FORUMS

[ROM][Treble][microG]LineageOS 16.0 for HUAWEI P9

1,099 posts
Thanks Meter: 2,349
 
By MSe1969, Senior Member on 6th April 2020, 02:48 PM
Post Reply Email Thread
This thread is dedicated to provide Lineage-OS 16.0 builds with microG included for the HUAWEI P9 with current security patches.

It is a treble build, therefore it could also work on other devices, but I haven't tested. And yes, the camera works!

Features of this ROM
Download here
  • Pre-installed microG and F-Droid same as the LineageOS for microG project
  • Pre-installed AuroraStore
  • Root included (switch on in dev. settings)
  • Additional security hardening features listed below
  • Access to /proc/net blocked for user apps
  • Bundled netmonitor app to allow network monitoring
  • Enhanced Privacy Guard: Switches for motion sensors and other sensors
  • Cloudflare as default DNS (instead of Google)
  • Privacy-preferred default settings
  • Optional blocking of Facebook- and Google-Tracking
  • Optional disabling of captive portal detection
  • Firewall UI
  • No submission of IMSI/phone number to Google/Sony when GPS is in use
  • Default hosts file with many blocked ad/tracking sites
  • Privacy-enhanced Bromite SystemWebView
  • Additional restrictions for secondary users
  • Increased password length

Current release levels
Security string: 2020-05-01 (* equivalent to 2020-06-01, see this post)
AOSP tag: 9.0.0_r46
Bromite System Webview: M81


Source-code and build instructions
Device config.: https://github.com/lin16-microg/devi...in-16.0-eva-p9
Build manifest: https://github.com/lin16-microg/loca...in-16.0-treble


Installation Instructions

YOU ARE RESPONSIBLE SOLELY YOURSELF FOR ANY ACTIONS YOU DO WITH YOUR DEVICE !!!

Please note - I won't explain any single aspect (e.g. how to install 'fastboot' on your PC or troubleshoot USB connectivity issues under Windows). Search the net and consult the search engine of your choice or look here in XDA, there is plenty of information available.

Pre-Requisites
  • Have fastboot and adb installed on your PC and make sure, you can connect via USB to your device in fastboot mode and via adb
  • An unlocked bootloader
  • EMUI 8.0 firmware

ONLY, If the above pre-requisites are met, download and unpack the linked ZIP file, and flash the .img file via fastboot.
The OpenKirin installation instructions describe this in a very good way, I could not really explain it better (please note, that I have no relation to them, but they are really doing an amazing job!)
Some hints:
  • If you come from an EMUI 8.0 stock ROM or a different treble build, don't forget the factory reset as described.
  • If you update one of my builds from this thread, you don't need to wipe anything
  • On some (but not all) PCs, you may have to run fastboot as Admin (Windows) or root/sudo (Linux)

If the above pre-requisites are NOT met, you will have some extra-rounds to perform, until you get there:
Unlocked Bootloader
Huawei has stopped providing unlock keys, so if you haven't got one, this thread and of course the search-engine of your choice may be helpful. I was lucky enough to obtain an official unlock key on the last day of HUAWEI's unlock page, so I have no experience with the unofficial unlock methods - good luck!

EMUI 8.0 firmware
Get back to Stock ROM, if you use a Custom ROM. On Stock, if not yet done, apply all updates offered to you by the Stock ROM updater, until you are on the latest officially offered Android 7 (Nougat) EMUI 5.x release.
If you are on Android 7 (aka Nougat), please visit this thread, which really explains step-by-step, what needs to be done. Really follow ALL the steps, especially, don't forget at the very end to flash the Stock EMUI recovery!

You need your unlock key handy,during this process the bootloader will be automatically locked several times, so you need the key a couple of times to unlock again!
A hint for Linux users: The HWOTA tool is in fact a windows wrapper around Linux shell scripts, so there is no real need to use Windows, if you have a working Linux installation (however, make sure to replace the 'mkdir' commands in hwota_eng.sh with 'mkdir -p').



Bug reports:
If you have a problem, please create a post with these informations:
Build Date:
And try to get log as described here
Please note that I can't and won't support issues with builds using a different kernel or Xposed.
In regards to microG, I will try my best to help when it is related to this ROM (I use it myself), but any questions of the type "the YXZ-app can't do <some sort of fancy xyz Google functionality> properly" are better asked in the respective microG forums.

