avoid newlines in attributes
This commit is contained in:
Daniel Micay
parent
c0b71c42e3
commit
27926956da
@ -1079,11 +1079,10 @@
|
||||
reverse proxy adds to that since it's unable to decrypt the
|
||||
provisioned keys.</p>
|
||||
|
||||
<p>A setting is added at <b>Settings <span aria-label="and
|
||||
then">></span> Network & internet <span
|
||||
aria-label="and then">></span> Attestation key
|
||||
provisioning</b> for switching to directly using the Google service if
|
||||
you prefer.</p>
|
||||
<p>A setting is added at <b>Settings <span aria-label="and then">></span>
|
||||
Network & internet <span aria-label="and then">></span>
|
||||
Attestation key provisioning</b> for switching to directly using the
|
||||
Google service if you prefer.</p>
|
||||
|
||||
<p>A future device built to run GrapheneOS as the stock OS would be
|
||||
able to have a GrapheneOS attestation root and GrapheneOS attestation
|
||||
@ -1375,12 +1374,12 @@
|
||||
<article id="vpn-support">
|
||||
<h3><a href="#vpn-support">What kind of VPN and Tor support is available?</a></h3>
|
||||
|
||||
<p>VPNs can be configured under <b>Settings <span aria-label="and
|
||||
then">></span> Network & internet <span aria-label="and
|
||||
then">></span> VPN</b>. Support for the following protocols is
|
||||
included: IKEv2/IPSec MSCHAPv2, IKEv2/IPSec PSK and IKEv2/IPSec RSA. Apps can
|
||||
also provide userspace VPN implementations. The only app we can recommend is
|
||||
the official WireGuard app.</p>
|
||||
<p>VPNs can be configured under <b>Settings <span aria-label="and then">></span>
|
||||
Network & internet <span aria-label="and then">></span> VPN</b>.
|
||||
Support for the following protocols is included: IKEv2/IPSec MSCHAPv2,
|
||||
IKEv2/IPSec PSK and IKEv2/IPSec RSA. Apps can also provide userspace VPN
|
||||
implementations. The only app we can recommend is the official WireGuard
|
||||
app.</p>
|
||||
|
||||
<p>VPN configurations created with the built-in support can be set as the
|
||||
always-on VPN in the configuration panel. This will keep the VPN running,
|
||||
@ -1406,8 +1405,8 @@
|
||||
directly request access to them. However, app-based stats can be explicitly
|
||||
granted by users as part of access to app usage stats in
|
||||
<b>Settings <span aria-label="and then">></span> Apps <span
|
||||
aria-label="and then">></span> Special app access <span aria-label="and
|
||||
then">></span> Usage access</b>.</p>
|
||||
aria-label="and then">></span> Special app access <span aria-label="and then">></span>
|
||||
Usage access</b>.</p>
|
||||
|
||||
<p>This was previously part of the GrapheneOS privacy improvements, but became a
|
||||
standard Android feature with Android 10.</p>
|
||||
|
||||
@ -602,9 +602,9 @@
|
||||
enabled by default. When an app attempts to access sensors and receives zeroed
|
||||
data due to being denied, GrapheneOS creates a notification that can be
|
||||
easily disabled. The Sensors permission can be set to be disabled by default
|
||||
for user installed apps in <b>Settings <span aria-label="and
|
||||
then">></span> Security & privacy <span aria-label="and
|
||||
then">></span> More security & privacy</b>.</p>
|
||||
for user installed apps in <b>Settings <span aria-label="and then">></span>
|
||||
Security & privacy <span aria-label="and then">></span>
|
||||
More security & privacy</b>.</p>
|
||||
</section>
|
||||
|
||||
<section id="storage-scopes">
|
||||
@ -700,9 +700,9 @@
|
||||
isn't visible to the user. The date and time are already included in the file
|
||||
name of the screenshot which is fully visible to the user and can be easily
|
||||
modified by them without a third-party tool. GrapheneOS includes a toggle for
|
||||
turning this metadata back on in <b>Settings <span aria-label="and
|
||||
then">></span> Security & privacy <span aria-label="and
|
||||
