Wakelock+Alarm _Blocker & DozeEditor patch: Official2017 CM14(Lineage), CM13/12/11 - Android Software/Hacking General [Developers Only]

Wakelock+Alarm _Blocker & DozeEditor patch: Official2017 CM14(Lineage), CM13/12/11
Wakelock Blocker for Official 2016, Nightly CM11
All thanks to
@faust93 : BASE.diff http://review.cyanogenmod.org/#/c/109898/ SETTINGS.diff http://review.cyanogenmod.org/#/c/109897/ (official rejections for CM12)
@scott.hart.bti (Beanstalk_base) @Cristiano Matos (crDroid_settings) for Github sources.
If you fell donate then it should be to @maxwen, which seems to be the real ghost creator of wakelockblocker (Nov 2013) https://github.com/scotthartbti/and...mmit/2022015c1d7890873c54e7290ec0ca1391c6dc50
While mixing all this (cherry-picked from github) together, I finally succeed a 2x patch diff
to implement a working Wakelock Blocker in cm-11-2016xxx-NIGHTLY under Parameter/Performance/System.
I check the efficiency OK, on LGp880 & ASUStf700t with @chamonix' BetterBatteryStats.
The base diff includes inverted broken xposed & SELinuxModeChanger from zygote d8130142.diff http://review.cyanogenmod.org/#/c/118800/
There were 19 devices + 27 samsung on official 2016 KK nightly run, I hope some will patch theses 2 diff WITH 100% compatible:
- mar-V-in fake signature for nogapp microG https://github.com/microg/android_p...r/patches/android_frameworks_base-KK-LP.patch
That edition will keep same CVE as the official one and will stay untouched apart +3 above.
If you are baking a KK cm11-based rom , it should also be compatible. You tell me.

Lineage14.1 CM13 & CM12 patches 2017
CM12.1 2016 WakelockBlocker and microG : post12 / attached .diff
*(Omni's double patch microG option-able on/off re-hunked for CM12.1.1 : post14 / attached .diff)
CM13 2017 Wakelock+Alarm _Blocker and microG : post19 / 1&2) attached .diff
CM14 DozeSettingsEditor : post19 / 3) attached .diff
Caution & Warnings*
Caution: blocking critical wakelocks can lead to bootloop; so always proceed full backup from recovery before unknown tries.
Also, be aware that if you over-flash original cm (without WakelockBlockers), your rom will work as new ota (without bootloops); but if you flash again modified cm with WakelockBlockers, you will find back your precedent settings on ticked wakelocks.
Warnings: before sharing logs with other, ensure that your log does not include some personal data under blocked wakelocks' description; ex: xxx @ gmail.com ...
Code:
packages/apps/Settings/src/com/android/settings/applications/WakeLockBlocker.java
...Log.d("maxwen", pm.getSeenWakeLocks());
(nota: there are no analytics or any network exchanges on your blocked wakelock list; conversely WakelockBlocker can definitively help to stop such intrusive behaviours.)

wip
How does it work
How to 2x your battery
The equation is simple 2xbattery=50%=20%a+20%b+10%c:
a) 20% thank to @MaR-V-iN for microG project ie nogapps
Not only the multiple google packages are pinging together, but the worse is the auto-updating ghost process (which sometimes leads in automatic battery drain due to obligatory “linux-reboot-post-validation-like").
Also, the use of your personal data stay unclear.
Thanks to @Bonoboo there are >100 gapp_pkg in MM
With original KK (3years ago) it was >60 gapp_pkg.
Of course microG won’t bring you all the fancy and amazing usages, but it should cover all your basic exigencies with privacy.
b) 20% thank to CyanogenMod’superuser (root)
DATA/LOCAL/userinit.sh (persistent to ota):
rm /dev/log/*;
rm /data/tombstones/*;
sysctl -w vm.dirty_writeback_centisecs=2000;
sysctl -w vm.dirty_expire_centisecs=1000;
Then using Greenify + f-droid : Adaway Autostarts FasterGPS will finalize an equivalent snappy ‘interactive’ on a ‘conservative’ frugal mode (cpu scaling_governor).
c)10% miscellaneous tips
SETTINGS/WIFI/MENU/ADVANCED: switch always to never
LAUNCHER : Smart Launcher (for phones) or craziest TinyLaunch from @arpruss (for tablet)
PRIVATE BROWSING : internal cm-made
FAST BROWSING 3G : Uc browser mini
GENERAL BROWSING wifi : Dolphin + Jetpack + Companion (Jetpack will supply missing Lollipop’s live webview on KK & Companion will bring WOT and trigger to reduce freeze) with option ‘open in new Tab’ to avoid excessive back-reload pages.
Try to avoid DLNA activity in background and track, with BetterBatteryStats, unnecessary wakelocks (once done you can greenify or disable it).
For more security, cm11 is fully compatible with these xposed modules: AppSettings, DirectApkInstall, Greenify, LightningWall, XposedMediaScanner and XposedRecentTasksRAM.
What's next
Once upgraded with these 2 transparency in-core modifications: microG & WakelockBlocker, privacy setup, on cm11, is OK.
Thanks to @noname81 no one is missing pie to use a phone/tablet easily: LMT Launcher (it’s funny to see many OEM copying Huawei for the mini-screen and they will discover pie...).
But a fundamental functionality is still missing for all ROMs: a basic sound mix table per apk. I can’t believe that Google Inc. did not make that already, (they must wait for a world marketing hit).
In simple words: play music or phone with relatives while watching TV or youtube… (for real!). I guess, once again, it’s question to DRM’s duty (you watch => you listen). Maybe, one day VLC will catch this in an all-in-one solution.
Does java, using stream.hasvideo Boolean attribute, in the right place, can dress a list to duck or mute /apk ?
This is the thread’s poll, since AppSettings is too far from the android core ?

If you want to get first similar rom, without unofficial build, you can follow these instructions (custom recovery is strongly recommended!):
Check whole thread http://forum.xda-developers.com/xposed/xposed-android-4-4-4-t3249895/page12 to reverse zygote(2015 Nov 8);
download Xposed version >=2.6.1. via the in-app updater or from http://dl.xposed.info/latest.apk and
http://forum.xda-developers.com/xposed/xposed-installer-versions-changelog-t2714053
Once you install/reboot the framework you should get a green 58/54 for xposed/framework.
For wakelock control, use @t2k269
http://repo.xposed.info/module/org.t2k269.perapphacking
If you block to many things and face bootloop just proceed (with caution!) :
reboot in recovery go to twrp menu/advanced/file manager /data/app and select org.t2k269.perapphacking__.apk for delete then once reboot successful finishes, re-install perapphacking and uncheck your last moves.
For @MaR-V-iN microG, use
https://github.com/thermatk/FakeGApps/releases
and enjoy FLOSS atmosphere:
http://forum.xda-developers.com/android/apps-games/app-microg-gmscore-floss-play-services-t3217616
http://forum.xda-developers.com/showthread.php?t=1715375
If you find this useful, then flash :
MapsApi https://github.com/mar-v-in/MapsAPI/releases/download/v0.5/mapsapi.flashable.zip
Freecygn http://forum.xda-developers.com/showthread.php?t=2550769
Be sure to respect modular CyanogenMod’ “alternativity”, and to understand http://www.xda-developers.com/remove-the-google-from-cyanogenmod-with-freecygn/

My patches for CM11:
1) Add fake sign functionality (from OmniROM)
2) Add Wakelock Blocker (from this thread)

Dalvik still alive: cm-11-20160612-NIGHTLY
remittor said:
My patches for CM11:
1) Add fake sign functionality (from OmniROM)
2) Add Wakelock Blocker (from this thread)
Click to expand...
Click to collapse
Cool...
For end users, I will be glad, if some can report a checked OK with BetterBatteryStats_2.1.0.0 (/partial wakelock) or Wakekock Detector(/cpu wakelock) with their device_name, in this thread.
Thanks in advance, and re-joy your battery & privacy.

oF2pks said:
There are >550 gapp_pkg in MM
With original KK (3years ago) it was >60 gapp_pkg.
Click to expand...
Click to collapse
Just a note: it's not correct to count lines in my script for deleting gapps.
It contain a lot duplicates that cover different names / locations of APK's. Plus .odex and .lib files.
In nature there are ~100 real apps from Google, checked by parsing script.

Correction updated
Bonoboo said:
In nature there are ~100 real apps from Google, checked by parsing script.
Click to expand...
Click to collapse
Post' quote updated to 100 for MM; many thanks for that evaluation. Your work help many people moving to microG.
btw: it would be amazing to automate adDetector on Google packages; actually system webview is exception to the rule: no noisy addons or permissions.

2015-3636 Pingpong root
If VTS return:
2015-3636 Pingpong root
https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326
grab this
Code:
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index 39b403f..46f8f3f 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -138,6 +138,7 @@ static void ping_v4_unhash(struct sock *sk)
if (sk_hashed(sk)) {
write_lock_bh(&ping_table.lock);
hlist_nulls_del(&sk->sk_nulls_node);
+ sk_nulls_node_init(&sk->sk_nulls_node);
sock_put(sk);
isk->inet_num = isk->inet_sport = 0;
sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
Source github
Tested-by: Linus Torvalds <[email protected]>
Reported-by: Wen Xu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Nota: for 2014-3153 Futex looks to be hand-made/device; for 2013-6282 Aurora PM me for it(T<->TUSER).

Common Vulnerability and Exposures (CVE) June 2016 CM11
Except the misses related to old kernels (<3.4), like 3.1.10; ALL Nexus Security Bulletins are included in latest nightly 2016-06-12.
For cve-2015-6616, since KK doesn't have decoder/ih264d_parse_headers.c, vts returns red for ANDROID-24157524 Critical 6.0 only Sep 08, 2015:
https://github.com/AndroidVTS/android-vts/issues/129
https://android.googlesource.com/platform/external/libavc/+/2ee0c1bced131ffb06d1b430b08a202cd3a52005
All other CVE-2015-6616 related bugs are patched
ANDROID-24630158 Critical 6.0 and below Google Internal
ANDROID-23882800 Critical 6.0 and below Google Internal
ANDROID-17769851 Critical 5.1 and below Google Internal
ANDROID-24441553 Critical 6.0 and below Sep 22, 2015
Many thanks to CM11' team: security with 'alternativity'....

Caution & Warnings
Caution: blocking critical wakelocks can lead to bootloop; so always proceed full backup from recovery before unknown tries.
Also, be aware that if you over-flash original cm (without WakelockBlockers), your rom will work as new ota (without bootloops); but if you flash again modified cm with WakelockBlockers, you will find back your precedent settings on ticked wakelocks.
Warnings: before sharing logs with other, ensure that your log does not include some personal data under blocked wakelocks' description; ex: xxx @ gmail.com ...
(nota: there are no analytics or any network exchanges on your blocked wakelock list; conversely WakelockBlocker can definitively help to stop such intrusive behaviours.)

CM12.1 20160710 bandwagon WakelockBlocker and microG
Attached are base.diff & settings.diff re-hunked lifted WakelockBlocker' patches for latest cm12; source:
http://review.cyanogenmod.org/#/c/109898/
http://review.cyanogenmod.org/#/c/109897/
When home-building cm12-20160710 you will probably need:
-- media/libstagefright/data/media_codecs_ffmpeg.xml
-m kernel/timeconst.pl
-- /prebuilts/gcc/linux-x86/arm/arm-eabi-4.7 symlink to arm-eabi-4.8.
I check OK mar-V-in fake signature for nogapp microG: single patch https://github.com/microg/android_p...r/patches/android_frameworks_base-KK-LP.patch
Once patched, run make update-api (following the CM's quail first build) and re-build: check attached re-hunked gitdiffHEAD_frameworks_baseCURRENTXmicroG.txt.
Hope @MaR-V-iN and @faust93 won't see offence.
WakelockBlocker's option is located in Developer Options before Process Stats.
Nota: will upload soon Omni's double patch microG option-able re-hunked for CM12.

