security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Add more various misc features

Browse Source 
Signed-off-by: r3g_5z <june@girlboss.ceo>
This commit is contained in:
r3g_5z 2023-01-08 22:23:22 -05:00 committed by Daniel Micay
parent 883505ec12
commit b93d86fca1
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
static/features.html
View File

@ -338,11 +338,11 @@
including many which we played a part in developing and including many which we played a part in developing and
landing upstream as part of our linux-hardened project (which landing upstream as part of our linux-hardened project (which
we intend to revive as a more active project again).</li> we intend to revive as a more active project again).</li>
<li>Forced kernel module signing with per-build keys and <li>Forced kernel module signing with per-build RSA 4096 /
lockdown mode set to forced confidentiality mode help to SHA256 keys and lockdown mode set to forced confidentiality
enforce a low-level boundary between the kernel and userspace mode help to enforce a low-level boundary between the kernel
even if mistakes are made in SELinux policy or there's a deep and userspace even if mistakes are made in SELinux policy or
userspace compromise.</li> there's a deep userspace compromise.</li>
<li>Additional consistency / integrity checks are enabled for <li>Additional consistency / integrity checks are enabled for
frequently targeted kernel data structures.</li> frequently targeted kernel data structures.</li>
</ul> </ul>
@ -815,8 +815,8 @@
<h3><a href="#grapheneos-pdf-viewer">GrapheneOS PDF Viewer</a></h3> <h3><a href="#grapheneos-pdf-viewer">GrapheneOS PDF Viewer</a></h3>
<p><a href="https://github.com/GrapheneOS/PdfViewer">GrapheneOS PDF Viewer</a> <p><a href="https://github.com/GrapheneOS/PdfViewer">GrapheneOS PDF Viewer</a>
is sandboxed, hardened PDF viewer using HiDPI rendering with pinch to zoom, is a sandboxed, hardened PDF viewer using HiDPI rendering with features like
text selection, etc.</p> pinch to zoom, text selection, viewing encrypted PDFs, etc.</p>
</section> </section>
<section id="encrypted-backups"> <section id="encrypted-backups">
@ -902,6 +902,18 @@
useful in Canada where the government abuses the system and sends every useful in Canada where the government abuses the system and sends every
type of alert as a presidential alert to stop users from being able to opt type of alert as a presidential alert to stop users from being able to opt
out of weather and amber alerts.</li> out of weather and amber alerts.</li>
<li>Removal of TrustCor root certificate authority as a trusted system CA.</li>
<li>Secure-by-default Android 12 PendingIntent security check (FLAG_IMMUTABLE)
instead of crash-by-default improving older app compatibility and security.</li>
<li>Fixed UART debugging enabled warning on offical release builds.</li>
<li>Engineering / Prototype ("EVT", "PVT" or "DVT") device warning as these
devices typically have relaxed security controls for development, mainly
the secure boot state property <code>ro.boot.secure_boot</code> not set
to <code>PRODUCTION</code>.</li>
<li>Enable bootloader, radio, and boot partition version / fingerprint
checks.</li>
<li>Remove code automatically granting the location permission to system
browsers.</li>
</ul> </ul>
</section> </section>
</section> </section>