• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[ROM][Unofficial][10.0][microG][signed]hardened LineageOS 17.1 Oneplus 7T Pro

Search This thread
Is Volte an Wifi Calling supported in this rom? If yes, how do i enable it? Or do i have to go back to stock rom to enable it there?
Thy for any reply to help.
As far as I can see it (I took over the LineageOS device config and blobs, no changes, except for removing the Softer/Ifaa bloatware), this is not supported.
 

RayfG

Senior Member
Jan 28, 2016
469
120
outa space
I did read that Lineageos 17.1 supports Wifi-calling and Volte. But I do not know if Lineage with microG
supports it. That would be a great thing to have, but nevertheless I am not able to install a stock rom under Linux after this rom to enable Wifi Call and volte and come back to lineageos. :-(
 

RayfG

Senior Member
Jan 28, 2016
469
120
outa space
@MSe1969
Thank you very much again for support.
I went back to original software and used the toolkit to enable vowofi and VoLte.
Went great. After that, i had problems to get Lineageos installed. But after several tries, and probs I made it. But as you said, there is no VoLTE or Wificalling possible. Under Lineageos 18.1 it is there and works. I did not test a different version, because i have to do the whole process again, to downgrade to lineageos 17.1
My question, if there is the possibility to implement it in this version or into perhaps in a lineageos 18.1 microG that would be great. I feel very unconvinient with using another kind of Software.
Thy, Ray
 

bestouff

Senior Member
Mar 9, 2014
67
20
Grenoble
Hi guys,
Since 2 releases I have a problem with my phone where - sometimes - when I plug it to a PC or charger the battery icon shows it charges, but there's no text on the lockscreen that says "charge complete in ... minutes" and the phone doesn''t charge.
If I reboot the phone it charges normally.
I'm a bit too lazy to reinstall the stock ROM to check if it's a hardware problem, so I first wanted to know if anyone of you had already seen this ?
 
@MSe1969
Thank you very much again for support.
I went back to original software and used the toolkit to enable vowofi and VoLte.
Went great. After that, i had problems to get Lineageos installed. But after several tries, and probs I made it. But as you said, there is no VoLTE or Wificalling possible. Under Lineageos 18.1 it is there and works. I did not test a different version, because i have to do the whole process again, to downgrade to lineageos 17.1
My question, if there is the possibility to implement it in this version or into perhaps in a lineageos 18.1 microG that would be great. I feel very unconvinient with using another kind of Software.
Thy, Ray
FYI: I'll provide a test build with 18.1 soon, after providing the next regular ASB update with 17.1.
I have a question, as you played around with 18.1 already: When you flashed 18.1, did you upgrade the firmware before as explained here?
Or did you simply flash 18.1 on your current firmware?

And - as the unofficial TWRP for the 7T Pro does not work, did you do any backup (e.g. with Seedvault or simply adb) and how did the restore work?
 
Hi guys,
Since 2 releases I have a problem with my phone where - sometimes - when I plug it to a PC or charger the battery icon shows it charges, but there's no text on the lockscreen that says "charge complete in ... minutes" and the phone doesn''t charge.
If I reboot the phone it charges normally.
I'm a bit too lazy to reinstall the stock ROM to check if it's a hardware problem, so I first wanted to know if anyone of you had already seen this ?
Haven't observed this on my phone, yet ...
 

RayfG

Senior Member
Jan 28, 2016
469
120
outa space
FYI: I'll provide a test build with 18.1 soon, after providing the next regular ASB update with 17.1.
I have a question, as you played around with 18.1 already: When you flashed 18.1, did you upgrade the firmware before as explained here?
Or did you simply flash 18.1 on your current firmware?

And - as the unofficial TWRP for the 7T Pro does not work, did you do any backup (e.g. with Seedvault or simply adb) and how did the restore work?
Yes I did that whole program up and down......Several times and as explained in "here". There is a second version i think by manonofrio doing nearly the same in a slighly different way. Tried both.....Seedvault is a mess. I did a backup and copied it to my local Computer, but a local restore is not supported except via usb and writing down so many words for that (and keep them) is bull......t. My understandig for safety is a little bit different than that. But i have no solution on board for that. Nevertheless, i have my own server and stored and restored all my data there and from there. And a backup is foolish simple. I did not use a twrp. There is no working solution for that. And oos is no way for me.
Too much spyware.... Thank u very much for beeing interested in my tries. Greetz, Ray
*PS I got a change in the support of blabla Overseas Comunication and brasilia and severeal different LTE support, but they did not work at last. The Danish, German, Uk and others did not work for me. I Have 1913 version but no match at all. .-)
 

bestouff

Senior Member
Mar 9, 2014
67
20
Grenoble
FYI: I'll provide a test build with 18.1 soon, after providing the next regular ASB update with 17.1.
I have a question, as you played around with 18.1 already: When you flashed 18.1, did you upgrade the firmware before as explained here?
Or did you simply flash 18.1 on your current firmware?

And - as the unofficial TWRP for the 7T Pro does not work, did you do any backup (e.g. with Seedvault or simply adb) and how did the restore work?
FWIW when I was using LOS I did a 18.1 update without updating the firmware and did not observe any bad behavior.

I'm interested in a working step-by-step backup/restore solution though.
 
