From d11b2ccabb2e9770a6ad1d80674b9956e7b7f981 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 12 Nov 2021 11:26:28 -0500 Subject: [PATCH] further simplify / clarify sandboxed Play section --- static/usage.html | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/static/usage.html b/static/usage.html index e84689a1..f40aa18c 100644 --- a/static/usage.html +++ b/static/usage.html @@ -787,15 +787,17 @@ receives absolutely no special access or privileges on GrapheneOS as opposed to bypassing the app sandbox and receiving a massive amount of highly privileged access. Instead, the compatibility layer teaches it how to work within the full - app sandbox. It also doesn't become a backend for the OS services as it does - elsewhere since GrapheneOS doesn't use Play services even when it's installed. - Since the Play services apps are simply regular apps on GrapheneOS, they get + app sandbox. It also isn't used as a backend for the OS services as it would be + elsewhere since GrapheneOS doesn't use Play services even when it's installed.

+ +

Since the Play services apps are simply regular apps on GrapheneOS, they get installed by the user within a specific user or work profile and are only available within that profile. Only apps within the same profile can use it and they need to explicitly choose to use it. It works the same way as any other app and has no special capabilities. As with any other app, it can't access data of other apps and requires explicit user consent to gain access to profile data or - the standard permissions.

+ the standard permissions. Apps within the same profile can communicate with mutual + consent and it's no different for sandboxed Play services.

The core functionality and APIs are almost entirely supported already since GrapheneOS largely only has to coerce these apps into continuing to run without