Credits
AOSP project
LineageOS project
openkirin.net
phhusson
AndyYan
Tecalote
microG project
Graphene OS project
csagan5 (Bromite)
WhyOrean (Aurora)


XDA:DevDB Information
[ROM][Treble][microG]LineageOS 16.0 for HUAWEI P9, ROM for the Huawei P9

Contributors
MSe1969
Source Code: https://github.com/lin16-microg/devi...in-16.0-eva-p9

ROM OS Version: 9.x Pie
ROM Kernel: Linux 4.x
ROM Firmware Required: EMUI 8 firmware
Based On: LineageOS

Version Information
Status: Testing
Stable Release Date: 2020-05-08

Created 2020-04-06
Last Updated 2020-06-10
The Following 9 Users Say Thank You to MSe1969 For This Useful Post: [ View ] Gift MSe1969 Ad-Free
6th April 2020, 02:48 PM |#2  
MSe1969's Avatar
OP Senior Member
Flag Frankfurt Rhine-Main metropolitan region
Thanks Meter: 2,349
 
More
Change Log
June 04th, 2020
  • The June ASB for Android 9 are already part of the May build, see this post for more info
  • Therefore no separate new build for June (in July, there will be a new build again)

May 08th, 2020
  • Sec. string 2020-05-01
  • Bromite Webview on 81.0.4044.127
  • AuroraStore updated to 3.2.8
  • Fix of bundled 'netmonitor' app not starting

April 12th, 2020
  • Sec. string 2020-04-01
  • Fix for CVE-2020-8597 (external/ppp)

April 6th, 2020
Sec. string 2020-03-01
Initial feature list:
  • Pre-installed microG and F-Droid same as the LineageOS for microG project
  • Pre-installed AuroraStore (Version 3.2.4) with AuroraServices 1.0.5
  • Access to /proc/net blocked for user apps
  • Bundled netmonitor app to allow network monitoring
  • Enhanced Privacy Guard: Switches for motion sensors and other sensors
  • Cloudflare as default DNS (instead of Google)
  • Privacy-preferred default settings
  • Optional blocking of Facebook- and Google-Tracking
  • Optional disable captive portal detection
  • Firewall UI (Settings => Location & Security)
  • No submission of IMSI/IMEI to Google/Sony when GPS is in use
  • Default hosts file with many blocked ad/tracking sites
  • Privacy-enhanced Bromite SystemWebView 81.0.4044.76
  • Additional restrictions for secondary users
  • Increased password length
6th April 2020, 02:48 PM |#3  
MSe1969's Avatar
OP Senior Member
Flag Frankfurt Rhine-Main metropolitan region
Thanks Meter: 2,349
 
More
Additional security features in detail
1. Pre-installed microG and F-Droid
same as the LineageOS for microG project

2. Pre-installed AuroraStore
works w/o having to enable the "unknown sources feature"

3. Restrict access to /proc/net for user apps
An adapted SELinux policy prevents user apps from accessing the /proc/net pseudo file system, which can be misused to monitor and track the phone's internet traffic. For technical backgrounds, see here. For the legitimate use case of the smart phone owner him/herself monitoring the network traffic to see, what the installed apps do, the app Privacy-Friendly Network Monitor has been bundled.

4. Enhanced Privacy Guard - Sensor permission switches
An own sensor template to control access to motion sensors ('ask' mode) and all other sensors (allowed by default, but can be restricted) has been implemented into the Privacy Guard.

5. Cloudflare (instead of Google) default DNS
Cloudflare DNS has a better privacy policy than Google Public DNS and has DNS-over-TLS and DNS-over-HTTPS. In the deafult DNS settings (as fallback) and network diagnostics, the Cloudflare DNS adresses 1.1.1.1 and 1.0.0.1 are specified as defaults (instead of Google's 8.8.8.8 and 8.8.4.4)

6. Privacy-preferred default settings
When newly installed, the below settings are defaulted, different from standard LineageOS 16.0 (all settings can be changed at any time later):
  • Privacy Guard is enabled on install (proposal during Setup)
  • Anonymous LineageOS statistics disabled (proposal during Setup)
  • The standard browsing app does not get the location runtime permission automatically assigned
  • Sensitive information is hidden on the lock screen
  • Camera app: Location tagging disabled by default
Further, when a lock screen protection is set (PIN, pattern, password), the Nfc, Hotspot and airplane mode tiles require authentication and cannot be set without

7. Optional blocking of Facebook- and Google-Tracking
Settings => Network & Internet (scroll down)
When activated, all outgoing connection attempts to Facebook servers will be suppressed.
Same applies to Google, but certain apps on an internal exception list will still be able to connect (AuroraStore, microG, or e.g. NewPipe, if installed)

8. Optional disable captive portal detection
Settings => Network & Internet (scroll down)
When activated, the system will not ping a specific Google server any longer when establishing a WiFi connection to determine, whether a captive portal is being used.

