security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

reorder release notes

Browse Source
This commit is contained in:
Daniel Micay 2023-01-31 15:52:24 -05:00
parent 698c766c49
commit 895f9d5e8c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
static/releases.html
View File

@ -670,11 +670,11 @@
<li>Settings: fix issue preventing users from re-enabling system apps they previously disabled which can no longer be disabled</li> <li>Settings: fix issue preventing users from re-enabling system apps they previously disabled which can no longer be disabled</li>
<li>fix upstream Android bug causing out-of-band updates to system components using original-package to be rolled back after reboot if they're still using the old package name, which will allow us to ship Vanadium updates out-of-band without the browser package updates being rolled back for users with an older install where it's still <code>org.chromium.chrome</code> instead of <code>app.vanadium.browser</code></li> <li>fix upstream Android bug causing out-of-band updates to system components using original-package to be rolled back after reboot if they're still using the old package name, which will allow us to ship Vanadium updates out-of-band without the browser package updates being rolled back for users with an older install where it's still <code>org.chromium.chrome</code> instead of <code>app.vanadium.browser</code></li>
<li>SELinux policy: drop base OS apk_data_file restrictions to avoid blocking out-of-band updates to APK-based system components (this was a minor security feature that's being replaced with our recent and ongoing improvements to package manager and verified boot security to close major weaknesses in the standard Android verified boot security model)</li> <li>SELinux policy: drop base OS apk_data_file restrictions to avoid blocking out-of-band updates to APK-based system components (this was a minor security feature that's being replaced with our recent and ongoing improvements to package manager and verified boot security to close major weaknesses in the standard Android verified boot security model)</li>
<li>remove unnecessary warning for failed virtual A/B sideloaded updates since it's atomic just like A/B updates</li>
<li>drop our extension to the install available apps feature making it work for apps not installed in Owner since this is risky in a situation where there are actually separate people using secondary users and while we want to provide this feature, we'd need to come up with a way to address this to add it back</li>
<li>disable package parser cache since it provides a verified boot bypass for system component updates for regular boots while not saving more than around a second of boot time</li> <li>disable package parser cache since it provides a verified boot bypass for system component updates for regular boots while not saving more than around a second of boot time</li>
<li>perform additional boot-time checks on system package updates in order to extend verified boot to out-of-band system package updates</li> <li>perform additional boot-time checks on system package updates in order to extend verified boot to out-of-band system package updates</li>
<li>reimplement requiring fs-verity when installing system package updates in a better way</li> <li>reimplement requiring fs-verity when installing system package updates in a better way</li>
<li>remove unnecessary warning for failed virtual A/B sideloaded updates since it's atomic just like A/B updates</li>
<li>drop our extension to the install available apps feature making it work for apps not installed in Owner since this is risky in a situation where there are actually separate people using secondary users and while we want to provide this feature, we'd need to come up with a way to address this to add it back</li>
</ul> </ul>
</article> </article>
--> -->