Add more various misc features
Signed-off-by: r3g_5z <june@girlboss.ceo>
This commit is contained in:
parent
883505ec12
commit
b93d86fca1
@ -338,11 +338,11 @@
|
||||
including many which we played a part in developing and
|
||||
landing upstream as part of our linux-hardened project (which
|
||||
we intend to revive as a more active project again).</li>
|
||||
<li>Forced kernel module signing with per-build keys and
|
||||
lockdown mode set to forced confidentiality mode help to
|
||||
enforce a low-level boundary between the kernel and userspace
|
||||
even if mistakes are made in SELinux policy or there's a deep
|
||||
userspace compromise.</li>
|
||||
<li>Forced kernel module signing with per-build RSA 4096 /
|
||||
SHA256 keys and lockdown mode set to forced confidentiality
|
||||
mode help to enforce a low-level boundary between the kernel
|
||||
and userspace even if mistakes are made in SELinux policy or
|
||||
there's a deep userspace compromise.</li>
|
||||
<li>Additional consistency / integrity checks are enabled for
|
||||
frequently targeted kernel data structures.</li>
|
||||
</ul>
|
||||
@ -815,8 +815,8 @@
|
||||
<h3><a href="#grapheneos-pdf-viewer">GrapheneOS PDF Viewer</a></h3>
|
||||
|
||||
<p><a href="https://github.com/GrapheneOS/PdfViewer">GrapheneOS PDF Viewer</a>
|
||||
is sandboxed, hardened PDF viewer using HiDPI rendering with pinch to zoom,
|
||||
text selection, etc.</p>
|
||||
is a sandboxed, hardened PDF viewer using HiDPI rendering with features like
|
||||
pinch to zoom, text selection, viewing encrypted PDFs, etc.</p>
|
||||
</section>
|
||||
|
||||
<section id="encrypted-backups">
|
||||
@ -902,6 +902,18 @@
|
||||
useful in Canada where the government abuses the system and sends every
|
||||
type of alert as a presidential alert to stop users from being able to opt
|
||||
out of weather and amber alerts.</li>
|
||||
<li>Removal of TrustCor root certificate authority as a trusted system CA.</li>
|
||||
<li>Secure-by-default Android 12 PendingIntent security check (FLAG_IMMUTABLE)
|
||||
instead of crash-by-default improving older app compatibility and security.</li>
|
||||
<li>Fixed UART debugging enabled warning on offical release builds.</li>
|
||||
<li>Engineering / Prototype ("EVT", "PVT" or "DVT") device warning as these
|
||||
devices typically have relaxed security controls for development, mainly
|
||||
the secure boot state property <code>ro.boot.secure_boot</code> not set
|
||||
to <code>PRODUCTION</code>.</li>
|
||||
<li>Enable bootloader, radio, and boot partition version / fingerprint
|
||||
checks.</li>
|
||||
<li>Remove code automatically granting the location permission to system
|
||||
browsers.</li>
|
||||
</ul>
|
||||
</section>
|
||||
</section>
|
||||
|
Loading…
x
Reference in New Issue
Block a user