Docs: Changes to source.android.com

  - 209604809 Add note about dm-verity for low-ram devices where it onl... by Danielle Roberts <daroberts@google.com>
  - 209604691 Update August acknowledgements for CVE-2018-9441 by Danielle Roberts <daroberts@google.com>
  - 209486466 Add LEVEL_3 to Camera versioning by Kenneth Lau <kennethlau@google.com>
  - 209486462 CL to update external severity ratings to the v6 severity... by Android Partner Docs <noreply@android.com>
  - 209444238 Update _translation.yaml to exclude 2018 bulletins by Danielle Roberts <daroberts@google.com>
  - 209427959 Add arrow icon to external links in lists by Kenneth Lau <kennethlau@google.com>
  - 209424658 Devsite localized content from translation request 968451. by Android Partner Docs <noreply@android.com>
  - 209424637 Devsite localized content from translation request 968450. by Android Partner Docs <noreply@android.com>
  - 209424628 Devsite localized content from translation request 966380. by Android Partner Docs <noreply@android.com>
  - 209424625 Devsite localized content from translation request 964306. by Android Partner Docs <noreply@android.com>
  - 209267798 Replaces gendered pronouns by a gender-neutral alternative. by Android Partner Docs <noreply@android.com>
  - 209227647 Devsite localized content from translation request 965625. by Android Partner Docs <noreply@android.com>
  - 209227634 Devsite localized content from translation request 957852. by Android Partner Docs <noreply@android.com>
  - 209212984 Adding additional kernel configs by Heidi von Markham <hvm@google.com>
  - 209202145 Fix typo by Kenneth Lau <kennethlau@google.com>
  - 209200899 Change to external links by Kenneth Lau <kennethlau@google.com>
  - 209199945 Add links to Wi-Fi Infrastructure Features by Kenneth Lau <kennethlau@google.com>
  - 209197210 Update BiometricPrompt architecture diagram by Danielle Roberts <daroberts@google.com>
  - 209175201 Add missing method handle types to dex-format.html by Android Partner Docs <noreply@android.com>
  - 209168733 Fix formatting issues by Kenneth Lau <kennethlau@google.com>
  - 209045992 Remove "" typo that's causing localization to break by Danielle Roberts <daroberts@google.com>
  - 209045924 Remove "" typo that's causing localization to fail by Danielle Roberts <daroberts@google.com>
  - 209045830 Update header id that's causing localization failures by Danielle Roberts <daroberts@google.com>
  - 209042219 Update documentation for no more static java libraries. by Android Partner Docs <noreply@android.com>
  - 209031438 Remove previously redirected landing pages by Clay Murphy <claym@google.com>
  - 209023482 Add a additional kernel requirement information for eBPF ... by Android Partner Docs <noreply@android.com>
  - 209011451 Clarify documentation on conventions for method overloadi... by Android Partner Docs <noreply@android.com>
  - 208971152 Create a BLE for Hearing Aids page on SAC. by Christina Nguyen <cqn@google.com>
  - 208933222 Add "Matching AVB Version during OTA" section. by Android Partner Docs <noreply@android.com>
  - 208891110 Update correct version for CTS 7.0_r24. Wrong version was... by Android Partner Docs <noreply@android.com>
  - 208878378 Update CTS/CTS-Verifier downloads for CTS-Aug-2018 Releas... by Android Partner Docs <noreply@android.com>
  - 208855756 Devsite localized content from translation request 965636. by Android Partner Docs <noreply@android.com>
  - 208855746 Devsite localized content from translation request 964314. by Android Partner Docs <noreply@android.com>
  - 208738524 Add version information by Kenneth Lau <kennethlau@google.com>
  - 208733023 Update security researcher acknowledgements by Danielle Roberts <daroberts@google.com>
  - 208724203 Fix changelog links, messed up in last errata run. by Gina Dimino <gdimino@google.com>
  - 208723122 Add missing word "Android" by Android Partner Docs <noreply@android.com>
  - 208700832 Devsite localized content from translation request 954736. by Android Partner Docs <noreply@android.com>
  - 208688134 Devsite localized content from translation request 960242. by Android Partner Docs <noreply@android.com>
  - 208688127 Devsite localized content from translation request 952102. by Android Partner Docs <noreply@android.com>
  - 208672491 Fix file paths in immediate directory that were broken by... by Christina Nguyen <cqn@google.com>
  - 208571761 Add Wi-Fi Infrastructure Features document by Kenneth Lau <kennethlau@google.com>

PiperOrigin-RevId: 209604809
Change-Id: If554e158c7c400736ca7722cce279231a53e0933