WakelockBlocker and FakeSing patches for CM12.1
Link: https://github.com/jsr-d10/android_device_jsr_d10f/commits/cm-12.1/patches (see commits for 2016-06-12)

Omni's double patch microG option-able on/off re-hunked for CM12.1.1
CM12.1 is moving to CM12.1.1 : https://www.cmxlog.com/12.1/grouper/ (with changes to PackageManagerService.java : https://review.cyanogenmod.org/#/c/155579)
Attached are microG option-able re-hunked for CM12.1.1 (from Omnirom)
Option on/off is under Developer_options
Single original patch : https://github.com/microg/android_p...r/patches/android_frameworks_base-KK-LP.patch
Hope @MaR-V-iN won't see offence.
Nota: check post 13 for included Russian strings.

CM13 WakelockBlocker and microG 2016/2017
Attached are base.diff & settings.diff re-hunked lifted WakelockBlocker' patches for latest cm13; source:
base/bs6 : https://github.com/scotthartbti/and...mmit/5fb687ae0940a12c8f7c9e457b6d5f12f028736b
settings/cm12 : http://review.cyanogenmod.org/#/c/109897/
MaR-V-iN' fake signature for nogapp microG: single patch https://github.com/microg/android_p...aster/patches/android_frameworks_base-M.patch

Any love planned for nougat?

HaoZeke said:
Any love planned for nougat?
Click to expand...
Click to collapse
Remember that on KK, all the app were triggering wakelocks , so it was very useful to "break" intrusive or non-frugal ones with WakelockBlocker.
On LP, only very aggressive app are intrusive (like UCbrowser or GoogleNews&Weather)
On MM&N with doze (& Greenify), WakelockBlocker is almost useless but can still prevent intrusions or infections.
So actually on Nougat(, even if this add-on gives informative true list of all wakelocks triggered once), this didn't show up yet, but Beanstalk has always been favourite for mods...

CM13 2017 cve patches
Thx to @Sultanxda you can grab cm13 cve patches : https://github.com/sultanxda/patcher/tree/stable/cm-13.0-oneplus3/ZNH5Y/security
HaoZeke said:
Any love planned for nougat?
Click to expand...
Click to collapse
I don't have nougat on my devices, but the "hardest" seems already done:
https://github.com/crdroidandroid/a...android/server/power/PowerManagerService.java
https://github.com/ResurrectionRemi...android/server/power/PowerManagerService.java

CM13 Wakelock+Alarm _Blocker and microG 2017 / CM14 DozeSettingsEditor
For latest cm13, attached are base.diff & settings.diff re-hunked lifted Wakelock+Alarm _Blocker' patches, with MicroG, from
BASE :
Wakelock : https://github.com/scotthartbti/and...mmit/5fb687ae0940a12c8f7c9e457b6d5f12f028736b
Alarm https://github.com/ResurrectionRemi...mmit/0ed31d619a0ed418ba129039f65de6487e45bfc5
SETTINGS :
Wakelock https://github.com/ResurrectionRemi...mmit/6d4080e7b3477adae21c7181f0801f544cfef7de
Alarm https://github.com/ResurrectionRemi...mmit/7109caa4848f99d5a7daadad66158bd4c83da3e3
MaR-V-iN' fake signature for nogapp microG: single patch https://github.com/microg/android_p...aster/patches/android_frameworks_base-M.patch
For CM14.1 attached is settings.diff re-hunked lifted DozeSettingsEditor, from https://github.com/omnirom/android_...mmit/6206ccdfa4aee098713dd0b999f3e42b327278f2
(base.diff & settings.diff re-hunked lifted Wakelock+Alarm _Blocker' patches, with MicroG, for latest cm14.1 are coming soon with light modification for Nougat new metric logger.)

thank you for support xz1 community
do this rom included the wakelock blocker ? or i have to install zip patch

Related

[ROM] [UB] Updated February 9, Jaguar Amami LP5.1.1 Hardened Official HyperTool 5.4

