Related
Rom updated on May 19. This is LP 5.1 release 2. Latest Google/CM/Resurrection sources + all hardened features. Plus cleaned IP addresses (got rid of Google, Level 3 communication, AT&T, Orange, Department of Defense and other shady ips). Also enabled is Volte (enhanced LTE), which is Voice over LTE. This depends on the service provided by your carrier. In the States, for example, T-Mobile provides such services, which include high definition voice. Usually, you need special update done by the manufacturer in conjunction with your carrier. This rom does not need that. Your Z1 is already provisioned for Volte. You will see in Mobile Settings another entry: Enhanced 4g LTE Mode. ALso, in test menu/phone (*#*#4636#*#*), you will see a Volte Provisioned Flag. So, as soon as your carrier starts Volte, you are all set.
Sources are the same...
Download Link: http://forum.xda-developers.com/devdb/project/dl/?id=12531
_____________________________________________________________________________________
Rom updated to latest sources on May 4. In addition to regular hardened features, more than 40 instances of Google IP, Level 3 Communication and Department of Defense IPs removed from sources both for IPV4 and IPV6. The same is replaced with Opendns IP. Keep in mind that those ips go not only in configuration files, but libs also and the latter cannot be decompiled and fixed...
Download link: http://forum.xda-developers.com/devdb/project/dl/?id=12289
______________________________________________________________________________________
Rom Updated to LP 5.1.1. All hardened/security features implemented. Kernel used from Slimroms 5.1.
TWRP 2.8.6 is integrated in kernel.
Obviously, this is an alpha version...
Download Link: http://forum.xda-developers.com/devdb/project/dl/?id=12110
Kernel Source: https://github.com/AOSP-Argon/kernel_sony_msm8974/tree/lp5.1
___________________________________________________________________________________________________
Rom updated to 5.1: all hardened features enabled.
Download link: http://forum.xda-developers.com/devdb/project/dl/?id=11901
___________________________________________________________________________________________________
March 31: kernel updated to include screen color calibration:
See Download link: http://forum.xda-developers.com/showpost.php?p=59801528&postcount=94
_________________________________________________________________________________________________
March 27: New build is up, latest CM and Resurect changes; kernel includes voltage table, syncookie and TWRP.
Download Link: http://d-h.st/lw2s
Mirror Link: http://forum.xda-developers.com/devdb/project/dl/?id=11744
_________________________________________________________________________________
March 15: New build is up including latest sources, TWRP integrated in kernel, led lights fixed
DOWNLOAD LINK: http://d-h.st/UO7W
_______________________________________________________________________________________________
Marchh 7: Rom Updated to the latest version + plus all security enhancements. Sources for security changes are the same as posted
See Download section for update
Here is Resurection Remixed Lollipop hardened and secure. Built from sources on February 24.
Changes:
First of all, as many know, encryption on lollipop slows down the device to almost unusable. I was able to resolve that. The culprit was Qualcom crypto module and drivers that collide with graphics. In this rom, when you encrypt your device, there is no noticeable slow down at all. Your master encryption key is no longer stored in crypto module (which rumor has it is backdoored anyway), but rather hashed and salted on the drive itself.
1. Modified kernel to disable creepy SElinux and enable Tomoyo security. Now you can safely use Xposed framework and some modules such as Xprivacy, Appsettings and ShowDialpad, as well as many others
2. Modified kernel to disable qualcom module and drivers
3. Disabled creepy qualcom random number generation and enabled all other methods
4. Enabled 256 bit AES drive encryption as opposed to Google's default 128 bit
5. Enabled all ciphers and hashes available in kernel and disabled by default (thanks Sony and Google)
6. Latest CM changes
7. Omniswitch (to be flashed separately after flashing the rom)
Maybe more
INSTALL:
1. Be on Kitkat, rooted with CWM or TWRP
2. Enter Recovery, wipe System, Data, Cache
3. Flash the rom
4. Flash Omniswitch
5. Reboot and enjoy
If you want to encrypt your device, you need to do 2 additional steps before or after encryption. Go to Developer Options and enable "Force GPU rendering" and "Disable HW overlays. Yes, you have to enable (not disable) "Disable HW overlays" option. The latter won't stick after reboot. So, manually transfer the attached init.d script to /system/etc/init.d and set permissions to at least 744. This way the option will be set at boot and you won't have any noticeable slowdown. In fact, I don't see any difference in speed between encrypted and non encrypted device.
