This is the Official Jaguar rom for Leo, which is based on AOSP with some flavors from Slim and Dirtyunicorn plus a bunch of features only this rom has, such as a working camera button. . The rom was originally made for Xperia Z1 Honami in August 2015, then extended to Z1c and now to Z2/Z3/Z3c. The rom has been downloaded thousands times and enjoyed great success. I hope the trend will continue with Jaguar for Leo.
Why LP, as opposed to MM and Nougat? Several reasons. The main one is Sony's unfriendliness to development community. Camera sucks, because Sony wouldn't provide proper blobs. Also, MM brings very few features, as opposed to LP. MM is still in alpha, but is already being abandoned by developers in favor of Nougat. Nougat will never work for Z1/Z2/Z3, because Sony wants you to buy a newer device. And finally, all LP roms, except Jaguar, have been abandoned by their developers since November 2015. CM still publishes nightly LP, but they have abandoned CM 12.1 kernel, meaning, they haven't incorporated about 800 security patches from Google and Code Aurora in LP kernel. Another reason - I take changes from Android Gerrit Master Branch, Code Aurora, Google Security Bulletins and 3.10, 3.18 and 4.x kernels. Enough reasons for you?
The main difference from other roms is the emphasis on security and multiple features. With that in mind , let's see what Jaguar has to offer:
1. Hardened Kernel, modified M5; hardened rom built with HYPERTOOL 5.4
2. All ciphers enabled in kernel instead of just a few
3. Hardened/Fortified Bionic and Libs
4. Fstack protection strong to resist buffer overflows
5. Many System apps and processes are made read-only, to reduce elevation of privilege
6. Selinux replaced with Tomoyo Security, Yam security
7. Disc encryption, keymaster to 256 bit AES instead of 128
8. Latest TWRP with working brightness and ability to decrypt Data (Coming Soon)
9. Random number generation mixed hardware/software, as recommended by Linus Torwalds
10. Options to randomize host on every boot
11. Option to have a separate password for lock screen and boot
12. Qualcomm's Time Services disabled due to leaking on early boot (set time to automatic to get it from your carrier)
13. WIFI Background Scanning disabled to prevent leaking
14. Internet disabled for both WIFI and Data until Afwall is set and activiated (Afwall included in download, install as regular app)
15. The phone is VOLTE ready and you have all network options available in Cell menu (not just LTE/WCDMA/GSM)
16. GRsecurity features, such as Sidechannel implemented
17. Some Pax Security Features
18. Option to deny USB connection: denied always; denied when locked; and allowed always
19. Hardened webview with Google and other "interesting" IPs removed
20. Prevention of bruteforcing screen pin: the phone will reboot upon 3 unsuccessful attempts
21. Perfect_Event_Paranoid ported from Grsecurity: now third party apps can't use other apps including system to elevate privileges
22. Camera hardware button works to focus, take pictures and start video recording
23. Option to disable writing to Tombstones (a lot of private info is dumped there if there is a crash)
24. Option to disable continuing writing of logcat
25. Option to disable device cameras: back; front, both or none
26. Option to disable third party apps to access clipboard
27. Always latest Google Security Patches
28. Always latest Code Aurora Security Patches
29. Changes ported directly from Google Android Gerrit, so most of those in MM and even N are in this rom
30. About 80% of kernel changes are ported into Jaguar kernel from 3.10 and 3.18 (not Sony AOSP 3.10 that has Down Syndrome, but Linux/Google/Code Aurora one)
31. Rom is odexed to significantly increase boot speed (under 30 seconds) and application start
32. Many more security features ported from Linux and Copperhead OS
33. Dns Crypt: a feature allowing to choose among many Dns providers (all encrypted)
34. Seccomp: secure computing enabled in kernel
Other features include: Layers Theme Engine; Native Call Recording with interface integrated in Dialer with no restrictions; Privacy Guard; Native Wakelock Blocker; Native Black List; Global Menu; Slim Recents; Traffic Indicators; Advanced Reboot; Slim Pie; CPU Info on Screen; Ram Bar in Recents; Open Source Supeuser included and integrated in Settings; True Offline Charging with Screen Off; Kernel Adiutor included (unzip and install as a normal app) and integrated in Settings plus more