  • Like
Reactions: MSe1969

RayfG

Senior Member
Jan 28, 2016
469
120
outa space
My last report wasn t precise enough as I read thrue once more.
1. I Installed the european version of oos 10 with msm download tool.
2. I tried to get Volte an wifi-calling enabled by following this Thread:
after having no success i upgraded via systemupdate to 00S 11 and made the steps for volte and Vowifi again.
3. After no success i downgraded via OnePlus7TProOxygen_13.W.09_OTA_009_all_2010191130_downgrade_1b8916cc052246f1.zip back too Android 10.
4. I flashed all available versions up and down more that 15 times with manual firmware upgrades and so on.
No chance to get Volte and Vowifi working under 02.
5. I installed lineageos 18.1 microG after manual firmware upgrade to see if volte and Vowifi work out of the box and it worked flawless but no Volte and Vowifi for me.
6. After that i went back to OOS11, downgraded to OOS 10 again and after that i reinstalled LOS 17.1 microG hardened again.
Thats it.
 
  • Like
Reactions: MSe1969
My last report wasn t precise enough as I read thrue once more.
1. I Installed the european version of oos 10 with msm download tool.
2. I tried to get Volte an wifi-calling enabled by following this Thread:
after having no success i upgraded via systemupdate to 00S 11 and made the steps for volte and Vowifi again.
3. After no success i downgraded via OnePlus7TProOxygen_13.W.09_OTA_009_all_2010191130_downgrade_1b8916cc052246f1.zip back too Android 10.
4. I flashed all available versions up and down more that 15 times with manual firmware upgrades and so on.
No chance to get Volte and Vowifi working under 02.
5. I installed lineageos 18.1 microG after manual firmware upgrade to see if volte and Vowifi work out of the box and it worked flawless but no Volte and Vowifi for me.
6. After that i went back to OOS11, downgraded to OOS 10 again and after that i reinstalled LOS 17.1 microG hardened again.
Thats it.
Thanks for the details. Two questions:
Where did you find the older Stock ROM for the downgrade? I can get only the latest EU Android 11. I normally in fact only would like to upgrade my device once, but in case J need to go back...
And second: You mentioned it is quite trivial to backup/restore ("foolish simple"). How do you manage to access/overwrite the /data partition for the restore, which can't be done, when the main OS is up&running...? Or did I misunderstand you and you were more or less complaining, how the backup topic could be messed up so badly?
 

RayfG

Senior Member
Jan 28, 2016
469
120
outa space
Thanks for the details. Two questions:
Where did you find the older Stock ROM for the downgrade? I can get only the latest EU Android 11. I normally in fact only would like to upgrade my device once, but in case J need to go back...
And second: You mentioned it is quite trivial to backup/restore ("foolish simple"). How do you manage to access/overwrite the /data partition for the restore, which can't be done, when the main OS is up&running...? Or did I misunderstand you and you were more or less complaining, how the backup topic could be messed up so badly?
Ok, First answer:
Second, I have all my contacts, photos, videos, calendar and other relevant data on my Diskstation.
By installing the Diskstation apps, all my data is there. I do not need a complete Data section backup as others do.
Seedvault only stores several apps not all of them, so it is useless.
Hope this helped.
Greetz, Ray
 
  • Like
Reactions: MSe1969
  • Like
Reactions: bestouff and RayfG
@MSe1969
Great update and great to hear that the support for Lineage is going on with 18.1
Hopefully Volte und Wificalling is supported by Lineageos 18.1
Looking forward to upgrade.
Thy
Hello @RayfG and @bestouff - in my efforts to try out LineageOS 18.1, I am struggling at some point and would like to take advantage of your experiences in regards to having played around with 18.1 / Android 11 already:

As the hotdog is my daily driver and there is no fully working TWRP offering a comfortable nandroid backup*, I am reluctant to format my /data partition, yet. However - dirty-flashing for upgrade seems not to work, different from the LineageOS docu.
When I try to, the boot animation is simply extremely slow and lasts forever, so I force-stop with fastboot HW keys (after 15 min), set the 2nd slot active again via fastbot and I am back in my working 17.1 system.

The only work-assumption I have is, that for whatever reason, 18.1 can't decrypt the data partition.
Do you have an opinion or any experience on that? Any feedback appreciated!

I'll meanwhile carefully prepare for a data partition formatting...

_________________
* As of TWRP, I have tried mauronofrio's 3.4 and Systemad's 3.5 - both allow to access the /data partition in recovery mode, but both fail to create a backup - at least a possibility to partially backup+restore app folders in /data/data ...
 

RayfG

Senior Member
Jan 28, 2016
469
120
outa space
Hello @RayfG and @bestouff - in my efforts to try out LineageOS 18.1, I am struggling at some point and would like to take advantage of your experiences in regards to having played around with 18.1 / Android 11 already:

As the hotdog is my daily driver and there is no fully working TWRP offering a comfortable nandroid backup*, I am reluctant to format my /data partition, yet. However - dirty-flashing for upgrade seems not to work, different from the LineageOS docu.
When I try to, the boot animation is simply extremely slow and lasts forever, so I force-stop with fastboot HW keys (after 15 min), set the 2nd slot active again via fastbot and I am back in my working 17.1 system.

The only work-assumption I have is, that for whatever reason, 18.1 can't decrypt the data partition.
Do you have an opinion or any experience on that? Any feedback appreciated!

I'll meanwhile carefully prepare for a data partition formatting...

