GrapheneOS

grapheneos.org
GrapheneOS Icon

GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. Developed by Daniel Micay. GrapheneOS is a young project, and currently only supports Pixel devices, partially due to their strong hardware security.

Open Source

GrapheneOS Source Code

Author

GrapheneOS

Description

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

#grapheneos#hardening#malloc#malloc-library#memory#memory-allocation#memory-allocator#quarantine#security#slab-allocator

Homepage

https://grapheneos.org/

License

MIT

Created

23 Aug 18

Last Updated

29 Nov 24

Latest version

TQ3A.230605.012.2023061402

Primary Language

C

Size

1,126 KB

Stars

1,305

Forks

97

Watchers

1,305

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Daniel Micay (23 Oct 24)

    update outdated branch in README

  • Daniel Micay (12 Oct 24)

    remove trailing whitespace

  • Daniel Micay (12 Oct 24)

    preserve PROT_MTE when releasing memory

  • Daniel Micay (12 Oct 24)

    use wrapper for calling memory_map_mte

  • Daniel Micay (12 Oct 24)

    reuse code for memory_map_mte This drops the separate error message since that doesn't seem useful.

  • Daniel Micay (12 Oct 24)

    reduce probability hint for is_memtag_enabled

  • Daniel Micay (09 Oct 24)

    remove redundant warning switches for Android Android already enables -Wall and -Wextra in the global soong build settings.

  • Julien Voisin (03 Oct 24)

    Fix -Wimplicit-function-declaration error with gcc 14. ``` malloc_info.c: In function 'leak_memory': malloc_info.c:12:12: error: implicit declaration of function 'malloc' [-Wimplicit-function-declaration] 12 | (void)!malloc(1024 * 1024 * 1024); | ^~~~~~ malloc_info.c:10:1: note: include '<stdlib.h>' or provide a declaration of 'malloc' 9 | #include "../util.h" +++ |+#include <stdlib.h> 10 | malloc_info.c:12:12: warning: incompatible implicit declaration of built-in function 'malloc' [-Wbuiltin-declaration-mismatch] 12 | (void)!malloc(1024 * 1024 * 1024); | ^~~~~~ ``` Taken from https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/72971/ Co-authored-by: @mio

  • maade93791 (09 Sept 24)

    android: use more basic CPU target for memtag This is required for hardened_malloc to work in microdroid on MTE-enabled devices (currently, 8th and 9th generation Pixels) since PVMFW only supports ARMv8 cores. https://android.googlesource.com/platform/packages/modules/Virtualization/+/refs/tags/android-15.0.0_r1/pvmfw/platform.dts#100

  • Daniel Micay (05 Aug 24)

    update libdivide to 5.1

  • Daniel Micay (15 Feb 24)

    update copyright notice

  • Dmitry Muhomor (23 Jan 24)

    mte: use tag 0 for freed slots, stop reserving tag 15

  • Dmitry Muhomor (23 Jan 24)

    amend memory tagging README section Memory tagging is enabled by default in bionic, but can be disabled at any point. Memory tagging can't be re-enabled after it's disabled.

  • Dmitry Muhomor (23 Jan 24)

    memtag_test: add test for MADV_DONTNEED behavior

  • Dmitry Muhomor (23 Jan 24)

    mte: remove util.h dependency from arm_mte.h It's needed for including arm_mte.h into memtag_test.cc

  • Dmitry Muhomor (23 Jan 24)

    memtag_test: move SEGV code checks to device-side binary

  • Daniel Micay (03 Jan 24)

    remove trailing whitespace

  • Julien Voisin (03 Jan 24)

    Improve a bit the formulation of the MTE documentation

  • Daniel Micay (03 Jan 24)

    update memory tagging documentation

  • Dmitry Muhomor (31 Dec 23)

    android: restore the default SIGABRT handler in fatal_error() async_safe_fatal() calls abort() at the end, which can be intercepted by a custom SIGABRT handler. In particular, crashlytics installs such a handler and tries to fork() after catching SIGABRT. hardened_malloc uses pthread_atfork() to register fork handlers. These handlers try to lock internal hardened_malloc mutexes. If at least one of those mutexes is already locked, which is usually the case, thread that called fatai_error() gets deadlocked, while the other threads (if there are any) continue to run.

  • Christian Göttsche (14 Dec 23)

    README: add note about AppArmor constraint on Debian

  • jvoisin (16 Nov 23)

    Clarify a bit why a particular magic number was chosen

  • Daniel Micay (14 Nov 23)

    Revert "use safe_flag for -fstack-clash-protection" This reverts commit 4171bd164e2ec4cf2546daa2b0f6f95af0d782df.

  • Daniel Micay (08 Nov 23)

    use safe_flag for -fstack-clash-protection

  • jvoisin (05 Nov 23)

    Run the testsuite on multiple compiler versions

  • Dmitry Muhomor (01 Nov 23)

    memtag_test: fix sporadic failures of overflow/underflow tests

  • Daniel Micay (30 Oct 23)

    update README now that MTE is implemented

  • Dmitry Muhomor (30 Oct 23)

    mte: add scudo to CREDITS file

  • Dmitry Muhomor (30 Oct 23)

    mte: add untag_pointer() variant for const pointers

  • Dmitry Muhomor (30 Oct 23)

    mte: update comment about skipped tag array update in deallocate_small()

GrapheneOS Website

Website

GrapheneOS: the private and secure mobile OS

GrapheneOS is a security and privacy focused mobile OS with Android app compatibility.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address 51.222.156.101
  • Hostname 0.grapheneos.org
  • Location Montreal, Quebec, Canada, NA
  • ISP OVH Hosting Inc.
  • ASN AS16276

Associated Countries

  • CA
  • US

Saftey Score

Website marked as safe

100%

Blacklist Check

grapheneos.org was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

GrapheneOS Reviews

More Mobile Operating Systems

  • CalyxOS is an free and open source Android mobile operating system that puts privacy and security into the hands of everyday users. Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal. Also currently only supports Pixel devices and Xiaomi Mi A2 with Fairphone 4, OnePlus 8T, OnePlus 9 test builds available. Developed by the Calyx Foundation.

  • DivestOS is a vastly diverged unofficial more secure and private soft fork of LineageOS. DivestOS primary goal is prolonging the life-span of discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible. Project is developed and maintained solely by Tad (SkewedZeppelin) since 2014.

  • A free and open-source operating system for various devices, based on the Android mobile platform - Lineage is light-weight, well maintained, supports a wide range of devices, and comes bundled with Privacy Guard.

About the Data: GrapheneOS

API

You can access GrapheneOS's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/operating-systems/mobile-operating-systems/grapheneos

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share GrapheneOS

Help your friends compare Mobile Operating Systems, and pick privacy-respecting software and services.
Share GrapheneOS and Awesome Privacy with your network!

View Mobile Operating Systems (4)