CREDIT: Resurection-Remix Team, Cyanogenmod, AOSP and Omniroms
WARNING:
I am not responsible if your device explodes and kills everyone around. You are doing it on your own. Russians, who are definitely coming, won't help you either :laugh:
Download links
Rom: http://d-h.st/l1rB For Update see Download Section
Omniswitch: http://d-h.st/AbGH
Init.d script (in case you want to encrypt your data): http://d-h.st/QIiE
Sources: https://github.com/ResurrectionRemix
https://github.com/HonamiZ1/android_system_vold
https://github.com/HonamiZ1/kernel_sony_msm8974
XDA:DevDB Information
Resurection-Remixed Lollipop 5.1.1 Hardened, ROM for the Sony Xperia Z1
Contributors
optimumpro
ROM OS Version: Lollipop
ROM Kernel: Linux 3.4.x
ROM Firmware Required: Unlocked Bootloader
Based On: AOSP, Cyanogenmod
Version Information
Status: Testing
Created 2015-02-25
Last Updated 2015-05-19
screenshots
Screenshots added
Kernel updated with CPU voltage table
Kernel updated to allow under/over volting. See attachment.
Instructions:
1. Unzip the file
2. Flash in fastboot: fastboot flash boot boot.img and fastboot reboot
Enjoy
Thanks for this ROM, are there any known bugs?
wis3m0nkey said:
Thanks for this ROM, are there any known bugs?
Click to expand...
Click to collapse
All CM bugs as of February 24. You can go on their site and see the list of changes...
optimumpro said:
All CM bugs as of February 24. You can go on their site and see the list of changes...
Click to expand...
Click to collapse
So just need to look at http://forum.xda-developers.com/xperia-z1/general/rom-official-cyanogenmod-12-nightlies-t3007118 is that right?
Sorry I have to confirm, there are multiple threads (Official/Development) for CM12.
This ROM will maintain root and recovery, right?
I'll flash and let you know if I find any other issues.
Tried it. Works great. Some strange problem with mms though. Could not load them even though data works perfectly. Battery life looks great. Didn't try calling so i can't say anything about the mic.
Kyrius said:
Tried it. Works great. Some strange problem with mms though. Could not load them even though data works perfectly. Battery life looks great. Didn't try calling so i can't say anything about the mic.
Click to expand...
Click to collapse
I use Textsecure as sms replacement. Microphone works great...
Very buggy
you should definately fix this rom as i cannot start camera it fc. it restart itseft
NOT STABLE
darkdevu said:
you should definately fix this rom as i cannot start camera it fc. it restart itseft
NOT STABLE
Click to expand...
Click to collapse
1. Learn the rule about not posting bug reports without logcat
2. Camera works fine: verified
3. Always wipe System/Data/Cache before flashing
4. Are you sure you have Xperia Z1?
Cheers
his profile says Z3. lol
Any further reports on this ROM? Interesting to know how it performs and about stability
Deleted
wis3m0nkey said:
Thanks for this ROM, are there any known bugs?
Click to expand...
Click to collapse
Rom Updated to the latest version. See Download section in the OP.
and where is the link to the update?
shikimafia said:
and where is the link to the update?
Click to expand...
Click to collapse
It is in Download section:
http://forum.xda-developers.com/devdb/project/?id=8412#downloads
Screenshots added in post #2. Note that only this rom and SlimLP work with the latest Xpivacy module. Tried on Crdroid and others and there is bootloop as soon as you enable Xprivacy.
Has no one tried this rom as not reports or posts
tried flashing update from scratch and get play services fc on every gapps i used............i am guessing i may have to flash initial release and dirty flash this over it? excuse me if i may have got it wrong
shingers5 said:
Has no one tried this rom as not reports or posts
Click to expand...
Click to collapse
Well. The first version had 69 downloads. The latest one had 20. Other than the bogus claim about camera foreclosing (by someone who has Xperia Z3) there were no reports of problems. I have been using this rom for about 10 days without any problems...
optimumpro said:
Well. The first version had 69 downloads. The latest one had 20. Other than the bogus claim about camera foreclosing (by someone who has Xperia Z3) there were no reports of problems. I have been using this rom for about 10 days without any problems...