_________________
* As of TWRP, I have tried mauronofrio's 3.4 and Systemad's 3.5 - both allow to access the /data partition in recovery mode, but both fail to create a backup - at least a possibility to partially backup+restore app folders in /data/data ...
Hi, mate.
I tried the same way to update via dirty flash first time and i stucked into the same lame boot animation sequence.
After that i made a clean flash with first back toOOS 10, then upgrade to OOS 11 for the newes firmware and vendor stuff. Then I went for installing lineageos 18.1 as how it is stated in lineagos 18.1 flash instructions. That went smooth and i was on lineageos 18.1 without probs. As I read thrue the twrp installation process, I think it is evident to root your phone for mauronofrios twrp.otherwise no function for decrypt..... But maybe i am wrong with that.
Greetz and hopefully you get thrue. Thank u,
Ray
 
  • Like
Reactions: MSe1969
Hi, mate.
I tried the same way to update via dirty flash first time and i stucked into the same lame boot animation sequence.
After that i made a clean flash with first back toOOS 10, then upgrade to OOS 11 for the newes firmware and vendor stuff. Then I went for installing lineageos 18.1 as how it is stated in lineagos 18.1 flash instructions. That went smooth and i was on lineageos 18.1 without probs. As I read thrue the twrp installation process, I think it is evident to root your phone for mauronofrios twrp.otherwise no function for decrypt..... But maybe i am wrong with that.
Greetz and hopefully you get thrue. Thank u,
Ray
Thanks for confirming my assumption - ok, that means I will have to format my /data partition *yikes* !
Yes, regarding TWRP, the only way to be able to access the /data partition in recovery mode is one of the two unofficial TWRP's, which I have linked in my last post.

The way I see it, mauronofrio's 3.4.x TWRP allows to mount/decrypt /data and also offers MTP support, but I would not dare to do anything more with it (as said, backup miserably fails and flashing on an a/b device with a TWRP code base not being able to deal with that isn't ideal), and the linked 3.5. TWRP (important: tag 1.1 only) seems to be "almost" fully functional, except for nandroid backups and MTP support (the newer 1.2 version can't even decrypt, but maybe that is the one to use after having upgraded to Android 11...?)

So in regards to a "backup", I'll follow the below approach:
- Luckily, most apps I can simply re-install, and that's it (plus sometimes, re-logon)
- Contact data I have a synch solution in place with DavX5
- Signal has an own backup/restore solution
- Many apps store their relevant data on Internal memory, so a backup/restore of the Internal memory will do the trick (which however is crucial, as the Internal memory will be gone after formatting /data)
- However, for some apps, I really need to get their app data restored, which are located under /data/data/<java name of the app>
- So I'll make a list of those apps

And here, I will do the following and keep you updated, what worked (could be interesting also for you, @bestouff ):
1. An ordinary copy of the Internal Memory to my PC (as a fall back)
2. adb backup -apk -obb -shared -system
3. adb backup -f <file> -apk -obb <packages...> for each single package, I am interested in
4. adb pull -a /data/data/<package> in recovery mode
5. WiFi data is located under /data/misc/wifi and Bluetooth under /data/misc/bluedroid

Maybe any of you have a further idea on how to come close to a proper backup?
 

RayfG

Senior Member
Jan 28, 2016
469
120
outa space
When i came to that position to make a decision to wipe all my data, i asked myself the question, if it 's possible
to install all the programs first (after a fresh install) and then copy the former copied from the old version (to a hdd) android /data over the fresh data installation. normally all the data should be there..... But i was to faggy to try this..... :cool:
 
When i came to that position to make a decision to wipe all my data, i asked myself the question, if it 's possible
to install all the programs first (after a fresh install) and then copy the former copied from the old version (to a hdd) android /data over the fresh data installation. normally all the data should be there..... But i was to faggy to try this..... :cool:
OK, I am now on LineageOS 18.1, finally.

Here my test build and an adapted 18.1 recovery (the linked recovery in the OP does its job, too):

Indeed, seems it's necessary to format the /data partition, as 18.1 cannot decrypt 17.1 and vice-versa.
Btw, none of the unofficial TWRP is able to decrypt either in 18.1.

So as for restoring the data, I did the following - due to the lack of a working TWRP:

BACKUP
- Made a list of all my apps, also with 'backup categories' (from n/a to crucial to preserve app data)
- Made a contingency plan on how to work-around loosing app data (manual setup, or e.g. registering a 2nd device to be able to re-register my primary device from the secondary device, if needed for specific web service, etc.)
- Copy "Internal Memory" (the 'visible part' when connecting the phone via USB), obviously
- Made an "adb backup -apk -obb -shared -all -system"
- For those apps, where I knew it's really difficult w/o the app data, I also worked with "adb pull /data/data/<java appname>" in root mode

RESTORE
Despite the docu telling differently, "adb restore" would only partially restore the app data, no shared internal memory and no apk files. Hence this is my restore procedure, finally:
- Install all my noted apps (but did not start them)
- Restore (shared) internal memory
- 'adb restore'
- Check all apps and do the manual setup, where possible
- I had some crucial apps, where I had to write back the app data via 'adb push' (in root mode) and afterwards re-do the permissions and ownerships; luckily, most of them worked again like a charm

Next steps:
- Work on the kernel (sec. patches)
- Fine-tune some nitty-critty stuff

Feedback to the test build welcome!
 
