserving packages being disabled after updating them
  • Launcher: add padding to background behind app drawer search bar to work around upstream layout issue
  • Contacts: use proper theme for AndroidX dialogs to fix crash
  • System Updater: directly enforce respecting network type parameter instead of it solely depending on the JobScheduler constraint
  • System Updater: improve code quality and robustness
  • System Updater: ask the OS to allocate required storage space before starting update download
  • SELinux policy: add back app_data_file execute for adb shell run-as domain
  • Sandboxed Google Play compatibility layer: coerce Play Store into updating disabled apps by hiding disabled state from it
  • Sandboxed Google Play compatibility layer: add infrastructure for bypassing permission requirements of services provided by Play services
  • GmsCompatConfig: update to version 45
  • GmsCompatConfig: update to version 46
  • TalkBack (screen reader): update base code to 13.0 and overhaul our changes for it including removing proprietary library dependency
  • TalkBack (screen reader): update dependencies
  • kernel (5.10, 5.15): fix build for non-arm64 architectures

Full Changelog