Click to expand...
Click to collapse
I'm having issues flashing the new version as getting play services errors.... Was gonna try dirty flash over previous versions
This is the Official Jaguar rom for Leo, which is based on AOSP with some flavors from Slim and Dirtyunicorn plus a bunch of features only this rom has, such as a working camera button. . The rom was originally made for Xperia Z1 Honami in August 2015, then extended to Z1c and now to Z2/Z3/Z3c. The rom has been downloaded thousands times and enjoyed great success. I hope the trend will continue with Jaguar for Leo.
Why LP, as opposed to MM and Nougat? Several reasons. The main one is Sony's unfriendliness to development community. Camera sucks, because Sony wouldn't provide proper blobs. Also, MM brings very few features, as opposed to LP. MM is still in alpha, but is already being abandoned by developers in favor of Nougat. Nougat will never work for Z1/Z2/Z3, because Sony wants you to buy a newer device. And finally, all LP roms, except Jaguar, have been abandoned by their developers since November 2015. CM still publishes nightly LP, but they have abandoned CM 12.1 kernel, meaning, they haven't incorporated about 800 security patches from Google and Code Aurora in LP kernel. Another reason - I take changes from Android Gerrit Master Branch, Code Aurora, Google Security Bulletins and 3.10, 3.18 and 4.x kernels. Enough reasons for you?
The main difference from other roms is the emphasis on security and multiple features. With that in mind , let's see what Jaguar has to offer:
1. Hardened Kernel, modified M5; hardened rom built with HYPERTOOL 5.4
2. All ciphers enabled in kernel instead of just a few
3. Hardened/Fortified Bionic and Libs
4. Fstack protection strong to resist buffer overflows
5. Many System apps and processes are made read-only, to reduce elevation of privilege
6. Selinux replaced with Tomoyo Security, Yam security
7. Disc encryption, keymaster to 256 bit AES instead of 128
8. Latest TWRP with working brightness and ability to decrypt Data (Coming Soon)
9. Random number generation mixed hardware/software, as recommended by Linus Torwalds
10. Options to randomize host on every boot
11. Option to have a separate password for lock screen and boot
12. Qualcomm's Time Services disabled due to leaking on early boot (set time to automatic to get it from your carrier)
13. WIFI Background Scanning disabled to prevent leaking
14. Internet disabled for both WIFI and Data until Afwall is set and activiated (Afwall included in download, install as regular app)
15. The phone is VOLTE ready and you have all network options available in Cell menu (not just LTE/WCDMA/GSM)
16. GRsecurity features, such as Sidechannel implemented
17. Some Pax Security Features
18. Option to deny USB connection: denied always; denied when locked; and allowed always
19. Hardened webview with Google and other "interesting" IPs removed
20. Prevention of bruteforcing screen pin: the phone will reboot upon 3 unsuccessful attempts
21. Perfect_Event_Paranoid ported from Grsecurity: now third party apps can't use other apps including system to elevate privileges
22. Camera hardware button works to focus, take pictures and start video recording
23. Option to disable writing to Tombstones (a lot of private info is dumped there if there is a crash)
24. Option to disable continuing writing of logcat
25. Option to disable device cameras: back; front, both or none
26. Option to disable third party apps to access clipboard
27. Always latest Google Security Patches
28. Always latest Code Aurora Security Patches
29. Changes ported directly from Google Android Gerrit, so most of those in MM and even N are in this rom
30. About 80% of kernel changes are ported into Jaguar kernel from 3.10 and 3.18 (not Sony AOSP 3.10 that has Down Syndrome, but Linux/Google/Code Aurora one)
31. Rom is odexed to significantly increase boot speed (under 30 seconds) and application start
32. Many more security features ported from Linux and Copperhead OS
33. Dns Crypt: a feature allowing to choose among many Dns providers (all encrypted)
34. Seccomp: secure computing enabled in kernel
