SlideShare a Scribd company logo

Implementing Configurable Device Security With Security Levels.pptx

Download as PPTX, PDF
Aayush Gupta
Aayush Gupta

The document discusses implementing configurable device security levels in CalyxOS. It describes planned features like allowing users to choose a standard, safer, or safest security level during setup. The safer level would enable additional privacy settings while the safest level would disable risky features. It also outlines developing prerequisites like a Work Profile app and integrating planned features such as multiple work profiles and an OS updater to fetch updates over Tor.

Mobile
1 of 22
IMPLEMENTING CONFIGURABLE DEVICE SECURITY WITH SECURITY LEVELS AAYUSH GUPTA | CHIRAYU DESAI
Overview • Security Levels in CalyxOS • Prerequisites • Development • Planned Features April 2023 2 Implementing Configurable Device Security With Security Levels
SECURITY LEVELS What are Security Levels and why do we need them? April 2023 3 Implementing Configurable Device Security With Security Levels
Why do we need Security Levels? • Users might not be familiar with the available features • Finding the best combination of settings takes time • Easily switching between combinations isn’t possible • Expert opinion is helpful • Many more as per cases April 2023 Implementing Configurable Device Security With Security Levels 4
Security Levels • Offers easily configurable choices as per requirements • Pre-configured by experts • Restricts users from dangerous actions/options April 2023 Implementing Configurable Device Security With Security Levels 5 Security Levels in Tor Browser
SECURITY LEVELS IN CalyxOS Standard, Safer and Safest April 2023 Implementing Configurable Device Security With Security Levels 6
Security Levels in CalyxOS • Configurable device security level • Options shown during first time setup • Offers three different levels, inspired from Tor browser • Currently in development • Standard level offers default features April 2023 Implementing Configurable Device Security With Security Levels 7
Security Levels in CalyxOS (Contd.) • Second level: Safer • Builds upon Standard • Sets timeout for Wi-Fi, Bluetooth (automatically turn off if not used) • Sets device to automatically reboot after a certain period of non- usage • Deploys Work Profile • Enforces Orbot as Always-On-VPN (Work Profile only) April 2023 Implementing Configurable Device Security With Security Levels 8
Security Levels in CalyxOS (Contd.) • Third level: Safest • Builds upon Safer • Disables USB Data Signaling • Prevents installation of apps from unknown sources • Disables debugging features • Disables javascript JIT in chromium April 2023 Implementing Configurable Device Security With Security Levels 9
PREREQUISITES Bellis and Other Options April 2023 Implementing Configurable Device Security With Security Levels 10
Bellis (Work Profile app) • Allows users to provision and manage Work Profile • Simple and easy UX • Written in Kotlin and material3 • Compatible with both AOSP and Gradle build systems April 2023 Implementing Configurable Device Security With Security Levels 11
Other Options • Added to the Settings • Contains options used by users frequently (contained in developer options) for security & privacy gains • Maintains security requirement for certain switches • Available when debugging features are disallowed April 2023 Implementing Configurable Device Security With Security Levels 12
DEVELOPMENT Work Profile Provisioning and Restrictions April 2023 Implementing Configurable Device Security With Security Levels 13
April 2023 Implementing Configurable Device Security With Security Levels 14 Flow While Setting Security Levels
April 23 Implementing Configurable Device Security With Security Levels 15 /** * Device operating mode * * Apply privacy/security improving settings based on the mode. * Values are: * 0: Standard (default) * 1: Safer * 2: Safest * @hide */ public static final String GARLIC_LEVEL = "garlic_level"; /** @hide */ public static final Validator GARLIC_LEVEL_VALIDATOR = new InclusiveIntegerRangeValidator(0, 2); [CalyxOS/platform_calyx-sdk]
April 23 Implementing Configurable Device Security With Security Levels 16 Intent intent = new Intent( DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE) .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME, new ComponentName(BELLIS_PACKAGE, BELLIS_PACKAGE + BELLIS_DEVICE_ADMIN_RECEIVER_CLASS)) .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, persistableBundle) .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS, true); [CalyxOS/platform_packages_apps_SetupWizard]
April 23 Implementing Configurable Device Security With Security Levels 17 override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) when (intent.action) { DevicePolicyManager.ACTION_GET_PROVISIONING_MODE -> { val provisioningMode = intent.getParcelableExtra( DevicePolicyManager.EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, PersistableBundle::class.java )?.getInt(DevicePolicyManager.EXTRA_PROVISIONING_MODE, 0) intent.putExtra(DevicePolicyManager.EXTRA_PROVISIONING_MODE, provisioningMode) setResult(RESULT_OK, intent) finish() return } DevicePolicyManager.ACTION_ADMIN_POLICY_COMPLIANCE -> { PostProvisioningHelper.completeProvisioning(this) setResult(RESULT_OK) finish() return } DevicePolicyManager.ACTION_PROVISIONING_SUCCESSFUL -> { PostProvisioningHelper.completeProvisioning(this) } } } [CalyxOS/platform_packages_apps_Bellis]
PLANNED FEATURES Better Tor Integration with multiple work profiles, OS Updates and More April 2023 Implementing Configurable Device Security With Security Levels 18
Multiple Profiles • Allows provisioning multiple Work Profiles • Isolate apps not just from your workplace but from each other • Turn off entire sets of apps at once • Protect and encrypt some apps with a separate passphrase • Use different VPNs for different profiles April 2023 Implementing Configurable Device Security With Security Levels 19
OS Updater • Streams updates from server • Simple and easy UX • Written in Kotlin and Material3 • Compatible with both AOSP and Gradle build systems • Planned to fetch updates over Tor April 2023 Implementing Configurable Device Security With Security Levels 20
Miscellaneous Features • Open dialer helpline links in tor browser • Allow server selection for connectivity check • Route microg traffic over Tor • Reset device after X failed attempts • More under discussion April 2023 Implementing Configurable Device Security With Security Levels 21
THANK YOU CONNECT WITH US

