The PDF Viewer app based on sandboxed pdf.js has been revived and is now located at github.com/GrapheneOS/Pdf. It's currently very barebones, but Tommy-Geenexus has proof of concept implementations of various planned features so a lot of it just needs to be ported and cleaned up.
Conversation
Replying to
The idea behind the PDF Viewer app is to reuse the browser renderer sandbox and hardened font / image handling without granting it internet access or exposing it to untrusted JavaScript or CSS. The app pipes each document from the content provider into a fresh local PDF renderer.
1
3
7
PDF rendering code is memory safe and dynamic code is disabled. The underlying rendering libraries aren't (yet) memory safe, but they're fairly hardened and there's the native renderer sandbox. The app itself doesn't use permissions and can only access content passed by the user.
2
1
5
Eventually, maybe there will be a pure Rust stack that I could run in an isolatedProcess with a solid seccomp-bpf filter, but this is already close to matching that with existing software. I ended up with this approach after looking into Java PDF libraries and being disappointed.
1
4