Other features include: Layers Theme Engine; Native Call Recording with interface integrated in Dialer with no restrictions; Privacy Guard; Native Wakelock Blocker; Native Black List; Global Menu; Slim Recents; Traffic Indicators; Advanced Reboot; Slim Pie; CPU Info on Screen; Ram Bar in Recents; Open Source Supeuser included and integrated in Settings; True Offline Charging with Screen Off; Kernel Adiutor included (unzip and install as a normal app) and integrated in Settings plus more
Things users need to know to have smooth experience:. These are not bugs, but rather an explanation of some features
1. If you want to do data encryption, keep in mind that unlike Android, Jaguar uses 256 bit encryption. If you were encrypted on other roms, you won't be able to decrypt. So, wipe encryption and then re-encrypt on Jaguar. Also, keep in mind that if you ever did factory reset on official TWRP 3+ for honami, your data partition is screwed and have to be resized to enable encryption. This has nothing to do with the rom, but rather with the official TWRP itself. Fastboot my unofficial TWRP 3.0.2, (it is coming for Xperia Z3c, which, by the way has working brightness, as well as ability to decrypt and mount data
2. Jaguar contains a script running on early boot, which cuts the internet access to both WIFI and Data until Afwall is running. This is done to prevent leaking, as well as having all your internet traffic routed through some interesting number of servers, including this IP: 26.147.196.22. So, install Afwall and activate it, otherwise, no Internet for you
3. If your system language is different from English and you want to make changes in Phone/Cell Network settings, switch to English first, make the changes and then return to your language. The changes you made will hold. If you try to make the changes in your language, you will have com.android.phone crash. Localization takes time and is virtually impossible to implement in Jaguar, which is a one-person-rom
4. Sony TimeKeep, which is ported from MM/N, now sets the correct time on reboot without the Internet or GSM signal. All you need to do is set it once and TimeKeep will save/recalculate/restore the same on each reboot
5. GAPPS: if you use them, you need to flash them right after the rom (or each update) and before reboot. Flashing after reboot will result in multiple f/c
6. Due to Volte implementation, you might be required to flash LP or MM stock baseband (only if you have no 2g/3g signal)
7. Helpful fastboot commands: for flashing TWRP: fastboot flash recovery recovery.img
for flashing kernel: fastboot flash boot boot.img
Download: All updates and change logs are in Post #3
Instructions:
1. Be on LP at least, have TWRP, unlocked bootloader and root
2. In TWRP, wipe data/factory reset, then wipe System/Data/Cache/Dalvik
3. Flash the rom
4. Reboot, install Afwall and Kernel Adiutor as normal apps; activate Afwall to have Internet
5. Enjoy the rom, say thank you, donate or do both
Warning: If your device and/or anyone in the immediate vicinity dies, don't blame me: it is all China and Russia's fault.
Credit: CM, AOSP, Slimroms, DU, Copperhead OS, Myself5 (kernel)
UPDATED KERNEL SOURCE: https://forum.xda-developers.com/devdb/project/dl/?id=23107 . Don't flash. This is not kernel, but rather sources to compile kernel
Kernel Source: https://github.com/AOSP-Jaguar/kernel_sony_msm8974
XDA:DevDB Information
JAGUAR LEO OFFICIAL HARDENED, ROM for the Sony Xperia Z3
Contributors
optimumpro
ROM OS Version: 5.1.x Lollipop
ROM Kernel: Linux 3.4.x
ROM Firmware Required: Unlocked Bootloader
Based On: AOSP,CM,SLIM,DU
Version Information
Status: Stable
Stable Release Date: 2016-10-18
Created 2016-10-18
Last Updated 2017-02-09
Development update and some Screenshots
I broke my Z1 screen again and I am not in the mood for after market screens. And I am sick and tired of Sony crappy treatment of development community.
I am now looking at Lenovo Zuk Z2 or Z2 pro. Both excellent phones with the latest CPU and made out of metal and glass by Motorola which they bought from Google a couple of years ago. Zuk is friendly to developers and their blobs don't dumb down camera and they don't seek to "unify" bugs for all their devices. I no longer wish to support a fat bastard corporation that can't make a good phone, but thinks that just by putting their logo on the phone would make it worth $700.
RE Jaguar. I will continue to maintain Jaguar mainly with security patches... for a while, but my main work will be concentrated on Zuk. There is a lot of work to be done cleaning Android N and implementing security and other features from Jaguar...
