Docs: Changes to source.android.com

  - 209604809 Add note about dm-verity for low-ram devices where it onl... by Danielle Roberts <daroberts@google.com>
  - 209604691 Update August acknowledgements for CVE-2018-9441 by Danielle Roberts <daroberts@google.com>
  - 209486466 Add LEVEL_3 to Camera versioning by Kenneth Lau <kennethlau@google.com>
  - 209486462 CL to update external severity ratings to the v6 severity... by Android Partner Docs <noreply@android.com>
  - 209444238 Update _translation.yaml to exclude 2018 bulletins by Danielle Roberts <daroberts@google.com>
  - 209427959 Add arrow icon to external links in lists by Kenneth Lau <kennethlau@google.com>
  - 209424658 Devsite localized content from translation request 968451. by Android Partner Docs <noreply@android.com>
  - 209424637 Devsite localized content from translation request 968450. by Android Partner Docs <noreply@android.com>
  - 209424628 Devsite localized content from translation request 966380. by Android Partner Docs <noreply@android.com>
  - 209424625 Devsite localized content from translation request 964306. by Android Partner Docs <noreply@android.com>
  - 209267798 Replaces gendered pronouns by a gender-neutral alternative. by Android Partner Docs <noreply@android.com>
  - 209227647 Devsite localized content from translation request 965625. by Android Partner Docs <noreply@android.com>
  - 209227634 Devsite localized content from translation request 957852. by Android Partner Docs <noreply@android.com>
  - 209212984 Adding additional kernel configs by Heidi von Markham <hvm@google.com>
  - 209202145 Fix typo by Kenneth Lau <kennethlau@google.com>
  - 209200899 Change to external links by Kenneth Lau <kennethlau@google.com>
  - 209199945 Add links to Wi-Fi Infrastructure Features by Kenneth Lau <kennethlau@google.com>
  - 209197210 Update BiometricPrompt architecture diagram by Danielle Roberts <daroberts@google.com>
  - 209175201 Add missing method handle types to dex-format.html by Android Partner Docs <noreply@android.com>
  - 209168733 Fix formatting issues by Kenneth Lau <kennethlau@google.com>
  - 209045992 Remove "" typo that's causing localization to break by Danielle Roberts <daroberts@google.com>
  - 209045924 Remove "" typo that's causing localization to fail by Danielle Roberts <daroberts@google.com>
  - 209045830 Update header id that's causing localization failures by Danielle Roberts <daroberts@google.com>
  - 209042219 Update documentation for no more static java libraries. by Android Partner Docs <noreply@android.com>
  - 209031438 Remove previously redirected landing pages by Clay Murphy <claym@google.com>
  - 209023482 Add a additional kernel requirement information for eBPF ... by Android Partner Docs <noreply@android.com>
  - 209011451 Clarify documentation on conventions for method overloadi... by Android Partner Docs <noreply@android.com>
  - 208971152 Create a BLE for Hearing Aids page on SAC. by Christina Nguyen <cqn@google.com>
  - 208933222 Add "Matching AVB Version during OTA" section. by Android Partner Docs <noreply@android.com>
  - 208891110 Update correct version for CTS 7.0_r24. Wrong version was... by Android Partner Docs <noreply@android.com>
  - 208878378 Update CTS/CTS-Verifier downloads for CTS-Aug-2018 Releas... by Android Partner Docs <noreply@android.com>
  - 208855756 Devsite localized content from translation request 965636. by Android Partner Docs <noreply@android.com>
  - 208855746 Devsite localized content from translation request 964314. by Android Partner Docs <noreply@android.com>
  - 208738524 Add version information by Kenneth Lau <kennethlau@google.com>
  - 208733023 Update security researcher acknowledgements by Danielle Roberts <daroberts@google.com>
  - 208724203 Fix changelog links, messed up in last errata run. by Gina Dimino <gdimino@google.com>
  - 208723122 Add missing word "Android" by Android Partner Docs <noreply@android.com>
  - 208700832 Devsite localized content from translation request 954736. by Android Partner Docs <noreply@android.com>
  - 208688134 Devsite localized content from translation request 960242. by Android Partner Docs <noreply@android.com>
  - 208688127 Devsite localized content from translation request 952102. by Android Partner Docs <noreply@android.com>
  - 208672491 Fix file paths in immediate directory that were broken by... by Christina Nguyen <cqn@google.com>
  - 208571761 Add Wi-Fi Infrastructure Features document by Kenneth Lau <kennethlau@google.com>