1 files changed, 105 insertions, 49 deletions

diff --git a/en/devices/architecture/kernel/config.html b/en/devices/architecture/kernel/config.html
index 49ae7e1d..94cba30d 100644
--- a/en/devices/architecture/kernel/config.html
+++ b/en/devices/architecture/kernel/config.html
@@ -5,6 +5,7 @@
     <meta name="book_path" value="/_book.yaml" />
   </head>
   <body>
+  {% include "_versions.html" %}
   <!--
       Copyright 2017 The Android Open Source Project
 
@@ -22,74 +23,125 @@
   -->
 
 
-<p>Use the following configuration settings as a base for an Android kernel
-configuration. Settings are organized into <code>android-base</code>,
-<code>android-base-&lt;arch&gt;</code>, and <code>android-recommended</code>
-.cfg files:</p>
+<p>
+  Use the following configuration settings as a base for an Android kernel
+  configuration. Settings are organized into <code>android-base</code>,
+  <code>android-base-<var>ARCH</var></code>, and
+  <code>android-recommended</code> .cfg files:
+</p>
 
 <ul>
-<li><code>android-base</code>. These options enable core Android features and
-should be configured as specified by all devices.</li>
-<li><code>android-base-&lt;arch&gt;</code>. These options enable core Android
-features and should be configured as specified by all devices of architecture
-&lt;arch&gt;. Not all architectures have a corresponding file of
-architecture-specific required options. If your architecture does not have a
-file, it does not have any additional architecture-specific kernel configuration
-requirements for Android.</li>
-<li><code>android-recommended</code>. These options enable advanced Android
-features and are optional for devices.</li>
+  <li><code>android-base</code>. These options enable core Android features and
+  should be configured as specified by all devices.</li>
+  <li><code>android-base-<var>ARCH</var></code>. These options enable core
+  Android features and should be configured as specified by all devices of
+  architecture <var>ARCH</var>. Not all architectures have a corresponding file
+  of architecture-specific required options. If your architecture does not have
+  a file, it does not have additional architecture-specific kernel configuration
+  requirements for Android.</li>
+  <li><code>android-recommended</code>. These options enable advanced Android
+  features and are optional for devices.</li>
 </ul>
 
-<p>These configuration files are located in the
-<code><a href="https://android.googlesource.com/kernel/configs/" class="external">kernel/configs</a></code>
-repo. Use the set of configuration files that corresponds to the version of the
-kernel you are using.</p>
+<p>
+  These configuration files are located in the
+  <code><a href="https://android.googlesource.com/kernel/configs/" class="external">kernel/configs</a></code>
+  repo. Use the set of configuration files that corresponds to the version of
+  the kernel you are using.
+</p>
 
-<p>For details on controls already undertaken to strengthen the kernel on your
-devices, see <a href="/security/overview/kernel-security.html">System
-and Kernel Security</a>. For details on required settings, see the
-<a href="/compatibility/cdd.html">Android Compatibility Definition
-Document (CDD)</a>.</p>
+<p>
+  For details on controls already undertaken to strengthen the kernel on your
+  devices, see <a href="/security/overview/kernel-security.html">System and
+  Kernel Security</a>. For details on required settings, see the
+  <a href="/compatibility/cdd.html">Android Compatibility Definition Document
+  (CDD)</a>.
+</p>
 
 <h2 id="generating">Generating kernel config</h2>
-<p>For devices that have a minimalist defconfig, you can use the
-<code>merge_config.sh</code> script in the kernel tree to enable options:</p>
+
+<p>
+  For devices that have a minimalist <code>defconfig</code>, use the
+  <code>merge_config.sh</code> script in the kernel tree to enable options:
+</p>
 
 <pre class="devsite-click-to-copy">
-ARCH=&lt;arch&gt; scripts/kconfig/merge_config.sh <...>/device_defconfig <...>/android-base.cfg <...>/android-base-&lt;arch&gt;.cfg <...>/android-recommended.cfg
+ARCH=<var>ARCH</var> scripts/kconfig/merge_config.sh <...>/device_defconfig <...>/android-base.cfg <...>/android-base-<var>ARCH</var>.cfg <...>/android-recommended.cfg
 </pre>
 
