Add more various misc features

Signed-off-by: r3g_5z <june@girlboss.ceo>
This commit is contained in:
r3g_5z 2023-01-08 22:23:22 -05:00 committed by Daniel Micay
parent 883505ec12
commit b93d86fca1

View File

@ -338,11 +338,11 @@
including many which we played a part in developing and
landing upstream as part of our linux-hardened project (which
we intend to revive as a more active project again).</li>
<li>Forced kernel module signing with per-build keys and
lockdown mode set to forced confidentiality mode help to
enforce a low-level boundary between the kernel and userspace
even if mistakes are made in SELinux policy or there's a deep
userspace compromise.</li>
<li>Forced kernel module signing with per-build RSA 4096 /
SHA256 keys and lockdown mode set to forced confidentiality
mode help to enforce a low-level boundary between the kernel
and userspace even if mistakes are made in SELinux policy or
there's a deep userspace compromise.</li>
<li>Additional consistency / integrity checks are enabled for
frequently targeted kernel data structures.</li>
</ul>
@ -815,8 +815,8 @@
<h3><a href="#grapheneos-pdf-viewer">GrapheneOS PDF Viewer</a></h3>
<p><a href="https://github.com/GrapheneOS/PdfViewer">GrapheneOS PDF Viewer</a>
is sandboxed, hardened PDF viewer using HiDPI rendering with pinch to zoom,
text selection, etc.</p>
is a sandboxed, hardened PDF viewer using HiDPI rendering with features like
pinch to zoom, text selection, viewing encrypted PDFs, etc.</p>
</section>
<section id="encrypted-backups">
@ -902,6 +902,18 @@
useful in Canada where the government abuses the system and sends every
type of alert as a presidential alert to stop users from being able to opt
out of weather and amber alerts.</li>
<li>Removal of TrustCor root certificate authority as a trusted system CA.</li>
<li>Secure-by-default Android 12 PendingIntent security check (FLAG_IMMUTABLE)
instead of crash-by-default improving older app compatibility and security.</li>
<li>Fixed UART debugging enabled warning on offical release builds.</li>
<li>Engineering / Prototype ("EVT", "PVT" or "DVT") device warning as these
devices typically have relaxed security controls for development, mainly
the secure boot state property <code>ro.boot.secure_boot</code> not set
to <code>PRODUCTION</code>.</li>
<li>Enable bootloader, radio, and boot partition version / fingerprint
checks.</li>
<li>Remove code automatically granting the location permission to system
browsers.</li>
</ul>
</section>
</section>