  • Like
Reactions: molekular

RayfG

Senior Member
Jan 28, 2016
469
120
outa space
OK, I am now on LineageOS 18.1, finally.

Here my test build and an adapted 18.1 recovery (the linked recovery in the OP does its job, too):

Indeed, seems it's necessary to format the /data partition, as 18.1 cannot decrypt 17.1 and vice-versa.
Btw, none of the unofficial TWRP is able to decrypt either in 18.1.

So as for restoring the data, I did the following - due to the lack of a working TWRP:

BACKUP
- Made a list of all my apps, also with 'backup categories' (from n/a to crucial to preserve app data)
- Made a contingency plan on how to work-around loosing app data (manual setup, or e.g. registering a 2nd device to be able to re-register my primary device from the secondary device, if needed for specific web service, etc.)
- Copy "Internal Memory" (the 'visible part' when connecting the phone via USB), obviously
- Made an "adb backup -apk -obb -shared -all -system"
- For those apps, where I knew it's really difficult w/o the app data, I also worked with "adb pull /data/data/<java appname>" in root mode

RESTORE
Despite the docu telling differently, "adb restore" would only partially restore the app data, no shared internal memory and no apk files. Hence this is my restore procedure, finally:
- Install all my noted apps (but did not start them)
- Restore (shared) internal memory
- 'adb restore'
- Check all apps and do the manual setup, where possible
- I had some crucial apps, where I had to write back the app data via 'adb push' (in root mode) and afterwards re-do the permissions and ownerships; luckily, most of them worked again like a charm

Next steps:
- Work on the kernel (sec. patches)
- Fine-tune some nitty-critty stuff

Feedback to the test build welcome!
Wow, You're fast as a shark.
One Question,
did you update to OOS 11 new firmware first,or did you leave the "old" firmware on the phone?
I'll try the stuff today, but first I have to get volte and vowifi running.
 

RayfG

Senior Member
Jan 28, 2016
469
120
outa space
@MSe1969
Hi, Mate. Recovery is not working for me. If i flash it via fastboot i stay in bootloader mode (can't enter recovery). If i install 17.1 recovery, everything is well.
I could update to 18.11 with old recovery from 17.1
My device is a native a HD1913
The installation changed my device to HD 1917....
Weird.... Apart from that, all works. I have Volte an Vowifi symobols but it does not work. I got it to work before under 00s 10.
Ok, I went for DOTos (Android 11) after that. That changed my device back to HD 1913.
Under DOTos Volte und Wifi calling works (Vanilla without gapps)..... I dont know why it works there and not under Lineageos...
Went back to 17.1
"EDIT" Got it to work now (vowifi and Volte) under Lineageos 17.1. That's great. And it will work hopefully under Lineageos 18.1
" 2nd EDIT" After 2 Hours lost vowifi and volte after restart....:-(
 
Last edited:
  • Like
Reactions: MSe1969

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Thank you very much for your advice. I'll wait for your version then. The other way is with a high efford, i think.
    And of cause i do not want things go wrong. Did you upgrade firmware to oos 11 before, or did you stay on android 10 firmware?
    Thy for reply.
    I have upgraded the firmware, to be on the safe side. And here is the promised 'test build' - for me, all seems to be ok, "ready to go" - feedback welcome:
    • Sec. string 2021-09-05
    • Applied many kernel patches on top of the official LineageOS kernel
    • Vendor blobs and device config updated to latest LineageOS changes
    • Fixed some minor bugs, which I have noticed during my own testing
    Cheers, M.

    P.S.: sourceforge has a very annoying "feature" to make uploaded stuff only available with a certain delay (normally between 10 and 30 minutes, in exceptional cases even more than an hour - don't know why), so if the link does not immediately work, be patient...
    1
    Many thanks for your outstanding work. I have problems to install Lineageos. Not the install, but if it is installed, the device is not recognized by my System. Unable to open device for local copies etc.
    How did you upgrade to firmware OOS 11? Did you fastboot flash like stated by mauronofrio or did you go back to OOS 10 via Flashtool and upgrade to OOS 11? Thank you, Greetz,
    Ray