Screenshots are here: http://forum.xda-developers.com/showpost.php?p=62560391&postcount=2
Download Section
February 9: New release including
1. February security patches
2. Sony TimeKeep to set the correct time on boot
3. Dns_Crypt (numerous choices of encrypted Dns providers) in Settings/Security
4. Open Source Superuser integrated in Settings
5. Seccomp/secure computing implemented and enabled in kernel
6. Twrp that supports data decryption, as well as TimeKeep
To use Dns_Crypt, you must allow Internet for 'apps run as root' in Afwall
Download Rom: https://forum.xda-developers.com/devdb/project/dl/?id=23079
Download TWRP: https://forum.xda-developers.com/devdb/project/dl/?id=23078
__________________________________________________________________
January 29. XDA is having a problem with upload/download. So, here is updated TWRP 3.0.2 that is able to decrypt and mount encrypted data partition. This one is different from the originally posted, because it includes the correct time. Together with the February release (not now), it will set the correct time both in recovery and the rom:
Download: https://www.androidfilehost.com/?fid=745425885120704246 There is a new TWRP on top of this post and in the download section...
January 12: New release This should take care of a color line on Auo displays. Also included is the fully working NFC-HCE for Android Pay (to pass Safety Net, you'll have to delete Supersu and su binary). And January security patches, of course...
Download: https://forum.xda-developers.com/devdb/project/dl/?id=22563
You may flash dirty on top of another Jaguar release. Otherwise - clean install
__________________________________________________________________________________
December 31. TWRP 3.0.2 able to decrypt data. This works well for Xperia Z1 and Z1c, but, since I don't have the device, it may or may not work for Z3. So, test it and report
Unzip the file (attached to this post) and flash in fastboot like this: fastboot flash recovery recovery.img
____________________________________________________________________________________________
December 14. New build with increased brightness levels. Flash only if you have a type of display that has flickering on low brightness. If you have no flickering, no need to upgrade
Download: http://forum.xda-developers.com/devdb/project/dl/?id=22108
______________________________________________________________________________
December 10: Rom updated to include
1. December security patches
2. Signature Spoofing (Omnirom type), switch in Developer settings
3. USSD fixed (maybe)
Download: http://forum.xda-developers.com/devdb/project/dl/?id=22020
__________________________________________________________________________________
November 10: Rom updated to include November Security Patches. I have also removed SuperSU, as there is a built-in root manager and quite a few people no longer like the Chinese owned SuperSU[/COLOR]
Download: http://forum.xda-developers.com/devdb/project/dl/?id=21437
__________________________________________________________________________________
October 18. New release including Code Aurora and Google latest security patches. Also, there is a new feature - option to prevent apps from accessing clipboard in background.
Download Rom: http://forum.xda-developers.com/devdb/project/dl/?id=20976
Download Afwall/KernelAdiutor: http://forum.xda-developers.com/devdb/project/dl/?id=20974
Any support for d6633?
I flash the baseband but after reboot the baseband is unknown again. And the ussd code not working.
leesiangcheng said:
I flash the baseband but after reboot the baseband is unknown again. And the ussd code not working.
Click to expand...
Click to collapse
Flash the correct baseband AFTER flashing the rom. If it says unknown baseband, you won't have even a sim card recognized.
USSD is a known issue. It works, but slowly: I get a response in 2-3 minutes...
Flash baseband alreadyworking .but after reboot the base band is gone.btw the rom is super fast.hope u can fix the baseband and ussd. Thanks for the rom.
leesiangcheng said:
Flash baseband alreadyworking .but after reboot the base band is gone.btw the rom is super fast.hope u can fix the baseband and ussd. Thanks for the rom.
Click to expand...
Click to collapse
You have to flash baseband for your country variant. I am in the US and had euro baseband and it took 10 sec for the phone to find signal. Then I flashed US baseband and and now I get signal right away...
Yes I flash my country baseband. At first it shows the baseband.but after reboot the baseband turn to unknow again.
Thanks for a great aosp rom! I'll try whenever I have time.
What do you mean with "localisation takes time"? Do you mean that gps is slow?
Sent from my D6603 using Tapatalk
blackhawk_LA said:
Thanks for a great aosp rom! I'll try whenever I have time.