Recommended

Safety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen HypervisorSafety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen Hypervisor
Stefano Stabellini
 
Top 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersTop 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for Developers
Microsoft Tech Community
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
Kevin Mayo
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
FredBrandonAuthorMCP
 
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET Journal
 
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for AzureGet On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Kasun Kodagoda
 
Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)
Nagarro
 

Recommended

Safety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen HypervisorSafety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen Hypervisor
Stefano Stabellini
 
Top 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersTop 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for Developers
Microsoft Tech Community
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
Kevin Mayo
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
FredBrandonAuthorMCP
 
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET Journal
 
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for AzureGet On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Kasun Kodagoda
 
Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)
Nagarro
 
Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overview
white paper
 
Android device protection
Android device protectionAndroid device protection
Android device protection
nlog2n
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
Precisely
 
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
blusmurfydot1
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Aruba, a Hewlett Packard Enterprise company
 
Ccsk course content v1
Ccsk course content v1Ccsk course content v1
Ccsk course content v1
ShivamSharma909
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
AAnt87
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
Eric Smalling
 
Security Practices in Kubernetes
Security Practices in KubernetesSecurity Practices in Kubernetes
Security Practices in Kubernetes
Fibonalabs
 
Io t security and azure sphere
Io t security and azure sphereIo t security and azure sphere
Io t security and azure sphere
Pushkar Saraf
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
Ashley Zupkus
 
IRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in CloudIRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET Journal
 
Weblogic security
Weblogic securityWeblogic security
Weblogic security
Aditya Bhuyan
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster Security
Aditya Bhuyan
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
jcarrey
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
jcarrey
 
HCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average qualityHCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average quality
Vinayak Wadhwa
 

More Related Content

Similar to Implementing Configurable Device Security With Security Levels.pptx

Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overview
white paper
 
Android device protection
Android device protectionAndroid device protection
Android device protection
nlog2n
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
Precisely
 
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
blusmurfydot1
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Aruba, a Hewlett Packard Enterprise company
 
Ccsk course content v1
Ccsk course content v1Ccsk course content v1
Ccsk course content v1
ShivamSharma909
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
AAnt87
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
Eric Smalling
 
Security Practices in Kubernetes
Security Practices in KubernetesSecurity Practices in Kubernetes
Security Practices in Kubernetes
Fibonalabs
 
Io t security and azure sphere
Io t security and azure sphereIo t security and azure sphere
Io t security and azure sphere
Pushkar Saraf
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
Ashley Zupkus
 
IRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in CloudIRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET Journal
 
Weblogic security
Weblogic securityWeblogic security
Weblogic security
Aditya Bhuyan
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster Security
Aditya Bhuyan
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
jcarrey
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
jcarrey
 
HCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average qualityHCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average quality
Vinayak Wadhwa
 

Similar to Implementing Configurable Device Security With Security Levels.pptx (20)

Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overview
 
Android device protection
Android device protectionAndroid device protection
Android device protection
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
 
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Ccsk course content v1
Ccsk course content v1Ccsk course content v1
Ccsk course content v1
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
 
Security Practices in Kubernetes
Security Practices in KubernetesSecurity Practices in Kubernetes
Security Practices in Kubernetes
 
Io t security and azure sphere
Io t security and azure sphereIo t security and azure sphere
Io t security and azure sphere
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
IRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in CloudIRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in Cloud
 
Weblogic security
Weblogic securityWeblogic security
Weblogic security
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster Security
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
 
HCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average qualityHCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average quality
 

