Enabling Call Screening.

ashley05

There have been a handful of claims in the six months from various people that phone app and call screening "just worked." including from at least one reliable source. The general user base has not been able to reproduce it.

hemlockiv

ashley05 Curious. Do you have any links to any of those claims (like the "reliable" one)? I'm still doubtful but would like to see what they said. I do wonder whether they mean the features actually worked during a call, or if they just saw the settings for the features appear, like I have.

chenxiaolong If I remember correctly, the gmscompat layer blocks privileged apps from talking to the unprivileged Google Play Services by default. Code changes are needed to allow that communication.

Thanks for explaining. This seems like the final nail in the coffin, then.. That IPC would be necessary for all those fancy pixel features - call screen, hold for me, call transcription, everything. Unless the GOS devs carve out an optional hardening compatibility setting to unblock it (seems unlikely) then there's zero chance of any of that stuff working.

half_emote993

hemlockiv https://youtu.be/gDR6V5OdnYg?t=481

hemlockiv

hemlockiv

chenxiaolong only works if the CAPTURE_AUDIO_OUTPUT privileged permission is granted.

chenxiaolong If I remember correctly, the gmscompat layer blocks privileged apps from talking to the unprivileged Google Play Services by default. Code changes are needed to allow that communication.

Thanks for explaining. This seems like the final nail in the coffin, then.. That IPC would be necessary for all those fancy pixel feature

Not so fast!! I tried granting Google Dialer the permissions android.permission.CAPTURE_AUDIO_OUTPUT from an elevated shell, and it worked.

Hold For Me and Direct My Call WORKED.

ashley05

half_emote993
yes, this is one of the examples

Don't third party call recording applicaitons work on GraphineOS? Does google phone app use a differet method to access call audio for screening?

ashley05

hemlockiv
did you use a rooted branch of Graphene OS to change the dialer permissions, or did you do this in ADB or something else accessible on standard Graphene OS ?

Where I was last stuck was that the coreAI models never downloaded. Was this part of your problem too?

hemlockiv

ashley05 Yeah, I said from an elevated shell, so basically yeah it requires a debug/root build, which is REALLY not recommended to use for a day-to-day device. I just wanted to test if it would work, and surprisingly it does! I hope maybe the GOS devs will consider making this privilege user-grantable. But yeah normal ADB doesn't have the privileges for it unfortunately.

I actually uninstalled aicore and it still works, so I don't think that app is actually necessary.

ashley05

hemlockiv
Interesting.
My prefernce was to self-sign a rooted graphine os so I was the only one with the signing key. But I would need to automate the upgrade process to run on a encrypted tamper-proof server at my house.

I had a really hard time getting rooted graphine OS loaded and locked. Most attempts failed and then every once in a while I succed and I can't figure out why it works those times. Self-signed I only got it loaded and re-locked once.

Anyway, I'd try this. I really want it working. I wish we could get this in the "specal apps to load" like android auto in a future version.

Call screening is the only hting really holding me up from switching. And also, not knowing if I can access all files for backup.

hemlockiv

Fyi, the danger of rooting isn't that the encryption key could be swiped, but rather that rooting opens up massive, massive attack surfaces for any code to gain kernel-level privileges. I'm not here to scold you, though (there are other ppl here who will do that), just warning you that the benefits of root access should be VERY carefully weighed, and you should aim to lock down access as much as possible and treat every app as untrustworthy.

Anyway. Self-signing OTAs is a perfectly valid thing to want to do regardless of root status, and it shouldn't be causing problems. Check out chenxiaolong/avbroot.

I still don't know how to get specifically Call Screen working, tho.

ashley05 I wish we could get this in the "specal apps to load" like android auto in a future version.

Then upvote this issue: https://github.com/GrapheneOS/os-issue-tracker/issues/7128

ashley05

hemlockiv
Yes, I am aware of the risk of Root, but there are reasons that have no other solution which is why I want it. I do not want to grant root access to any application, but be able to use it for the few things that GOS doesn't have a method of doing. For example granding permissions to applications; being able to backup any file on the phone - example is that the google phone app on pixel does record calls now, but doesn't have a metohd for copying the call recording files. The files are protected from all access inculding from the provided file manager.

But I don't want to trust 'just anyone' to automate a signing and publishing script for rooted GOS that runs on github (with keys acecssable to microsoft and the FBI). I want it running on a either my own encrypted laptop or an on-sit [encrypted] tamper proof server that I own.

hemlockiv

ashley05 I completely understand. Fyi, Avbroot is just a method for self-signing update/OTA packages easily; you still run it on your hardware and use your own signing keys.

ashley05

hemlockiv
I know. I used avbroot a few months ago when I tried to get this working. While I could follow the directions to add root (magisk) and sign the package, I had a really hard time getting it loaded onto the pixel without either some part of the update process showing errors, or it just not working (corrupt) after locking with my signing key. I did get it to work once, but could not get it to work again even though I thought I was doing the same thing. but I do know that I got a self-signed rooted GOS to load at least once. I was doing this on Windows. I guess I would then need to move the working process to an autamoted linux script, possbly upload the update files to a web server, and set up the auto update module on magisk.

I wish someone just made a docker that does it all-in-one. But I lost interestet in doing projects like this. So I just wish GOS provided an optional security bypass for overiding settings (e.g. not rooting applications, but like root permissions adb for overriding settings in a way that requirde actually thinking before doing)

« Previous Page