What do you mean with "localisation takes time"? Do you mean that gps is slow?
Sent from my D6603 using Tapatalk
Click to expand...
Click to collapse
No, everything is fast here. Localization means translation to foreign languages. If you want to change mobile network settings (2g/3g/Lte), you would have to switch to English, make changes and then return to your language. That's the only area where you need to do that...
Wow looks amazing, but the million $ question is, is fisheye still present? Since camera is pretty useless on aosp with this fisheye since day 1 on z3..
Sent from my D6603 using XDA-Developers mobile app
corpsegrinder62 said:
Wow looks amazing, but the million $ question is, is fisheye still present? Since camera is pretty useless on aosp with this fisheye since day 1 on z3..
Sent from my D6603 using XDA-Developers mobile app
Click to expand...
Click to collapse
I don't know. Z2 users say there is no fish eye, but there is one on Z3 compact...
Thanks ! Amazing work !
Any plans for a dual sim version ? (D6633/D6683)
The ROM is FAAAST. Incredible, it restored my apps with titanium twice as fast as with other ROMs .
I have a little request, and is to have the network speed indicators in the right side, at the left of the WiFi indicator.
Thanks!
Sent from my Xperia Z3 using Tapatalk
This is greatest Z3 endeavor so far focused on security and stability!
We cant blame Sony for lack of official N ROM, however, lack of working MM source, no up to date MM ROM, which on galaxy s5 is something obvious makes me wonder if Sony doesn't make z3 obsolete for purpose.
Thank you for your effort!
Are there any prolonged battery life features?
Could any of users share battery life and image quality info?
To check if there is any camera distortion its enough to shot something like computer screen and see if its rectangle or it is distorted.
Camera fisheye bug is present.
Also, I I'm experiencing some light flickering on the screen at minimum brightness. Is more noticeable on white screens.
Sent from my Xperia Z3 using Tapatalk
This is awesome! I didn't expect a proper ROM for the Z3 anymore; Paranoid Android development seems slow and I'm still on infected's last CM12.1 ROM – so this is exactly what I'm looking for: A ROM with focus on security. I'll try it out as soon as possible.
Do you guys experience overheating? I encrypted my phone and it burns now... Using the same ROM but for Z3C...
Edit:
Is it possible to decrypt my phone ? I can only see the information that my phone is encrypted, can't click on it.
king960 said:
Do you guys experience overheating? I encrypted my phone and it burns now... Using the same ROM but for Z3C...
Edit:
Is it possible to decrypt my phone ? I can only see the information that my phone is encrypted, can't click on it.
Click to expand...
Click to collapse
Your phone is 'burninig', not because of encryption, but because you changed some settings in Kernel Adiutor. If you don't know what you are doing, don't touch anything. Untick all 'apply on boot' and reboot the phone to load default values. Jaguar on Z3c doesn't get over 50 degrees at highest loads (playing graphic intensive games)...
Sorry but I don't understand the situation in supporting this kind of formatting.
Which rom , kernel and magisk supported? And where ?
P2 supports and uses F2FS even in stock. The thing is that Lenovo (Moto) has older and buggy implementation of it which prevents you from using Magisk modules properly. Read about it here (This module is a temporary solution because your modules will disappear every reboot).
Probably every custom ROM posted on forums are using kernels with stock version of it. You can fix it using kernel which I compiled with necessary commit posted here which is working on LOS 15.1 and other treble ROMs or just wait for LOS 16 where the fix will be applied in official builds. You can also download LOS 16 testing build from 15.1 thread (latest pages) if you want.
I mean if that there are custom ROMs with working f2fs without any workaround ?
mysteres said:
I mean if that there are custom ROMs with working f2fs without any workaround ?
Click to expand...
Click to collapse
The current LOS 16.0 test build has F2FS working fine without the need to use any workaround to install modules.
This is the stock kernel that ships with glassrom (or will ship with it)
5g variants are not yet supported
It is based off kirisakura kernel with additional hardening from my side.
