Snap for 7664297 from 0fc5bdedaf243ab8480161db346447da783f3216 to main-cg-testing-release

Change-Id: I7b25eea2d4aac280d23f78e11ccc3801d6a0bc96

5 files changed, 43 insertions, 8 deletions

diff --git a/2_device-types/2_6_tablet-reqs.md b/2_device-types/2_6_tablet-reqs.md
index 431a806..04f277a 100644
--- a/2_device-types/2_6_tablet-reqs.md
+++ b/2_device-types/2_6_tablet-reqs.md
@@ -8,6 +8,7 @@ typically meets all the following criteria:
 *   Physical keyboard implementations used with the device connect by
     means of a standard connection (e.g. USB, Bluetooth).
 *   Has a power source that provides mobility, such as a battery.
+*   Has a physical diagonal screen size in the range of 7 to 18 inches.
 
 Tablet device implementations have similar requirements to handheld device
 implementations. The exceptions are indicated by an \* in that section
diff --git a/3_software/3_2_soft-api-compatibility.md b/3_software/3_2_soft-api-compatibility.md
index 39a7937..3499db6 100644
--- a/3_software/3_2_soft-api-compatibility.md
+++ b/3_software/3_2_soft-api-compatibility.md
@@ -200,7 +200,7 @@ of these values to which device implementations MUST conform.
     except that it MUST NOT be null or the empty string ("").</td>
  </tr>
  <tr>
-    <td>SECURITY_PATCH</td>
+    <td>VERSION.SECURITY_PATCH</td>
     <td>A value indicating the security patch level of a build. It MUST signify
     that the build is not in any way vulnerable to any of the issues described
     up through the designated Android Public Security Bulletin. It MUST be in
@@ -210,7 +210,7 @@ of these values to which device implementations MUST conform.
     Android Security Advisory</a>, for example "2015-11-01".</td>
  </tr>
  <tr>
-    <td>BASE_OS</td>
+    <td>VERSION.BASE_OS</td>
     <td>A value representing the FINGERPRINT parameter of the build that is
     otherwise identical to this build except for the patches provided in the
     Android Public Security Bulletin. It MUST report the correct value and if
diff --git a/7_hardware-compatibility/7_4_data-connectivity.md b/7_hardware-compatibility/7_4_data-connectivity.md
index 7337035..16f8f17 100644
--- a/7_hardware-compatibility/7_4_data-connectivity.md
+++ b/7_hardware-compatibility/7_4_data-connectivity.md
@@ -347,7 +347,7 @@ respectively) and implement the platform APIs.
 *    SHOULD implement relevant Bluetooth profiles such as
      A2DP, AVRCP, OBEX, HFP, etc. as appropriate for the device.
 
-If device implementations include support for Bluetooth Low Energy, they:
+If device implementations include support for Bluetooth Low Energy (BLE), they:
 
