improve Network permission docs in FAQ

2023-07-09 15:54:49 -04:00 · 2023-07-09 15:54:49 -04:00 · cf26b8423d
commit cf26b8423d
parent 0c8c05fd07
1 changed files with 19 additions and 11 deletions
--- a/static/faq.html
+++ b/static/faq.html
@ -1305,18 +1305,26 @@
                <article id="firewall">
                    <h3><a href="#firewall">Does GrapheneOS provide a firewall?</a></h3>
-                    <p>Yes, GrapheneOS inherits the deeply integrated firewall from the Android Open
+                    <p>Yes, GrapheneOS inherits the deeply integrated firewall from the Android
-                    Source Project, which is used to implement portions of the security model and various
+                    Open Source Project, which is used to implement portions of the security model
-                    other features. The GrapheneOS project historically made various improvements to the
+                    and various other features. The GrapheneOS project historically made various
-                    firewall but over time most of these changes have been integrated upstream or became
+                    improvements to the firewall but over time most of these changes have been
-                    irrelevant.</p>
+                    integrated upstream or became irrelevant.</p>
-                    <p>GrapheneOS adds a user-facing Network permission toggle providing a robust way to
+                    <p>GrapheneOS adds a user-facing Network permission toggle providing a robust
-                    deny both direct and indirect network access to applications. It builds upon the
+                    way to deny both direct and indirect network access to applications. It builds
-                    standard non-user-facing INTERNET permission, so it's already fully adopted by the app
+                    upon the standard non-user-facing INTERNET permission, so it's already fully
-                    ecosystem. Revoking the permission denies indirect access via OS components and apps
+                    adopted by the app ecosystem. Revoking the permission denies indirect access
-                    enforcing the INTERNET permission, such as DownloadManager. Direct access is denied
+                    via OS components and apps enforcing the INTERNET permission, such as
-                    by blocking low-level network socket access.</p>
+                    DownloadManager. Direct access is denied by blocking low-level network socket
                    access. A packet-based firewall would only block direct access so our approach
                    is much more complete. Additionally, GrapheneOS pretends that the Network is
                    down for most APIs when the Network permission is disabled. For example, it
                    won't run scheduled jobs depending internet availability and most APIs for
                    checking the state of the network will report it as down and internet access
                    as unavailable. This means apps won't try to keep trying to access the
                    internet and draining battery because they'll treat it the way they do when
                    internet access is genuinely unavailable.</p>
                </article>
                <article id="ad-blocking">