From 16d0eda0a628636c35957b2179a4be8428b8c9d1 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Wed, 13 Jul 2022 01:33:22 -0400
Subject: [PATCH] add initial storage access documentation

---
 static/features.html | 16 +++++++++++++
 static/usage.html    | 57 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 73 insertions(+)

diff --git a/static/features.html b/static/features.html
index 5fccc876..1e1d48bf 100644
--- a/static/features.html
+++ b/static/features.html
@@ -106,6 +106,7 @@
                             <li><a href="#sandboxed-google-play">Sandboxed Google Play</a></li>
                             <li><a href="#network-permission-toggle">Network permission toggle</a></li>
                             <li><a href="#sensors-permission-toggle">Sensors permission toggle</a></li>
+                            <li><a href="#storage-scopes">Storage Scopes</a></li>
                             <li><a href="#broad-carrier-support">Broad carrier support without invasive carrier access</a></li>
                             <li><a href="#lte-only-mode">LTE-only mode</a></li>
                             <li><a href="#wifi-privacy">Wi-Fi privacy</a></li>
@@ -471,6 +472,21 @@
                     default.</p>
                 </section>
 
+                <section id="storage-scopes">
+                    <h3><a href="#storage-scopes">Storage Scopes</a></h3>
+
+                    <p>GrapheneOS provides Storage Scopes as a fully compatible alternative to the
+                    standard Android storage permissions. Instead of granting storage permissions,
+                    users can enable Storage Scopes to grant the requested permissions in a highly
+                    restricted mode where the app can create files/directories in the user's home
+                    directory but can only access the files it has created itself. Users can then
+                    optionally add files and directories as storage scopes to permit the app to
+                    access files created by other apps.</p>
+
+                    <p>For more details, see the <a href="/usage#storage-access">usage guide
+                    section on storage access</a>.</p>
+                </section>
+
                 <section id="broad-carrier-support">
                     <h3><a href="#broad-carrier-support">Broad carrier support without invasive carrier access</a></h3>
 
diff --git a/static/usage.html b/static/usage.html
index 9d6470bf..083c8026 100644
--- a/static/usage.html
+++ b/static/usage.html
@@ -64,6 +64,7 @@
                             <li><a href="#3-button-navigation">3-button navigation</a></li>
                         </ul>
                     </li>
+                    <li><a href="#storage-access">Storage access</a></li>
                     <li><a href="#accessibility">Accessibility</a></li>
                     <li><a href="#auditor">Auditor</a></li>
                     <li>
@@ -220,6 +221,62 @@
                 </section>
             </section>
 
+            <section id="storage-access">
+                <h2><a href="#storage-access">Storage access</a></h2>
+
+                <p>GrapheneOS inherits the same baseline approach to storage access as modern
+                Android and extends it with our Storage Scopes feature as a fully compatible
+                alternative to the standard Android storage permissions. This section provides a
+                brief high level overview of the standard approach to storage access primarily to
+                provide context for explaining Storage Scopes.</p>
+
+                <p>By default, Android apps can only access their own sandboxed storage (internal
+                storage) and their own scoped directory within the <code>Android/data</code>
+                directory in the user's home directory (external storage).</p>
+
+                <p>Android apps can open the system file picker interface to have the user store
+                or load one or more files/directories on their behalf. Using this approach gives
+                the user control over where files are stored in their home directory and which
+                files/directories can be used by the app. This is based on the Storage Access
+                Framework (SAF) introduced in Android 4.4. SAF allows the user to grant access to
+                the files/directories in their home directory, external drives and also app-based
+                storage providers such as network shares, cloud storage, an encrypted volume, an
+                external drive with a filesystem the OS doesn't support for external drives, etc.
+                This is the only way to use those app-based storage providers and modern Android
+                has removed the legacy approach for accessing external drives.</p>
+
+                <p>The more traditional approach to accessing files outside of the app's storage
+                directories is requesting storage permissions to obtain broad access to the user's
+                home directory. The traditional Storage permission toggle was renamed to Files and
+                Media for legacy apps and Media for modern apps. For legacy apps, it gives access
+                to most of the user's home directory other than certain special areas. For modern
+                apps, it only gives access to files created by the app and indexed media. Media is
+                indexed if it's in a directory scope without a file called <code>.nomedia</code>.
+                You can see the indexed media collections via the categories for Photos, etc. in
+                the system file manager. These aren't directories themselves but rather all of the
+                indexed media from all directories in the user's home directory. These are not the
+                same thing as the standard top-level directories for Pictures, etc.</p>
+
+                <p>Since the Storage permission became a limited Media permission for apps built
+                for modern Android, a separate "All files access" special access permission was
+                added for file management. As a special access permission, it can't be directly
+                requested via a dialog and is listed in a dedicated section rather than a toggle
+                with the other permissions. This gives full management access to nearly all of the
+                user's home directory.</p>
+
+                <p>The media management special access permission can be granted to apps with the
+                Files and Media / Media permission or All files access in order to grant further
+                access beyond the home directory to media on connected storage devices.</p>
+
+                <p>GrapheneOS provides Storage Scopes as a fully compatible alternative to the
+                standard Android storage permissions. Instead of granting storage permissions,
+                users can enable Storage Scopes to grant the requested permissions in a highly
+                restricted mode where the app can create files/directories in the user's home
+                directory but can only access the files it has created itself. Users can then
+                optionally add files and directories as storage scopes to permit the app to access
+                files created by other apps.</p>
+            </section>
+
             <section id="accessibility">
                 <h2><a href="#accessibility">Accessibility</a></h2>