This is the Official Jaguar rom for Amami, which is based on AOSP with some flavors from Slim and Dirtyunicorn. The main difference from other roms is the emphasis on security and multiple features. With that in mind , let's see what Jaguar has to offer:
1. Hardened Kernel, modified M5 built with UBERTC 6.0; hardened rom built with HYPERTOOL 5.4
2. All ciphers enabled in kernel instead of just a few
3. Hardened/Fortified Bionic and Libs
4. Fstack protection strong to resist buffer overflows
5. Many System apps and processes are made read-only, to reduce elevation of privilege
6. Selinux replaced with Tomoyo Security, Yam security
7. Disc encryption, keymaster to 256 bit AES instead of 128
8. Latest TWRP with working brightness and ability to decrypt Data
9. Random number generation mixed hardware/software, as recommended by Linus Torwalds
10. Options to randomize host on every boot
11. Option to have a separate password for lock screen and boot
12. Qualcomm's Time Services disabled due to leaking on early boot (set time to automatic to get it from your carrier). Forget it. The rom now includes Sony TimeKeep that sets the time locally
13. WIFI Background Scanning disabled to prevent leaking
14. Internet disabled for both WIFI and Data until Afwall is set and activiated (Afwall included in download, install as regular app)
15. The phone is VOLTE ready and you have all network options available in Cell menu (not just LTE/WCDMA/GSM)
16. GRsecurity features, such as Sidechannel implemented
17. Some Pax Security Features
18. Option to deny USB connection: denied always; denied when locked; and allowed always
19. Hardened webview with Google and other "interesting" IPs removed
20. Prevention of bruteforcing screen pin: the phone will reboot upon 3 unsuccessful attempts
21. Perfect_Event_Paranoid ported from Grsecurity: now third party apps can't use other apps including system to elevate privileges
22. Camera hardware button works to focus, take pictures and start video recording
23. Option to disable writing to Tombstones (a lot of private info is dumped there if there is a crash)
24. Option to disable continuing writing of logcat
25. Option to disable device cameras: back; front, both or none
26. Always latest Google Security Patches
27. Always latest Code Aurora Security Patches
28. Changes ported directly from Google Android Gerrit, so most of those in MM and even N are in this rom
29. About 80% of kernel changes are ported into Jaguar kernel from 3.10 and 3.18 (not Sony AOSP 3.10 that has Down Syndrome, but Linux/Google/Code Aurora one)
30. Rom is odexed to significantly increase boot speed (under 30 seconds) and application start
31. Many more security features ported from Linux and Copperhead OS
32. Dns Crypt: a feature allowing to choose among many Dns providers (all encrypted)
33. Seccomp: secure computing enabled in kernel
Other features include: Layers Theme Engine; Native Call Recording with interface integrated in Dialer with no restrictions; Privacy Guard; Native Wakelock Blocker; Native Black List; Global Menu; Slim Recents; Traffic Indicators; Advanced Reboot; Slim Pie; CPU Info on Screen; Ram Bar in Recents; Supersu included and integrated in Settings; True Offline Charging with Screen Off; Kernel Adiutor included (unzip and install as a normal app) and integrated in Settings; FM Radio and Recording plus more
Things users need to know to have smooth experience:. These are not bugs, but rather an explanation of some features
1. If you want to do data encryption, keep in mind that unlike Android, Jaguar uses 256 bit encryption. If you were encrypted on other roms, you won't be able to decrypt. So, wipe encryption and then re-encrypt on Jaguar. Also, keep in mind that if you ever did factory reset on official TWRP 3+ for honami, your data partition is screwed and have to be resized to enable encryption. This has nothing to do with the rom, but rather with the official TWRP itself. Fastboot my unofficial TWRP 3.0.2, which, by the way has working brightness, as well as ability to decrypt and mount data
2. Jaguar contains a script running on early boot, which cuts the internet access to both WIFI and Data until Afwall is running. This is done to prevent leaking, as well as having all your internet traffic routed through some interesting number of servers, including this IP: 26.147.196.22. So, install Afwall and activate it, otherwise, no Internet for you
3. If your system language is different from English and you want to make changes in Phone/Cell Network settings, switch to English first, make the changes and then return to your language. The changes you made will hold. If you try to make the changes in your language, you will have com.android.phone crash. Localization takes time and is virtually impossible to implement in Jaguar, which is a one-person-rom
4. TimeKeep is ported from MM/N. Now time is set locally without the Internet or GSM signal. You need to set it once only and then TimeKeep will keep it current on each reboot, even if Airplane mode.
5. GAPPS: in order to escape f/c, you need to flash GAPPS right after the rom without reboot. If you reboot, you will have problems.
6. If you came from Kitkat directly to a custom LP (without having stock LP at least once), you might experience problems with hardware: gps/wifi irregularites. This applies to any custom rom above Kitkat. To remedy this, flash unmodified Sony stock LP 5.1.1, boot the phone and let it settle. Then you can reboot into fastboot and flash TWRP recovery. Then you can flash Jaguar
Download: All updates and change logs are in Post #3 now
Instructions:
1. You must have flashed and booted stock LP 5.1.1 once to upgrade your hardware (see explanation above)
2 Have TWRP (fastboot my unofficial version), unlocked bootloader and root
3. In TWRP, wipe data/factory reset, then wipe System/Data/Cache/Dalvik
4. Flash the rom
5. If you use xposed, flash the latest installer (As of October 2016 no longer works due to multiple implementations from Nougat)
6. Reboot, install Afwall and Kernel Adiutor as normal apps; activate Afwall to have Internet
7. Enjoy the rom, say thank you, donate or do both
Warning: If your device and/or anyone in the immediate vicinity dies, don't blame me: it is all China and Russia's fault. :laugh:
Credit: CM, AOSP, Slimroms, DU, Copperhead OS, Myself5 (kernel)
UPDATED KERNEL SOURCE: https://forum.xda-developers.com/devdb/project/dl/?id=23107 . Don't flash. This is not kernel, but rather sources to compile kernel
Kernel Sources: https://github.com/AOSP-Argon/android_kernel_sony_msm8974
XDA:DevDB Information
Jaguar Amami LP 5.1.1 r37 Official, ROM for the Sony Xperia Z1 Compact
Contributors
optimumpro
ROM OS Version: 5.1.x Lollipop
ROM Kernel: Linux 3.4.x
ROM Firmware Required: Unlocked Bootloader
Based On: AOSP Slim DirtyUnicorn
Version Information
Status: Stable
Created 2016-06-11
Last Updated 2017-02-09
I broke my Z1 screen again and I am not in the mood for after market screens. And I am sick and tired of Sony crappy treatment of development community.
I am now looking at Lenovo Zuk Z2 or Z2 pro. Both excellent phones with the latest CPU and made out of metal and glass by Motorola which they bought from Google a couple of years ago. Zuk is friendly to developers and their blobs don't dumb down camera and they don't seek to "unify" bugs for all their devices. I no longer wish to support a fat bastard corporation that can't make a good phone, but thinks that just by putting their logo on the phone would make it worth $700.
RE Jaguar. I will continue to maintain Jaguar mainly with security patches... for a while, but my main work will be concentrated on Zuk. There is a lot of work to be done cleaning Android N and implementing security and other features from Jaguar...
Some screenshots: http://forum.xda-developers.com/showpost.php?p=62560391&postcount=2
February 9. New release:
1. February Security patches
2. DNS_Crypt (in settings/security)
3. Seccomp (secure computing implemented in kernel)
4. Open Source Superuser integrated
5. Silent SMS notification enabled
6. 1440p profile in camcorder added
7. Sony TimeKeep: now time is set locally without the Internet or GSM signal (you need to set it right the first time only)
8. Updated TWRP that now works with TimeKeep
If you enable Dnscrypt and you use Afwall, allow internet for apps running as root...
If you prefer closed source Supersu, just flash the zip...
Download Rom: https://forum.xda-developers.com/devdb/project/dl/?id=23073
Download TWRP: https://forum.xda-developers.com/devdb/project/dl/?id=23070
______________________________________________________
January 12: Updated release that includes a fully working NFC-HCE for Android Pay. It may be possible to bypass Safety Net by deleting Superuser or Supersu with su binary, as Lollipop doesn't have dm verity. Although, if the check includes bootloader status, you may be out of luck.
You may flash dirty on top of the previous Jaguar release.
Download: https://forum.xda-developers.com/devdb/project/dl/?id=22567
_________________________________________________________________
January 6: New release with January security patches from Google and Code Aurora. Also, qcom time service is back.
Download: https://forum.xda-developers.com/devdb/project/dl/?id=22449
You can flash on top of the previous release. Otherwise, read the OP (fresh install).
____________________________________________________________________________________
December 10. Rom updated to include:
1. December security patches
2. Signature spoofing (like in Omniroms)
3. USSD fixed (maybe)
Download: http://forum.xda-developers.com/devdb/project/dl/?id=22005
__________________________________________________________________________________
November 11. Rom updated to include November Security Patches. I have also removed Supersu, as there is a built-in root manager and quite a few people no longer trust the Chinese owned Supersu.
Download: http://forum.xda-developers.com/devdb/project/dl/?id=21448
________________________________________________________________________________
October 5. New release:
1. Kernel overclocked to 2803: experimental, I have used it for 10 days on Z1 without problems
2. October security patches from Google and Code Aurora
3. Over 80 commits from Google Master Gerrit which included changes to bionic, art, frameworks and system
4. Updated Afwall
5. Maybe more
This rom is now about 40% Nougat. One of the side effects: Xposed framework no longer works, but getting rid of it and instead using Privacy Guard is almost as good. Don't forget, Xposed is an exploit, which provides hooks for good and bad things.
Rom Download: http://forum.xda-developers.com/devdb/project/dl/?id=20791
Afwall/Kernel Adiutor Download: http://forum.xda-developers.com/devdb/project/dl/?id=20790
You can flash dirty if on a previous release
_________________________________________________________________________________
September 8. Rom updated to include:
1. September Google security patches