Things users need to know to have smooth experience:. These are not bugs, but rather an explanation of some features
1. If you want to do data encryption, keep in mind that unlike Android, Jaguar uses 256 bit encryption. If you were encrypted on other roms, you won't be able to decrypt. So, wipe encryption and then re-encrypt on Jaguar. Also, keep in mind that if you ever did factory reset on official TWRP 3+ for honami, your data partition is screwed and have to be resized to enable encryption. This has nothing to do with the rom, but rather with the official TWRP itself. Fastboot my unofficial TWRP 3.0.2, (it is coming for Xperia Z3c, which, by the way has working brightness, as well as ability to decrypt and mount data
2. Jaguar contains a script running on early boot, which cuts the internet access to both WIFI and Data until Afwall is running. This is done to prevent leaking, as well as having all your internet traffic routed through some interesting number of servers, including this IP: 26.147.196.22. So, install Afwall and activate it, otherwise, no Internet for you
3. If your system language is different from English and you want to make changes in Phone/Cell Network settings, switch to English first, make the changes and then return to your language. The changes you made will hold. If you try to make the changes in your language, you will have com.android.phone crash. Localization takes time and is virtually impossible to implement in Jaguar, which is a one-person-rom
4. Sony TimeKeep, which is ported from MM/N, now sets the correct time on reboot without the Internet or GSM signal. All you need to do is set it once and TimeKeep will save/recalculate/restore the same on each reboot
5. GAPPS: if you use them, you need to flash them right after the rom (or each update) and before reboot. Flashing after reboot will result in multiple f/c
6. Due to Volte implementation, you might be required to flash LP or MM stock baseband (only if you have no 2g/3g signal)
7. Helpful fastboot commands: for flashing TWRP: fastboot flash recovery recovery.img
for flashing kernel: fastboot flash boot boot.img
Download: All updates and change logs are in Post #3
Instructions:
1. Be on LP at least, have TWRP, unlocked bootloader and root
2. In TWRP, wipe data/factory reset, then wipe System/Data/Cache/Dalvik
3. Flash the rom
4. Reboot, install Afwall and Kernel Adiutor as normal apps; activate Afwall to have Internet
5. Enjoy the rom, say thank you, donate or do both
Warning: If your device and/or anyone in the immediate vicinity dies, don't blame me: it is all China and Russia's fault.
Credit: CM, AOSP, Slimroms, DU, Copperhead OS, Myself5 (kernel)
UPDATED KERNEL SOURCE: https://forum.xda-developers.com/devdb/project/dl/?id=23107 . Don't flash. This is not kernel, but rather sources to compile kernel
Kernel Source: https://github.com/AOSP-Jaguar/kernel_sony_msm8974
XDA:DevDB Information
JAGUAR LEO OFFICIAL HARDENED, ROM for the Sony Xperia Z3
Contributors
optimumpro
ROM OS Version: 5.1.x Lollipop
ROM Kernel: Linux 3.4.x
ROM Firmware Required: Unlocked Bootloader
Based On: AOSP,CM,SLIM,DU
Version Information
Status: Stable
Stable Release Date: 2016-10-18
Created 2016-10-18
Last Updated 2017-02-09
Why LP, as opposed to MM and Nougat? Several reasons. The main one is Sony's unfriendliness to development community. Camera sucks, because Sony wouldn't provide proper blobs. Also, MM brings very few features, as opposed to LP. MM is still in alpha, but is already being abandoned by developers in favor of Nougat. Nougat will never work for Z1/Z2/Z3, because Sony wants you to buy a newer device. And finally, all LP roms, except Jaguar, have been abandoned by their developers since November 2015. CM still publishes nightly LP, but they have abandoned CM 12.1 kernel, meaning, they haven't incorporated about 800 security patches from Google and Code Aurora in LP kernel. Another reason - I take changes from Android Gerrit Master Branch, Code Aurora, Google Security Bulletins and 3.10, 3.18 and 4.x kernels. Enough reasons for you?
