simplify sandboxed Play services explanation

This commit is contained in:
Daniel Micay 2021-08-02 07:40:29 -04:00
parent 91892426b7
commit 25690a63ad

View File

@ -681,14 +681,12 @@
com.android.vending (Google Play Store), com.google.android.gms (Google Play
services), com.google.android.gsf (Google Services Framework) as regular sandboxed
apps in a specific profile. These receive no special privileges and the OS itself
doesn't include any of the usual integration to make use of them itself to provide
services offered by the OS. They run as unprivileged, sandboxed apps like any
others and GrapheneOS implements shims to make them work without the many
privileged permissions and SELinux policy extensions these apps usually
require. Only apps within the same profile can use it. Even within the same
profile, apps not explicitly choosing to use Google services won't use them
because the OS doesn't integrate support for it or use it as the backend for APIs
in the OS like the stock OS.</p>
doesn't use them for anything. They run as unprivileged, sandboxed apps like any
others. GrapheneOS simply provides shims teaching them how to run without any of
the special privileged permissions and SELinux policy they depend on having. Even
within the same profile, apps not explicitly choosing to use Google services won't
use them because the OS doesn't integrate support for it or use it as the backend
for APIs in the OS like the stock OS.</p>
<p>You should install all 3 apps including the Play Store rather than only Play
services or there will be missing functionality. Play Store is not simply a user