then">></span> More security & privacy</b> since some users may find it to be useful.</p>
|
||||
turning this metadata back on in <b>Settings <span aria-label="and then">></span>
|
||||
Security & privacy <span aria-label="and then">></span>
|
||||
More security & privacy</b> since some users may find it to be useful.</p>
|
||||
</section>
|
||||
|
||||
<section id="closed-device-identifier-leaks">
|
||||
@ -1225,10 +1225,10 @@
|
||||
list of all user-created directories (this is allowed on Android). The list of
|
||||
files is hidden from such apps on both Android and GrapheneOS.</li>
|
||||
<li>Screenshot shutter sound is toggleable using the <b>Tap & click
|
||||
sounds</b> option in <b>Settings <span aria-label="and
|
||||
then">></span> Sound & vibration</b> while still following
|
||||
the standard method of putting the device on vibration/silent mode to
|
||||
turn off the screenshot shutter sound.</li>
|
||||
sounds</b> option in <b>Settings <span aria-label="and then">></span>
|
||||
Sound & vibration</b> while still following the standard method of
|
||||
putting the device on vibration/silent mode to turn off the screenshot shutter
|
||||
sound.</li>
|
||||
<li>More precise system clock via lowering the system clock time update
|
||||
threshold from 2000ms to 50ms and lowering the system clock drift warning
|
||||
from 2000ms to 250ms. This can be helpful for time-based protocols such as
|
||||
|
||||
@ -7423,8 +7423,8 @@
|
||||
<p>While waiting for this release to become available, you can manually add a
|
||||
battery optimization exemption for the Clock app via <b>Settings <span
|
||||
aria-label="and then">></span> Apps & notifications <span
|
||||
aria-label="and then">></span> Special app access <span aria-label="and
|
||||
then">></span> Battery optimization</b> where you can select <b>All apps</b>, scroll
|
||||
aria-label="and then">></span> Special app access <span aria-label="and then">></span>
|
||||
Battery optimization</b> where you can select <b>All apps</b>, scroll
|
||||
down to the Clock app and manually add an exemption. Should get this added upstream.</p>
|
||||
|
||||
<p>Tags:</p>
|
||||
|
||||
@ -111,10 +111,10 @@
|
||||
vast majority of users prefer the newer gesture navigation approach.</p>
|
||||
|
||||
<p>The system navigation mode can be configured in <b>Settings <span
|
||||
aria-label="and then">></span> System <span aria-label="and
|
||||
then">></span> Gestures <span aria-label="and then">></span> Navigation
|
||||
mode</b>. The same menu is also available in <b>Settings <span aria-label="and
|
||||
then">></span> Accessibility <span aria-label="and then">></span> System
|
||||
aria-label="and then">></span> System <span aria-label="and then">></span>
|
||||
Gestures <span aria-label="and then">></span> Navigation
|
||||
mode</b>. The same menu is also available in <b>Settings <span aria-label="and then">></span>
|
||||
Accessibility <span aria-label="and then">></span> System
|
||||
controls <span aria-label="and then">></span> Navigation mode</b>.</p>
|
||||
|
||||
<section id="gesture-navigation">
|
||||
@ -813,14 +813,14 @@
|
||||
profiles, so it also provides a temporary set of device identifiers across profiles
|
||||
for each boot via the shared randomized values.</p>
|
||||
|
||||
<p>This feature can be disabled via <b>Settings <span aria-label="and
|
||||
then">></span> Security & privacy <span aria-label="and then">></span>
|
||||
<p>This feature can be disabled via <b>Settings <span aria-label="and then">></span>
|
||||
Security & privacy <span aria-label="and then">></span>
|
||||
Exploit protection <span aria-label="and then">></span> Secure app spawning</b>
|
||||
if you prefer to have faster cold start app spawning time and lower
|
||||
app process memory usage instead of the substantial security benefits and the
|
||||
removal of the only known remaining direct device identifiers across profiles (i.e.
