diff options
author | Danielle Roberts <daroberts@google.com> | 2016-07-27 23:36:54 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2016-07-27 23:36:54 +0000 |
commit | bdd6bdb77a24d23768b5a730a9a15e7359ef4694 (patch) | |
tree | e36e07e66fd92bef131c61d6aaffdd3898fa653e | |
parent | e30b1748e40697be23378caec66e4f08c180589f (diff) | |
parent | 679909a94f45def30f0326f4d75db4295ad937cd (diff) | |
download | source.android.com-bdd6bdb77a24d23768b5a730a9a15e7359ef4694.tar.gz |
Merge "Docs: Create security enhancements list for N" into nyc-dev
-rw-r--r-- | src/security/enhancements/enhancements70.jd | 53 | ||||
-rw-r--r-- | src/security/security_toc.cs | 1 |
2 files changed, 54 insertions, 0 deletions
diff --git a/src/security/enhancements/enhancements70.jd b/src/security/enhancements/enhancements70.jd new file mode 100644 index 00000000..88d4763b --- /dev/null +++ b/src/security/enhancements/enhancements70.jd @@ -0,0 +1,53 @@ +page.title=Security Enhancements in Android 7.0 +@jd:body +<!-- + Copyright 2016 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<p>Every Android release includes dozens of security enhancements to protect +users. Here are some of the major security enhancements available in Android +7.0:</p> + +<ul> + <li><strong>File-based encryption</strong>. Encrypting at the file level, + instead of encrypting the entire storage area as a single unit, better + isolates and protects individual users and profiles (such as personal and + work) on a device.</li> + <li><strong>Direct Boot</strong>. Enabled by file-based encryption, Direct + Boot allows certain apps such as alarm clock and accessibility features to + run when device is powered on but not unlocked.</li> + <li><strong>Verified Boot</strong>. Verified Boot is now strictly enforced to + prevent compromised devices from booting; it supports error correction to + improve reliability against non-malicious data corruption.</li> + <li><strong>SELinux</strong>. Updated SELinux configuration and increased + seccomp coverage further locks down the application sandbox and reduces attack + surface.</li> + <li><strong>Library load-order randomization and improved ASLR</strong>. + Increased randomness makes some code-reuse attacks less reliable.</li> + <li><strong>Kernel hardening</strong>. Added additional memory protection for + newer kernels by marking portions of kernel memory as read-only, restricting + kernel access to userspace addresses and further reducing the existing attack + surface.</li> + <li><strong>APK signature scheme v2</strong>. Introduced a whole-file signature + scheme that improves verification speed and strengthens integrity guarantees.</li> + <li><strong>Trusted CA store</strong>. To make it easier for apps to control + access to their secure network traffic, user-installed certificate authorities + and those installed through Device Admin APIs are no longer trusted by default + for apps targeting API Level 24+. Additionally, all new Android devices must + ship with the same trusted CA store.</li> + <li><strong>Network Security Config</strong>. Configure network security and TLS + through a declarative configuration file.</li> +</ul> + diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs index 798e7e42..19070eb2 100644 --- a/src/security/security_toc.cs +++ b/src/security/security_toc.cs @@ -32,6 +32,7 @@ </a> </div> <ul> + <li><a href="<?cs var:toroot ?>security/enhancements/enhancements70.html">Android 7.0</a></li> <li><a href="<?cs var:toroot ?>security/enhancements/enhancements60.html">Android 6.0</a></li> <li><a href="<?cs var:toroot ?>security/enhancements/enhancements50.html">Android 5.0</a></li> <li><a href="<?cs var:toroot ?>security/enhancements/enhancements44.html">Android 4.4</a></li> |