PiperOrigin-RevId: 209604809
Change-Id: If554e158c7c400736ca7722cce279231a53e0933

5 files changed, 150 insertions, 60 deletions

diff --git a/en/devices/architecture/hidl-java/index.html b/en/devices/architecture/hidl-java/index.html
index 45eefc7d..d56fd1cc 100644
--- a/en/devices/architecture/hidl-java/index.html
+++ b/en/devices/architecture/hidl-java/index.html
@@ -48,20 +48,19 @@ version 1.0 that is registered as service name <code>foo-bar</code>:</p>
 
 <ul>
 <li>Add the following to Android.mk:
-<pre class="prettyprint">LOCAL_JAVA_LIBRARIES += android.hardware.foo-V1.0-java</pre>
+<pre class="prettyprint">LOCAL_STATIC_JAVA_LIBRARIES += android.hardware.foo-V1.0-java</pre>
 
 <strong>OR</strong><br>
 </li>
 
 <li>Add the following to Android.bp:
 <pre class="prettyprint">
-shared_libs: [
+static_libs: [
     /* &hellip; */
     "android.hardware.foo-V1.0-java",
 ],
 </pre>
-The static version of the library is also available as
-<code>android.hardware.foo-V1.0-java-static</code>.</li>
+</li>
 </ul>
 </li>
 <li>Add the following to your Java file:
@@ -117,7 +116,7 @@ stubs conform to the interface).</p>
 
 <p><code>-Lmakefile</code> generates the rules that run this command at build
 time and allow you to include
-<code>android.hardware.foo-V1.0-java(-static)?</code> and link against the
+<code>android.hardware.foo-V1.0-java</code> and link against the
 appropriate files. A script that automatically does this for a project full of
 interfaces can be found at <code>hardware/interfaces/update-makefiles.sh</code>.
 The paths in this example are relative; hardware/interfaces can be a temporary
diff --git a/en/devices/architecture/hidl/versioning.html b/en/devices/architecture/hidl/versioning.html
index c67910d9..fe4ec95d 100644
--- a/en/devices/architecture/hidl/versioning.html
+++ b/en/devices/architecture/hidl/versioning.html
@@ -219,7 +219,7 @@ as a method parameter), use the fully-qualified type name:</p>
 (e.g., <code>android.hardware.nfc</code>).</li>
 <li><code><var>VERSION</var></code> is the dot-separated major.minor-version
 format of the package (e.g., <code>1.0</code>).</li>
-<li><code><var>UDT</var></code> is the the dot-separated name of a HIDL UDT.
+<li><code><var>UDT</var></code> is the dot-separated name of a HIDL UDT.
 Since HIDL supports nested UDTs and HIDL interfaces can contain UDTs (a type of
 nested declaration), dots are used to access the names.</li>
 </ul>
@@ -656,10 +656,12 @@ enum Brightness : @1.0::Brightness { AUTOMATIC };
 enum Color : @1.0::Brightness { HW_GREEN, RAINBOW };
 </pre>
 
-<p>Unless a method warrants a new name, it should be named similarly to what it
-is extending. For example, the method <code>foo_1_1</code> in
-<code>@1.1::IFoo</code> may replace the functionality of the <code>foo</code>
-method in <code>@1.0::IFoo</code>.</p>
+<p>If a method can have a new semantic name (for instance
+<code>fooWithLocation</code>) then that is preferred. Otherwise, it should be
+named similarly to what it is extending. For example, the method
+<code>foo_1_1</code> in <code>@1.1::IFoo</code> may replace the functionality
+of the <code>foo</code> method in <code>@1.0::IFoo</code> if there is no better
+alternative name.</p>
 
 <h2 id=package-ext>Package-level versioning</h2>
 <p>HIDL versioning occurs at the package level; after a package is published, it
diff --git a/en/devices/architecture/kernel/config.html b/en/devices/architecture/kernel/config.html
index 49ae7e1d..94cba30d 100644
--- a/en/devices/architecture/kernel/config.html
+++ b/en/devices/architecture/kernel/config.html
@@ -5,6 +5,7 @@
     <meta name="book_path" value="/_book.yaml" />
   </head>
   <body>
+  {% include "_versions.html" %}
   <!--
       Copyright 2017 The Android Open Source Project
 
