Merge "Docs: Create security enhancements list for N" into nyc-dev

2 files changed, 54 insertions, 0 deletions

diff --git a/src/security/enhancements/enhancements70.jd b/src/security/enhancements/enhancements70.jd
new file mode 100644
index 00000000..88d4763b
--- /dev/null
+++ b/src/security/enhancements/enhancements70.jd
@@ -0,0 +1,53 @@
+page.title=Security Enhancements in Android 7.0
+@jd:body
+<!--
+    Copyright 2016 The Android Open Source Project
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<p>Every Android release includes dozens of security enhancements to protect
+users. Here are some of the major security enhancements available in Android
+7.0:</p>
+
+<ul>
+  <li><strong>File-based encryption</strong>. Encrypting at the file level,
+  instead of encrypting the entire storage area as a single unit, better
+  isolates and protects individual users and profiles (such as personal and
+  work) on a device.</li>
+  <li><strong>Direct Boot</strong>. Enabled by file-based encryption, Direct
+  Boot allows certain apps such as alarm clock and accessibility features to
+  run when device is powered on but not unlocked.</li>
+  <li><strong>Verified Boot</strong>. Verified Boot is now strictly enforced to
+  prevent compromised devices from booting; it supports error correction to
+  improve reliability against non-malicious data corruption.</li>
+  <li><strong>SELinux</strong>. Updated SELinux configuration and increased
+  seccomp coverage further locks down the application sandbox and reduces attack
+  surface.</li>
+  <li><strong>Library load-order randomization and improved ASLR</strong>.
+  Increased randomness makes some code-reuse attacks less reliable.</li>
+  <li><strong>Kernel hardening</strong>. Added additional memory protection for
+  newer kernels by marking portions of kernel memory as read-only, restricting
+  kernel access to userspace addresses and further reducing the existing attack
+  surface.</li>
+  <li><strong>APK signature scheme v2</strong>. Introduced a whole-file signature
+  scheme that improves verification speed and strengthens integrity guarantees.</li>
+  <li><strong>Trusted CA store</strong>. To make it easier for apps to control
+  access to their secure network traffic, user-installed certificate authorities
+  and those installed through Device Admin APIs are no longer trusted by default
+  for apps targeting API Level 24+. Additionally, all new Android devices must
+  ship with the same trusted CA store.</li>
+  <li><strong>Network Security Config</strong>. Configure network security and TLS
+  through a declarative configuration file.</li>
+</ul>
+
diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs
index 798e7e42..19070eb2 100644
--- a/src/security/security_toc.cs
+++ b/src/security/security_toc.cs
@@ -32,6 +32,7 @@
           </a>
         </div>
         <ul>
+          <li><a href="<?cs var:toroot ?>security/enhancements/enhancements70.html">Android 7.0</a></li>
           <li><a href="<?cs var:toroot ?>security/enhancements/enhancements60.html">Android 6.0</a></li>
           <li><a href="<?cs var:toroot ?>security/enhancements/enhancements50.html">Android 5.0</a></li>
           <li><a href="<?cs var:toroot ?>security/enhancements/enhancements44.html">Android 4.4</a></li>