2. Latest Code Aurora patches https://www.codeaurora.org/projects/security-advisories
3. MPdecision is permanently disabled due to interfering with other hotplug and CPU frequencies. Default is MSMdecision, but you can pick several others in Kernel Adiutor
4. CPU overclock and underclock removed: no benefit whatsoever
5. More hardening ported from 3.18 kernel: https://android-review.googlesource.com/#/q/hardened,25 You won't find those on any rom custom or stock. This is from 3.18 kernel and it has nothing to do with Sony
6. About 70-80 commits from Android Master Branch. Folks. This is no longer a lollipop rom
7. PXN security feature implemented, which takes advantage of special instructions on ARMv7 to prevent unprivileged execution. See here: https://android-review.googlesource.com/#/c/265892/
8. Further integration of VOLTE
9. Kernel Adiutor: author has decided to go with Mobile Ads/Adview/Adbanner. So these were removed...
10. Camera: improvements to camera wrapper (missing entries), as well as some modifications in /frameworks/av/camera, so, you have a sharper picture. See photo attached, although, XDA reduces pictures... . This was taken with Open Camera.
Maybe more...
WARNING: you need to do one thing after flashing the rom: flash the latest stock baseband. BASEBAND ONLY. If you don't, you will only have LTE: no H+/H/2G. This is a one-time procedure and is due to Volte implementation. You have been warned. First flash the rom, then reboot, then flash the latest baseband. I don't want to hear cries: where is my 3G!
Download Rom: http://forum.xda-developers.com/devdb/project/dl/?id=20290
Download Afwall/Kernel Adiutor:http://forum.xda-developers.com/devdb/project/dl/?id=20288
You may flash dirty if on a previous release. Otherwise, clean flash...
So far so good but I noticed some bugs which come from CM trees - The scrolling is laggy (this fixed it http://review.cyanogenmod.org/#/c/109956/ ) screen is flickering with low brightness ( I made a fix but looks like I'm not able to complete it https://review.cyanogenmod.org/#/c/106545/ ) and WiFi Mac is wrong (starts with 00:00 and I think this commit fixed it https://review.cyanogenmod.org/#/c/117270/ ) Otherwise great ROM and thanks for the work!
optimumpro said:
This is Official Jaguar Rom LP 5.1.1 r37 which enjoyed over 4000 downloads at Xperia Z1 thread. Jaguar is the only LP rom that is being actively developed and maintained, which means latest sources including June security patches...
Important Disclaimer: I don't have Z1 compact, so, although unlikely, you may have non boot issues. So, back up your prior rom and don't complain, as for the purposes of Z1 compact, this is an experimental build...
As you all know, MM is still in bad alpha state, not to mention horrible camera and it will NOT get any better for many reasons such as: idiotic switching to AOSP (instead of CM) trees; and CM abandoning AOSP in favor of its own closed source OS. Pure AOSP has NEVER had a stable Z1 rom for any version of Android be it MM, LP, Kitkat or even Jeallybean. So, forget about MM. It is bad and isn't getting better.
Click to expand...
Click to collapse
Thanks for the rom, I look forward to trying it out. I must say, though, that we have seen at least a couple of AOSP/AOSP-based ROMs for our device that are developing nicely - fully functional and with good cameras. See DU by @SpiritCroc, and AOSP by @freexperia.
However, as far as CM goes, you're quite right. Several nice ROMs, but little camera progress.
Syssx said:
So far so good but I noticed some bugs which come from CM trees - The scrolling is laggy (this fixed it http://review.cyanogenmod.org/#/c/109956/ ) screen is flickering with low brightness ( I made a fix but looks like I'm not able to complete it https://review.cyanogenmod.org/#/c/106545/ ) and WiFi Mac is wrong (starts with 00:00 and I think this commit fixed it https://review.cyanogenmod.org/#/c/117270/ ) Otherwise great ROM and thanks for the work!
Click to expand...
Click to collapse
In Kernel Adiutor use Ondemandplus, multicore power saving disabled. Set timer_rate at 33000. Don't use mpdecision, instead use Msmpdecision hotplug with idle frequency set at 1497. Use intelithermal. You will also have cpu and gpu overclocked to 2457 and 600 respectively. Also voltage changing is in kernel. Screen flickering does not exist on Z1. I will look into it...
Edit: those old commits were in from the beginning...
12. Mandatory use of Afwall (no internet unless Afwall is activated)
Click to expand...
Click to collapse
Afwall+ has never worked right for me. It actually blocked some apps explicitly whitelisted, and some blacklisted apps would still go through it. I know OP is not to blame about this, but making it mandatory is a big "no" for me.
optimumpro said:
In Kernel Adiutor use Ondemandplus, multicore power saving disabled. Set timer_rate at 33000. Don't use mpdecision, instead use Msmpdecision hotplug with idle frequency set at 1497. Use intelithermal. You will also have cpu and gpu overclocked to 2457 and 600 respectively. Also voltage changing is in kernel. Screen flickering does not exist on Z1. I will look into it...
Edit: those old commits were in from the beginning...
Click to expand...
Click to collapse
Flickering occurs while Adaptive Brightness is on and when Brightness slider is on minimum value. Screen (and or backlight) just starts to flicker.
What gapps should I use fro this rom?
I tried opengapps but they make AOSP keyboard crash. (clean install)
Syssx said:
Flickering occurs while Adaptive Brightness is on and when Brightness slider is on minimum value. Screen (and or backlight) just starts to flicker.
Click to expand...
Click to collapse
Disable ambient display: it is broken on lp and wastes battery.
leonmorlando said:
Afwall+ has never worked right for me. It actually blocked some apps explicitly whitelisted, and some blacklisted apps would still go through it. I know OP is not to blame about this, but making it mandatory is a big "no" for me.
Click to expand...
Click to collapse
You need to use built in binaries for iptables and busybox (prefrences/binaries), as Google iptables are modified to allow certain traffic. Afwall is good in preventing all kinds of leaks, but it can't do anything until it runs and it does not run on boot. So, this rom has a script on early init that cuts the internet until the firewall starts. Without it all your internet traffic is routed through an ip like this one: 26.147.196.122.
Cant install Afwall+KernelAuditori.zip md5 failed
is it the reason why I cant use the internet via WLAN or Mobile Data? Because someone has written that a script block all internet traffic till AFWall is started?
com.android.phone FC when I try to set up some mobile settings by long holding the mobile strengh indikator
Edit: com.android.phone FC only in german language and not in english language
Thanks
AlexandreVegetaroux said:
Cant install Afwall+KernelAuditori.zip md5 failed
is it the reason why I cant use the internet via WLAN or Mobile Data? Because someone has written that a script block all internet traffic till AFWall is started?
com.android.phone FC when I try to set up some mobile settings by long holding the mobile strengh indikator
Edit: com.android.phone FC only in german language and not in english language
Thanks
Click to expand...
Click to collapse
You don't flash Kernel Adiutor and Afwall: unzip the file and install as normal apps, as it says in the OP.
With regard to phone FC, change the language to English, set whatever you need and then switch back to German...
Edit: this rom is not based on CM, which only recently implemented localizations/translations. My rom and development is a one person thing, so, it is not possible for me to do all localizations. However, as described above, you can set whatever you want in English and then switch back to your language: the settings will hold
optimumpro said:
Disable ambient display: it is broken on lp and wastes battery.
Click to expand...
Click to collapse
Man I dont think you got me right. The brightness values of CM sources are too low for Z1C (they are using stock ones and not sony ones) - this file is missing from sources with propper settings https://github.com/sonyxperiadev/de...rameworks/base/core/res/res/values/config.xml
//edit// so ive found that the values are here: https://github.com/CyanogenMod/andr...rameworks/base/core/res/res/values/config.xml and as you can see CM uses lowest value of "20" and SONY AOSP sources use "32" ( <item>32</item> <!-- 64 --> from their source)
no internet
no internet conection with this rom.what is wrong?
Syssx said:
Man I dont think you got me right. The brightness values of CM sources are too low for Z1C (they are using stock ones and not sony ones) - this file is missing from sources with propper settings https://github.com/sonyxperiadev/de...rameworks/base/core/res/res/values/config.xml
//edit// so ive found that the values are here: https://github.com/CyanogenMod/andr...rameworks/base/core/res/res/values/config.xml and as you can see CM uses lowest value of "20" and SONY AOSP sources use "32" ( <item>32</item> <!-- 64 --> from their source)
Click to expand...
Click to collapse
This rom has exactly the same value as in Sony that you linked: 10, 32, 64... . . Is there a reason CM abandoned that commit that had 13 instead of 10? But anyway, whatever the values are, don't set brightness to the extreme low and you won't have any flickering...
bubaliana said:
no internet conection with this rom.what is wrong?
Click to expand...
Click to collapse
You have to read the OP: Install afwall and kernel adiutor as normal apps (they are linked in the OP), set/activate Afwall and you will have the internet...
optimumpro said:
You need to use built in binaries for iptables and busybox (prefrences/binaries), as Google iptables are modified to allow certain traffic. Afwall is good in preventing all kinds of leaks, but it can't do anything until it runs and it does not run on boot. So, this rom has a script on early init that cuts the internet until the firewall starts. Without it all your internet traffic is routed through an ip like this one: 26.147.196.122.
Click to expand...
Click to collapse
you mean we need to follow these instructions http://forum.xda-developers.com/showpost.php?p=62560397&postcount=3?
BTW great rom,thanks for bringing it to Z1C section also:good:
broky said:
you mean we need to follow these instructions http://forum.xda-developers.com/showpost.php?p=62560397&postcount=3?
BTW great rom,thanks for bringing it to Z1C section also:good:
Click to expand...
Click to collapse
No. Since that I have integrated the changes in the rom. Right now all you need to do is to install and activate Afwall. It is simple: no afwall, no internet. Yes activated afwall - yes internet.
optimumpro said:
You have to read the OP: Install afwall and kernel adiutor as normal apps (they are linked in the OP), set/activate Afwall and you will have the internet...
Click to expand...
Click to collapse
Thank you for help.

