Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn't be used anymore due to lack of most security patches for firmware and drivers. We're currently supporting them via a legacy Android 13 branch separate from these mainline GrapheneOS releases. We're considering porting them to Android 14 to continue providing extended support longer than initially planned to keep them as a way to preview the current version of the OS.
Tags:
- 2023112600 (Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets)
- 2023112600-shusky (Pixel 8, Pixel 8 Pro)
Changes since the 2023111500 release:
- improve existing infrastructure and settings for per-app hardening control
- add new infrastructure for dynamic SELinux flags for apps
- replace static SELinux policy disabling dynamic native code generation for base system apps with dynamic SELinux flag
- replace YAMA LSM with dynamic SELinux flag for ptrace access
- add per-app toggle for native debugging
- add global toggle to disable native debugging for user installed apps by default
- add per-app memory tagging toggle for user installed apps
- add global toggle to enable memory tagging for user installed apps by default
- add logging infrastructure for dynamic GrapheneOS SELinux flags
- raise post-boot audit message rate limit from 5 to 50 per second
- add more infrastructure and tests for per-app hardening control
- Pixel 8, Pixel 8 Pro: migrate to using our standard 5.15.137 GKI LTS kernel as the base with reverts for changes that are not compatible with the driver tree yet
- include more info about Java and native crashes, ANRs, low memory conditions. kernel crash logs and filesystem check errors in bug report zips manually captured by users which on the stock OS is uploaded by Play services
- Sandboxed Google Play compatibility layer: allow compatibility layer to show the error report UI
- GmsCompatConfig: update to version 84
- Vanadium: update to version 119.0.6045.163.2