You get this:
All the features from kirisakura kernel
Removed qualcomm's rmnet drivers
COMPAT_VDSO is disabled to enable full vDSO ASLR
KSPP patches have been applied
Clang control flow integrity (https://source.android.com/devices/tech/debug/cfi)
Backward edged control flow integrity:
Strong protections enforced by shadowcallstack (https://source.android.com/devices/tech/debug/shadow-call-stack)
Weak protections enforced by adding stack canaries to everything and ensuring ASLR is of a decent enough quality
Compiled with -O3 and Polly for maximum performance
Wireguard driver has been removed
AVB depends on the ROM. Flashing it on glassrom/oxygenos will definitely cause it to boot with enforcing AVB. On other ROMs this shouldn't happen
Selinux forced enforcing patch from Samsung
Yama is enabled and set to SCOPE_NO_ATTACH
Uses sdfat driver to provide vfat and exfat drivers
Todo:
Port Linux-hardened patch
fix fingerprint on oos
Notes:
Flashing it on oxygenos will break dt2w
Flashing the kernel regardless of ROM or device combination will break twrp ramdisk boot. The only way to boot twrp is using fastboot boot, installing it to the ramdisk will always lead to a kernel panic. This is not a bug and will not be fixed
Download: see release post https://forum.xda-developers.com/showpost.php?p=81105101&postcount=8
Source:
https://github.com/GlassROM-devices/android_kernel_oneplus_sm8150
Donations:
Most of the hard work was done by @Freak07 so check out his thread and buy him a coffee
anupritaisno1 said:
This is the stock kernel that ships with glassrom (or will ship with it)
5g variants are not yet supported
It is based off kirisakura kernel with additional hardening from my side.
You get this:
All the features from kirisakura kernel
Removed qualcomm's rmnet drivers
COMPAT_VDSO is disabled to enable full vDSO ASLR
KSPP patches have been applied
Clang control flow integrity (https://source.android.com/devices/tech/debug/cfi)
Backward edged control flow integrity:
Strong protections enforced by shadowcallstack (https://source.android.com/devices/tech/debug/shadow-call-stack)
Weak protections enforced by adding stack canaries to everything and ensuring ASLR is of a decent enough quality
Compiled with -O3 and Polly for maximum performance
Wireguard driver has been removed
AVB depends on the ROM. Flashing it on glassrom/oxygenos will definitely cause it to boot with enforcing AVB. On other ROMs this shouldn't happen
Selinux forced enforcing patch from Samsung
Yama is enabled (does nothing significant for now)
Todo:
Set Yama to level 3 (breaks magisk)
Port Linux-hardened patch
Notes:
Flashing it on oxygenos will break dt2w
Flashing the kernel regardless of ROM or device combination will break twrp ramdisk boot. The only way to boot twrp is using fastboot boot, installing it to the ramdisk will always lead to a kernel panic. This is not a bug and will not be fixed
Download:
https://mirror.apexcdn.net/files/glassrom/unsigned.zip
Source:
https://github.com/GlassROM-devices/android_kernel_oneplus_sm8150
Click to expand...
Click to collapse
Fingerprint is broken on oos
Kaz205 said:
Fingerprint is broken on oos
Click to expand...
Click to collapse
Yeah sorry about that. I'll make a version for oos soon
I did test it for a short while on oos but did not test it enough
Merged in the latest kernel from kirisakura git and also merged in 4.14.156
It boots fine but I don't have a good internet connection to be able to upload it
Will do so soon
anupritaisno1 said:
Merged in the latest kernel from kirisakura git and also merged in 4.14.156
It boots fine but I don't have a good internet connection to be able to upload it
Will do so soon
Click to expand...
Click to collapse
Thanks! Does this one work with OOS?
MrGimpGrumble said:
Thanks! Does this one work with OOS?
Click to expand...