[ROM] CM11 3+ *Nightly Kernel with CVE-2015 cleared & *Xposed RE-FIX

(All-in-one ROM download: https://www.androidfilehost.com/?w=files&flid=80727) check post#3
Kernel for 2016 Nightly CyanogenMod 11 only;
Attached is unchanged_kernel build from cm-11-20160612-NYGHTLY unofficial 'BootBlob_patched'.zip for VTS and kernel' CVE2015 misses:
2015-3636 Pingpong root
https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326
2014-3153 Futex
https://git.kernel.org/cgit/linux/k.../?id=e9c243a5a6de0be8e584c604d353412584b592f8
2013-6282 -vroot (Aurora)
https://us.codeaurora.org/cgit/quic.../?id=76565e3d786bed66f247c682bd9f591098522483
https://github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04
Also included is Perl' warning for kernel/timeconst.pl 373 !defined(@val): http://review.cyanogenmod.org/#/c/104105/
I tried it OK with Google or microG; once flashed via recovery, your kernel version will move to: 3.1.10-c_-_f-dirty
Please, if you know other CVE (kernel related only!) for 2016, can you post them here? I will look after it.
CAUTION:
Always proceed recovery backup first (boot only checked for kernel' restore).
Check: http://forum.xda-developers.com/transformer-tf300t/help/guide-t2854495
Prim-original credits:
https://github.com/CyanogenMod/android_device_asus_tf700t/blob/cm-10.1/CREDITS
My sources:
http://forum.xda-developers.com/showpost.php?p=67367580&postcount=3346
CM11 Xposed RE-FIX for OFFICIAL nightly build
Attached is zip to flash under recovery for enabling Xposed back in official CM11:
http://review.cyanogenmod.org/#/c/118800/
system/bin/app_process
system/lib/libandroid_runtime.so.
Included, as example (to be replaced with custom), is Asus bootanimation from @kansasboy001:
http://forum.xda-developers.com/transformer-tf700/development/apps-t2864015
[ROM] New build: 20160815
CM11's bandwagon moves to 20160815 (August security upgrade).
You can use:
Battery friendly latest August' security 20160815 cm11 +3originals:
- mar-V-in fake signature for nogapp (android_frameworks_base-KK-LP.patch);
- inverted broken xposed & SELinuxModeChanger (http://review.cyanogenmod.org/#/c/118800/);
- wakelockblocker cherry-picked from crdoid 4.4.
You can flash it over cm-11...Official...zip and vice versa. (CM Updater)
Caution & Warnings
Caution: blocking critical wakelocks can lead to bootloop; so always proceed full backup from recovery before unknown tries.
Also, be aware that if you over-flash original cm (without WakelockBlockers), your rom will work as new ota (without bootloops); but if you flash again modified cm with WakelockBlockers, you will find back your precedent settings on ticked wakelocks.
Warnings: before sharing logs with other, ensure that your log does not include some personal data under blocked wakelocks' description; ex: xxx @ gmail.com ...
(nota: there are no analytics or any network exchanges on your blocked wakelock list; conversely WakelockBlocker can definitively help to stop such intrusive behaviours.)
Mod/sources: http://forum.xda-developers.com/and...kelock-blocker-official-2016-nightly-t3393825
Download: https://www.androidfilehost.com/?w=files&flid=80727
CM11 20160815 is up; check post above.

[Kernel][28.05.2023][4.14.315][A12][A13] Kirisakura 9.1.6 for Pixel 4/XL aka FLORAL

Kirisakura-Kernel for the Pixel 4 and Pixel 4 XL
Hello everyone,
After rising to the most popular kernel on the Pixel 3/XL forums, here is Kirisakura-Kernel for the Pixel 4 (FLAME) and Pixel 4 XL (CORAL), together FLORAL.
Kirisakura - Kernel is designed to bring a handful of beneficial features to the device, while ensuring excellent performance and smoothness to get you safely through the day!
The kernel aims to keep most of the subsystems updated, way ahead of the stock kernel, thereby improving security, stability and performance!
This includes Linux-Stable, CAF-Upstream, F2FS-Mainline and kernel/common.
If that got you curious,have a read about linux-stable and why it is important here. The stable-process is not the same for every subsystem, but the general idea, rule of thumb and benefits are applicable for other subsystems as well.
Main Features:
- Based on latest kernel sources from Google, Kernel is made for Android 13
- Linux-Stable-Upstream included to latest 4.14.315
- CAF-Upstream usually based on one of the latest tags for sm8150
- include all important fixes/improvements from kernel/common
- compiled with latest Clang 16.0.2 from Google prebuilts and built with -O3 optimizations
- F2FS implementation updated to latest state of kernel/common and kernel.org maintained by Jaegeuk Kim.
- devfreq backports from 5.4 (sd 888 qcom kernel base)
- Safety Net patches are included -> Kernel passes Safety Net (hardware attestation is not related to these kernel patches)
- Flashing the kernel will keep root!
- Tested to work on custom ROMs
- Flashable via EXKM and FKM on a rooted system!
- remove extensive Memory Management logging from Google
- removed nolog usage, remove rtb logging from the kernel
- remove selinux auditing from kernel for lower overhead
- remove IPC logging from the kernel
- introduce kmalloc reclaimable caches for improved memory management
- AnyKernel3 powered by @osm0sis (big thanks!)
EAS related features:
- CleanSlate options to dynamically control freq boosting and sched boosting of powerhal
- small improvements to tasks placement
- fixes from kernel/common to EAS
- improvements from Pixel 5
CPU related features:
- Power saving workingqueues enabled by default (toggleable in EXKM)
have a read here: https://lwn.net/Articles/731052/
this complements EAS in general
- Change various drivers (WLAN, MM, audio, charger, power, thermal, glink etc) to user power efficient workingqueues. This should work well in conjunction with EAS
- include cpuidle patches from CAF
- s2idle-flow improvements from mainline
- improve efficiency while music playback
- arm64: lse: Prefetch operands to speed up atomic operations
- improve camera launch time
File System related features:
- Include latest f2fs changes found on f2fs stable git
- Include rapid GC by @arter97 ( best thing is to read the commit description linked here. I compared GC on stock google f2fs, upstreamed f2fs and f2fs with rapid GC. Rapid GC is the most effective, followed by upstreamed f2fs.)
GPU related features:
- KCAL to control various RGB related display configs (RGB, Hue, Saturation etc -> accessible via CleanSlate Config App)
- add ability to reduce minimum brightness
- add high-brightness-mode (HBM)
- Update GPU driver to latest CAF state
- improve GPU performance (overall smoother experience)
- reduce power consumption when rendering static images
- enable of usage of SD855+ GPU frequencies as optional feature
UI/UX/Usability related features from CleanSlate:
- CleanSlate features made by @tbalden
- Adjust all CleanSlate features with the CleanSlate-Apps found in the CleanSlate-Thread (if you profit from the CleanSlate features make sure to buy the premium versions on Play-Store to support
@tbalden
- CleanSlate options that require permissive selinux in any way are not included, as they can be easily achieved otherwise on a rooted environment and this kernel is not intended to be used rootless (adblocking, props spoofing etc.)
- Flashlight Notification/Call blinking
- Vibrating Notification Reminder
- Sweep to Sleep touchscreen gesture - highly customizable
- DoubleTap on Sweep2Sleep's area gestures - new way to pull down android Notification Area
- Face down screen off - new gesture, e.g. conveniently use together with 'flip to shh' to turn screen off
Network related features:
- Wireguard Support (Details)
Memory related features:
- updated PSI monitor with latest changes
- improved mm with patches from latest mainline
- various other changes from mainline
- included zstd and lz0-rle as options for ZRAM-algorithm (lz4 is probably the best all around, so only change it if you know why and what you are doing)
- allow swappiness up to a value of 200
- Backport to enable CONFIG_HAVE_MOVE_PMD (see here)
- Backport to enable CONFIG_HAVE_MOVE_PUD (see here) (reverted for now as it breaks audio driver)
- improvements to ZRAM writeback (thanks @arter97 )
- disable per cgroup tracking via psi to reduce overhead
Security related features:
- CFI and LTO both kept intact and are used to keep additional security Google implemented for us!
- ThinLTO used as of 3.9.0
- Shadow Call Stack
Tuned PowerHal
- allow kernel to idle on lowest frequencies when no interaction is happening
- increase swappiness during periods without interaction to favor swapping memory, relax swappiness otherwise
- scheduler camera processes to the big cluster and prime core when faceunlock is used
- adjust powerhal behaviour when the camera is used
Misc Features:
TCP Congestion Algorithms:
- advanced algorithms enabled
- includes new bbr2
Wakelock Blocker:
- advanced wakelock blocker with the ability to block any wakelocks (dangerous, use with caution)
- please read [URL="https://arstechnica.com/gadgets/2018/08/p-is-for-power-how-google-tests-tracks-and-improves-android-battery-life/"]this for further info
Other features:
- disable logging to make the kernel more lightweight in various places (includes mm, vma, gpu, ipa etc)
- remove VLAs from the kernel (more info)
- add support for steam controller
- add support for nintendo switch controller
- merge upstream solution for PM/Wakeup driver, which reduces unnecessary logspam and also improves sleeping behaviour
- merge freezer v2 backport from google gerrit (required for developer option ""suspend execution for cached apps"")
Feature section for the "non visible" but perceptible improvements:
- updated binder section (responsible for interprocess communication)
- updated sdcardfs ; have a read about it here:
Requirements
- unlocked Bootloader
- USB-Debugging in developer options enabled
- latest adb and fastboot binaries
- working adb and fastboot environment
- working magisk environment
- latest stock rom (custom roms can have issue, several users reported success when rooted with magisk 24.3 instead of latest)
How to flash the Kernel:
1. Download the kernel.zip to your device
1a. While it may not be necessary all times when coming from another custom kernel: You may want to restore stock boot.img as well as stock dtbo.img, which can both be found in the factory image. If you´re on a custom rom, simply dirty flash your ROM. Reroot with magisk and optionally install twrp.zip (if existing). Before reporting issues make sure you do that! Thank you!
1b. If you used the SQLITE3 Magisk Module and the GPay Fix Magisk Module in the past look at this post: click me
You only need to do either 2a OR 2b
2a. If TWRP is available for this device and specific android version, boot to TWRP and flash my kernel.zip. Root will be preserved!
or
2b. Flash kernel zip in EX Kernel Manager or FKM app. Root will be preserved! If a kernel manager is not yet updated to work on a specific Android Version, you need to wait until it is updated or use another one.
4. Reboot and profit!
DOWNLOAD:
Download is located always in this folder or attached to the release post in case it´s now in AFH.
https://www.androidfilehost.com/?w=files&flid=301179
Please also check the release posts for download links or attched files. AFH is often down recently.
Important: Read after Download
Please take a look at the second post after flashing the kernel!
Changelog:
Android 10/ Q Kernels
1.0.0 Initial Release
1.0.1 https://forum.xda-developers.com/showpost.php?p=80712545&postcount=51
1.0.3 https://forum.xda-developers.com/showpost.php?p=80791393&postcount=181
2.0.0 https://forum.xda-developers.com/showpost.php?p=81069625&postcount=341
2.1.0 https://forum.xda-developers.com/showpost.php?p=81168297&postcount=424
2.3.0 https://forum.xda-developers.com/showpost.php?p=81244627&postcount=491
2.3.4 https://forum.xda-developers.com/showpost.php?p=81311861&postcount=561
2.6.0 https://forum.xda-developers.com/showpost.php?p=81408591&postcount=611
2.9.0 https://forum.xda-developers.com/showpost.php?p=81527369&postcount=692
2.9.2 https://forum.xda-developers.com/showpost.php?p=81575075&postcount=702
3.1.0 https://forum.xda-developers.com/showpost.php?p=81625099&postcount=725
3.2.0 https://forum.xda-developers.com/showpost.php?p=81679343&postcount=761
3.9.0 https://forum.xda-developers.com/showpost.php?p=81926617&postcount=802
3.9.1 https://forum.xda-developers.com/showpost.php?p=81943269&postcount=824
4.2.0 https://forum.xda-developers.com/showpost.php?p=82189985&postcount=851
4.5.0 https://forum.xda-developers.com/showpost.php?p=82485339&postcount=892
4.5.6 https://forum.xda-developers.com/showpost.php?p=82562029&postcount=941
4.7.5 https://forum.xda-developers.com/showpost.php?p=82725499&postcount=986
5.0.0 https://forum.xda-developers.com/showpost.php?p=83019609&postcount=1022
5.2.2 https://forum.xda-developers.com/showpost.php?p=83206123&postcount=1066
5.2.6 https://forum.xda-developers.com/showpost.php?p=83387505&postcount=1078
Android 11/ R Kernels
6.0.0 https://forum.xda-developers.com/showpost.php?p=83476821&postcount=1092
6.1.3 https://forum.xda-developers.com/showpost.php?p=83649491&postcount=1131
6.2.4 https://forum.xda-developers.com/showpost.php?p=83849179&postcount=1143
6.6.0 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-84068177
6.6.6 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-84227741
6.8.2 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-84408147
7.1.0 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-84588667
7.1.1 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-84603881
7.2.3 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-84747379
7.4.0 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-84900715
7.4.1 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-84951399
7.4.2 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-85000553
7.4.3 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-85079523
7.4.4 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-85155405
7.9.0 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-85298631
7.9.1 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-85424575
7.9.2 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-85473277
7.9.3 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-85674963
Android 12
8.0.0 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-86063673
8.0.3 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-86236075
8.0.4 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-86413329
8.0.5 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-86550055
8.2.0 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-86843221
8.2.2 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-87006201
Android 13
9.0.0 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-87295655
9.0.2 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-87532941
9.1.0 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-87760941
9.1.1 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-87868847
9.1.4 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-88332237
9.1.6 https://forum.xda-developers.com/t/...r-pixel-4-xl-aka-floral.3992213/post-88583047
Donations:
Donations are not mandatory but very welcome if you want to support development or just buy me a coffee
If you like my work: http://paypal.me/freak07
Credits:
@osm0sis for all his work, including the ak3 installer!
@tbalden for being the best HTC wingman!
@LeeDroid for his awesome roms!
@Captain_Throwback for all the mentoring and guidance!
@Eliminater74 for bringing me into the game and the Inspiration
@nathanchance for his upstream guidance and assistance
@RenderBroken for all of his work and the stuff I could learn from him
@flar2 for all his work
@joshuous for all the help he provided to me in the past!
@topjohnwu for magisk!
@arter97 , @kdrag0n for helping me out several times!
XDA:DevDB Information
Kirisakura Kernel, Kernel for the Google Pixel 4 XL
Contributors
Freak07
Source Code: https://github.com/freak07/FLORAL
Kernel Special Features:
Version Information
Status: Stable
Created 2019-10-27
Last Updated 2020-11-03
F.A.Q:
Question: Is root preserved when flashing this kernel?
Answer: Yes the Anykernel Zip will detect root and keep it.
Question: How do I return back to stock or another kernel.
Answer: Extract boot.img and dtbo.img from the factory image and flash them via fastboot.
Question: How to report bugs properly?
Answer: Have a look at post #3 in this thread. The linked guide is a pretty good starting point.
Before reporting any bug make sure you´re not using any mods, magisk modules, scripts or other modifications that alter various functions like sound mods, data traffic etc.
Try to describe the issue as detailed as possible! Give your exact setup, like rom, magisk version, kernel version.
Is the issue reproducible? Does it happen frequently?
Provide logs, otherwise debugging is a lot harder. If you can already reproduce the issue and provide logs it greatly limits the amount of time I have to spent until I figure out how to reproduce it.
If the device force reboots/randomly reboots (that means you see the bootloader unlocked screen!) provide a ramoops file.
Easiest way is immediately after booting up, with a root explorer navigate to sys/fs/pstore. Copy the contents to your internal storage, zip it up and send it to me.
If the issue happens while the device is running provide a dmesg plus a logcat that you take while/shortly after the issue happens. This will log what´s running in the current session. Try to be as detailed as possible what´s happening when the issue appears. It will also help me in reading the log!
Useful Resources
How to report bugs:
It is incredibly useful if bug reports are done in a proper way. That saves everyones time and will ultimately lead to a faster bugfix (hopefully).
The following guide from @nathanchance is a very good guideline on how to properly report a bug!
https://github.com/nathanchance/Android-Tools/blob/master/Guides/Proper_Bug_Reporting.txt
SQLite3 and GPay Fix Magisk Module:
The combination of these two modules and F2FS-Upstream patches included in the 1.0.x release kernels, caused the device to freeze sporadically after rebooting.
2.0.0 does not include F2FS-Upstream so these two modules can be used again.
To remove the modifications done by these modules and start clean again on Release 2.0.0 and the following releases do the following:
1. Remove the SQLite 3 Module and the GPay Fix Magisk Module by following instructions
2. Do a full reboot
3. Wait a few minutes after successfully booting
4. Clear data and cache for Google Play Services, Google Play Store and Google Pay
5. Wait a few minutes so all deleted stuff gets rebuilt properly and reboot again
6. I´d prefer to use the following method to enable GPAY functionality instead of the modules: https://forum.xda-developers.com/showpost.php?p=80763371&postcount=11
7. If you really have to, install both modules and make sure you´re on Kirisakura 2.0.0 or greater
Oh snap! The fun has begun boys! Good to see your kernel here!
Glad to see dev progress so quickly. Will check this out. Kudos
That was awfully quick! So glad to see you here.
Thank you @Freak07. Flashed without a problem with EX KM. Nice work.
That was quick! Thank you so much. :good:
I am unbelievably excited to see you here! I'm glad to see an amazing DEV working so hard, and quick, to bring an amazing kernel to the 4xl!
So very happy @Freak07 maintaining a kernel for the OP7/7pro and now the P4/P4XL. Thanks for all you do man!!
Anyone has an alternate download link? Because androidfilehost is extremely slow and terminate the connection after about 15-30 minutes
You got the 4 XL, awesome! Happy to see you here
Getting my 4 XL tomorrow, will be flashing this as soon as it's delivered
Ok the download worked finally. Such a crap, had a lot of similar problems with this lousy hoster in the past
Dies anyone know If it is possible to get 4k at 60 fps? On other Smartphones it was possible in the past but i don't know if it will be possible with our Pixel 4.
any big difference between exkm and fkm?
glad to see you here...
PS: Ignore my PM lol
Good to go!
CyberpodS2 said:
Good to go!
Click to expand...
Click to collapse
Nice! Flashed with EXKM or FKM? Or good old fashioned fastboot flash boot?
Edit: Flashed with FKM and no issues with flashing.
I do notice that charge speed is about 1500mA slower than with stock kernel. Although I do remember with my Pixel 2 XL similar behavior occurred with a slower reported mA, but overall charge time was basically the same as stock kernel.
Edit 2: And of course I jumped the gun. Just checked again and charging is back to stock speed, approximately 3200mA.
xdeslitx said:
any big difference between exkm and fkm?
Click to expand...
Click to collapse
For flashing no. Both flash the same way.
I Feel compelled to remind people dont ask for features or ETA's especially the day a kernel gets released. I already see that in the first page.
That being said:
The developer here wants feedback about how the kernel works on the device not a bunch of off topic comments /questions this is a development forum.
We do have a q/a and general section for this device feel free to create a proper thread.

