security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

split out more complete patching section

Browse Source
This commit is contained in:
Daniel Micay 2022-05-09 14:20:23 -04:00
parent de692238a9
commit 2170c3d112
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
static/features.html
View File

@ -88,6 +88,7 @@
<li> <li>
<a href="#grapheneos">GrapheneOS</a> <a href="#grapheneos">GrapheneOS</a>
<ul> <ul>
<li><a href="#more-complete-patching">More complete patching</a></li>
<li><a href="#disabling-secondary-user-app-installation">Disabling secondary <li><a href="#disabling-secondary-user-app-installation">Disabling secondary
user app installation</a></li> user app installation</a></li>
<li><a href="#user-installed-apps-can-be-disabled">User installed apps <li><a href="#user-installed-apps-can-be-disabled">User installed apps
@ -312,10 +313,27 @@
<li><a href="/usage#sandboxed-play-services">Compatibility layer for coercing <li><a href="/usage#sandboxed-play-services">Compatibility layer for coercing
user installed Google Play services into running as sandboxed apps without any user installed Google Play services into running as sandboxed apps without any
special privileges.</a></li> special privileges.</a></li>
<li>Fixes for multiple serious vulnerabilities not yet fixed upstream due to a
flexible release cycle / process prioritizing security.</li>
</ul> </ul>
<section id="more-complete-patching">
<h3><a href="#more-complete-patching">More complete patching</a></h3>
<p>GrapheneOS includes fixes for many vulnerabilities not yet fixed in
Android. On modern devices with Generic Kernel Image (GKI) support, we the
kernel to the latest stable GKI release many months before the stock OS gets
the update. This means we're shipping hundreds of fixes not included in the
stock OS including many security fixes. We also backport more fixes on top of
this for the kernel and for other components too.</p>
<p>We often new vulnerabilities ourselves and report them upstream. We've
reported dozens of vulnerabilities for both the generic Android codebase and
also for Pixels specifically.</p>
<p>Our overall approach is to focus on systemic privacy and security
improvements but fixing individual vulnerabilities is still very
important.</p>
</section>
<section id="disabling-secondary-user-app-install"> <section id="disabling-secondary-user-app-install">
<h3><a href="#disabling-secondary-user-app-installation">Disabling secondary <h3><a href="#disabling-secondary-user-app-installation">Disabling secondary
user app installation</a></h3> user app installation</a></h3>