🛡️ Updated Security Architecture v1.4.0
The application has undergone a comprehensive security audit and refactoring:
- Kernel Memory Safety: Fixed ACPI buffer overflows and uninitialized memory leaks in
hp-wmiandhp-rgb-lighting. - Race Condition Prevention: Introduced global mutexes to prevent WMI command clobbering between kernel modules.
- Strict Least-Privilege: D-Bus policies now restrict hardware write operations exclusively to
wheel,sudo, andadmgroups. - Systemd Sandboxing: Microservices now run without
CAP_SYS_RAWIO, with protected network and home directories.
📚 Comprehensive Documentation
- Added a full
documentation/suite covering Architecture, Code Structure, and detailed driver internals.