[CLOSED][ROM][Unofficial][10.0][microG][signed]hardened LineageOS 17.1 Oneplus 3/3T

This thread is deprecated - please refer to its LineageOS 18.1 successor thread
This thread is dedicated to provide hardened Lineage-OS 17.1 builds with microG included for the OnePlus 3/3T with current security patches.
It is the successor of my Lineage 16.0 thread.
It may be worth to also look there, if you are looking for information.
Features of this ROM
Download here
Pre-installed microG and F-Droid like LineageOS for microG project (own fork)
Pre-installed AuroraStore
OTA Support
eSpeakTTS engine
Bromite as default browser
Additional security hardening features listed below
Cloudflare as default DNS (instead of Google)
Privacy-preferred default settings
Optional blocking of Facebook- and Google-Tracking (Settings - Network & Internet)
Optional disable captive portal detection or choose from various providers (default is GrapheneOS and not Google; Settings - Network & Internet)
Firewall UI (under Trust)
Increased max. password length of 64
No submission of IMSI/phone number to Google when GPS is in use
Default hosts file with many blocked ad/tracking sites
Privacy-enhanced Bromite SystemWebView
Extra control of sensor access for additionally installed user apps (Special access under app permissions)
Kernel kept up to date with ASB patches and Google kernel/common 'android-3.18' branch
Debloated from Oneplus blobs for Alipay, WeChatpay, Soter and IFAA
Hardened bionic lib and constified JNI method tables
Current release levels
Security string: 2021-10-05
AOSP tag: 10.0.0_r41
Bromite System Webview: M93
Source-code and build instructions
Kernel: https://github.com/lin17-microg/android_kernel_oneplus_msm8996/tree/lin-17.1-mse3
Build manifest: https://github.com/lin17-microg/local_manifests/tree/lin-17.1-microG
Installation Instructions
YOU ARE RESPONSIBLE SOLELY YOURSELF FOR ANY ACTIONS YOU DO WITH YOUR DEVICE !!!
Please note - I won't explain any single aspect (e.g. how to install 'fastboot' on your PC or troubleshoot USB connectivity issues under Windows). Search the net and consult the search engine of your choice or look here in XDA, there is plenty of information available.
Pre-Requisites
If you come from OxygenOS Stock ROM, make sure to update to the latest offered software version (if not, no issue).
Have fastboot and adb installed on your PC and make sure, you can connect via USB to your device in fastboot mode and via adb
An unlocked bootloader (see e.g. LineageOS install instructions)
OxygenOS 9.0.6 firmware, which is needed for LineageOS 17.1 - see next section
Download the most current .ZIP file of the ROM and place it to your phone's internal memory
OxygenOS 9.0.6 Firmware
If you come from my LineageOS 16.0 build - or any Android 9 or 10 based ROM, you most probably have already the proper firmware.
And yes, LineageOS 17.1 is Android 10, but the latest firmware for this device has been published by Oneplus for Android 9.
How to find out about your current firmware, if you use a Custom ROM:
Connect as root via adb to your phone and enter the command adb shell cat /system/vendor/firmware_mnt/verinfo | grep Time_Stamp
If the result is "Time_Stamp": "2019-11-04 21:25:29", you are on the latest firmware, if the date/time is earlier, you need to update the firmware. THIS THREAD has got more information for you.
If you come from an Oreo (Android 8.x) Custom ROM, READ THE OP OF THIS THREAD CAREFULLY !
I can't explain it better and I am not going to repeat or summarize this. It really is in your interest to carefully read it - you have been notified and warned. Please also pay attention to the last section named "Alipay, WeChatpay, Soter and IFAA" - I strongly recommend to use the debloated firmware.
Install TWRP recovery
If you come from stock ROM and have just unlocked your boot loader, this is the next thing to do. I recommend to use the TWRP recovery for the OnePlus 3/3T. The following instructions are based on TWRP.
To install TWRP, download the twrp-x.x.x-x-oneplus3.img file (Note: replace "x.x.x-x" in the following instructions with the respective values from the real file name) to your PC, connect the phone via USB to your PC, get it into 'fastboot mode' and enter the following command on your PC:
Code:
fastboot flash recovery twrp-x.x.x-x-oneplus3.img
Afterwards, directly boot into 'recovery mode' (enter fastboot reboot on your PC and hold Power and vol.down) - DO NOT boot into the phone's Android system after having flashed TWRP! Once TWRP has been launched, you may decide to reboot your phone and install the ROM at any time later. But the first boot after flashing TWRP must be TWRP in recovery mode.
Advanced Wipe
ONLY perform the steps described here, if you come from Stock ROM or a different Custom ROM!
Boot into recovery mode. In TWRP, choose "Wipe", "Advanced" and specify "Dalvik", "System", "Cache" and "Data" to be wiped. Make sure NOT to wipe "Internal memory". Swipe to confirm the deletion and get back into the main menu.
DO NOT flash Gapps!
This ROM comes with pre-installed microG. So don't attempt to flash Gapps.
Install ROM
In the TWRP main menu, choose "Install". A file manager appears to let you navigate to your internal memory (path /sdcard). Choose the .ZIP file of our ROM and swipe to flash.
If you update from a previous version of my ROM, including my LineageOS 16.0 build, you don't need to perform a wipe. If you come from a different ROM (or stock firmware), make sure that you have performed the Wipe steps above.
When finished flashing, return to the main menu, choose "Reboot" and then "System", which will cause your phone to boot into Lineage OS 17.1 - be patient, the first boot after flashing a new ROM takes quite long!
Dealing with signed builds
Please note, that this builds is signed with an own key. When you come from a different build, you cannot directly "dirty-flash" this build. You have to perform a "clean flash" (recommended), or - you do this on your own risk - you may try the below steps.
This happens at your own risk - make a backup with TWRP before!
Download and extract the file migration.sh from this archive
This file helps you to migrate from a build signed with the publicly available test keys (i.e. all builds around, which do not state that they are signed). If you come from another signed build (e.g. official LineageOS), you have to adapt the file accordingly (see below links).
boot into TWRP
push the migration.sh file to the directory /data/local on your device and mount the /system partition in TWRP (you can do so using the dedicated TWRP's menu entry)
launch the built-in terminal in TWRP, cd into /data/local, make migration.sh executable (chmod +x) and execute the command ./migration.sh official
(In case you receive an error, try sh ./migration.sh official instead)
flash the ROM .zip
wipe Cache and Dalvik/ART Cache
reboot system
More background information and the "theory behind" can be found in the LineageOS wiki and AOSP reference.
Bug reports:
If you have a problem, please create a post with these informations:
Original Kernel shipped with this rom:
Build Date:
And try to get log as described here
Please note that I can't and won't support issues with builds using a different kernel or Xposed.
In regards to microG, I will try my best to help when it is related to this ROM (I use it myself), but any questions of the type "the YXZ-app can't do <some sort of fancy xyz Google functionality> properly" are better asked in the respective microG forums.
Credits
AOSP project
LineageOS project
microG project
Graphene OS project
csagan5 (Bromite)
WhyOrean (Aurora)
nvertigo67 (for the modded 9.x firmware and for collaboration)
Change log
2021-10-14 - FINAL
ASB Security string 2021-10-05
Bromite System Webview and Browser updated to 93.0.4577.83
Kernel upstreamed (note: tag equals last months tag)
2021-09-12
ASB Security string 2021-09-05
Kernel upstreamed to tag ASB-2021-09-05_3.18
microG microG 0.2.22.212658-2
2021-08-08
ASB Security string 2021-08-05
Kernel upstreamed to tag ASB-2021-08-05_3.18
Bromite System Webview and Browser updated to 92.0.4515.134
F-Droid updated to 1.13
Fix in WiFi randomization
2021-07-10
ASB Security string 2021-07-05
Kernel upstreamed to tag ASB-2021-07-05_3.18
Bromite System Webview and Browser updated to 91.0.4472.146
microG 0.2.21.212158-2
AuroraStore 4.0.7
2021-06-13
ASB Security string 2021-06-05
Kernel upstreamed to tag ASB-2021-06-05_3.18
Kernel WLAN driver (qcacld-2.0) patched to include mitigations against "Frag" vuln.
Bromite System Webview and Browser updated to 91.0.4472.102
microG 0.2.19211515-9
2021-05-09
ASB Security string 2021-05-01
Kernel upstreamed to tag ASB-2021-05-05_3.18
Bromite System Webview and Browser updated to 90.0.4430.204
microG upstreamed (no version change)
Update: AuroraServices 1.1.1
2021-04-10
ASB Security string 2021-04-01
Kernel upstreamed to tag ASB-2021-04-05_3.18
Bromite System Webview and Browser updated to 90.0.4430.59
F-Droid updated to 1.12
Update: AuroraStore 4.0.4 with AuroraServices 1.1.0
2021-03-08
Security string 2021-03-05
Kernel upstreamed to tag ASB-2021-03-05_3.18
Bromite System webview updated to 88.0.4324.207
Bromite Browser updated to 88.0.4324.207
F-Droid 1.11
microG 0.2.18.204714
2021-02-04
Security string 2021-02-05
Kernel upstreamed to tag ASB-2021-02-05_3.18
Bromite System webview updated to 88.0.4324.141
Bromite Browser updated to 88.0.4324.141
F-Droid 1.10-alpha-234
microG 0.2.17.204714-5
2021-01-15 - Initial build
Pre-installed microG (0.2.16.204713-10) and F-Droid like the LineageOS for microG project (own fork)
Pre-installed AuroraStore
Bromite as default browser (87.0.4280.106)
eSpeak TTS engine (FOSS TTS solution)
Additional security hardening features listed below:
Cloudflare as default DNS (instead of Google)
Privacy-preferred default settings
Optional blocking of Facebook- and Google-Tracking (Settings - Network & Internet)
Optional disable captive portal detection or choose from various providers (default is GrapheneOS and not Google; Settings - Network & Internet)
Firewall UI (under Trust)
Increased max. password length of 64
No submission of IMSI/phone number to Google when GPS is in use
Default hosts file with many blocked ad/tracking sites
Privacy-enhanced Bromite SystemWebView (87.0.4280.131)
Extra control of sensor access for additionally installed user apps (Special access under app permissions)
Constified JNI method tables and hardened bionic lib
Security Hardening Features - Details
1. Pre-installed microG and F-Droid
same as the LineageOS for microG project
2. Pre-installed AuroraStore
works w/o having to enable the "unknown sources feature"
3. Extra control of sensor access for additionally installed user apps
Special access under app permissions
4. Cloudflare (instead of Google) default DNS
Cloudflare DNS has a better privacy policy than Google Public DNS and has DNS-over-TLS and DNS-over-HTTPS. In the deafult DNS settings (as fallback) and network diagnostics, the Cloudflare DNS adresses 1.1.1.1 and 1.0.0.1 are specified as defaults (instead of Google's 8.8.8.8 and 8.8.4.4)
5. Privacy-preferred default settings
When newly installed, the below settings are defaulted, different from standard LineageOS 17.1 (all settings can be changed at any time later):
Anonymous LineageOS statistics disabled (proposal during Setup)
The standard browsing app does not get the location runtime permission automatically assigned
Sensitive information is hidden on the lock screen
Camera app: Location tagging disabled by default
Further, when a lock screen protection is set (PIN, pattern, password), the Nfc, Hotspot and airplane mode tiles require authentication and cannot be set without
6. Optional blocking of Facebook- and Google-Tracking
Settings => Network & Internet (scroll down)
When activated, all outgoing connection attempts to Facebook servers will be suppressed.
Same applies to Google, but certain apps on an internal exception list will still be able to connect (AuroraStore, microG, or e.g. NewPipe, if installed)
7. Optional disable captive portal detection and to select Captive portal server URL provider
Settings => Network & Internet (scroll down)
When deactivated, the system will not ping a specific Google server any longer when establishing a WiFi connection to determine, whether a captive portal is being used. Further, the captive portal URL provider can be set (default is GrapheneOS and not Google; Settings - Network & Internet)
8. No submission of IMSI or phone number to Google when GPS is in use
GPS also works fine, if no SIM card is present, so there obviously is no benefit for the phone holder (different from other involved parties ) to provide this data . . .
9. Default hosts file with many blocked ad/tracking sites
The system's hosts file redirects a comprehensive list of URLs known to be adware, tracking, etc. to 127.0.0.1 (ipv4) and ::1 (ipv6)
10. Privacy-enhanced Bromite SystemWebView
Instead of the default Chromium System Webview component, the Bromite SystemWebView is used offering more privacy, more ad blocking and less Google tracking.
11. Bromite as shipped Browser
A chromium based browser with many privacy features.
12. Firewall UI
Settings => Privacy - Firewall
Lists all apps and allows to restrict Internet access per app in regards to WiFi, mobile network or VPN
This per-app feature is a standard feature in LineageOS, but the UI to show all apps is an Extra (taken from a topic in LineageOS's Gerrit - it may, or may not, become part of the official LineageOS one day)
13. Maximum password length increased to 64
Thanks a lot!! Will flash and report tomorrow!!
Hello!
Does this ROM allow to lock a bootloader?
Clean flashed this morning. So far so good!
zhenev said:
Hello!
Does this ROM allow to lock a bootloader?
Click to expand...
Click to collapse
I would like to refer you to the below post from the 16.0 predecessor thread:
[CLOSED] EOL [ROM][Unofficial][9.0.0][microG][signed]hardened LineageOS 16.0 for Oneplus 3/3T
Thread is discontinued: Please visit the my LineageOS 17.1 successor thread This thread is dedicated to provide hardened Lineage-OS 16.0 builds with microG included for the OnePlus 3/3T with current security patches. It is the successor of my...
forum.xda-developers.com
Installed this ROM today, clean.
My observations so far:
USB doesn't work. When I plug it in, it sounds and it charges, but it is not connected to my computer. The 'USB mode' options in settings are all greyed out. No obvious messages in logcat.
In TWRP it works fine, so it clearly is a ROM issue.
(Possible related?) Termux crashes with a OutOfBoundsError
Thanks for your effort keeping this ROM alive.
WM-Sef said:
Installed this ROM today, clean.
My observations so far:
USB doesn't work. When I plug it in, it sounds and it charges, but it is not connected to my computer. The 'USB mode' options in settings are all greyed out. No obvious messages in logcat.
In TWRP it works fine, so it clearly is a ROM issue.
(Possible related?) Termux crashes with a OutOfBoundsError
Thanks for your effort keeping this ROM alive.
Click to expand...
Click to collapse
What phone and firmware? Works like a charm for me on OP3 and OOS 9.0.6 firmware.
WM-Sef said:
Installed this ROM today, clean.
My observations so far:
USB doesn't work. When I plug it in, it sounds and it charges, but it is not connected to my computer. The 'USB mode' options in settings are all greyed out. No obvious messages in logcat.
In TWRP it works fine, so it clearly is a ROM issue.
(Possible related?) Termux crashes with a OutOfBoundsError
Thanks for your effort keeping this ROM alive.
Click to expand...
Click to collapse
USB works fine on my own device. As suggested by @Anghirrim - what firmware are you on?
MSe1969 said:
USB works fine on my own device. As suggested by @Anghirrim - what firmware are you on?
Click to expand...
Click to collapse
How do I check for the firmware version? It's not under Settings -> Build Number, only the Android Version.
Solved the problem by switching the default USB action to 'MTP'. After that, it suddenly started working.
Still no clue about the Termux issue.
WM-Sef said:
How do I check for the firmware version? It's not under Settings -> Build Number, only the Android Version.
Click to expand...
Click to collapse
The OP of this OP3(T) firmware thread indicates to look at the file /system/vendor/firmware_mnt/verinfo/ver_info.txt
WM-Sef said:
Still no clue about the Termux issue.
Click to expand...
Click to collapse
Their docu indicates issues with Android 10.
WM-Sef said:
USB doesn't work. When I plug it in, it sounds and it charges, but it is not connected to my computer. The 'USB mode' options in settings are all greyed out. No obvious messages in logcat.
Click to expand...
Click to collapse
I had the same issue but just enabling USB-Debugging from the developer options fixed it. I was a bit surprised too and that shouldn't be normal I guess.
SenseSei said:
I had the same issue but just enabling USB-Debugging from the developer options fixed it. I was a bit surprised too and that shouldn't be normal I guess.
Click to expand...
Click to collapse
As indicated before, I do not experience such an issue with my own device, so I can't reproduce this issue.
This is actually fascinating, thank you!
How is the exact steps to install? I'm coming from another rom.. Please help.
1) Advanced Wipe >> flash fw >> flash rom
or
2) Flash fw >> Advanced wipe >> flash rom
Confused after see this thread and fw installation's thread linked above.
vkey.ptr said:
How is the exact steps to install? I'm coming from another rom.. Please help.
1) Advanced Wipe >> flash fw >> flash rom
or
2) Flash fw >> Advanced wipe >> flash rom
Confused after see this thread and fw installation's thread linked above.
Click to expand...
Click to collapse
The above order does not matter, as the firmware is flashed to different partitions than those to be wiped.
EDIT:
If you have already 9.0.6 firmware, there is no need to flash it again.
this is just what I need for my old OP3. Running a degoogled 6T as daily and still need occasional apps that do not work w/o google. flashing without hesitation and reporting back.
EDIT: a question. can I flash twrp right back after flashing the rom? I know im giving up over the air updates, but im fine with that.
I am on LineageOS 17.1 for microG, unlocked bootloader, rooted with Magisk, 9.0.6 official firmware, but I would love to try this ROM.
Few questions, please:
- can I install modded firmware, because this sounds good: "The modem firmware contains some alipay* and soter* files used for Alipay and WeChatpay. Since these are suspect to be a privacy hazard, I've modified NON-HALOS.bin to not contain any of these files any more"
- this ROM can be rooted with Magisk 20.4 or newer?
- do I have to do "clean install", and finally
- is wiping internal sd card (pics, videos etc.) obligatory?
Thanks in advance