    "EDIT" Think I solved it. I am testing. Report later...
    1
    I have updated my firmware following the LineageOS documentation as indicated before and I recommend to do it this way, which means no flashing of OOS and no messing around with unofficial TWRP versions:
    • Get latest OOS (I used the Oxygen updater app for the download, as advised in the LineageOS wiki, but I found later this XDA thread, which in fact might be the better alternative)
    • Used payload-dumper-go app to extract the partitions to my PC, again as advised by LineageOS docu
    • Went into 'fastbootd' mode in Lineage Recovery (Advanced - Enter fastboot); the LineageOS docu says, that this cannot be substituted by reboot to bootloader
    • fastboot flash --slot=all <partition name> <partition>.img - see LineageOS docu
    It seems that my 17.1 recovery might be better suited, at least I have that impression.
    I worked mostly with my 18.1 recovery, but sometimes, I had to re-do the flashing and manually set the active slot via fastboot in order to get it working. I experienced at least two times a situation, where I ended up in an infinite, but normal speed boot animation.
    Here are my first impressions.
    I updatetd via going back to android 10 and update by updater. I have done it twice, so all went well after the second approach. I used the lineageos recovery 18.1 from your download. All good after second try, I did not sideload copy-partition, because i had problems the first attemp that part of system were unreadable.
    Lineageos 18.1 works fluently. I have Volte and Vowifi sometimes. after #*#*4636#*#* and enable the first slider "mobile strenght" it is there. but no Volte or vowifi sign in notificationbar. I miss the advanced restart menu, It is vanished since update....:-( . But....Outstanding work, as I said before, I stay to the 18.1 version if no problems occur. Very smooth, I like it!
    1
    Backup / restore for an upgrade
    For an upgrade from 17.1 to 18.1, the /data partition needs to be formatted and there is no working TWRP to do a 'nandroid' backup.
    The unofficial TWRP builds for this device are reported unreliable in regards to backup/restore in Android 10 and aren't able to decrypt Android 11. So for a backup/restore, I have worked with the following approach - by far not perfect, but workable:
    1. If you don't use a contacts server (e.g. via DavX5), you can simply export your contacts into a file on your Internal Memory
    2. Go through the list of your installed apps and identify the ones, where you really need the data restored (many apps do not store anything on the device, except for app specific settings).
    3. Many apps offer an own backup/restore solution (e.g. Signal) - simply make sure you trigger a recent backup
    4. Many apps store their data into a dedicated (public) directory on the Internal Memory, other apps store their data their dedicated directory under the Android folder in the Internal Memory
    5. However - some apps only store their data internally under /data/data/<appname>
    6. Have a "Plan B" handy, if you end up not being able to restore the specific data - take your time and make a list, so you don't regret later... (Don't forget browser favorites and such things)
    7. In any case, backup the complete shared Internal Memory to your PC, as this will be gone, when /data partition is formatted!
    8. Create a backup using adb backup (in fact, this is what Seedvault does, so you can also consider Seedvault). Be aware, that this method often does not work, as app developers may decide not to support 'adb backup' and if an app has set flags, that 'adb backup' should not be supported, then it won't work.
    9. If you can't manually restore all the needed WiFi access data, save the file /data/misc/wifi/WifiConfigStore.xml on your device (you need an 'adb root' session for that). You can't restore the file directly, but it contains the WiFi ac cess data to allow you to manually restore the connections
    10. For those apps, where you have no other choice than relying on their internal data (e.g. those apps having an own database), pull the repective /data/data/<appname> contents via 'adb pull' to your PC.
    11. To restore, follow the below sequence:
      - Restore the shared Internal Memory
      - Re-install the apps (but don't launch them, yet)
      - do an 'adb restore'
      - perform the app-specific restores offered by the individual apps
      - Manually restore the internal app data, where necessary (adb push into /data/data/<appname>), don't forget to restore permissions and ownership
    If you have any detail questions, please feel free to ask, I'll try to answer. Unfortunately, this is far from being easy, but that's how it is...
  • 12
    This thread is dedicated to provide hardened Lineage-OS 17.1 builds with microG included for the OnePlus 7T Pro (hotdog) with current security patches.

    Features of this ROM
    Download here
    • Pre-installed microG and F-Droid like LineageOS for microG project (own fork)
    • Pre-installed AuroraStore
    • OTA Support
    • eSpeakTTS engine
    • Bromite as default browser
    • Additional security hardening features listed below:
    • Cloudflare as default DNS (instead of Google)
    • Privacy-preferred default settings
    • Optional blocking of Facebook- and Google-Tracking (Settings - Network & Internet)
    • Optional disable captive portal detection or choose from various providers (default is GrapheneOS and not Google; Settings - Network & Internet)
    • Firewall UI (under Trust)
    • Increased max. password length of 64
    • No submission of IMSI/phone number to Google when GPS is in use
    • Default hosts file with many blocked ad/tracking sites
    • Privacy-enhanced Bromite SystemWebView
    • Extra control of sensor access for additionally installed user apps (Special access under app permissions)
    • Kernel kept up to date with ASB patches of Google kernel/common 'android-4.14-q-release' branch
    • Debloated from Oneplus blobs for Soter and IFAA
    • Hardened bionic lib and constified JNI method tables


    Current release levels
    Security string: 2021-10-01
    AOSP tag: 10.0.0_r41
    Bromite System Webview: M93


    Source-code and build instructions
    Kernel: https://github.com/lin17-microg/android_kernel_oneplus_sm8150/tree/lin-17.1-mse
    Build manifest: https://github.com/lin17-microg/local_manifests/tree/lin-17.1-hmalloc


    Installation Instructions

    YOU ARE RESPONSIBLE SOLELY YOURSELF FOR ANY ACTIONS YOU DO WITH YOUR DEVICE !!!

    Please note - I won't explain any single aspect (e.g. how to install 'fastboot' on your PC or troubleshoot USB connectivity issues under Windows). Search the net and consult the search engine of your choice or look here in XDA, there is plenty of information available.

    Pre-Requisites
    • Have fastboot and adb installed on your PC and make sure, you can connect via USB to your device in fastboot mode and via adb
    • An unlocked bootloader (see e.g. LineageOS install instructions)
    • If you come from Stock ROM, make sure to upgrade your device to the latest offered software version
    • Know, how to boot into fastboot mode (with powered off device press [Power]+[Vol.down]+[Vol.up])

    Please read carefully:
    I refer in general to the LineageOS install instructions, but there are some deviations!
    It is recommended to really go through the instructions once, before doing anything. You have been warned.


