From 25cc619955e6bcf5d42155cfd5656ab615ef1bf7 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Tue, 24 Jan 2023 20:44:40 -0500
Subject: [PATCH] drop base system apk_data_file restrictions

---
 static/releases.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/static/releases.html b/static/releases.html
index 44b9d70f..0dd50e3e 100644
--- a/static/releases.html
+++ b/static/releases.html
@@ -692,6 +692,7 @@
                         <li>Apps: update to <a href="https://github.com/GrapheneOS/Apps/releases/tag/13">version 13</a></li>
                         <li>add GrapheneOS fs-verity public key as a supported key</li>
                         <li>require fs-verity for system app updates</li>
+                        <li>SELinux policy: drop base OS apk_data_file restrictions to avoid blocking out-of-band updates to system apps providing native libraries such as Vanadium since we're going to be taking the approach of enforcing fs-verity for system app updates as a complete approach to proper verified boot enforcement for every read of data from out-of-band system component updates instead of only disallowing some forms of out-of-band updates</li>
                         <li>Vanadium: update Chromium base to 109.0.5414.118</li>
                     </ul>
                 </article>