|
||||
not depending on fingerprinting global configuration, available storage space, etc.
|
||||
or using side channels).</p>
|
||||
if you prefer to have faster cold start app spawning time and lower app process
|
||||
memory usage instead of the substantial security benefits and the removal of the
|
||||
only known remaining direct device identifiers across profiles (i.e. not depending
|
||||
on fingerprinting global configuration, available storage space, etc. or using side
|
||||
channels).</p>
|
||||
</section>
|
||||
|
||||
<section id="bugs-uncovered-by-security-features">
|
||||
@ -848,9 +848,9 @@
|
||||
|
||||
<p>You can enable our exploit protection compatibility mode via
|
||||
<b>Settings <span aria-label="and then">></span> Apps <span
|
||||
aria-label="and then">></span> <var>APP</var> <span aria-label="and
|
||||
then">></span> Exploit protection compatibility mode</b>. The exploit protection
|
||||
compatibility mode toggle will:</p>
|
||||
aria-label="and then">></span> <var>APP</var> <span aria-label="and then">></span>
|
||||
Exploit protection compatibility mode</b>. The exploit protection compatibility mode
|
||||
toggle will:</p>
|
||||
<ul>
|
||||
<li>Switch from hardened_malloc to Android's standard allocator (Scudo)</li>
|
||||
<li>Reduce address space size from 48 bit to Android's standard 39 bit</li>
|
||||
@ -907,15 +907,17 @@
|
||||
|
||||
<p>Wi-Fi and Bluetooth scanning for improving location detection are disabled by
|
||||
default, unlike the stock OS. These can be toggled in <b>Settings <span
|
||||
aria-label="and then">></span> Location <span aria-label="and
|
||||
then">></span> Location services <span aria-label="and then">></span> Wi-Fi and
|
||||
Bluetooth scanning</b>. These features enable scanning even when Wi-Fi or Bluetooth is
|
||||
disabled, so these need to be kept disabled to fully disable the radios when Wi-Fi and Bluetooth
|
||||
are disabled. GrapheneOS itself doesn't currently include a supplementary location service based
|
||||
on Wi-Fi and Bluetooth scanning. These options impact whether apps such as sandboxed Google Play
|
||||
are able to use the functionality if you grant them the Location permission. GrapheneOS plans to
|
||||
eventually include an OS service based on local databases rather than a network-based service
|
||||
giving the user's location to a server whenever location is being used.</p>
|
||||
aria-label="and then">></span> Location <span aria-label="and then">></span>
|
||||
Location services <span aria-label="and then">></span> Wi-Fi and Bluetooth
|
||||
scanning</b>. These features enable scanning even when Wi-Fi or Bluetooth is
|
||||
disabled, so these need to be kept disabled to fully disable the radios when
|
||||
Wi-Fi and Bluetooth are disabled. GrapheneOS itself doesn't currently include a
|
||||
supplementary location service based on Wi-Fi and Bluetooth scanning. These
|
||||
options impact whether apps such as sandboxed Google Play are able to use the
|
||||
functionality if you grant them the Location permission. GrapheneOS plans to
|
||||
eventually include an OS service based on local databases rather than a
|
||||
network-based service giving the user's location to a server whenever location
|
||||
is being used.</p>
|
||||
</section>
|
||||
|
||||
<section id="wifi-privacy-associated">
|
||||
@ -963,8 +965,8 @@
|
||||
|
||||
<p>If you have a reliable LTE connection from your carrier, you can reduce attack
|
||||
surface by disabling 2G, 3G and 5G connectivity in <b>Settings <span
|
||||
aria-label="and then">></span> Network & internet <span aria-label="and
|
||||
then">></span> SIMs <span aria-label="and then">></span> <var>SIM</var> <span
|
||||
aria-label="and then">></span> Network & internet <span aria-label="and then">></span>
|
||||
SIMs <span aria-label="and then">></span> <var>SIM</var> <span
|
||||