    Install the dedicated Lineage recovery for this ROM
    For the Oneplus 7T Pro (hotdog), there is currently no official TWRP available! The unofficial TWRP did not work for me.
    Please download the specific Lineage revocery for this build. It has been built using this ROM's signing key, because the official Lineage recovery did not work either for me (the official Lineage recovery works with the official build, this one works for this specific build).
    Flash this specific recovery with the below commands:
    Code:
    fastboot flash recovery_a lineage-17.1-20210118-recovery-microG-signed-hotdog.img
    fastboot flash recovery_b lineage-17.1-20210118-recovery-microG-signed-hotdog.img
    Reboot now into recovery from fastboot (follow the menu options) - DO NOT boot into your OS yet.

    If you come from Stock ROM, sideload the "copy partitions" script referred and described in the LineageOS install instructions.
    Please note, that you may get error messages stating
    Partition product_b dd: /dev/block/dm-1: write error: No space left on device
    Partition vendor_b dd: /dev/block/dm-2: write error: No space left on device
    You can ignore those, as long as it is product or vendor.

    Continue as described in the LineageOS installation instructions with formatting /data and sideloading the ROM ZIP.
    It is normal, that you observe at 47% progress a longer break, followed by a step 1/2 and finally 2/2 before a success message appears.

    DO NOT flash Gapps!
    This ROM comes with pre-installed microG. So don't attempt to flash Gapps.


    Update Instructions

    This ROM offers OTA updates through the Updater app. Therefore, normally, no further activities necessary.
    You can however also manually update the ROM by sideloading a newer version of this ROM via recovery.
    IMPORTANT:
    If you would like to manually update by sideloading the ROM, you need to first flash the linked recovery image (see install instructions) again via fastboot! Recovery is always updated when flashing a new ROM version, and that updated recovery can't sideload this ROM version. Don't ask me, why. I will have to find out, how to solve that issue.


    Frequently asked Questions

    1. AuroraStore
    I bundle AuroraStore with my build, but I am in no way associated with its development. The first place to look for support is the AuroraStore XDA thread and its excellent FAQ Section. Nevertheless, I would like to answer some frequently asked questions in conjunction to my ROM:

    Q: AuroraStore offers an update to "Google play services" - I thought your ROM is "Google-free"?
    A: The bundled microG application spoofs the existence of Google play services. This is a necessary part of microG's design. In AuroraStore, please add the Play Services to the ignore list. You won't be able to "update" them anyhow, but better do not even try to do so!

    Q: I can't connect, Aurora claims "no network" - but I can normally use my browser and other apps to connect to the internet.
    A: If the "iptables block script" of my ROM is active, try to deactivating and immediately after re-activating it.
    If that does not help or you don't use the iptables block script of tis ROM, you may try to force-close the app or logoff/logon again. However, the Aurora support thread will be your primary point to look at!


    2. Google/Facebook iptables blocking
    Q: How does the Google/Facebook blocking work?
    A: Via the 'iptables'/'ip6tables' functionality of the Linux layer of Android, the ip4/ip6 address range of Google and Facebook is blocked on a per app base (in fact, it is generally blocked, but some apps on an internal exception list are still allowed to connect). This means, that apps (or spyware components thereof) cannot send/receive data to/from Google/Facebook. Btw, certain connections to X-mode and Palantir are also blocked, but I am not sure, whether this is enough - any qualified information to improve this are very welcome!

    Q: I like this Google/Facebook blocking approach, but my favourite <xyz> app needs to be able to connect to Google/Facebook. Can you please add this app to your exception list?
    A: Please read this comprehensive information. In short: If you have a trustworthy FOSS project aiming at connecting to Google/Facebook via Webview as 'mobile browser' with (almost) no permissions or you have a tracker-free app to connect to a proprietary service, which simply is hosted on a Google webspace, I am happy to discuss this, but I will definitely not allow any "Playstore top ten genuine spyware app".

    Q: Which apps are on your exception list?
    A: see here

    Q: But if Google is blocked for almost every app, can I still get push messages?
    A: Yes, you can! Push messages are routed and controlled through the microG functionality, which stil can connect to Google.


    3. etc/hosts ad blocking
    Q: What is the etc/hosts ad-blocking and how does it work?
    A: I deliver a monthly-updated /system/etc/hosts file from the AdAway app which lists a comprehensive selection of known ad/spyware addresses. Any attempt to connect to those sites is redirected to the local OS, so a positive connection is reported, but no content is transmitted. (See linked explanation).

    Q: Which anti-tracker lists do you use?
    A: The same defaulted by the AdAway app, plus in addition Microsoft's 'Hockey Stick' stuff.

    4. Firewall UI
    Q: What is the Firewall UI and how does it work?
    A: Under Settings - Data privacy - Trust, you'll find a list of all installed apps (optionally, you can also show the shipped system apps), which lets you control - per app - whether the app can connect via WiFi, Mobile data or VPN. In fact, you can in any LineageOS individually control this in the app details (Settings), this option simply gives you a comprehensive view for all apps.