-<p>This generates a <code>.config</code> file you can use to save a new
-defconfig or compile a new kernel with Android features enabled.</p>
+<p>
+  This generates a <code>.config</code> file you can use to save a new
+  <code>defconfig</code> or compile a new kernel with Android features enabled.
+</p>
+
+<h2 id="additional-kernel-reqs">Additional kernel config requirements</h2>
+
+<p>
+  In some cases, the platform maintainer can choose from multiple kernel
+  features to satisfy an Android dependency. Such dependencies cannot be
+  expressed in the kernel config fragment files (described above) because the
+  format for those files does not support logical expressions. In Android
+  {{ androidPVersionNumber }},
+  <a href="/compatibility/cts/">Compatibility Test Suite (CTS)</a> and
+  <a href="/compatibility/vts/">Vendor Test Suite (VTS)</a> verify the following
+  requirements are satisfied:
+</p>
+
+<ul>
+  <li><code>CONFIG_OF=y</code> or <code>CONFIG_ACPI=y</code></li>
+  <li>4.4 and 4.9 kernels have <code>CONFIG_ANDROID_LOW_MEMORY_KILLER=y</code>
+  OR have both <code>CONFIG_MEMCG=y</code> and <code>CONFIG_MEMCG_SWAP=y</code>
+  </li>
+  <li><code>CONFIG_DEBUG_RODATA=y</code> or
+  <code>CONFIG_STRICT_KERNEL_RWX=y</code></li>
+  <li><code>CONFIG_DEBUG_SET_MODULE_RONX=y</code> or
+  <code>CONFIG_STRICT_MODULE_RWX=y</code></li>
+  <li>For ARM64 only: <code>CONFIG_ARM64_SW_TTBR0_PAN=y</code> or
+  <code>CONFIG_ARM64_PAN=y</code></li>
+</ul>
+
+<p>
+  In addition, the <code>CONFIG_INET_UDP_DIAG</code> option must be set to
+  <code>y</code> for 4.9 kernels in Android {{ androidPVersionNumber }}.
+</p>
 
 <h2 id="usb">Enabling USB host mode options</h2>
 
-<p>For USB host mode audio, enable the following options:</p>
+<p>
+  For USB host mode audio, enable the following options:
+</p>
+
 <pre class="devsite-click-to-copy">
 CONFIG_SND_USB=y
 CONFIG_SND_USB_AUDIO=y
 # CONFIG_USB_AUDIO is for a peripheral mode (gadget) driver
 </pre>
 
-<p>For USB host mode MIDI, enable the following option:</p>
-<pre class="devsite-click-to-copy">
-CONFIG_SND_USB_MIDI=y
-</pre>
+<p>
+  For USB host mode MIDI, enable the following option:
+</p>
+
+<pre class="devsite-click-to-copy">CONFIG_SND_USB_MIDI=y</pre>
 
 <h2 id="Seccomp-BPF-TSYNC">Seccomp-BPF with TSYNC</h2>
-<p>Seccomp-BPF is a kernel security technology that enables the creation of
-sandboxes to restrict the system calls a process is allowed to make. The TSYNC
-feature enables the use of Seccomp-BPF from multithreaded programs. This ability
-is limited to architectures that have seccomp support upstream: ARM, ARM64, x86,
-and x86_64.</p>
-
-<h3 id="backport-ARM-32">Backporting for Kernel 3.10 for ARM-32, X86, X86_64</h3>
-
-<p>Ensure that <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the Kconfig
-(verified as of the Android 5.0 CTS), then cherry-pick the following changes
-from the AOSP kernel/common:android-3.10 repository:
-<a href="https://android.googlesource.com/kernel/common/+log/9499cd23f9d05ba159
-fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28" class="external">9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28</a>
+
+<p>
+  Seccomp-BPF is a kernel security technology that enables the creation of
+  sandboxes to restrict the system calls a process is allowed to make. The
+  TSYNC feature enables the use of Seccomp-BPF from multithreaded programs. This
+  ability is limited to architectures that have seccomp support upstream (ARM,
+  ARM64, x86, and x86_64).
+</p>
+
+<h3 id="backport-ARM-32">Backporting for kernel 3.10 for ARM-32, X86,
+X86_64</h3>
+
+<p>
+  Ensure <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the
+  <code>Kconfig</code> (verified as of the Android 5.0 CTS), then cherry-pick
+  the following changes from the
+  <a href="https://android.googlesource.com/kernel/common/+log/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28" class="external">AOSP
+  kernel/common:android-3.10 repository</a>:
 </p>
 
 <ul>
@@ -127,9 +179,13 @@ ARM: add seccomp syscall</a> by Kees Cook</li>
 </ul>
 
 <h3 id="backport-ARM-64">Backporting for Kernel 3.10 for ARM-64</h3>
-<p>Ensure <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the Kconfig
-(verified as of the Android 5.0 CTS), then cherry-pick the following changes
-from the AOSP kernel/common:android-3.10 repository:</p>
+
+<p>
+  Ensure <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the
+  <code>Kconfig</code> (verified as of the Android 5.0 CTS), then cherry-pick
+  the following changes from the AOSP kernel/common:android-3.10 repository:
+</p>
+
 <ul>
 <li><a href="https://android.googlesource.com/kernel/common/+/cfc7e99e9e3900056028a7d90072e9ea0d886f8d" class="external">cfc7e99e9
 arm64: Add __NR_* definitions for compat syscalls</a> by JP Abgrall</li>