GrapheneOS

grapheneos.org
GrapheneOS

GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. Developed by Daniel Micay. GrapheneOS is a young project, and currently only supports Pixel devices, partially due to their strong hardware security.

Open Source

GrapheneOS Source Code

Author

GrapheneOS

Description

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability/integration over time.

#grapheneos#hardening#malloc#malloc-library#memory#memory-allocation#memory-allocator#quarantine#security#slab-allocator

Homepage

https://grapheneos.org/

License

MIT

Created

23 Aug 18

Last Updated

12 Jul 26

Latest version

TQ3A.230605.012.2023061402

Primary Language

C

Size

1,210 KB

Stars

1,916

Forks

152

Watchers

1,916

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • rdevshp (10 Jul 26)

    Update README.md to properly use CONFIG_N_ARENA for make invocations

  • rdevshp (06 Jul 26)

    Fix handling of pvalloc(0)

  • rdevshp (07 Jul 26)

    Update test/.gitignore to include additional test binaries

  • rdevshp (05 Jul 26)

    Fix C++ exception throwing behavior for the new operator when the new handler throws an exception with a type derived from std::bad_alloc

  • Daniel Micay (01 Jul 26)

    replace aligned attribute with alignas

  • rdevshp (27 Jun 26)

    github CI: add arm64 tests

  • rdevshp (26 Jun 26)

    fix typos and grammar errors in memtag_test.cc/README.md

  • rdevshp (26 Jun 26)

    Fix stale mallinfo link in README.md

  • rdevshp (26 Jun 26)

    Use __clang__ preprocessor macro to determine the compiler specified by CC Fixes a bug in Makefile where CC=/usr/bin/clang make does not work because it does not start with clang

  • Daniel Micay (21 Jun 26)

    clang-tidy: disable bugprone-casting-through-void lint This lint triggers for a void cast used to silence a cast-align warning for write_after_free_check. We aren't violating strict aliasing because the memory was always zeroed with memset prior to reading it as u64 and we don't write to another way.

  • Daniel Micay (21 Jun 26)

    clang-tidy: disable useless readability lints The implicit bool conversion lint only works properly for C++ and isn't the code style we want. The math missing parentheses lint expects to use parentheses for basic math operations such as `a - b * c` which isn't the code style we want.

  • Daniel Micay (21 Jun 26)

    use #ifdef for non-compound checks

  • Daniel Micay (21 Jun 26)

    clang-tidy: filter third_party/ header warnings

  • Daniel Micay (21 Jun 26)

    clang-tidy: disable MissingIncludes This requires duplicating an include from component.h in component.c which isn't a style we want to use.

  • dependabot[bot] (18 Jun 26)

    build(deps): bump actions/checkout from 6 to 7 Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

  • Daniel Micay (17 Jun 26)

    Android 17 is the now the supported Android branch

  • Dmitry Muhomor (16 Jun 26)

    implement h_reallocarray

  • inthewaves (08 Jun 26)

    add native_bridge_supported for Cuttlefish build This seems to be required for Cuttlefish to build even for x86_64. Both scudo and jemalloc_new have this line in Android.bp as well. Note that AOSP doesn't have an arm64 to x86_64 translator. frameworks/libs/binary_translation/ currently only has a riscv64_to_x86_64 translator, so Cuttlefish currently has ro.dalvik.vm.native.bridge=0 hardened_malloc appears to otherwise be used for x86_64 apps in Cuttlefish x86_64. Test: lunch aosp_cf_x86_64_only_phone-cur-userdebug with bionic build fix boots Test: hardened_malloc was able to detect double free when running a test app that does a double free via JNI

  • Gabriele Rizzo (30 May 26)

    test: add coverage for calloc() calloc() had no test coverage at all. Add two tests: one verifying the multiplication overflow guard returns NULL with errno set to ENOMEM (the classic calloc integer-overflow attack surface), and one verifying the returned allocation is zeroed as required by the C standard. Both tests pass against the default configuration.

  • Gabriele Rizzo (31 May 26)

    memory: use bool for memory_purge return value Every other wrapper in this file (memory_map_fixed_prot, memory_unmap, memory_protect_prot, memory_remap, memory_remap_fixed) stores the syscall result in a bool. memory_purge was the only one using an int, relying on an implicit int->bool conversion at the return statement. Use bool for consistency; behavior is unchanged.

