drop base system apk_data_file restrictions

2023-01-24 20:44:40 -05:00 · 2023-01-24 20:44:40 -05:00 · 25cc619955
commit 25cc619955
parent 316d62db46
1 changed files with 1 additions and 0 deletions
--- a/static/releases.html
+++ b/static/releases.html
@ -692,6 +692,7 @@
                        <li>Apps: update to <a href="https://github.com/GrapheneOS/Apps/releases/tag/13">version 13</a></li>
                        <li>add GrapheneOS fs-verity public key as a supported key</li>
                        <li>require fs-verity for system app updates</li>
+                        <li>SELinux policy: drop base OS apk_data_file restrictions to avoid blocking out-of-band updates to system apps providing native libraries such as Vanadium since we're going to be taking the approach of enforcing fs-verity for system app updates as a complete approach to proper verified boot enforcement for every read of data from out-of-band system component updates instead of only disallowing some forms of out-of-band updates</li>
                        <li>Vanadium: update Chromium base to 109.0.5414.118</li>
                    </ul>
                </article>