From f419bef0c447dbb6e2df6f01dcbd8c0c68ef98e5 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sun, 30 Mar 2025 11:27:09 -0400
Subject: [PATCH] make ADD_USERS_WHEN_LOCKED/ENABLE_EPHEMERAL_FEATURE immutable

---
 static/releases.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/static/releases.html b/static/releases.html
index 60539c88..f9dc2d6c 100644
--- a/static/releases.html
+++ b/static/releases.html
@@ -579,7 +579,7 @@
                         <li>fix upstream system_server crash from null pointer exception in F2fsUtils</li>
                         <li>add infrastructure for more restricted access to global and per-user settings instead of allowing all system apps to read them and all privileged systems apps with the WRITE_SECURE_SETTINGS privileged permission to write them</li>
                         <li>further restrict access to all global and per-user settings added by GrapheneOS with our new infrastructure</li>
-                        <li>prevent privileged system apps from writing the standard Android ADD_USERS_WHEN_LOCKED and ENABLE_EPHEMERAL_FEATURE settings we disable each boot for attack surface reduction</li>
+                        <li>make the value of the ADD_USERS_WHEN_LOCKED and ENABLE_EPHEMERAL_FEATURE settings we disable at boot explicitly immutable instead</li>
                         <li>kernel (6.6): update to latest GKI LTS branch revision</li>
                         <li>Vanadium: update to <a href="https://github.com/GrapheneOS/Vanadium/releases/tag/135.0.7049.38.0">version 135.0.7049.38.0</a></li>
                         <li>GmsCompatConfig: update to <a href="https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-155">version 155</a></li>