Thanks to visit codestin.com
Credit goes to github.com

Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: GrapheneOS/platform_system_core
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 14
Choose a base ref
...
head repository: snowstamp/platform_system_core
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 14
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 15 commits
  • 8 files changed
  • 3 contributors

Commits on Jun 11, 2024

  1. increase max_map_count for hardened malloc 

    Signed-off-by: anupritaisno1 <[email protected]>
    @thestinger
    thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    f141ef6 View commit details
    Browse the repository at this point in the history

  2. tighten up mount permissions 

    Signed-off-by: anupritaisno1 <[email protected]>
    @thestinger
    thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    f8c56ca View commit details
    Browse the repository at this point in the history

  3. add properties for controlling deny_new_usb 

    Signed-off-by: anupritaisno1 <[email protected]>
    @thestinger
    thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    86fa1d5 View commit details
    Browse the repository at this point in the history

  4. enable kernel mitigations for link races 

    Signed-off-by: anupritaisno1 <[email protected]>
    @thestinger
    thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    c7d0e06 View commit details
    Browse the repository at this point in the history

  5. enable kernel mitigations for file spoofing 

    Signed-off-by: anupritaisno1 <[email protected]>
    @thestinger
    thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    c0bfc3f View commit details
    Browse the repository at this point in the history

  6. disable ldisc_autoload

    @thestinger
    thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    dc90e8b View commit details
    Browse the repository at this point in the history

  7. raise max RLIMIT_NOFILE for zygote from 32K to 256K

    @muhomorr @thestinger
    muhomorr authored and thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    19e973c View commit details
    Browse the repository at this point in the history

  8. make persist.adb.tls_server.enable system property non-persistent 

    persist.adb.tls_server.enable sysprop enables persistent network ADB, which severely weakens
verified boot.

Network ADB is disabled after each reboot by the system_server, but in a fragile way, see
frameworks/base/services/core/java/com/android/server/adb/AdbService.java

It's not clear whether this system_server behavior is intentional.
    @muhomorr @thestinger
    muhomorr authored and thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    cbbe8d9 View commit details
    Browse the repository at this point in the history

  9. add auto-reboot implementation

    @muhomorr @thestinger
    muhomorr authored and thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    6c7c4b4 View commit details
    Browse the repository at this point in the history

  10. don't auto-enable USB port during normal boot on Tensor Pixel devices 

    USB port is now enabled only after checking USB port security policy, which is done later in USB HAL
and in system_server.

Requires corresponding patches to tcpci_max77759 kernel module.

This change doesn't apply to recovery and charger boot modes.
    @muhomorr @thestinger
    muhomorr authored and thestinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    704ce36 View commit details
    Browse the repository at this point in the history

Commits on Jun 19, 2024

  1. don't auto-enable pogo pins during normal boot on Pixel Tablet

    @muhomorr @thestinger
    muhomorr authored and thestinger committed Jun 19, 2024
    Configuration menu
    Copy the full SHA
    a27c97c View commit details
    Browse the repository at this point in the history

  2. enable deny_new_usb2 during normal boot before loading USB port driver 

    If needed, deny_new_usb2 gets disabled at a later stage by the USB HAL.
    @muhomorr @thestinger
    muhomorr authored and thestinger committed Jun 19, 2024
    Configuration menu
    Copy the full SHA
    2b1ae5a View commit details
    Browse the repository at this point in the history

  3. add property trigger for deny_new_usb2

    @muhomorr @thestinger
    muhomorr authored and thestinger committed Jun 19, 2024
    Configuration menu
    Copy the full SHA
    c744d67 View commit details
    Browse the repository at this point in the history

Commits on Jul 6, 2024

  1. stop setting mmap_min_addr sysctl 

    This is now set to 65536 for 64-bit-only arm64 kernels and was already
set to 65536 for x86_64.
    @thestinger
    thestinger committed Jul 6, 2024
    Configuration menu
    Copy the full SHA
    67f74e2 View commit details
    Browse the repository at this point in the history

Commits on Jul 11, 2024

  1. Revert "stop setting mmap_min_addr sysctl" 

    This reverts commit 67f74e2.
    @thestinger
    thestinger committed Jul 11, 2024
    Configuration menu
    Copy the full SHA
    9371999 View commit details
    Browse the repository at this point in the history
Loading