Click to collapse
I eventually plan to stop supporting oos
OOS is proprietary for one and such a system is almost never secure. And if you don't believe me just look at their past vulnerability announcements. Almost all oxygenos vulnerabilities come from the fact that oneplus finds loopholes around Google's CTS. Who knows what other holes they've opened up that Google forgot to add checks for
Further, oos has many "memory optimisation" drivers that directly try to access ram and break most of the security features I'm implementing. Most custom ROMs do not have these and the drivers can be safely disabled
I will also add that this kernel is almost functionally identical with kirisakura kernel. Yes I might merge upstream slightly faster but other than that there is no difference that you would notice. The only difference is that I'm enabling all the security features that must be enabled - especially CFI and shadowcallstack which come standard on any Google pixel device
As for wireguard I just think running a VPN in kernel space is a very bad idea. Not to mention I have confirmed that on Android the tunnel leaks ipv6 traffic if you're not careful and no, disabling ipv6 is not the solution. The userspace go implementation is much safer and I mean it. The userspace implementation almost never leaks ipv6 traffic. Not to mention Go is a much safer language than C
okay new update is in the attachments
changes: linux 4.14.156
upstreamed to oos open beta 6 (doesn't mean fixed fingerprint yet)
upstreamed wifi driver and audio driver to latest caf tag (LA.UM.8.1.r1-12200-sm8150.0)
yama is now at level 3
all upstream changes from kirisakura. except for wake gestures as lineagehw seems to already have those
oos users should disable smart boost from settings
okay new build is here
changelog:
linux 4.14.157
upstreamed sdfat driver
fixed a weird kernel panic that happened on anything other than oxygenos when the device was fast charging from a very low battery
anupritaisno1 said:
okay new build is here
changelog:
linux 4.14.157
upstreamed sdfat driver
fixed a weird kernel panic that happened on anything other than oxygenos when the device was fast charging from a very low battery
Click to expand...
Click to collapse
work on pa?
ryshd296 said:
work on pa?
Click to expand...
Click to collapse
Please test it and let me know
It should boot on any ROM that can enforce selinux
anupritaisno1 said:
Please test it and let me know
It should boot on any ROM that can enforce selinux
Click to expand...
Click to collapse
This sent me into an immediate Qualcomm crash dump upon booting on both stock OOS and Omni for OnePlus 7t global variant.
Previous releases as well, not just the newer release.
scott.hart.bti said:
This sent me into an immediate Qualcomm crash dump upon booting on both stock OOS and Omni for OnePlus 7t global variant.
Previous releases as well, not just the newer release.
Click to expand...
Click to collapse
Please duplicate the crashdump message exactly
Especially send the "PC at" line and the error message if present
If the error message is blank please mention that it is
If you get a PC at __cfi_check_fail message please mention this
@scott.hart.bti still waiting for your response
Please send the crash log if possible
Do i need ma
gisk companion for this?
psychemisha said:
Do i need ma
gisk companion for this?
Click to expand...
Click to collapse
No you don't
However somewhere around ob4 maintaining compatibility with oxygenos became next to impossible without breaking custom ROMs
I think most users are still on OOS. If not I can just release builds for custom ROMs
Costum plz
is the development stopped?
Hello, I've rooted my device, but I can't set onto magisk setenforce=0... what can I do in order to have a permissive linux? It looks like this issue is present on all samsung devices...
robi101012981 said:
Hello, I've rooted my device, but I can't set onto magisk setenforce=0... what can I do in order to have a permissive linux? It looks like this issue is present on all samsung devices...
Click to expand...
Click to collapse
Have you tried this app:
[APP][TOOL][2.0+][OFFICIAL]The SELinux Switch
The SELinux Switch . What's The SELinux Switch & What Makes It Different from The SELinux Toggler? I'll outline this in brief since it would take too much time and space in explaining everything in detail. Primarily, The SELinux Switch was...
forum.xda-developers.com
It_ler said:
Have you tried this app:
[APP][TOOL][2.0+][OFFICIAL]The SELinux Switch
The SELinux Switch . What's The SELinux Switch & What Makes It Different from The SELinux Toggler? I'll outline this in brief since it would take too much time and space in explaining everything in detail. Primarily, The SELinux Switch was...
forum.xda-developers.com
Click to expand...
Click to collapse
Solve it by flashing a custom kernel that allows SELinux to be Permissive.
robi101012981 said:
Solve it by flashing a custom kernel that allows SELinux to be Permissive.
Click to expand...
Click to collapse
Hi I'm using a Samsung Galaxy A03s, android 12
please what Kernel could I use to get selinux permissive
I'm on Samsung a127f using custom ROM CrDroid 9.2 but still setenforce 0 doesn't seem to work. Selinux mode changer doesn't work also. Any help on how to switch selinux to permissive would be greatly appreciated