 *   [C-3-1] MUST declare the hardware feature `android.hardware.bluetooth_le`.
 *   [C-3-2] MUST enable the GATT (generic attribute profile) based Bluetooth
@@ -363,7 +363,8 @@ API classes is implemented.
 `BluetoothAdapter.isMultipleAdvertisementSupported()` to indicate
 whether Low Energy Advertising is supported.
 *   [C-3-5] MUST implement a Resolvable Private Address (RPA) timeout no longer
-    than 15 minutes and rotate the address at timeout to protect user privacy.
+    than 15 minutes and rotate the address at timeout to protect user privacy
+    when device is actively using BLE for scanning or advertising.
     To prevent timing attacks, timeout intervals MUST also be randomized
     between 5 and 15 minutes.
 *   SHOULD support offloading of the filtering logic to the bluetooth chipset
diff --git a/7_hardware-compatibility/7_9_virtual-reality.md b/7_hardware-compatibility/7_9_virtual-reality.md
index ccc9a75..f555d48 100644
--- a/7_hardware-compatibility/7_9_virtual-reality.md
+++ b/7_hardware-compatibility/7_9_virtual-reality.md
@@ -36,12 +36,12 @@ If device implementations support VR mode, they:
     [`GL_EXT_multisampled_render_to_texture2`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_multisampled_render_to_texture2.txt),
     [`GL_OVR_multiview`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview.txt),
     [`GL_OVR_multiview2`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview2.txt),
-    [`GL_OVR_multiview_multisampled_render_to_texture`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview_multisampled_render_to_texture.txt),
     [`GL_EXT_protected_textures`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_protected_textures.txt),
     and expose the extensions in the list of available GL extensions.
 *   [C-SR] Are STRONGLY RECOMMENDED to implement
     [`GL_EXT_external_buffer`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_external_buffer.txt),
     [`GL_EXT_EGL_image_array`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_EGL_image_array.txt),
+    [`GL_OVR_multiview_multisampled_render_to_texture`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview_multisampled_render_to_texture.txt),
     and expose the extensions in the list of available GL extensions.
 *   [C-SR] Are STRONGLY RECOMMENDED to support Vulkan 1.1.
 *   [C-SR] Are STRONGLY RECOMMENDED to implement
diff --git a/9_security-model/9_9_full-disk-encryption.md b/9_security-model/9_9_full-disk-encryption.md
index cbf4de5..0d89202 100644
--- a/9_security-model/9_9_full-disk-encryption.md
+++ b/9_security-model/9_9_full-disk-encryption.md
@@ -31,9 +31,13 @@ data (`/data` partition), as well as the application shared storage partition
 *   [C-0-2] MUST enable the data storage encryption by default at the time
 the user has completed the out-of-box setup experience.
 *   [C-0-3] MUST meet the above data storage encryption
-requirement via implementing [File Based Encryption](
-https://source.android.com/security/encryption/file-based.html) (FBE) and
-[Metadata Encryption](https://source.android.com/security/encryption/metadata).
+requirement by implementing one of the following two encryption methods:
+
+    *   [File Based Encryption](https://source.android.com/security/encryption/file-based.html)
+        (FBE) and
+        [Metadata Encryption](https://source.android.com/security/encryption/metadata)
+        as described in section 9.9.3.1.
+    *   Per-User Block-Level Encryption as described in section 9.9.3.2.
 
 ### 9.9.3\. Encryption Methods
 
@@ -51,6 +55,12 @@ without either the user-supplied credentials, a registered escrow key or a
 resume on reboot implementation meeting the requirements in
 [section 9.9.4](#9_9_4_resume_on_reboot).
 *    [C-1-4] MUST use Verified Boot.
+
+### 9.9.3.1\. File Based Encryption with Metadata Encryption
+
+If device implementations use File Based Encryption with Metadata Encryption,
+they:
+
 *    [C-1-5] MUST encrypt file contents and filesystem metadata using
 AES-256-XTS or Adiantum.  AES-256-XTS refers to the Advanced Encryption Standard
 with a 256-bit cipher key length, operated in XTS mode; the full length of the
@@ -94,6 +104,29 @@ The upstream Android Open Source project provides a preferred implementation of
 File Based Encryption based on the Linux kernel "fscrypt" encryption feature,
 and of Metadata Encryption based on the Linux kernel "dm-default-key" feature.
 
+### 9.9.3.2\. Per-User Block-Level Encryption
+
+If device implementations use per-user block-level encryption, they:
+
+*    [C-1-1] MUST enable multi-user support as described in section 9.5.
+*    [C-1-2] MUST provide per-user partitions, either using raw partitions or
+logical volumes.
+*    [C-1-3] MUST use unique and distinct encryption keys per-user for
+encryption of the underlying block devices.
+*    [C-1-4] MUST use AES-256-XTS for block-level encryption of the user
+partitions.
+
+*   The keys protecting the per-user block-level encrypted devices:
+
+   *   [C-1-5] MUST be cryptographically bound to a hardware-backed Keystore.
+   This keystore MUST be bound to Verified Boot and the device's hardware
+   root of trust.
+   *   [C-1-6] MUST be bound to the corresponding user's lock screen
+   credentials.
+
+Per-user block-level encryption can be implemented using the Linux kernel
+“dm-crypt” feature over per-user partitions.
+
 ### 9.9.4\. Resume on Reboot
 
 Resume on Reboot allows unlocking the CE storage of all apps, including those