[ROM][Unofficial][11.0][microG][signed]hardened LineageOS 18.1 Oneplus 3/3T

This thread is dedicated to provide hardened Lineage-OS 18.1 builds with microG included for the OnePlus 3/3T with current security patches.
It is the successor of my Lineage 17.1 thread.
It may be worth to also look there, if you are looking for information.
Download here
Features of this ROM​
Pre-installed microG like LineageOS for microG project (own fork)
Pre-installed AuroraStore, AuroraDroid and AuroraServices
OTA Support
eSpeakTTS engine
Additional security hardening features listed below:
Cloudflare as default DNS (instead of Google)
Privacy-preferred default settings
Optional blocking of Facebook- and Google-Tracking (Settings - Network & Internet)
Optional disable captive portal detection or choose from various providers (default is GrapheneOS and not Google; Settings - Network & Internet)
Firewall UI (under Trust)
Increased max. password length of 64
No submission of IMSI/phone number to Google when GPS is in use
Default hosts file with many blocked ad/tracking sites
Privacy-enhanced Mulch System Webview
Extra control of sensor access for additionally installed user apps (Special access under app permissions)
Kernel kept up to date with ASB patches of Google kernel/common 'android-4.14-q-release' branch
Debloated from Oneplus blobs for Soter and IFAA
Hardened bionic lib and constified JNI method tables
Option to only use fingerprint unlock for apps and not for the device
Optional timeout for Bluetooth and WLAN connections
Per connection WiFi randomization option
Current release levels​Security string: 2023-06-05
AOSP tag: 11.0.0_r46
Mulch System Webview: M114
Source-code and build instructions​Kernel: https://github.com/lin18-microg/android_kernel_oneplus_msm8996/tree/lin-18.1-mse3
Build manifest: https://github.com/lin18-microg/local_manifests/tree/lin-18.1-hmalloc
Installation Instructions​
YOU ARE RESPONSIBLE SOLELY YOURSELF FOR ANY ACTIONS YOU DO WITH YOUR DEVICE !!!
Please note - I won't explain any single aspect (e.g. how to install 'fastboot' on your PC or troubleshoot USB connectivity issues under Windows). Search the net and consult the search engine of your choice or look here in XDA, there is plenty of information available.
Pre-Requisites​
If you come from OxygenOS Stock ROM, make sure to update to the latest offered software version (if not, no issue).
Have fastboot and adb installed on your PC and make sure, you can connect via USB to your device in fastboot mode and via adb
An unlocked bootloader (see e.g. LineageOS install instructions)
OxygenOS 9.0.6 firmware, which is needed for LineageOS 18.1 - see next section
Download the most current .ZIP file of the ROM and place it to your phone's internal memory
OxygenOS 9.0.6 Firmware​If you come from my LineageOS 17.1 build - or any Android 10 based ROM, you most probably have already the proper firmware.
And yes, LineageOS 18.1 is Android 11, but the latest firmware for this device has been published by Oneplus for Android 9.
How to find out about your current firmware, if you use a Custom ROM:
Connect as root via adb to your phone and enter the command adb shell cat /system/vendor/firmware_mnt/verinfo | grep Time_Stamp
If the result is "Time_Stamp": "2019-11-04 21:25:29", you are on the latest firmware, if the date/time is earlier, you need to update the firmware. THIS THREAD has got more information for you.
If you come from an Oreo (Android 8.x) Custom ROM, READ THE OP OF THIS THREAD CAREFULLY !
I can't explain it better and I am not going to repeat or summarize this. It really is in your interest to carefully read it - you have been notified and warned. Please also pay attention to the last section named "Alipay, WeChatpay, Soter and IFAA" - I strongly recommend to use the debloated firmware.
Install TWRP recovery​If you come from stock ROM and have just unlocked your boot loader, this is the next thing to do. I recommend to use the TWRP recovery for the OnePlus 3/3T. The following instructions are based on TWRP.
To install TWRP, download the twrp-x.x.x-x-oneplus3.img file (Note: replace "x.x.x-x" in the following instructions with the respective values from the real file name) to your PC, connect the phone via USB to your PC, get it into 'fastboot mode' and enter the following command on your PC:
Code:
fastboot flash recovery twrp-x.x.x-x-oneplus3.img
Afterwards, directly boot into 'recovery mode' (enter fastboot reboot on your PC and hold Power and vol.down) - DO NOT boot into the phone's Android system after having flashed TWRP! Once TWRP has been launched, you may decide to reboot your phone and install the ROM at any time later. But the first boot after flashing TWRP must be TWRP in recovery mode.
Advanced Wipe​ONLY perform the steps described here, if you come from Stock ROM or a different Custom ROM![/B]
Boot into recovery mode. In TWRP, choose "Wipe", "Advanced" and specify "Dalvik", "System", "Cache" and "Data" to be wiped. Make sure NOT to wipe "Internal memory". Swipe to confirm the deletion and get back into the main menu.
DO NOT flash Gapps!
This ROM comes with pre-installed microG. So don't attempt to flash Gapps.
Install ROM​In the TWRP main menu, choose "Install". A file manager appears to let you navigate to your internal memory (path /sdcard). Choose the .ZIP file of our ROM and swipe to flash.
If you update from a previous version of my ROM, including my LineageOS 17.1 build, you don't need to perform a wipe. If you come from a different ROM (or stock firmware), make sure that you have performed the Wipe steps above.
When finished flashing, return to the main menu, choose "Reboot" and then "System", which will cause your phone to boot into Lineage OS 18.1 - be patient, the first boot after flashing a new ROM takes quite long!
Dealing with signed builds​Please note, that this builds is signed with an own key. When you come from a different build, you cannot directly "dirty-flash" this build. You have to perform a "clean flash" (recommended), or - you do this on your own risk - you may try the below steps.
This happens at your own risk - make a backup with TWRP before!
Download and extract the file migration.sh from this archive
This file helps you to migrate from a build signed with the publicly available test keys (i.e. all builds around, which do not state that they are signed). If you come from another signed build (e.g. official LineageOS), you have to adapt the file accordingly (see below links).
boot into TWRP
push the migration.sh file to the directory /data/local on your device and mount the /system partition in TWRP (you can do so using the dedicated TWRP's menu entry)
launch the built-in terminal in TWRP, cd into /data/local, make migration.sh executable (chmod +x) and execute the command ./migration.sh official
(In case you receive an error, try sh ./migration.sh official instead)
flash the ROM .zip
wipe Cache and Dalvik/ART Cache
reboot system
More background information and the "theory behind" can be found in the LineageOS wiki and AOSP reference.
Why no Android 12 / LineageOS 19 build ?​The answer can be found here: https://lineageos.org/Changelog-26/ (section "Let’s talk about legacy devices…").
Bug reports:​If you have a problem, please create a post with these informations:
Original Kernel shipped with this rom:
Build Date:
And try to get log as described here
Please note that I can't and won't support issues with builds using a different kernel or Xposed.
In regards to microG, I will try my best to help when it is related to this ROM (I use it myself), but any questions of the type "the YXZ-app can't do <some sort of fancy xyz Google functionality> properly" are better asked in the respective microG forums.
Credits​AOSP project
LineageOS project
microG project
Graphene OS project
csagan5 (Bromite)
WhyOrean (Aurora)
nvertigo67 (for the modded 9.x firmware and for collaboration)
SkewedZeppelin (Kernel patches)
Change Log
June 2023
ASB Security string 2023-06-05
Some kernel patches
Mulch Webview 114.0.5735.61
microG on 0.2.28.231657-5
FakeStore 0.2.0
AuroraStore 4.2.3
May 2023
Security string 2023-05-05
Some kernel patches
Mulch Webview 113.0.5672.77
April 2023
Security string 2023-04-05
Some kernel patches
Removed Bromite browser and shipped LineageOS' Jelly instead
Mulch Webview 112.0.5615.48
March 2023
Security string 2023-03-05
Some kernel patches
Bromite Webview replaced by Mulch Webview 111.0.5563.58
February 2023
ASB Security string 2023-02-05
microG on 0.2.27.223616-3
Some kernel patches
Spoof apps installed by G*PlayStore
January 2023
Security string 2023-01-05
Bromite Browser and Webview updated to 108.0.5359.156
Some kernel patches
microG 0.2.26.223616-16
December 2022
Security string 2022-12-05
Bromite Browser and Webview updated to 108.0.5359.106
Some kernel patches
microG 0.2.26.223616-2
November 2022
Security string 2022-11-05
Bromite Browser and Webview updated to 106.0.5249.163
Some kernel patches
microG 0.2.25.223616-10
October 2022
Security string 2022-10-05
Bromite Browser and Webview updated to 105.0.5195.147
Some kernel patches
microG 0.2.24.223616-61
September 9th, 2022
Security string 2022-09-05
Bromite Browser and Webview updated to 104.0.5112.91
Kernel: Some patches and also hardening (GrpaheneOS patches)
microG 0.2.24.214816-30
Contacts app slightly 'de-Googled'
August 6th, 2022
Security string 2022-08-05
Bromite Browser and Webview updated to 103.0.5060.140
Some kernel patches
July 14th, 2022
Security string 2022-07-05
Some kernel patches
June 15th, 2022
Security string 2022-06-05
Some kernel patches
Bromite Browser and Webview on 102.0.5005.96
microG updated to 0.2.24.214816-11
May 9th, 2022
Security string 2022-05-05
Some kernel patches
Bromite Browser and Webview on 101.0.4951.53
microG updated to 0.2.24.214816-10
Mozilla Location provider on 1.5.0
April 15th, 2022
Security string 2022-04-05
Some kernel patches
Bromite Browser and Webview on 100.0.4896.57
March 15th, 2022
Bromite Browser and Webview on 99.0.4844.58 (bugfix build)
March 12th, 2022
Security string 2022-03-05
Some kernel patches
Bromite Browser and Webview on 99.0.4844.55
microG 0.2.24.214816-2
AuroraStore 4.1.1
Janaury 20th, 2020
Security string 2022-01-05
Some kernel patches
A couple of patches and fixes from LineageOS
December 19th, 2021
Security string 2021-12-05
Bromite Webview and Browser on 96.0.4664.54
microG 0.22.214516-21
November 13th, 2021
Security string 2021-11-05
Bromite Webview and Browser on 94.0.4606.109
October 15th, 2021
Initial build:
Security string 2021-10-01
AOSP tag 11.0.0_r46
Pre-installed microG (0.2.22.212658-2) like LineageOS for microG project (own fork)
Pre-installed AuroraStore (4.0.7), AuroraDroid (1.0.8) and AuroraServices (1.1.1)
OTA Support
eSpeakTTS engine
Bromite (93.0.4577.83) as default browser
Additional security hardening features listed below:
Cloudflare as default DNS (instead of Google)
Privacy-preferred default settings
Optional blocking of Facebook- and Google-Tracking (Settings - Network & Internet)
Optional disable captive portal detection or choose from various providers (default is GrapheneOS and not Google; Settings - Network & Internet)
Firewall UI (under Trust)
Increased max. password length of 64
No submission of IMSI/phone number to Google when GPS is in use
Default hosts file with many blocked ad/tracking sites
Privacy-enhanced Bromite SystemWebView (93.0.4577.83)
Extra control of sensor access for additionally installed user apps (Special access under app permissions)
Debloated from Oneplus blobs for Soter and IFAA
Hardened bionic lib and constified JNI method tables
Option to only use fingerprint unlock for apps and not for the device
Optional timeout for Bluetooth and WLAN connections
Per connection WiFi randomization option
Tips & tricks
Please refer to the FAQ section here
Hi
Thanks for this amazing rom! Have not had any major issues that I can report. I think you forgot to add the download link? Could not find it here but got it from your Los 17 thread.
lin18-microG - Browse /oneplus3 at SourceForge.net
sourceforge.net
This is a solid build until we see A12 betas/alpha coming soon, hope you'll fork the same flavor for those roms
rudolf895 said:
Hi
Thanks for this amazing rom! Have not had any major issues that I can report. I think you forgot to add the download link? Could not find it here but got it from your Los 17 thread.
lin18-microG - Browse /oneplus3 at SourceForge.net
sourceforge.net
This is a solid build until we see A12 betas/alpha coming soon, hope you'll fork the same flavor for those roms
Click to expand...
Click to collapse
Oops, thanks for the hint! Must have gone lost, when I edited the thread, adding it again.
Edit:
