security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

reorganize secondary user feature docs

Browse Source
This commit is contained in:
Daniel Micay 2022-05-09 16:57:56 -04:00
parent b0015fc05c
commit 265efb6046
1 changed files with 40 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
static/features.html
View File

@ -104,13 +104,18 @@
</li> </li>
<li><a href="#more-complete-patching">More complete patching</a></li> <li><a href="#more-complete-patching">More complete patching</a></li>
<li><a href="#sandboxed-google-play">Sandboxed Google Play</a></li> <li><a href="#sandboxed-google-play">Sandboxed Google Play</a></li>
<li><a href="#disabling-secondary-user-app-installation">Disabling secondary
user app installation</a></li>
<li><a href="#user-installed-apps-can-be-disabled">User installed apps <li><a href="#user-installed-apps-can-be-disabled">User installed apps
can be disabled</a></li> can be disabled</a></li>
<li><a href="#broad-carrier-support">Broad carrier support without invasive carrier access</a></li> <li><a href="#broad-carrier-support">Broad carrier support without invasive carrier access</a></li>
<li><a href="#private-screenshots">Private screenshots</a></li> <li><a href="#private-screenshots">Private screenshots</a></li>
<li><a href="#improved-user-profiles">Improved user profiles</a></li> <li>
<a href="#improved-user-profiles">Improved user profiles</a>
<ul>
<li><a href="#more-user-profiles">More user profiles</a></li>
<li><a href="#end-session">End session</a></li>
<li><a href="#disabling-app-installation">Disabling app installation</a></li>
</ul>
</li>
<li><a href="#other-features">Many other features</a></li> <li><a href="#other-features">Many other features</a></li>
</ul> </ul>
</li> </li>
@ -411,18 +416,6 @@
section on sandboxed Google Play</a> for instructions.</p> section on sandboxed Google Play</a> for instructions.</p>
</section> </section>
<section id="disabling-secondary-user-app-install">
<h3><a href="#disabling-secondary-user-app-installation">Disabling secondary
user app installation</a></h3>
<p>GrapheneOS adds a toggle to the user management settings for disabling
secondary user app installation. You can install the apps you want to be
usable in a secondary user and then disable the ability to install more apps
as that user in the Owner profile. Android supports this as a standard device
management feature but doesn't make it available to a user who owns their own
device.</p>
</section>
<section id="user-installed-apps-can-be-disabled"> <section id="user-installed-apps-can-be-disabled">
<h3><a href="#user-installed-apps-can-be-disabled">User installed apps can be disabled</a></h3> <h3><a href="#user-installed-apps-can-be-disabled">User installed apps can be disabled</a></h3>
@ -479,20 +472,41 @@
apps, app data and profile data (contacts, media store, home directory, etc.). apps, app data and profile data (contacts, media store, home directory, etc.).
Apps can't see the apps in other user profiles and can only communicate with Apps can't see the apps in other user profiles and can only communicate with
apps within the same user profile (with mutual consent with the other app). apps within the same user profile (with mutual consent with the other app).
Each user profile has their own encryption keys based on their lock Each user profile has their own encryption keys based on their lock method.
method.</p> They're a great fit for GrapheneOS with a lot of room for improvement.</p>
<p>GrapheneOS provides improvements to user profile functionality and is
working on further improvements to make switching between them and monitoring
other profiles much more convenient.</p>
<section id="more-user-profiles">
<h4><a href="#more-user-profiles">More user profiles</a></h4>
<p>GrapheneOS raises the limit on the number of secondary user profiles to 16 <p>GrapheneOS raises the limit on the number of secondary user profiles to 16
(15 + guest) instead of only 4 (3 + guest) to make this feature much more (15 + guest) instead of only 4 (3 + guest) to make this feature much more
flexible.</p> flexible.</p>
</section>
<section id="end-session">
<h4><a href="#end-session">End session</a></h4>
<p>GrapheneOS also enables support for logging out of user profiles without <p>GrapheneOS also enables support for logging out of user profiles without
needing a device manager controlling the device to use this feature. Logging needing a device manager controlling the device to use this feature. Logging
out makes profiles inactive so none of the apps installed in them can run. It out makes profiles inactive so none of the apps installed in them can run. It
also purges the disk encryption keys from memory and hardware registers, also purges the disk encryption keys from memory and hardware registers,
putting the user profile back at rest.</p> putting the user profile back at rest.</p>
</section>
<p>Further UX improvements are in active development and testing.</p> <section id="disabling-app-installation">
<h4><a href="#disabling-app-installation">Disabling app installation</a></h4>
<p>GrapheneOS adds a toggle to the user management settings for disabling
secondary user app installation. You can install the apps you want to be
usable in a secondary user and then disable the ability to install more apps
as that user in the Owner profile. Android supports this as a standard device
management feature but doesn't make it available to a user who owns their own
device.</p>
</section>
</section> </section>
<section id="other-features"> <section id="other-features">