From bb0d2ef6a16a69ebcdb10f1b320899ef9683f27f Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Mon, 9 May 2022 17:09:32 -0400 Subject: [PATCH] split out network/sensors permission sections --- static/features.html | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/static/features.html b/static/features.html index 8c8f50cd..e546f312 100644 --- a/static/features.html +++ b/static/features.html @@ -104,6 +104,8 @@
  • More complete patching
  • Sandboxed Google Play
    • +
  • Network permission toggle
    • +
  • Sensors permission toggle
  • User installed apps can be disabled
  • Broad carrier support without invasive carrier access
    • @@ -416,6 +418,29 @@ section on sandboxed Google Play for instructions.

    +
    +

    Network permission toggle

    + +

    GrapheneOS adds a Network permission toggle for disallowing both direct and + indirect access to any of the available networks. The device-local network + (localhost) is also guarded by this permission, which is important for + preventing apps from using it to communicate between profiles. Unlike a + firewall-based implementation, the Network permission toggle prevents apps + from using the network via APIs provided by the OS or other apps in the same + profile as long as they're marked appropriately.

    +
    + +
    +

    Sensors permission toggle

    + +

    Sensors permission toggle: disallow access to all other sensors not covered + by existing Android permissions (Camera, Microphone, Body Sensors, Activity + Recognition) including an accelerometer, gyroscope, compass, barometer, + thermometer and any other sensors present on a given device. To avoid breaking + compatibility with Android apps, the added permission is enabled by + default.

    +
    +

    User installed apps can be disabled

    @@ -563,22 +588,9 @@ app
  • Secure application spawning system avoiding sharing address space layout and other secrets across applications
    • -
  • Network permission toggle for disallowing both direct and indirect access - to any of the available networks. The device-local network (localhost) is also - guarded by this permission, which is important for preventing apps from using - it to communicate between profiles. Unlike a firewall-based implementation, - the Network permission toggle prevents apps from using the network via APIs - provided by the OS or other apps in the same profile as long as they're marked - appropriately.
  • The standard INTERNET permission used as the basis for the Network permission toggle is enhanced with a second layer of enforcement and proper support for granting/revoking it on a per-profile basis.
    • -
  • Sensors permission toggle: disallow access to all other sensors not covered by - existing Android permissions (Camera, Microphone, Body Sensors, Activity - Recognition) including an accelerometer, gyroscope, compass, barometer, - thermometer and any other sensors present on a given device. To avoid breaking - compatibility with Android apps, the added permission is enabled by - default.
  • Authenticated encryption for network time updates via a first party server to prevent attackers from changing the time and enabling attacks based on bypassing certificate / key expiry, etc.