    Q: How do I use it? What are the typical use-cases:
    A: It of course depends on your specific requirement, but below some very typical use-cases:
    a. Disallow internet access completely (uncheck WiFi, mobile data and VPN)
    This might be useful for an app, which does not need internet access to work, but uses internet access to e.g. nag you with ad-crap (some games on the play store, for example)
    b. Make sure, that an app only uses WiFi (in order to avoid costs when using mobile data) - uncheck mobile data
    c. Make sure, that an app only has internet, when connected via VPN - uncheck WiFi and mobile data

    5. Privacy features / data privacy of this ROM
    Q: Does this ROM protect my privacy by design/default?
    A: First of all, you will never get any "auto-protection" without having to take care, what you do!
    What this ROM provides to you in addition to an "official" LineageOS:
    • This ROM comes with microG, to avoid the necessity of having to flash the Google apps, with the "mother of all spyware" called Google Play services. So many apps with that dependency would still work, either fully, or with their core-functionality, but without "extra Google convenience" features.
    • You can optionally block Google/Facbebook connections, which can add a further protecion layer (see the specific FAQ section about that feature)
    • Many nasty ad-servers, which are embedded into shady apps or websites are blocked by default
    • Some hardening measures known from the GrapheneOS project have been added
    HOWEVER - just some examples, how you can easily screw up any privacy gain (this list is by far not even near to comprehensive):
    • You still CAN install all kinds of shady apps and use privacy-ignoring services. If you e.g. install the genuine Facebook or Instagram app, the majority of your private data on your phone will be immediately uploaded to Facebook servers, as those apps even refuse to start, if you do not grant all the sensitive permissions! (Note: Yes, afterwards, when your data has already been stolen, you can revoke those permissions again. And yes, Whatsapp seems maybe 'slightly' better in this regard, but if you really believe, that WA isn't fully integrated into the FB ecosystem, you must be living on another planet).
    • If you use the Microsoft Outlook app to connect to any "non-Microsoft" e-mail provider, your logon credentials to that other mail provider are stored on Microsoft servers factually allowing Microsoft to steal your identity. Using Microsoft e-mail services or GMail discloses all your e-mails to automated scanning for "suspicious activities"; this has nothing to do with your phone, but outlines, how you can void even the most secure device by making use of privacy-ignoring services.
    • Making use of Genuine Google-apps with microG also isn't a good idea - make use of alternatives.
    • Any app, which you install on your device, could misuse its needed privileges! So try to stick to FOSS apps.
    • And last, but not least, if you are a 'dissident' or fear otherwise any targeted or comprehensive surveillance, this ROM isn't for you either...



    Dealing with signed builds
    Please note, that this builds is signed with an own key. When you come from a different build, you cannot directly "dirty-flash" this build. You have to perform a "clean flash".


    Bug reports:
    If you have a problem, please create a post with these informations:
    Original Kernel shipped with this rom:
    Build Date:
    And try to get log as described here
    Please note that I can't and won't support issues with builds using a different kernel or Xposed.
    In regards to microG, I will try my best to help when it is related to this ROM (I use it myself), but any questions of the type "the YXZ-app can't do <some sort of fancy xyz Google functionality> properly" are better asked in the respective microG forums.

    Credits
    AOSP project
    LineageOS project
    microG project
    Graphene OS project
    csagan5 (Bromite)
    WhyOrean (Aurora)
    SkewedZeppelin (Kernel patches)
    5
    Change log

    2021-10-12 - FINAL build

    • Security String 2021-10-01
    • Bromite System Webview and Browser updated to 93.0.4577.83

    2021-09-10
    • ASB Security string 2021-09-05
    • microG 0.2.22.212658-2

    2021-08-07
    • ASB Security string 2021-08-05
    • Bromite System Webview and Browser updated to 92.0.4515.134
    • F-Droid updated to 1.13
    • Fix in WiFi randomization

    2021-07-10
    • ASB Security string 2021-07-05
    • Bromite System Webview and Browser updated to 91.0.4472.146
    • microG 0.2.21.212158-2
    • Kernel: Many sec. patches applied (taken from Divest-OS)
    • AuroraStore 4.0.7

    2021-06-13
    • ASB Security string 2021-06-05
    • Bromite System Webview and Browser updated to 91.0.4472.102
    • microG 0.2.19211515-9
    • Kernel WLAN driver (qcacld-3.0) patched to include mitigations against "Frag" vuln.

    2021-05-10
    • ASB Security string 2021-05-05
    • Bromite System Webview and Browser updated to 90.0.4430.204
    • Upstreamed microG (no new version)
    • Update: AuroraServices 1.1.1

    2021-04-10
    • ASB Security string 2021-04-01
    • Bromite System Webview and Browser updated to 90.0.4430.59
    • F-Droid updated to 1.12
    • Update: AuroraStore 4.0.4 with AuroraServices 1.1.0

    2021-03-08
    • Security string 2021-03-05
    • Kernel slightly patched
    • Bromite System Webview updated to 88.0.4324.207
    • Bromite Browser updated to 88.0.4324.207
    • F-Droid 1.11
    • microG 0.2.18.204714

