GrapheneOS

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

Hardware-based attestation app for select Android devices. It can do either local verification with another Android device via QR code or scheduled server-based verification. It primarily relies on Trust On First Use using the hardware-backed keystore and key attestation. The initial unpaired verification relies on the key attestation root.

Repo manifest for the GrapheneOS mobile privacy and security hardening project.

Scripting for generating signed production releases of AOSP and metadata for my Updater app along with partially automated maintenance of out-of-tree patch sets

Automatic background updater for Android. Primarily intended for use with A/B updates but has a fallback path for the legacy recovery system too. See https://github.com/GrapheneOS/script/blob/pie/generate_metadata.py for the server metadata generation tool.

Minimal vendor files for testing on HiKey and HiKey 960. Not suitable for production usage.

Chromium integration for GrapheneOS (either WebView or Monochrome for both WebView + browser)

Patches for building hardened production releases of Chromium for integration into the OS as the WebView implementation and default browser. Many of improvements for Chromium are done via other repositories such as https://github.com/GrapheneOS/platform_bionic. Build configuration is in https://github.com/GrapheneOS/chromium_build.

Configuration for building hardened production releases of Chromium for integration into the OS builds as the WebView implementation and default browser. Patches are in https://github.com/GrapheneOS/chromium_patches.

Stub repository for future branding of the OS including wallpapers, boot animations, etc.

SELinux policy

Music app for basic playback functionality tested by the Compatibility Test Suite