Implementing Configurable Device Security With Security Levels.pptx

  • 1. IMPLEMENTING CONFIGURABLE DEVICE SECURITY WITH SECURITY LEVELS AAYUSH GUPTA | CHIRAYU DESAI
  • 2. Overview • Security Levels in CalyxOS • Prerequisites • Development • Planned Features April 2023 2 Implementing Configurable Device Security With Security Levels
  • 3. SECURITY LEVELS What are Security Levels and why do we need them? April 2023 3 Implementing Configurable Device Security With Security Levels
  • 4. Why do we need Security Levels? • Users might not be familiar with the available features • Finding the best combination of settings takes time • Easily switching between combinations isn’t possible • Expert opinion is helpful • Many more as per cases April 2023 Implementing Configurable Device Security With Security Levels 4
  • 5. Security Levels • Offers easily configurable choices as per requirements • Pre-configured by experts • Restricts users from dangerous actions/options April 2023 Implementing Configurable Device Security With Security Levels 5 Security Levels in Tor Browser
  • 6. SECURITY LEVELS IN CalyxOS Standard, Safer and Safest April 2023 Implementing Configurable Device Security With Security Levels 6
  • 7. Security Levels in CalyxOS • Configurable device security level • Options shown during first time setup • Offers three different levels, inspired from Tor browser • Currently in development • Standard level offers default features April 2023 Implementing Configurable Device Security With Security Levels 7
  • 8. Security Levels in CalyxOS (Contd.) • Second level: Safer • Builds upon Standard • Sets timeout for Wi-Fi, Bluetooth (automatically turn off if not used) • Sets device to automatically reboot after a certain period of non- usage • Deploys Work Profile • Enforces Orbot as Always-On-VPN (Work Profile only) April 2023 Implementing Configurable Device Security With Security Levels 8
  • 9. Security Levels in CalyxOS (Contd.) • Third level: Safest • Builds upon Safer • Disables USB Data Signaling • Prevents installation of apps from unknown sources • Disables debugging features • Disables javascript JIT in chromium April 2023 Implementing Configurable Device Security With Security Levels 9
  • 10. PREREQUISITES Bellis and Other Options April 2023 Implementing Configurable Device Security With Security Levels 10
  • 11. Bellis (Work Profile app) • Allows users to provision and manage Work Profile • Simple and easy UX • Written in Kotlin and material3 • Compatible with both AOSP and Gradle build systems April 2023 Implementing Configurable Device Security With Security Levels 11
  • 12. Other Options • Added to the Settings • Contains options used by users frequently (contained in developer options) for security & privacy gains • Maintains security requirement for certain switches • Available when debugging features are disallowed April 2023 Implementing Configurable Device Security With Security Levels 12
  • 13. DEVELOPMENT Work Profile Provisioning and Restrictions April 2023 Implementing Configurable Device Security With Security Levels 13
  • 14. April 2023 Implementing Configurable Device Security With Security Levels 14 Flow While Setting Security Levels
  • 15. April 23 Implementing Configurable Device Security With Security Levels 15 /** * Device operating mode * * Apply privacy/security improving settings based on the mode. * Values are: * 0: Standard (default) * 1: Safer * 2: Safest * @hide */ public static final String GARLIC_LEVEL = "garlic_level"; /** @hide */ public static final Validator GARLIC_LEVEL_VALIDATOR = new InclusiveIntegerRangeValidator(0, 2); [CalyxOS/platform_calyx-sdk]
  • 16. April 23 Implementing Configurable Device Security With Security Levels 16 Intent intent = new Intent( DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE) .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME, new ComponentName(BELLIS_PACKAGE, BELLIS_PACKAGE + BELLIS_DEVICE_ADMIN_RECEIVER_CLASS)) .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, persistableBundle) .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS, true); [CalyxOS/platform_packages_apps_SetupWizard]
  • 17. April 23 Implementing Configurable Device Security With Security Levels 17 override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) when (intent.action) { DevicePolicyManager.ACTION_GET_PROVISIONING_MODE -> { val provisioningMode = intent.getParcelableExtra( DevicePolicyManager.EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, PersistableBundle::class.java )?.getInt(DevicePolicyManager.EXTRA_PROVISIONING_MODE, 0) intent.putExtra(DevicePolicyManager.EXTRA_PROVISIONING_MODE, provisioningMode) setResult(RESULT_OK, intent) finish() return } DevicePolicyManager.ACTION_ADMIN_POLICY_COMPLIANCE -> { PostProvisioningHelper.completeProvisioning(this) setResult(RESULT_OK) finish() return } DevicePolicyManager.ACTION_PROVISIONING_SUCCESSFUL -> { PostProvisioningHelper.completeProvisioning(this) } } } [CalyxOS/platform_packages_apps_Bellis]
  • 18. PLANNED FEATURES Better Tor Integration with multiple work profiles, OS Updates and More April 2023 Implementing Configurable Device Security With Security Levels 18
  • 19. Multiple Profiles • Allows provisioning multiple Work Profiles • Isolate apps not just from your workplace but from each other • Turn off entire sets of apps at once • Protect and encrypt some apps with a separate passphrase • Use different VPNs for different profiles April 2023 Implementing Configurable Device Security With Security Levels 19
  • 20. OS Updater • Streams updates from server • Simple and easy UX • Written in Kotlin and Material3 • Compatible with both AOSP and Gradle build systems • Planned to fetch updates over Tor April 2023 Implementing Configurable Device Security With Security Levels 20
  • 21. Miscellaneous Features • Open dialer helpline links in tor browser • Allow server selection for connectivity check • Route microg traffic over Tor • Reset device after X failed attempts • More under discussion April 2023 Implementing Configurable Device Security With Security Levels 21