9. No submission of IMSI or phone number to Google/Sony when GPS is in use
GPS also works fine, if no SIM card is present, so there obviously is no benefit for the phone holder (different from other involved parties :rolleyes:) to provide this data . . .

10. Default hosts file with many blocked ad/tracking sites
The system's hosts file redirects a comprehensive list of URLs known to be adware, tracking, etc. to 127.0.0.1 (ipv4) and ::1 (ipv6)

11. Privacy-enhanced Bromite SystemWebView
Instead of the default Chromium System Webview component, the Bromite SystemWebView is used offering more privacy, more ad blocking and less Google tracking.

12. Firewall UI
Settings => Security & Location - Firewall
Lists all apps and allows to restrict Internet access per app in regards to WiFi, mobile network or VPN
This per-app feature is a standard feature in LineageOS, but the UI to show all apps is an Extra (taken from a topic in LineageOS's Gerrit - it may, or may not, become part of the official LineageOS one day)

13. Maximum password length increased to 64

14. Additional restriction options for secondary users
- Disallow app installation option
- Disallow audio recording option
The Following User Says Thank You to MSe1969 For This Useful Post: [ View ] Gift MSe1969 Ad-Free
6th April 2020, 05:07 PM |#4  
MSe1969's Avatar
OP Senior Member
Flag Frankfurt Rhine-Main metropolitan region
Thanks Meter: 2,349
 
More
Further tips & tricks
microG initial configuration after 1st install
After the first installation of this ROM, you need to setup microG.
Please read the instructions given on the LineageOS for microG site, section "Post Install - UnifiedNlp"

Custom Kernel ?
A treble build is usually only a system.img file, and the stock kernel is continued to be used. Hence, the stock kernel is outdated.
If you would like to use a more recent upstreamed kernel with the respective sec. patches, e.g. the ECO Kernel thread might be interesting for you. This is what I personally use, but please keep in mind that I cannot support, all issues should be addressed in that thread!

Reported to also work on other devices than HUAWEI P9 by forum participants
As I don't own those, I can't confirm - nevertheless, I will list them, when it is reported to me.
  • Honor 8


Current Issues (reported by others and/or observed by myself)
Below a list of known issues and/or limitations. If possible, I try to fix those; however - I definitely welcome any hint on how to solve (or even pull requests). Please report anything you observe, while using this ROM.

1. No LineageOS boot animation after input of encryption password at startup
  • Observed by: myself
  • Well, this is nothing of importance to me, so unless somebody points me to a solution, I won't spend time on fixing this
2. Bluetooth issues - confirmed no issue
  • Observed by: other thread participant(s)
  • Issue: No devices found to connect to.
  • I don't have any BT issues with my own device (other than the device initially pairing as "hello!", so you would have to manually change the device name as a one-time activity) - Can't therefore really do anything about it, but wil keep an eye on reports

3. AuroraStore does not find app 'xyz'
In the AuroraStore support thread, this has been also mentioned; it seems that Google is right now altering the search API; the dev is working on it.
Different from a report here in this thread, I was able to search and find many popular apps - the only restriction, which I myself was confronted with, was Netflix. As a work-around, manually download the Netflix apk (older version) from a trustworthy source - the app itself runs fine.

4. Headphone issues (1)
(Physical, no BT) headphone put in headphone jack - solved via work-around
  • Observed by: myself
  • Issue: Testing sound volumes in Settings app => all fine. But playing audio / video files or streams only plays good sound for less than 0,5 seconds, afterwards it seems that only the high frequency sounds (treble) are audible, whilst medium and bass is hardly audible.
  • Work-around: Switch off Audio-FX, when headset plugged in (the cool thing is, Audio-FX remembers this, so it switches off, when headset plugged in and switches on again if head-set unplugged)
5. Headphone issues (2)
(Physical, no BT) headphone put in headphone jack
  • Observed by: other thread participant
  • Issue: Head-phone not recognized, sound continues to be output to speakers - workaround: "Lesser audioswitch" app
  • Could not reproduce this on my own device
6. WiFi Hotspot
  • Observed by: other thread participant and confirmed on my own device
  • Issue: WiFi Hotspot does not work
7. Detailled Battery stats not available
  • Observed by: other thread participant and confirmed on my own device
  • Issue: In Battery usage menu, no detail Battery use (per app) available
The Following User Says Thank You to MSe1969 For This Useful Post: [ View ] Gift MSe1969 Ad-Free
7th April 2020, 06:02 PM |#5  
Senior Member
Thanks Meter: 29
 
