further simplify / clarify sandboxed Play section
This commit is contained in:
parent
ceaefc9f7d
commit
d11b2ccabb
@ -787,15 +787,17 @@
|
||||
receives absolutely no special access or privileges on GrapheneOS as opposed to
|
||||
bypassing the app sandbox and receiving a massive amount of highly privileged
|
||||
access. Instead, the compatibility layer teaches it how to work within the full
|
||||
app sandbox. It also doesn't become a backend for the OS services as it does
|
||||
elsewhere since GrapheneOS doesn't use Play services even when it's installed.
|
||||
Since the Play services apps are simply regular apps on GrapheneOS, they get
|
||||
app sandbox. It also isn't used as a backend for the OS services as it would be
|
||||
elsewhere since GrapheneOS doesn't use Play services even when it's installed.</p>
|
||||
|
||||
<p>Since the Play services apps are simply regular apps on GrapheneOS, they get
|
||||
installed by the user within a specific user or work profile and are only
|
||||
available within that profile. Only apps within the same profile can use it and
|
||||
they need to explicitly choose to use it. It works the same way as any other app
|
||||
and has no special capabilities. As with any other app, it can't access data of
|
||||
other apps and requires explicit user consent to gain access to profile data or
|
||||
the standard permissions.</p>
|
||||
the standard permissions. Apps within the same profile can communicate with mutual
|
||||
consent and it's no different for sandboxed Play services.</p>
|
||||
|
||||
<p>The core functionality and APIs are almost entirely supported already since
|
||||
GrapheneOS largely only has to coerce these apps into continuing to run without
|
||||
|
Loading…
x
Reference in New Issue
Block a user