security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

reorder new feature sections

Browse Source
This commit is contained in:
Daniel Micay 2022-05-09 16:01:41 -04:00
parent 4e49a8e1d5
commit 8aa4759395
1 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
static/features.html
View File

@ -90,8 +90,8 @@
<ul> <ul>
<li><a href="#exploit-protection">Defending against exploitation of unknown <li><a href="#exploit-protection">Defending against exploitation of unknown
vulnerabilities</a></li> vulnerabilities</a></li>
<li><a href="#sandboxed-google-play">Sandboxed Google Play</a></li>
<li><a href="#more-complete-patching">More complete patching</a></li> <li><a href="#more-complete-patching">More complete patching</a></li>
<li><a href="#sandboxed-google-play">Sandboxed Google Play</a></li>
<li><a href="#disabling-secondary-user-app-installation">Disabling secondary <li><a href="#disabling-secondary-user-app-installation">Disabling secondary
user app installation</a></li> user app installation</a></li>
<li><a href="#user-installed-apps-can-be-disabled">User installed apps <li><a href="#user-installed-apps-can-be-disabled">User installed apps
@ -382,6 +382,28 @@
</ul> </ul>
</section> </section>
<section id="more-complete-patching">
<h3><a href="#more-complete-patching">More complete patching</a></h3>
<p>GrapheneOS includes fixes for many vulnerabilities not yet fixed in
Android. On modern devices with Generic Kernel Image (GKI) support, we the
update kernel to the latest stable GKI release many months before the stock OS
gets the update. This means we're shipping hundreds of fixes not included in
the stock OS including many security fixes. We also backport more fixes on top
of this for the kernel and for other components too.</p>
<p>We often find new vulnerabilities ourselves and report them upstream. We've
reported dozens of vulnerabilities for both the generic Android codebase and
also for Pixels specifically. We also often find missed patches which were
supposed to be included but were missed, especially when there are device
specific components with partially shared but separate codebases for different
devices.</p>
<p>Our overall approach is to focus on systemic privacy and security
improvements but fixing individual vulnerabilities is still very
important.</p>
</section>
<section id="sandboxed-google-play"> <section id="sandboxed-google-play">
<h3><a href="#sandboxed-google-play">Sandboxed Google Play</a></h3> <h3><a href="#sandboxed-google-play">Sandboxed Google Play</a></h3>
@ -421,28 +443,6 @@
section on sandboxed Google Play</a> for instructions.</p> section on sandboxed Google Play</a> for instructions.</p>
</section> </section>
<section id="more-complete-patching">
<h3><a href="#more-complete-patching">More complete patching</a></h3>
<p>GrapheneOS includes fixes for many vulnerabilities not yet fixed in
Android. On modern devices with Generic Kernel Image (GKI) support, we the
update kernel to the latest stable GKI release many months before the stock OS
gets the update. This means we're shipping hundreds of fixes not included in
the stock OS including many security fixes. We also backport more fixes on top
of this for the kernel and for other components too.</p>
<p>We often find new vulnerabilities ourselves and report them upstream. We've
reported dozens of vulnerabilities for both the generic Android codebase and
also for Pixels specifically. We also often find missed patches which were
supposed to be included but were missed, especially when there are device
specific components with partially shared but separate codebases for different
devices.</p>
<p>Our overall approach is to focus on systemic privacy and security
improvements but fixing individual vulnerabilities is still very
important.</p>
</section>
<section id="disabling-secondary-user-app-install"> <section id="disabling-secondary-user-app-install">
<h3><a href="#disabling-secondary-user-app-installation">Disabling secondary <h3><a href="#disabling-secondary-user-app-installation">Disabling secondary
user app installation</a></h3> user app installation</a></h3>