@@ -22,74 +23,125 @@
   -->
 
 
-<p>Use the following configuration settings as a base for an Android kernel
-configuration. Settings are organized into <code>android-base</code>,
-<code>android-base-&lt;arch&gt;</code>, and <code>android-recommended</code>
-.cfg files:</p>
+<p>
+  Use the following configuration settings as a base for an Android kernel
+  configuration. Settings are organized into <code>android-base</code>,
+  <code>android-base-<var>ARCH</var></code>, and
+  <code>android-recommended</code> .cfg files:
+</p>
 
 <ul>
-<li><code>android-base</code>. These options enable core Android features and
-should be configured as specified by all devices.</li>
-<li><code>android-base-&lt;arch&gt;</code>. These options enable core Android
-features and should be configured as specified by all devices of architecture
-&lt;arch&gt;. Not all architectures have a corresponding file of
-architecture-specific required options. If your architecture does not have a
-file, it does not have any additional architecture-specific kernel configuration
-requirements for Android.</li>
-<li><code>android-recommended</code>. These options enable advanced Android
-features and are optional for devices.</li>
+  <li><code>android-base</code>. These options enable core Android features and
+  should be configured as specified by all devices.</li>
+  <li><code>android-base-<var>ARCH</var></code>. These options enable core
+  Android features and should be configured as specified by all devices of
+  architecture <var>ARCH</var>. Not all architectures have a corresponding file
+  of architecture-specific required options. If your architecture does not have
+  a file, it does not have additional architecture-specific kernel configuration
+  requirements for Android.</li>
+  <li><code>android-recommended</code>. These options enable advanced Android
+  features and are optional for devices.</li>
 </ul>
 
-<p>These configuration files are located in the
-<code><a href="https://android.googlesource.com/kernel/configs/" class="external">kernel/configs</a></code>
-repo. Use the set of configuration files that corresponds to the version of the
-kernel you are using.</p>
+<p>
+  These configuration files are located in the
+  <code><a href="https://android.googlesource.com/kernel/configs/" class="external">kernel/configs</a></code>
+  repo. Use the set of configuration files that corresponds to the version of
+  the kernel you are using.
+</p>
 
-<p>For details on controls already undertaken to strengthen the kernel on your
-devices, see <a href="/security/overview/kernel-security.html">System
-and Kernel Security</a>. For details on required settings, see the
-<a href="/compatibility/cdd.html">Android Compatibility Definition
-Document (CDD)</a>.</p>
+<p>
+  For details on controls already undertaken to strengthen the kernel on your
+  devices, see <a href="/security/overview/kernel-security.html">System and
+  Kernel Security</a>. For details on required settings, see the
+  <a href="/compatibility/cdd.html">Android Compatibility Definition Document
+  (CDD)</a>.
+</p>
 
 <h2 id="generating">Generating kernel config</h2>
-<p>For devices that have a minimalist defconfig, you can use the
-<code>merge_config.sh</code> script in the kernel tree to enable options:</p>
+
+<p>
+  For devices that have a minimalist <code>defconfig</code>, use the
+  <code>merge_config.sh</code> script in the kernel tree to enable options:
+</p>
 
 <pre class="devsite-click-to-copy">
-ARCH=&lt;arch&gt; scripts/kconfig/merge_config.sh <...>/device_defconfig <...>/android-base.cfg <...>/android-base-&lt;arch&gt;.cfg <...>/android-recommended.cfg
+ARCH=<var>ARCH</var> scripts/kconfig/merge_config.sh <...>/device_defconfig <...>/android-base.cfg <...>/android-base-<var>ARCH</var>.cfg <...>/android-recommended.cfg
 </pre>
 
