further simplify / clarify sandboxed Play section

This commit is contained in:
Daniel Micay 2021-11-12 11:26:28 -05:00
parent ceaefc9f7d
commit d11b2ccabb

View File

@ -787,15 +787,17 @@
receives absolutely no special access or privileges on GrapheneOS as opposed to
bypassing the app sandbox and receiving a massive amount of highly privileged
access. Instead, the compatibility layer teaches it how to work within the full
app sandbox. It also doesn't become a backend for the OS services as it does
elsewhere since GrapheneOS doesn't use Play services even when it's installed.
Since the Play services apps are simply regular apps on GrapheneOS, they get
app sandbox. It also isn't used as a backend for the OS services as it would be
elsewhere since GrapheneOS doesn't use Play services even when it's installed.</p>
<p>Since the Play services apps are simply regular apps on GrapheneOS, they get
installed by the user within a specific user or work profile and are only
available within that profile. Only apps within the same profile can use it and
they need to explicitly choose to use it. It works the same way as any other app
and has no special capabilities. As with any other app, it can't access data of
other apps and requires explicit user consent to gain access to profile data or
the standard permissions.</p>
the standard permissions. Apps within the same profile can communicate with mutual
consent and it's no different for sandboxed Play services.</p>
<p>The core functionality and APIs are almost entirely supported already since
GrapheneOS largely only has to coerce these apps into continuing to run without