    2021-02-05
    • Security string 2021-02-05
    • Kernel slightly patched
    • Bromite System webview updated to 88.0.4324.141
    • Bromite Browser updated to 88.0.4324.141
    • F-Droid 1.10-alpha-234
    • microG 0.2.17.204714-5
    2021-01-22 - Initial build
    • Security string 2020-01-05
    • Pre-installed microG (0.2.16.204713-10) and F-Droid like the LineageOS for microG project (own fork)
    • Pre-installed AuroraStore
    • Bromite as default browser (87.0.4280.106)
    • eSpeak TTS engine (FOSS TTS solution)
    • Additional security hardening features listed below:
    • Cloudflare as default DNS (instead of Google)
    • Privacy-preferred default settings
    • Optional blocking of Facebook- and Google-Tracking (Settings - Network & Internet)
    • Optional disable captive portal detection or choose from various providers (default is GrapheneOS and not Google; Settings - Network & Internet)
    • Firewall UI (under Trust)
    • Increased max. password length of 64
    • No submission of IMSI/phone number to Google when GPS is in use
    • Default hosts file with many blocked ad/tracking sites
    • Privacy-enhanced Bromite SystemWebView (87.0.4280.131)
    • Extra control of sensor access for additionally installed user apps (Special access under app permissions)
    • Constified JNI method tables and hardened bionic lib
    5
    Security Hardening Features - Details

    1. Pre-installed microG and F-Droid

    same as the LineageOS for microG project

    2. Pre-installed AuroraStore
    works w/o having to enable the "unknown sources feature"

    3. Extra control of sensor access for additionally installed user apps
    Special access under app permissions

    4. Cloudflare (instead of Google) default DNS
    Cloudflare DNS has a better privacy policy than Google Public DNS and has DNS-over-TLS and DNS-over-HTTPS. In the deafult DNS settings (as fallback) and network diagnostics, the Cloudflare DNS adresses 1.1.1.1 and 1.0.0.1 are specified as defaults (instead of Google's 8.8.8.8 and 8.8.4.4)

    5. Privacy-preferred default settings
    When newly installed, the below settings are defaulted, different from standard LineageOS 17.1 (all settings can be changed at any time later):
    • Anonymous LineageOS statistics disabled (proposal during Setup)
    • The standard browsing app does not get the location runtime permission automatically assigned
    • Sensitive information is hidden on the lock screen
    • Camera app: Location tagging disabled by default
    Further, when a lock screen protection is set (PIN, pattern, password), the Nfc, Hotspot and airplane mode tiles require authentication and cannot be set without

    6. Optional blocking of Facebook- and Google-Tracking
    Settings => Network & Internet (scroll down)
    When activated, all outgoing connection attempts to Facebook servers will be suppressed.
    Same applies to Google, but certain apps on an internal exception list will still be able to connect (AuroraStore, microG, or e.g. NewPipe, if installed)

    7. Optional disable captive portal detection and to select Captive portal server URL provider
    Settings => Network & Internet (scroll down)
    When deactivated, the system will not ping a specific Google server any longer when establishing a WiFi connection to determine, whether a captive portal is being used. Further, the captive portal URL provider can be set (default is GrapheneOS and not Google; Settings - Network & Internet)

    8. No submission of IMSI or phone number to Google when GPS is in use
    GPS also works fine, if no SIM card is present, so there obviously is no benefit for the phone holder (different from other involved parties :rolleyes:) to provide this data . . .

    9. Default hosts file with many blocked ad/tracking sites
    The system's hosts file redirects a comprehensive list of URLs known to be adware, tracking, etc. to 127.0.0.1 (ipv4) and ::1 (ipv6)

    10. Privacy-enhanced Bromite SystemWebView
    Instead of the default Chromium System Webview component, the Bromite SystemWebView is used offering more privacy, more ad blocking and less Google tracking.

    11. Bromite as shipped Browser
    A chromium based browser with many privacy features.

    12. Firewall UI
    Settings => Privacy - Firewall
    Lists all apps and allows to restrict Internet access per app in regards to WiFi, mobile network or VPN
    This per-app feature is a standard feature in LineageOS, but the UI to show all apps is an Extra (taken from a topic in LineageOS's Gerrit - it may, or may not, become part of the official LineageOS one day)

    13. Maximum password length increased to 64
    4
    Thank you for your support here. Everything works very fine. Last but not least i need root access for the rom.
    is it too late now for root because all is set up now or can i root the phone after all this? If yes, can you point me to the correct img or what ever and explane how to root.
    Sorry for getting on your nerves....
    If I may offer my step-by-step guide to root a fresh installation. I am not so sure whether that works in Linux (so I keep an old computer with Windows for this purpose). You won't lose any data or customization.

    1. You need to extract the boot.img from the rom you are using.
    You can find many guides for payloading a boot image, essentially you have to:
    - Install python for windows, and extract the payload dumper tool into that python folder.
    - Change into the python installation folder.
    - Unpack the rom and copy the payload.bin file into the python folder.
    - Open a command prompt in that folder, use these two commands to install dependencies and extract the payload.bin file:
    # python -m pip install -r requirements.txt
    # python payload_dumper.py payload.bin
    - In the python folder there is a subfolder called "output", in this you will find the extracted boot.img.

    2. Patch the boot.img.
    - Download and install the latest MagiskManager, and change the channel to "beta".
    - Copy the boot.img file to your device (e.g. via adb).
    - In MagiskManager chose "Magisk - install - chose file and patch", chose your boot.img, this will put a magisk_patched.img in your Download-folder on the device.

    3. Root your phone.
    - Copy the magisk_patched.img to your computer.
    - Open a command prompt and reboot your device to bootloader.
    - Type:
    # fastboot boot magisk_patched.img
    - Your phone will reboot after that and is rooted.
    - Don't forget the last step: In Magisk Manager chose "direct install" - this will flash the boot.img and gain permanent root.

    -------------------------------------------

    @MSe1969 - I hope you don't mind me posting this here. I could also remove it if you think it is off-topic for this rom.