-<p>This generates a <code>.config</code> file you can use to save a new
-defconfig or compile a new kernel with Android features enabled.</p>
+<p>
+  This generates a <code>.config</code> file you can use to save a new
+  <code>defconfig</code> or compile a new kernel with Android features enabled.
+</p>
+
+<h2 id="additional-kernel-reqs">Additional kernel config requirements</h2>
+
+<p>
+  In some cases, the platform maintainer can choose from multiple kernel
+  features to satisfy an Android dependency. Such dependencies cannot be
+  expressed in the kernel config fragment files (described above) because the
+  format for those files does not support logical expressions. In Android
+  {{ androidPVersionNumber }},
+  <a href="/compatibility/cts/">Compatibility Test Suite (CTS)</a> and
+  <a href="/compatibility/vts/">Vendor Test Suite (VTS)</a> verify the following
+  requirements are satisfied:
+</p>
+
+<ul>
+  <li><code>CONFIG_OF=y</code> or <code>CONFIG_ACPI=y</code></li>
+  <li>4.4 and 4.9 kernels have <code>CONFIG_ANDROID_LOW_MEMORY_KILLER=y</code>
+  OR have both <code>CONFIG_MEMCG=y</code> and <code>CONFIG_MEMCG_SWAP=y</code>
+  </li>
+  <li><code>CONFIG_DEBUG_RODATA=y</code> or
+  <code>CONFIG_STRICT_KERNEL_RWX=y</code></li>
+  <li><code>CONFIG_DEBUG_SET_MODULE_RONX=y</code> or
+  <code>CONFIG_STRICT_MODULE_RWX=y</code></li>
+  <li>For ARM64 only: <code>CONFIG_ARM64_SW_TTBR0_PAN=y</code> or
+  <code>CONFIG_ARM64_PAN=y</code></li>
+</ul>
+
+<p>
+  In addition, the <code>CONFIG_INET_UDP_DIAG</code> option must be set to
+  <code>y</code> for 4.9 kernels in Android {{ androidPVersionNumber }}.
+</p>
 
 <h2 id="usb">Enabling USB host mode options</h2>
 
-<p>For USB host mode audio, enable the following options:</p>
+<p>
+  For USB host mode audio, enable the following options:
+</p>
+
 <pre class="devsite-click-to-copy">
 CONFIG_SND_USB=y
 CONFIG_SND_USB_AUDIO=y
 # CONFIG_USB_AUDIO is for a peripheral mode (gadget) driver
 </pre>
 
-<p>For USB host mode MIDI, enable the following option:</p>
-<pre class="devsite-click-to-copy">
-CONFIG_SND_USB_MIDI=y
-</pre>
+<p>
+  For USB host mode MIDI, enable the following option:
+</p>
+
+<pre class="devsite-click-to-copy">CONFIG_SND_USB_MIDI=y</pre>
 
 <h2 id="Seccomp-BPF-TSYNC">Seccomp-BPF with TSYNC</h2>
-<p>Seccomp-BPF is a kernel security technology that enables the creation of
-sandboxes to restrict the system calls a process is allowed to make. The TSYNC
-feature enables the use of Seccomp-BPF from multithreaded programs. This ability
-is limited to architectures that have seccomp support upstream: ARM, ARM64, x86,
-and x86_64.</p>
-
-<h3 id="backport-ARM-32">Backporting for Kernel 3.10 for ARM-32, X86, X86_64</h3>
-
-<p>Ensure that <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the Kconfig
-(verified as of the Android 5.0 CTS), then cherry-pick the following changes
-from the AOSP kernel/common:android-3.10 repository:
-<a href="https://android.googlesource.com/kernel/common/+log/9499cd23f9d05ba159
-fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28" class="external">9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28</a>
+
+<p>
+  Seccomp-BPF is a kernel security technology that enables the creation of
+  sandboxes to restrict the system calls a process is allowed to make. The
+  TSYNC feature enables the use of Seccomp-BPF from multithreaded programs. This
+  ability is limited to architectures that have seccomp support upstream (ARM,
+  ARM64, x86, and x86_64).
+</p>
+
+<h3 id="backport-ARM-32">Backporting for kernel 3.10 for ARM-32, X86,
+X86_64</h3>
+
+<p>
+  Ensure <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the
+  <code>Kconfig</code> (verified as of the Android 5.0 CTS), then cherry-pick
+  the following changes from the
+  <a href="https://android.googlesource.com/kernel/common/+log/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28" class="external">AOSP
+  kernel/common:android-3.10 repository</a>:
 </p>
 