  • Gabriele Rizzo (30 May 26)

    test: add positive coverage for free_sized() The C23 free_sized() function only had indirect coverage via the C++ sized-delete operators and a single zero-size free_aligned_sized() case. Add straightforward small and large success-path tests for free_sized() itself, mirroring the existing small/large test split. Both tests pass against the default configuration.

  • Gabriele Rizzo (30 May 26)

    README: fix grammar in malloc_object_size API description "doesn't change break API compatibility" contained a leftover word from an edit; the intended phrasing is "doesn't break API compatibility".

  • Thomas (29 May 26)

    androidtest/memtag: fix uninitialized read of tag_usage tag_usage was declared without an initializer and then accumulated with ++tag_usage[tag], reading indeterminate stack memory

  • Gabriele Rizzo (28 May 26)

    README: fix grammar typos Three small grammar fixes: - 'can substantially improves' -> 'can substantially improve' - 'acceptable to enabled them' -> 'acceptable to enable them' - 'keeps tracks allocator statistics' -> 'keeps track of allocator statistics'

  • Gabriele Rizzo (28 May 26)

    h_malloc: fix grammar in tag_and_clear_slab_slot comment 'allows to handle' is not valid English. Replace with 'allows handling'.

  • Gabriele Rizzo (28 May 26)

    test/malloc_noreuse: replace mixed tab indentation with spaces The for loop body used mixed tabs and spaces, inconsistent with the rest of the file (4-space indent in the outer scope) and with all other test files in test/.

  • rdevshp (21 May 26)

    target C23

  • rdevshp (21 May 26)

    update CI GCC versions

  • rdevshp (10 May 26)

    increase minimum class region size to avoid OOB access under minimum class region size config

  • Thomas (06 May 26)

    fix typo in get_large_size_class size class comment

GrapheneOS Security

5/10

Repo Security Summary

Updated 29 Jun 26

  • Maintained 10/10
  • Packaging N/A
  • Code-Review 6/10
  • Binary-Artifacts 10/10
  • Dangerous-Workflow 10/10
  • Token-Permissions 0/10
  • Pinned-Dependencies 0/10
  • CII-Best-Practices 0/10
  • Fuzzing 0/10
  • License 10/10
  • Signed-Releases N/A
  • Branch-Protection 0/10
  • Security-Policy 9/10
  • SAST 0/10

GrapheneOS Website

Website

GrapheneOS: the private and secure mobile OS

GrapheneOS is a security and privacy focused mobile OS with Android app compatibility.

Redirects

Does not redirect

Security Checks

1 security checks failed (64 passed)

  • Risky Geographical Location

Server Details

  • IP Address 172.96.172.37
  • Hostname mia.grapheneos.org
  • Location Miami, Florida, United States of America, NA
  • ISP Reliablesite.net LLC
  • ASN AS23470

Associated Countries

  • US US
  • RO RO

Safety Score

Website marked as moderately safe

90%

Blacklist Check

grapheneos.org was found on 0 blacklists

  • AntiSocial Blacklist
  • Artists Against 419
  • Badbitcoin
  • Bambenek Consulting
  • CERT Polska
  • CoinBlockerLists
  • CRDF
  • CryptoScamDB
  • EtherAddressLookup
  • EtherScamDB
  • Fake Website Buster
  • MetaMask EthPhishing
  • NABP Not Recommended Sites
  • OpenPhish
  • PetScams
  • PhishFeed
  • PhishFort
  • Phishing.Database
  • PhishStats
  • PhishTank
  • Phishunt
  • RPiList Not Serious
  • Scam.Directory
  • SecureReload Phishing List
  • Spam404
  • StopGunScams
  • Suspicious Hosting IP
  • ThreatFox
  • ThreatLog
  • TweetFeed
  • URLhaus
  • ViriBack C2 Tracker

Website Preview

Website preview

GrapheneOS Reviews

More Mobile Operating Systems

About the Data: GrapheneOS

Change History

API

You can access GrapheneOS's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/grapheneos

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share GrapheneOS

Help your friends compare Mobile Operating Systems, and pick privacy-respecting software and services.
Share GrapheneOS and Awesome Privacy with your network!

View Mobile Operating Systems (2)