GrapheneOS v2023112600 Released

“Everyone on GrapheneOS has hardened_malloc and our other baseline exploit protections. hardened_malloc has great support for hardware memory tagging to provide a form of memory safety for memory unsafe code with a mix of deterministic guarantees and randomized general protection.””We’ve also replaced the Linux kernel version on the Pixel 8 and Pixel 8 Pro. AOSP and the stock Pixel OS use 5.15.110 while GrapheneOS is now using 5.15.137 and will be closely following along with LTS releases after they go through appropriate testing.””We mentioned Signal/WhatsApp because despite having end-to-end encryption, they both have a massive amount of remote attack surface, use tons of memory unsafe code for handling media, voice/video calls, etc. along with not using sandboxing. E2EE does no good if app is exploited.””GrapheneOS now has near full coverage for using memory tagging to defend against heap memory corruption outside the Linux kernel.””Future work will be converting Linux kernel’s MTE-based debugging into hardening and enabling Clang stack allocation tagging for userspace/kernel.”

What’s changed

Changes since the 2023111500 release:

improve existing infrastructure and settings for per-app hardening controladd new infrastructure for dynamic SELinux flags for appsreplace static SELinux policy disabling dynamic native code generation for base system apps with dynamic SELinux flagreplace YAMA LSM with dynamic SELinux flag for ptrace accessadd per-app toggle for native debuggingadd global toggle to disable native debugging for user installed apps by defaultadd per-app memory tagging toggle for user installed appsadd global toggle to enable memory tagging for user installed apps by defaultadd logging infrastructure for dynamic GrapheneOS SELinux flagsraise post-boot audit message rate limit from 5 to 50 per secondadd more infrastructure and tests for per-app hardening controlfix Android bug with rate limiting for non-app tombstones (crash info for reporting bugs)notify the user about notable system journal entries including kernel crash, file system check error, system_server crash, system app native crash and non-app process native crashnotify the user after memory tagging detects memory corruption in an appnotify the user after an app is blocked from accessing ptrace by the native debugging togglePixel 8, Pixel 8 Pro: migrate to using our standard 5.15.137 GKI LTS kernel as the base with reverts for changes that are not compatible with the driver tree yetinclude more info about Java and native crashes, ANRs, low memory conditions. kernel crash logs and filesystem check errors in bug report zips manually captured by users which on the stock OS is uploaded by Play servicesSandboxed Google Play compatibility layer: allow compatibility layer to show the error report UIGmsCompatConfig: update to version 84Vanadium: update to version 119.0.6045.163.2

Announcement / Archive
Full changelog

Leave a Reply

Your email address will not be published. Required fields are marked *