The main difference from other roms is the emphasis on security and multiple features. With that in mind , let's see what Jaguar has to offer:
1. Hardened Kernel, modified M5; hardened rom built with HYPERTOOL 5.4
2. All ciphers enabled in kernel instead of just a few
3. Hardened/Fortified Bionic and Libs
4. Fstack protection strong to resist buffer overflows
5. Many System apps and processes are made read-only, to reduce elevation of privilege
6. Selinux replaced with Tomoyo Security, Yam security
7. Disc encryption, keymaster to 256 bit AES instead of 128
8. Latest TWRP with working brightness and ability to decrypt Data (Coming Soon)
9. Random number generation mixed hardware/software, as recommended by Linus Torwalds
10. Options to randomize host on every boot
11. Option to have a separate password for lock screen and boot
12. Qualcomm's Time Services disabled due to leaking on early boot (set time to automatic to get it from your carrier)
13. WIFI Background Scanning disabled to prevent leaking
14. Internet disabled for both WIFI and Data until Afwall is set and activiated (Afwall included in download, install as regular app)
15. The phone is VOLTE ready and you have all network options available in Cell menu (not just LTE/WCDMA/GSM)
16. GRsecurity features, such as Sidechannel implemented
17. Some Pax Security Features
18. Option to deny USB connection: denied always; denied when locked; and allowed always
19. Hardened webview with Google and other "interesting" IPs removed
20. Prevention of bruteforcing screen pin: the phone will reboot upon 3 unsuccessful attempts
21. Perfect_Event_Paranoid ported from Grsecurity: now third party apps can't use other apps including system to elevate privileges
22. Camera hardware button works to focus, take pictures and start video recording
23. Option to disable writing to Tombstones (a lot of private info is dumped there if there is a crash)
24. Option to disable continuing writing of logcat
25. Option to disable device cameras: back; front, both or none
26. Option to disable third party apps to access clipboard
27. Always latest Google Security Patches
28. Always latest Code Aurora Security Patches
29. Changes ported directly from Google Android Gerrit, so most of those in MM and even N are in this rom
30. About 80% of kernel changes are ported into Jaguar kernel from 3.10 and 3.18 (not Sony AOSP 3.10 that has Down Syndrome, but Linux/Google/Code Aurora one)
31. Rom is odexed to significantly increase boot speed (under 30 seconds) and application start
32. Many more security features ported from Linux and Copperhead OS
33. Dns Crypt: a feature allowing to choose among many Dns providers (all encrypted)
34. Seccomp: secure computing enabled in kernel
Other features include: Layers Theme Engine; Native Call Recording with interface integrated in Dialer with no restrictions; Privacy Guard; Native Wakelock Blocker; Native Black List; Global Menu; Slim Recents; Traffic Indicators; Advanced Reboot; Slim Pie; CPU Info on Screen; Ram Bar in Recents; Open Source Supeuser included and integrated in Settings; True Offline Charging with Screen Off; Kernel Adiutor included (unzip and install as a normal app) and integrated in Settings plus more
Things users need to know to have smooth experience:. These are not bugs, but rather an explanation of some features
1. If you want to do data encryption, keep in mind that unlike Android, Jaguar uses 256 bit encryption. If you were encrypted on other roms, you won't be able to decrypt. So, wipe encryption and then re-encrypt on Jaguar. Also, keep in mind that if you ever did factory reset on official TWRP 3+ for honami, your data partition is screwed and have to be resized to enable encryption. This has nothing to do with the rom, but rather with the official TWRP itself. Fastboot my unofficial TWRP 3.0.2, (it is coming for Xperia Z3c, which, by the way has working brightness, as well as ability to decrypt and mount data
2. Jaguar contains a script running on early boot, which cuts the internet access to both WIFI and Data until Afwall is running. This is done to prevent leaking, as well as having all your internet traffic routed through some interesting number of servers, including this IP: 26.147.196.22. So, install Afwall and activate it, otherwise, no Internet for you
3. If your system language is different from English and you want to make changes in Phone/Cell Network settings, switch to English first, make the changes and then return to your language. The changes you made will hold. If you try to make the changes in your language, you will have com.android.phone crash. Localization takes time and is virtually impossible to implement in Jaguar, which is a one-person-rom
4. Sony TimeKeep, which is ported from MM/N, now sets the correct time on reboot without the Internet or GSM signal. All you need to do is set it once and TimeKeep will save/recalculate/restore the same on each reboot
5. GAPPS: if you use them, you need to flash them right after the rom (or each update) and before reboot. Flashing after reboot will result in multiple f/c
6. Due to Volte implementation, you might be required to flash LP or MM stock baseband (only if you have no 2g/3g signal)
7. Helpful fastboot commands: for flashing TWRP: fastboot flash recovery recovery.img
for flashing kernel: fastboot flash boot boot.img
Download: All updates and change logs are in Post #3
Instructions:
1. Be on LP at least, have TWRP, unlocked bootloader and root
2. In TWRP, wipe data/factory reset, then wipe System/Data/Cache/Dalvik
3. Flash the rom
4. Reboot, install Afwall and Kernel Adiutor as normal apps; activate Afwall to have Internet
5. Enjoy the rom, say thank you, donate or do both
Warning: If your device and/or anyone in the immediate vicinity dies, don't blame me: it is all China and Russia's fault.
Credit: CM, AOSP, Slimroms, DU, Copperhead OS, Myself5 (kernel)
UPDATED KERNEL SOURCE: https://forum.xda-developers.com/devdb/project/dl/?id=23107 . Don't flash. This is not kernel, but rather sources to compile kernel
Kernel Source: https://github.com/AOSP-Jaguar/kernel_sony_msm8974
XDA:DevDB Information
JAGUAR LEO OFFICIAL HARDENED, ROM for the Sony Xperia Z3
Contributors
optimumpro
ROM OS Version: 5.1.x Lollipop
ROM Kernel: Linux 3.4.x
ROM Firmware Required: Unlocked Bootloader
Based On: AOSP,CM,SLIM,DU
Version Information
Status: Stable
Stable Release Date: 2016-10-18
Created 2016-10-18
Last Updated 2017-02-09
Last edited:
