security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

refer to shims as fallback code to simplify

Browse Source
This commit is contained in:
Daniel Micay 2021-08-05 00:14:33 -04:00
parent 3d6f9ef0ce
commit c9dbcca1ab
1 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
static/usage.html
View File

@ -682,11 +682,11 @@
services), com.google.android.gsf (Google Services Framework) as regular sandboxed services), com.google.android.gsf (Google Services Framework) as regular sandboxed
apps in a specific profile. These receive no special privileges and the OS itself apps in a specific profile. These receive no special privileges and the OS itself
doesn't use them for anything. They run as unprivileged, sandboxed apps like any doesn't use them for anything. They run as unprivileged, sandboxed apps like any
others. GrapheneOS simply provides shims teaching them how to run without any of others. GrapheneOS simply provides fallback code teaching them how to run without
the special privileged permissions and SELinux policy they depend on having. Even any of the special privileged permissions and SELinux policy they depend on
within the same profile, apps not explicitly choosing to use Google services won't having. Even within the same profile, apps not explicitly choosing to use Google
use them because the OS doesn't integrate support for it or use it as the backend services won't use them because the OS doesn't integrate support for it or use it
for APIs in the OS like the stock OS.</p> as the backend for APIs in the OS like the stock OS.</p>
<p>You should install all 3 apps including the Play Store rather than only Play <p>You should install all 3 apps including the Play Store rather than only Play
services or there will be missing functionality. Play Store is not simply a user services or there will be missing functionality. Play Store is not simply a user
@ -714,24 +714,23 @@
<p>The Play Store app cannot install and update apps as it normally would since it <p>The Play Store app cannot install and update apps as it normally would since it
depends entirely on privileged permissions for unattended app installation, depends entirely on privileged permissions for unattended app installation,
updates and removal. GrapheneOS currently includes partial shims to make this updates and removal. GrapheneOS includes a partial implementation of fallback code
partially work. It's currently unclear if we'll flesh this out and include it in to get this working. It currently isn't fully wired up and leads to the Play Store
the production version of this feature or whether we'll drop it and simply have stalling and needing to be force stopped. For the time being, it's easier to use
people use Aurora Store with the Play Store only installed to provide APIs used by the alternative Aurora Store frontend to the Play Store.</p>
apps using Play services.</p>
<p>The core functionality and APIs are almost entirely supported already since <p>The core functionality and APIs are almost entirely supported already since
GrapheneOS largely only has to coerce these apps into continuing to run without GrapheneOS largely only has to coerce these apps into continuing to run without
being able to use any of the usual invasive OS integration. Certain functionality being able to use any of the usual invasive OS integration. Certain functionality
is not yet supported. Play Store feature delivery and Play services functionality is not yet supported. Play Store feature delivery and Play services functionality
delivered via dynamite modules are not supported yet. Shims will be required to delivered via dynamite modules are not supported yet. Fallback code will be
make this work without depending on weakening SELinux MAC and MLS policies to required to make this work without depending on weakening SELinux MAC and MLS
permit it like the stock OS. The current generation Maps API is a common example policies to permit it like the stock OS. The current generation Maps API is a
of functionality depending on a dynamite module.</p> common example of functionality depending on a dynamite module.</p>
<p>Since there's no OS integration beyond shims to make it function without any <p>Since there's no OS integration beyond fallback code to make it function
special privileges, there isn't a way to launch the settings activity. We'll need without any special privileges, there isn't a way to launch the settings activity.
to make a tiny app providing a way to launch it.</p> We'll need to make a tiny app providing a way to launch it.</p>
</section> </section>
</main> </main>
<footer> <footer>