From b24dc9f1e28613aa487804c77638cf3270142cfc Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sun, 30 Mar 2025 10:28:53 -0400
Subject: [PATCH] protect ADD_USERS_WHEN_LOCKED and ENABLE_EPHEMERAL_FEATURE
 too

---
 static/releases.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/static/releases.html b/static/releases.html
index 548ab80e..90268824 100644
--- a/static/releases.html
+++ b/static/releases.html
@@ -579,6 +579,7 @@
                         <li>fix upstream system_server crash from null pointer exception in F2fsUtils</li>
                         <li>add infrastructure for more restricted access to global and per-user settings instead of allowing all system apps to read them and all privileged systems apps with the WRITE_SECURE_SETTINGS privileged permission to write them</li>
                         <li>further restrict access to all global and per-user settings added by GrapheneOS with our new infrastructure</li>
+                        <li>prevent privileged system apps from writing the standard Android ADD_USERS_WHEN_LOCKED and ENABLE_EPHEMERAL_FEATURE settings we disable each boot for attack surface reduction</li>
                         <li>Vanadium: update to <a href="https://github.com/GrapheneOS/Vanadium/releases/tag/135.0.7049.38.0">version 135.0.7049.38.0</a></li>
                         <li>GmsCompatConfig: update to <a href="https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-155">version 155</a></li>
                     </ul>