 <ul>
@@ -127,9 +179,13 @@ ARM: add seccomp syscall</a> by Kees Cook</li>
 </ul>
 
 <h3 id="backport-ARM-64">Backporting for Kernel 3.10 for ARM-64</h3>
-<p>Ensure <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the Kconfig
-(verified as of the Android 5.0 CTS), then cherry-pick the following changes
-from the AOSP kernel/common:android-3.10 repository:</p>
+
+<p>
+  Ensure <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the
+  <code>Kconfig</code> (verified as of the Android 5.0 CTS), then cherry-pick
+  the following changes from the AOSP kernel/common:android-3.10 repository:
+</p>
+
 <ul>
 <li><a href="https://android.googlesource.com/kernel/common/+/cfc7e99e9e3900056028a7d90072e9ea0d886f8d" class="external">cfc7e99e9
 arm64: Add __NR_* definitions for compat syscalls</a> by JP Abgrall</li>
diff --git a/en/devices/architecture/vintf/dm.html b/en/devices/architecture/vintf/dm.html
index 091094dc..28884749 100644
--- a/en/devices/architecture/vintf/dm.html
+++ b/en/devices/architecture/vintf/dm.html
@@ -126,7 +126,7 @@ with. To bump the Target FCM Version of a device, vendors need to:</p>
 <li>Modify HAL Versions in the device manifest file.</li>
 <li>Modify the Target FCM Version in the device manifest file.</li>
 <li>Remove deprecated HAL versions.</li>
-<li>For devices launched with {{ androidPVersionNumber }} or older, cherry-pick
+<li>For devices launched with Android {{ androidPVersionNumber }} or lower, cherry-pick
 these CLs before generating OTA update packages:
   <ul>
     <li><a href="https://android-review.googlesource.com/722283">CL 722283</a></li>
diff --git a/en/devices/architecture/vintf/match-rules.html b/en/devices/architecture/vintf/match-rules.html
index dd79254b..b34b2190 100644
--- a/en/devices/architecture/vintf/match-rules.html
+++ b/en/devices/architecture/vintf/match-rules.html
@@ -4,6 +4,7 @@
     <meta name="project_path" value="/_project.yaml" />
     <meta name="book_path" value="/_book.yaml" />
   </head>
+  {% include "_versions.html" %}
   <body>
   <!--
       Copyright 2017 The Android Open Source Project
@@ -390,6 +391,38 @@ ro.boot.avb_version              == 2.3 &amp;&amp;
 ro.boot.vbmeta.avb_version       == 2.1 <font style="font-family: Roboto, Arial, Helvetica, sans-serif; background-color: green; color: white">&nbsp;match&nbsp;</font>
 </pre>
 
+<h3 id="avb-version-ota">Matching AVB version during OTA</h3>
+<p>For devices launched with Android {{ androidPVersionNumber }} or lower, during OTA, the AVB
+version requirements in framework compatibility matrix are matched against the current AVB version
+on the device. If the AVB version has an major version upgrade during an OTA (for example, from
+0.0 to 1.0), the check in OTA does not reflect the compatibility after the OTA.</p>
+<p>To mitigate the issue, an OEM can place a fake AVB version in the OTA package
+(<code>compatibility.zip</code>) to pass the check. To do so:</p>
+<ol>
+<li>Cherry-pick the following CLs to the Android {{ androidPVersionNumber }} source tree:
+<ul>
+  <li><a href="https://android-review.googlesource.com/732261" class="external">CL 732261</a></li>
+  <li><a href="https://android-review.googlesource.com/732262" class="external">CL 732262</a></li>
+</ul>
+</li>
+<li>Define <code>BOARD_OTA_FRAMEWORK_VBMETA_VERSION_OVERRIDE</code> for the device. Its value
+should equal the AVB version before the OTA, i.e. the AVB version of the device when it was
+launched.</li>
+<li>Rebuild the OTA package.</li>
+</ol>
+<p>These changes automatically place
+<code>BOARD_OTA_FRAMEWORK_VBMETA_VERSION_OVERRIDE</code> as
+<code>compatibility-matrix.avb.vbmeta-version</code> in the following files:
+<ul>
+  <li><code>/system/compatibility_matrix.xml</code>
+  (which is not used in Android {{ androidPVersionNumber }}) on the device</li>
+  <li><code>system_matrix.xml</code> in <code>compatibility.zip</code> in the OTA package</li>
+</ul>
+These changes do not affect other framework compatibility matrices, including
+<code>/system/etc/vintf/compatibility_matrix.xml</code>. After the OTA, the new value in
+<code>/system/etc/vintf/compatibility_matrix.xml</code> is used for compatibility checks instead.
+</p>
+
 <h2 id="vndk">VNDK version matches</h2>
 <p>The device compatibility matrix declares the required VNDK version in
 <code>compatibility-matrix.vendor-ndk.version</code>. If the device