I am a little bit "conservative", when it comes to providing new versions. That means: Eventually yes (assuming my device continues to work smoothly), but definitely not before LineageOS officially releases 12 for the OP3(T) and not before microG is supported for 12.
And even if those prerequisites are met, it may take several weeks, so expect at least another 6-7 months from now, before we can seriously talk about a 12 flavor for this build.
MSe1969 said:
Oops, thanks for the hint! Must have gone lost, when I edited the thread, adding it again.
Edit:
I am a little bit "conservative", when it comes to providing new versions. That means: Eventually yes (assuming my device continues to work smoothly), but definitely not before LineageOS officially releases 12 for the OP3(T) and not before microG is supported for 12.
And even if those prerequisites are met, it may take several weeks, so expect at least another 6-7 months from now, before we can seriously talk about a 12 flavor for this build.
Click to expand...
Click to collapse
fair assessment of the timeline. I have AOSP build (A12) running on my Op5 and it is so good.
H
MSe1969 said:
Oops, thanks for the hint! Must have gone lost, when I edited the thread, adding it again.
Edit:
I am a little bit "conservative", when it comes to providing new versions. That means: Eventually yes (assuming my device continues to work smoothly), but definitely not before LineageOS officially releases 12 for the OP3(T) and not before microG is supported for 12.
And even if those prerequisites are met, it may take several weeks, so expect at least another 6-7 months from now, before we can seriously talk about a 12 flavor for this build.
Click to expand...
Click to collapse
How long did you wait for A10 and A11?
borisSweden said:
H
How long did you wait for A10 and A11?
Click to expand...
Click to collapse
To bring up the build flavor to a new version, I first start with emulator builds to bring all the features up (if still possible and applicable) and to look for features from other ROMs, which I consider meaningful in regards to hardening/data privacy. Next, I try to build for the devices, I support. For the OP3T, the kernel was a bigger issue, as I wanted to keep the entirely upstreamed one (which I didn't succeed with, so I came up with plan B). Depending on personal time and motivation, you can assume ~2 months before the start of the thread as point in time, where I started developing...
I might as well update but I want to fix my mbn auto select problem (I live in Sweden, have a Swedish SIM and EU phone), Bluetooth needs to repair after some time and slwo WiFi. My base is Debloated OOS but should I do a wipe before installing 18.1? As always I use 17.1 hardened edition.
edit: Im a novice but why does the ROM replace Twrp with LOS native recovery. If its installed from twrp it should stay put. And yeah I know, flash Magisk or TWRP app after flashing the ROM.
borisSweden said:
I might as well update but I want to fix my mbn auto select problem (I live in Sweden, have a Swedish SIM and EU phone), Bluetooth needs to repair after some time and slwo WiFi. My base is Debloated OOS but should I do a wipe before installing 18.1? As always I use 17.1 hardened edition.
Click to expand...
Click to collapse
What do you mean exactly with "Debloated OOS"? You mean the debloated firmware linked in the OP?
You can " dirty-flash" my 18.1 build over 17.1.
As indicated already in my 17.1 thread, I haven't experienced your described issue. I am right now using my OP3T as a hotspot in PL using a PL SIM card without any issues...
borisSweden said:
edit: Im a novice but why does the ROM replace Twrp with LOS native recovery. If its installed from twrp it should stay put. And yeah I know, flash Magisk or TWRP app after flashing the ROM.
Click to expand...
Click to collapse
There is a setting in the Updater app, which you need to switch off to keep TWRP untouched.
MSe1969 said:
And yes, LineageOS 18.1 is Android 11, but the latest firmware for this device has been published by Oneplus for Android 9.
Click to expand...
Click to collapse
Cant you salvage something from the MSM8996plus OG Pixel 1? Last update was Android Q. Let me guess, signed drivers?
MSe1969 said:
What do you mean exactly with "Debloated OOS"? You mean the debloated firmware linked in the OP?
You can " dirty-flash" my 18.1 build over 17.1.
As indicated already in my 17.1 thread, I haven't experienced your described issue. I am right now using my OP3T as a hotspot in PL using a PL SIM card without any issues...
Click to expand...
Click to collapse
Lets see if Gabeldorsche fixes Bluetooth. Nvertigo said that the region selecter works as intended but on PDC I got mostly Chinese and US carriers. I had to do a wipe install so its to late do a "dirty install". i forgot Seedvault was a thing.
MSe1969 said:
There is a setting in the Updater app, which you need to switch off to keep TWRP untouched.
Click to expand...
Click to collapse
Doh! Cant you remove that option because TWRP is more useful. I was able to change recovery after installing your ROM thankfully didnt brick or wipe my install.
borisSweden said:
Cant you salvage something from the MSM8996plus OG Pixel 1? Last update was Android Q. Let me guess, signed drivers?
Click to expand...
Click to collapse
No. Firmware is device - not only soc - dependent. For details on what exactly firmware contaims see my thread on (patched) firmware in the general forum.
I.g. the bootloader and the modem partitions are part of the firmware. Overwriting these with otjer devives versions will brick your device, and youu will need to use the msm tool to bring it back to life.
Please read the general forum and all los threafs in the dev forum to get the basics to start messing with firmware.
I don't mean to offend you, but some of your questions seem to me that your current questions are three steps ahead of your current knowledge.
Might as well write stuff I found wrong in the ROM as Im returning to OOS. Aurora F-droid lags to much and the F-droid privilege module doesn't work with it. Manually accepting every install and update isnt that fun so I would recommend going back to the OG app.
Also in the update app for LOS, the timestamp is wrong. It says last update 1970 January 1. Should say 10 October.
Idk what my cellular network bug is but on the to right corner the icon is just wrong. Its 4G then the triangle with a X. In preferred network type settings NR/5G is still present. Doesn't make sense that you can chose 5G.
Bluetooth works as intended but in dev settings Enable Gabeldorsche doesnt do anything. Does it even work?
borisSweden said:
Might as well write stuff I found wrong in the ROM as Im returning to OOS. Aurora F-droid lags to much and the F-droid privilege module doesn't work with it. Manually accepting every install and update isnt that fun so I would recommend going back to the OG app.
Click to expand...
Click to collapse
The ROM comes with AuroraServices, but you have to enable that in the app's setings, then it'll work.
If you try flashing the F-Droid privileged extension, that won't work for sure!
borisSweden said:
Also in the update app for LOS, the timestamp is wrong. It says last update 1970 January 1. Should say 10 October.
Click to expand...
Click to collapse
This normally should only happen, if you haven't fetched any update before (or deleted the app cache). Btw, I took over the LineageOS Updater app "as is" and only overlaid the updater URI.
borisSweden said:
Idk what my cellular network bug is but on the to right corner the icon is just wrong. Its 4G then the triangle with a X. In preferred network type settings NR/5G is still present. Doesn't make sense that you can chose 5G.
Click to expand...
Click to collapse
Tend to agree - will have a look, but I did not change/alter anything here. Will get back...
borisSweden said:
Bluetooth works as intended but in dev settings Enable Gabeldorsche doesnt do anything. Does it even work?
Click to expand...
Click to collapse
No idea, haven't changed anything in that area - this seems original Android code.
MSe1969 said:
No idea, haven't changed anything in that area - this seems original Android code.
Click to expand...
Click to collapse
In theory less battery usage but it could be Fushsia snakeoil. It written in cleaner code. But everyone knows that a higher BT version is more efficient in battery usage. To bad SBC HD isnt working as intended , APTX take to many resources.
MSe1969 said:
The ROM comes with AuroraServices, but you have to enable that in the app's setings, then it'll work.
If you try flashing the F-Droid privileged extension, that won't work for sure!
Click to expand...
Click to collapse
Did I make a mistake? Yes I did.
>Tend to agree - will have a look, but I did not change/alter anything here. Will get back...
I would like to have a carrier volte profile selector or enable Diag mode for PDC button but that is LOS team job.
Hello my favorite "kernel-upstreamer" ,
android-3.18 has been gone and deprecated/android-3.18 has shown up:
Code:
[email protected] /usr/local/src/los16/kernel/oneplus/msm8996 $ LANG=C.UTF-8 git fetch https://android.googlesource.com/kernel/common android-3.18
fatal: couldn't find remote ref android-3.18
[email protected] /usr/local/src/los16/kernel/oneplus/msm8996 $ LANG=C.UTF-8 git fetch https://android.googlesource.com/kernel/common deprecated/android-3.18
From https://android.googlesource.com/kernel/common
* branch deprecated/android-3.18 -> FETCH_HEAD
My educated guess is that support for 3.18 has been finally droped.
As far as I can see caf for 3.18 for 8x96 hasn't seen any updates for at least 14 months.
I've merged 380bbf94c0fc..839523fca2ef from the deprecated branch on top of your lin-17-mse3 - works great. I've also tried to merge the commits from the 4.x.y branches mentioned here: https://source.android.com/security/bulletin/2021-11-01#kernel-components (but to no advance).
Do you have more information? What are your thoughts?
Take care.
nvertigo67 said:
android-3.18 has been gone and deprecated/android-3.18 has shown up:
Click to expand...
Click to collapse
My question about "how long will 3.18 be supported" was way close to this decision. Did I jinx it?
nvertigo67 said:
Hello my favorite "kernel-upstreamer" ,
android-3.18 has been gone and deprecated/android-3.18 has shown up: [...] My educated guess is that support for 3.18 has been finally droped.
Click to expand...
Click to collapse
Well, that is also my conclusion. Pitty, but expectable one day...
nvertigo67 said:
As far as I can see caf for 3.18 for 8x96 hasn't seen any updates for at least 14 months.
Click to expand...
Click to collapse
Hmmm... not really good news either...
nvertigo67 said:
I've merged 380bbf94c0fc..839523fca2ef from the deprecated branch on top of your lin-17-mse3 - works great. I've also tried to merge the commits from the 4.x.y branches mentioned here: https://source.android.com/security/bulletin/2021-11-01#kernel-components (but to no advance).
Do you have more information? What are your thoughts?
Click to expand...
Click to collapse
The source, where I get the few patches for this 18.1 ROM's kernel is the divested-mobile org. on GH (but the guy in fact was also making use of the kernel/common 3.18 repo...), so no real good idea. We may from time to time see some back ports of certain 4.4 commits, but I'm afraid the good times of getting patches f. 3.18 are over...
MSe1969 said:
The source, where I get the few patches for this 18.1 ROM's kernel is the divested-mobile org. on GH (but the guy in fact was also making use of the kernel/common 3.18 repo...), so no real good idea. We may from time to time see some back ports of certain 4.4 commits, but I'm afraid the good times of getting patches f. 3.18 are over...
Click to expand...
Click to collapse
Ironic as it been 5 years since the 3T was released. Do all SoC specific kernels only have 5 years of patches?
Well there is still 4.4 commits or going full 4.4 but then you would only get 1 extra year of commits when the OP5 turns 5 years old.
On the issue of the USB port and Dash not working with 4.4, finding a New old Stock Dash charger is hard and nobody wants to fork out 50 Euros for a Warp 65 charger. Supporting proprietary charging tech is verbose for now.
Only supporting USB-PD is enough also is the phone USB2.0 because of physical limitations?
That's my 2 cents.
New build with November 2021 ASB patches
Hi all, a new build for the OP3(T) containing the November 2021 ASB patches has been released:
https://sourceforge.net/projects/lin18-microg/files/oneplus3/lineage-18.1-20211113-UNOFFICIAL-microG-signed-oneplus3.zip/download
The Updater app should soon indicate it to offer an OTA update.
Security string 2021-11-05
Bromite Webview and Browser on 94.0.4606.109
Some kernel patches
Happy flashing,
Regards, M.

Categories

Resources