- cross-posted to:
- androidfoss@infosec.pub
- androidfoss@infosec.pub
- cross-posted to:
- androidfoss@infosec.pub
- androidfoss@infosec.pub
Tags:
- 2024103100 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)
Changes since the 2024102400 release:
- improve our existing fix for an upstream Android bug impacting apps using the telephony service in secondary users to fix support for disabling re-routing of Google Play location requests to the OS for fresh installs of sandboxed Google Play since the release of Android 15
- Sandboxed Google Play compatibility layer: extend wired Android Auto toggle to additional methods used in edge cases
- fix changing USB-C port control setting to a lower security level not fully applying until after locking and unlocking
- Settings: fix per-app exploit protection toggles for Private Space
- Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold: disable Wi-Fi HAL debug logging to avoid memory corruption caught by hardware memory tagging on GrapheneOS
- raise system log buffer size from 256KiB to 512KiB to make logs obtained by users reporting issues more useful
- enable stamp configuration for microdroid kernel builds to set LOCALVERSION based on version control information as expected
- kernel (6.6): disable unused hibernation support
- kernel (6.6): disable unused TIOCSTI ioctl (already blocked via standard Android SELinux ioctl filtering)
- kernel (6.6): disable unused cachestat system call (already blocked for apps via standard Android seccomp-bpf policy)
- kernel (6.6): enable random kmalloc caches for x86_64 and microdroid too, not only bare metal arm64
- kernel (6.6): enable full struct randomization for x86_64 and microdroid too, not only bare metal arm64
- kernel (6.6): enable DEBUG_SG for microdroid too, not only bare metal
- kernel (6.6): enable FORTIFY_SOURCE for microdroid too, not only bare metal
- kernel (6.6): disable BINFMT_MISC for microdroid too, not only bare metal
- kernel (6.6): disable RSEQ for microdroid too, not only bare metal
- kernel (6.6): add SYSRQ restrictions for microdroid too, not only bare metal
- kernel (6.6): use the same KFENCE configuration for microdroid as bare metal
- mark Sensors permission as implicitly added
- avoid adding Sensors permission to hasCode=false packages
- improve our implementation of extending verified boot to out-of-band shared library APK updates
- Log Viewer: add userType line to header in non-Owner users
- Log Viewer: add targetSdk and sharedUid to package info header
- System Updater: update minimum and target API level to 35 (Android 15)
- adevtool: update carrier settings
- Vanadium: update to version 130.0.6723.86.0
- Info: update to version 5
- Auditor: update to version 87
- Sandboxed Google Play compatibility layer: fix development support in OS debug builds
You must log in or # to comment.