Hello there,

I read 2 very long threads here on the forum about A15 Private Space, but I did not find a clear explanation to my question.

If GSF/Play services are installed into the Private Space, will these services be restricted to the Private Space and apps in it ? Or will it be able to act profile-wide (aka outside the PS sandbox) ?

My goal would be to have one profile only, with Private space for all apps who require GSF/PS, without allowing GSF to "access" the other apps on this profile.
And ideally, when closing Private space, be able to completely shut down (or freeze) all the GSF/Play Services at work.

Many thanks for your valuable insights.

    blackrose

    Here for the responses, I'd also like to structure my setup in a similar fashion

    Yeah, that is exactly how it is supposed to work. Apps running inside the private space cannot access apps or files from outside of the private space at all, and same the other way around, except for a few cases where you have to approve it beforehand. But, clipboard is shared, so anything you copy-paste can leak into or out of private space.

    If you lock the private space, all apps running inside it will shut down properly.

    Google Play Services is just a regular app, like any other, so will not be an exception to these rules.

    But we don't have a definite answer until we have tested it, and know what the GrapheneOS developers consider bugs to be fixed and intended upstream features.

    blackrose If GSF/Play services are installed into the Private Space, will these services be restricted to the Private Space and apps in it ? Or will it be able to act profile-wide (aka outside the PS sandbox) ?

    Yes, they are isolated and limited in Private Space, more information here : https://source.android.com/docs/security/features/private-space

    blackrose My goal would be to have one profile only, with Private space for all apps who require GSF/PS, without allowing GSF to "access" the other apps on this profile

    I've set up Sandboxed Google Play in Private Space and keep a separate system-wide profile for Android Auto to avoid losing connection if the phone is locked, unless I'm mistaken, apps within the Private Space profile can still communicate with each other by mutual consent, you should treat them and adjust permissions as you would apps on the main profile.

    blackrose And ideally, when closing Private space, be able to completely shut down (or freeze) all the GSF/Play Services at work.

    Locking private space stops applications/services running there, you can reproduce this: If you install and run Sandboxed google play services in Private Space, the service will ask you to run in the background, which you must grant, it only runs in the background of Private Space and you may notice that the GmsCompat icon disapear when Private Space is locked, proof that the service is no longer running.

    If I'm right, the isolation provided by the separate system-wide profile is always more strict, but I don't know the details.