aria-label="and then">></span> Preferred network type</b>. Traditional voice calls will only
|
||||
work in the LTE-only mode if you have either an LTE connection and VoLTE (Voice over LTE) support or
|
||||
a Wi-Fi connection and VoWi-Fi (Voice over Wi-Fi) support. VoLTE / VoWi-Fi works on GrapheneOS for
|
||||
@ -1168,10 +1170,9 @@
|
||||
<p>eSIM support on GrapheneOS doesn't require any dependency on Google Play,
|
||||
and never shares data to Google Play even when installed.</p>
|
||||
|
||||
<p>eSIM support can be enabled in <b>Settings <span aria-label="and
|
||||
then">></span> Network & internet <span aria-label="and
|
||||
then">></span> eSIM support</b>. The toggle is persistent across every
|
||||
boot.</p>
|
||||
<p>eSIM support can be enabled in <b>Settings <span aria-label="and then">></span>
|
||||
Network & internet <span aria-label="and then">></span>
|
||||
eSIM support</b>. The toggle is persistent across every boot.</p>
|
||||
|
||||
<p>By enabling the toggle, the proprietary Google functionality is enabled and
|
||||
will be used by the OS to provision and manage eSIMs.</p>
|
||||
@ -1204,11 +1205,11 @@
|
||||
already installed.</p>
|
||||
|
||||
<p>After installation, Android Auto has to be set up from the <b>Settings <span
|
||||
aria-label="and then">></span> Apps <span aria-label="and
|
||||
then">></span> Sandboxed Google Play <span aria-label="and
|
||||
then">></span> Android Auto</b> configuration screen, which contains permission
|
||||
toggles, links to related configuration screens, configuration tips, and links to optional
|
||||
Android Auto dependencies.</p>
|
||||
aria-label="and then">></span> Apps <span aria-label="and then">></span>
|
||||
Sandboxed Google Play <span aria-label="and then">></span> Android Auto</b>
|
||||
configuration screen, which contains permission toggles, links to related
|
||||
configuration screens, configuration tips, and links to optional Android Auto
|
||||
dependencies.</p>
|
||||
|
||||
<p>The permission toggles ask for a confirmation before turning on. The
|
||||
confirmation popup explains what access each permission toggle provides.</p>
|
||||
@ -1296,9 +1297,9 @@
|
||||
The OS will securely confirm that the domain authorizes the app to handle the
|
||||
domain's URLs. Users can also manually enable an app's link associations via
|
||||
<b>Settings <span aria-label="and then">></span> Apps <span
|
||||
aria-label="and then">></span> <var>APP</var> <span aria-label="and
|
||||
then">></span> Open by default <span aria-label="and then">></span> Add link</b>. Apps
|
||||
can ask users to enable the associations and send them to this page in the Settings app.</p>
|
||||
aria-label="and then">></span> <var>APP</var> <span aria-label="and then">></span>
|
||||
Open by default <span aria-label="and then">></span> Add link</b>. Apps can ask
|
||||
users to enable the associations and send them to this page in the Settings app.</p>
|
||||
|
||||
<p>As an example, the first party YouTube app will have the app links verified by
|
||||
the OS automatically while the NewPipe app requires manually enabling handling
|
||||
@ -1372,8 +1373,8 @@
|
||||
<li>Some carriers require you to explicitly opt in to use services such as Wi-Fi calling.
|
||||
Consult your carrier's documentation on the process for this or contact them.</li>
|
||||
<li><b>Reset Mobile Network Settings</b> in <b>Settings <span
|
||||
aria-label="and then">></span> System <span aria-label="and
|
||||
then">></span> Reset options</b> and then reboot the device.</li>
|
||||
aria-label="and then">></span> System <span aria-label="and then">></span>
|
||||
Reset options</b> and then reboot the device.</li>
|
||||
<li>USA users only: You may need to request your carrier to enable CDMA-less mode if
|
||||
you have issues.</li>
|
||||
<li>Follow your carrier's instructions for setting up APNs, this can be found in
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user