More
Works on Honor 8.
I will test the battery life in the coming days.
The Following 2 Users Say Thank You to Sujanth For This Useful Post: [ View ] Gift Sujanth Ad-Free
8th April 2020, 01:39 AM |#6  
Member
Thanks Meter: 35
 
More
this rom passes safety net?
8th April 2020, 07:30 AM |#7  
MSe1969's Avatar
OP Senior Member
Flag Frankfurt Rhine-Main metropolitan region
Thanks Meter: 2,349
 
More
Quote:
Originally Posted by NervReaper

this rom passes safety net?

No - I don't think so, this ROM is Gapps-free.
8th April 2020, 07:53 AM |#8  
Junior Member
Thanks Meter: 0
 
More
it is safe to replace micro-g with opengapps and then install magisk?
8th April 2020, 09:26 AM |#9  
MSe1969's Avatar
OP Senior Member
Flag Frankfurt Rhine-Main metropolitan region
Thanks Meter: 2,349
 
More
Quote:
Originally Posted by rayend322

it is safe to replace micro-g with opengapps and then install magisk?

Feel free to try, that's all I can say.
Not sure however, whether it'll work in regards to Gapps.
How do you want to flash them? There is AFAIK no TWRP available being able to decrypt the Huawei /data partitions ...
Regarding Magisk, where you definitely need to access the /data partition, there is some instruction on openkirin.net how to do that.
But as said, you're on your own when doing so!
11th April 2020, 06:54 AM |#10  
Member
Flag Talca
Thanks Meter: 32
 
More
ROM doesn't route sound to headphones no matter what I do. I tried to force it to switch to headset in phh options and it's still playing sound only on speakers. Also Bluetooth doesn't work, but WLAN and RIL do work.

Stock kernel + stock ramdisk + this ROM
Magisk can be installed by flashing a modified Magisk 18 image that works with B540-02 kernels and then updating it to latest with the manager. But I am not using it for now.

EDIT: Using Lesser Audioswitch from Aurora Store avoids the problem by forcing the audio to be routed manually, but it should work out of the box automatically! Bluetooth still not working.
That aside, good ROM. It is more functional than a generic phh-treble flash and video recording works well. Thanks for your time and effort, this is a good alternative to OpenKirin and ironing out these little issues would make it sweeter. Try looking at other source trees for the necessary device driver definitions

EDIT 2: I misdiagnosed the issue. Bluetooth in fact DOES work, but it has some quirks: The device is initially named 'hello', the BT icon doesn't appear in the status bar and the device must be paired before any transfer, but that seems to be a universal Kirin quirk as well. Further testing pairing, sending, receiving and streaming audio confirm that the BT chip does work but perhaps needs some changes in the Android side.

WLAN, RIL, BT and NFC are all functional.
The Following User Says Thank You to Wattsensi For This Useful Post: [ View ] Gift Wattsensi Ad-Free
11th April 2020, 09:05 AM |#11  
MSe1969's Avatar
OP Senior Member
Flag Frankfurt Rhine-Main metropolitan region
Thanks Meter: 2,349
 
More
Quote:
Originally Posted by Wattsensi

ROM doesn't route sound to headphones no matter what I do. I tried to force it to switch to headset in phh options and it's still playing sound only on speakers. Also Bluetooth doesn't work, but WLAN and RIL do work.

Stock kernel + stock ramdisk + this ROM
Magisk can be installed by flashing a modified Magisk 18 image that works with B540-02 kernels and then updating it to latest with the manager. But I am not using it for now.

EDIT: Using Lesser Audioswitch from Aurora Store avoids the problem by forcing the audio to be routed manually, but it should work out of the box automatically! Bluetooth still not working.
That aside, good ROM. It is more functional than a generic phh-treble flash and video recording works well. Thanks for your time and effort, this is a good alternative to OpenKirin and ironing out these little issues would make it sweeter. Try looking at other source trees for the necessary device driver definitions

Thanks for the comprehensive feedback and the in general positive rating. On my P9, headphones work out of the box - but indeed, the headphone sound isn't that good, will try to have a look here.
Bluetooth works fine as well on my device - haven't tested however after latest tweak for a different area not related to BT. Will test again later today.
Are you using a different device than the P9 maybe?
What is the BT issue exactly on your device?
EDIT: BT works w/o issues, just tested again.
The Following User Says Thank You to MSe1969 For This Useful Post: [ View ] Gift MSe1969 Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes