diff options
| author | Android Partner Docs <noreply@android.com> | 2019-01-25 14:26:34 -0800 |
|---|---|---|
| committer | Mark Hecomovich <mheco@google.com> | 2019-01-25 14:56:27 -0800 |
| commit | 964c5956c98fb20ab44ead57e59b5c0ed9f0ab11 (patch) | |
| tree | 94e1ae7edb82c95a5da83468b6ea104d651850f3 /en/security | |
| parent | d8c39787c5a4061686695502e62c0477b939c633 (diff) | |
| download | source.android.com-964c5956c98fb20ab44ead57e59b5c0ed9f0ab11.tar.gz | |
Docs: Changes to source.android.com
- 230969164 Add details about supported deviceless tests by Android Partner Docs <noreply@android.com>
- 230954177 Devsite localized content from translation request 1089952. by Android Partner Docs <noreply@android.com>
- 230924636 Devsite localized content from translation request 1092604. by Android Partner Docs <noreply@android.com>
- 230924621 Devsite localized content from translation request 1091268. by Android Partner Docs <noreply@android.com>
- 230811847 Please review this new content for "Automotive Power Mana... by Janet Davies <janetd@google.com>
- 230794111 Add HWASan to the docs ready for bootcamp. by Android Partner Docs <noreply@android.com>
- 230779068 Link to NDK docs on DAC from first reference to Make by Android Partner Docs <noreply@android.com>
- 230744983 Devsite localized content from translation request 1092191. by Android Partner Docs <noreply@android.com>
- 230744981 Devsite localized content from translation request 1093422. by Android Partner Docs <noreply@android.com>
- 230744964 Devsite localized content from translation request 1094193. by Android Partner Docs <noreply@android.com>
- 230742820 Moving Marshmallow 6.0 to No Release Planned as CTS 6.0 w... by Android Partner Docs <noreply@android.com>
- 230614628 Fixed broken links (they were relative and not absolute f... by Christina Nguyen <cqn@google.com>
- 230384953 Remove rogue parenthesis by Danielle Roberts <daroberts@google.com>
- 230375898 Fix broken links to subpages with absolute paths by Android Partner Docs <noreply@android.com>
- 230364707 Devsite localized content from translation request 1093572. by Android Partner Docs <noreply@android.com>
- 230364690 Devsite localized content from translation request 1093439. by Android Partner Docs <noreply@android.com>
- 230364619 Devsite localized content from translation request 1089936. by Android Partner Docs <noreply@android.com>
- 230364605 Devsite localized content from translation request 1086836. by Android Partner Docs <noreply@android.com>
- 230364588 Devsite localized content from translation request 1093713. by Android Partner Docs <noreply@android.com>
- 230364494 Devsite localized content from translation request 1093448. by Android Partner Docs <noreply@android.com>
- 230364465 Devsite localized content from translation request 1091295. by Android Partner Docs <noreply@android.com>
- 230364454 Devsite localized content from translation request 1092609. by Android Partner Docs <noreply@android.com>
- 230364368 Devsite localized content from translation request 1048174. by Android Partner Docs <noreply@android.com>
- 230364354 Devsite localized content from translation request 1047598. by Android Partner Docs <noreply@android.com>
- 230364346 Devsite localized content from translation request 1089969. by Android Partner Docs <noreply@android.com>
- 230020584 Update the guide for using vendor provided bcc by Android Partner Docs <noreply@android.com>
- 229999258 Fix a typo in gsi.html by Android Partner Docs <noreply@android.com>
- 229997798 Add file_patterns attribute documentation by Android Partner Docs <noreply@android.com>
- 229991256 Update the characters for zh-cn and zh-tw in the Security... by Danielle Roberts <daroberts@google.com>
- 229977174 Moving time zones to Updates (from Permissions); also upd... by Heidi von Markham <hvm@google.com>
- 229831729 Devsite localized content from translation request 1090171. by Android Partner Docs <noreply@android.com>
- 229831714 Devsite localized content from translation request 1090622. by Android Partner Docs <noreply@android.com>
- 229831667 Devsite localized content from translation request 1015775. by Android Partner Docs <noreply@android.com>
- 229831656 Devsite localized content from translation request 1088392. by Android Partner Docs <noreply@android.com>
- 229831644 Devsite localized content from translation request 1090166. by Android Partner Docs <noreply@android.com>
- 229581198 Devsite localized content from translation request 1086821. by Android Partner Docs <noreply@android.com>
- 229425689 Fixing typos for Shutdown (to shutdown) by Heidi von Markham <hvm@google.com>
- 229416134 Update a paragraph in the permission model section of the... by Luke Haviland <lhaviland@google.com>
- 229402835 Devsite localized content from translation request 553155. by Android Partner Docs <noreply@android.com>
- 229305053 Devsite localized content from translation request 1091266. by Android Partner Docs <noreply@android.com>
- 229305046 Devsite localized content from translation request 1091273. by Android Partner Docs <noreply@android.com>
- 229245843 Devsite localized content from translation request 1015221. by Android Partner Docs <noreply@android.com>
- 228916961 Fix typo by Kenneth Lau <kennethlau@google.com>
- 228796242 Change "Optional" to "Required" by Kenneth Lau <kennethlau@google.com>
- 228720589 Devsite localized content from translation request 1090636. by Android Partner Docs <noreply@android.com>
- 228612958 Added Joshua Laney's information to November security ack... by Luke Haviland <lhaviland@google.com>
- 228585561 Update versions file by Kenneth Lau <kennethlau@google.com>
- 228557861 Devsite localized content from translation request 1089965. by Android Partner Docs <noreply@android.com>
- 228541590 Fix HTML. by Android Partner Docs <noreply@android.com>
- 228525372 Replace unresolved variable reference in localized files. by Android Partner Docs <noreply@android.com>
- 228439111 Add missing < by Android Partner Docs <noreply@android.com>
- 228436522 Adding the January Android bulletin acknowledgements by Luke Haviland <lhaviland@google.com>
- 228407590 Correct the naming of EGL extension, and point the link t... by Android Partner Docs <noreply@android.com>
- 228395277 Rename Test Config to Build Config to better reflect Soon... by Android Partner Docs <noreply@android.com>
- 228340013 Devsite localized content from translation request 1044284. by Android Partner Docs <noreply@android.com>
- 228340002 Devsite localized content from translation request 1048178. by Android Partner Docs <noreply@android.com>
- 228339974 Devsite localized content from translation request 1089289. by Android Partner Docs <noreply@android.com>
- 228339806 Devsite localized content from translation request 999875. by Android Partner Docs <noreply@android.com>
- 228339785 Devsite localized content from translation request 1046259. by Android Partner Docs <noreply@android.com>
- 228339757 Devsite localized content from translation request 1049718. by Android Partner Docs <noreply@android.com>
- 228267452 Add information on gdbclient.py by Kenneth Lau <kennethlau@google.com>
- 228261450 Adding the Android AOSP links to the Android January secu... by Luke Haviland <lhaviland@google.com>
- 228247613 Fill in security levels for December 2018 builds. by Android Partner Docs <noreply@android.com>
- 228241115 Add January 2019 builds. by Android Partner Docs <noreply@android.com>
- 228208289 Remove _toc-*.yaml files that are no longer used due to r... by Christina Nguyen <cqn@google.com>
- 228205865 Devsite localized content from translation request 1048626. by Android Partner Docs <noreply@android.com>
- 228205856 Devsite localized content from translation request 1048155. by Android Partner Docs <noreply@android.com>
- 228205845 Devsite localized content from translation request 1047886. by Android Partner Docs <noreply@android.com>
- 228186179 Adding the January 2019 security Android/Pixel bulletins. by Luke Haviland <lhaviland@google.com>
- 228183717 Add BCC native stack dump documentation by Android Partner Docs <noreply@android.com>
- 228181974 Devsite localized content from translation request 1089935. by Android Partner Docs <noreply@android.com>
- 227911224 Add more information on cts-dev and also --skip-precondit... by Android Partner Docs <noreply@android.com>
- 227772142 Update image path by Danielle Roberts <daroberts@google.com>
- 227719040 Fix broken links by Kenneth Lau <kennethlau@google.com>
- 227715850 Devsite localized content from translation request 1045494. by Android Partner Docs <noreply@android.com>
- 227715841 Devsite localized content from translation request 1044265. by Android Partner Docs <noreply@android.com>
- 227715826 Devsite localized content from translation request 1087340. by Android Partner Docs <noreply@android.com>
- 227709199 Fix path on images by Danielle Roberts <daroberts@google.com>
- 227620512 Devsite localized content from translation request 1032286. by Android Partner Docs <noreply@android.com>
- 227620508 Devsite localized content from translation request 1087344. by Android Partner Docs <noreply@android.com>
- 227620485 Devsite localized content from translation request 1087104. by Android Partner Docs <noreply@android.com>
- 227620481 Devsite localized content from translation request 1046261. by Android Partner Docs <noreply@android.com>
- 227620479 Devsite localized content from translation request 1087239. by Android Partner Docs <noreply@android.com>
- 227617540 Devsite localized content from translation request 1007762. by Android Partner Docs <noreply@android.com>
- 227617535 Devsite localized content from translation request 1089145. by Android Partner Docs <noreply@android.com>
- 227617491 Devsite localized content from translation request 1087109. by Android Partner Docs <noreply@android.com>
- 227617482 Devsite localized content from translation request 1047584. by Android Partner Docs <noreply@android.com>
- 227617480 Devsite localized content from translation request 1089449. by Android Partner Docs <noreply@android.com>
- 227617378 Devsite localized content from translation request 1087099. by Android Partner Docs <noreply@android.com>
- 227610447 Add variable tag to CTS downloads page by Danielle Roberts <daroberts@google.com>
- 227595909 Add link to camera section on CTS setup page by Kenneth Lau <kennethlau@google.com>
- 227595777 Change title to title case by Kenneth Lau <kennethlau@google.com>
- 227546776 Newline between function and param descriptions. by Android Partner Docs <noreply@android.com>
- 227546753 Small edits to system best practices by Danielle Roberts <daroberts@google.com>
- 227033873 Document "run cts-dev" command, present CTS V2 first by Android Partner Docs <noreply@android.com>
- 226772000 Devsite localized content from translation request 1041964. by Android Partner Docs <noreply@android.com>
- 226552899 Announce Adiantum on SAC home page by Danielle Roberts <daroberts@google.com>
- 226550934 Add Adiantum docs to encryption section by Danielle Roberts <daroberts@google.com>
- 226530870 Devsite localized content from translation request 1046265. by Android Partner Docs <noreply@android.com>
- 226497667 Devsite localized content from translation request 1047878. by Android Partner Docs <noreply@android.com>
(And 26 more changes)
PiperOrigin-RevId: 230969164
Change-Id: I2bf51b3793304247e04b953816961605fe1ba4bf
Diffstat (limited to 'en/security')
33 files changed, 3398 insertions, 683 deletions
diff --git a/en/security/_toc-best-practices.yaml b/en/security/_toc-best-practices.yaml new file mode 100644 index 00000000..ab2d8831 --- /dev/null +++ b/en/security/_toc-best-practices.yaml @@ -0,0 +1,15 @@ +toc: +- title: Overview + path: /security/best-practices/ +- title: Operational Security + path: /security/best-practices/ops +- title: System Security + path: /security/best-practices/system +- title: App Security + path: /security/best-practices/app +- title: Network Security + path: /security/best-practices/network +- title: Hardware Security + path: /security/best-practices/hardware +- title: Privacy Security + path: /security/best-practices/privacy diff --git a/en/security/_toc-bulletins.yaml b/en/security/_toc-bulletins.yaml index fd95a0ae..4f062436 100644 --- a/en/security/_toc-bulletins.yaml +++ b/en/security/_toc-bulletins.yaml @@ -9,6 +9,12 @@ toc: path: /security/advisory/2016-03-18 - title: Android Bulletins section: + - title: 2019 Bulletins + section: + - title: January + path: /security/bulletin/2019-01-01 + - title: Index + path: /security/bulletin/2019 - title: 2018 Bulletins section: - title: December @@ -111,6 +117,12 @@ toc: section: - title: Overview path: /security/bulletin/pixel/index + - title: 2019 Bulletins + section: + - title: January + path: /security/bulletin/pixel/2019-01-01 + - title: Index + path: /security/bulletin/pixel/2019 - title: 2018 Bulletins section: - title: December diff --git a/en/security/_toc-features.yaml b/en/security/_toc-features.yaml index eb4a9087..5c93129a 100644 --- a/en/security/_toc-features.yaml +++ b/en/security/_toc-features.yaml @@ -41,6 +41,8 @@ toc: section: - title: Overview path: /security/trusty/ + - title: Download and Build + path: /security/trusty/download-and-build - title: Trusty API Reference path: /security/trusty/trusty-ref - title: Encryption @@ -53,6 +55,8 @@ toc: path: /security/encryption/full-disk - title: Metadata Encryption path: /security/encryption/metadata + - title: Enabling Adiantum + path: /security/encryption/adiantum - title: SELinux section: - title: Overview diff --git a/en/security/_toc-fuzz.yaml b/en/security/_toc-fuzz.yaml index 2e51dff5..8228d8d9 100644 --- a/en/security/_toc-fuzz.yaml +++ b/en/security/_toc-fuzz.yaml @@ -5,7 +5,7 @@ toc: path: /devices/tech/debug/asan - title: LLVM Sanitizers path: /devices/tech/debug/sanitizers -- title: Build kernel with KASAN+KCOV +- title: Build Kernel with KASAN+KCOV path: /devices/tech/debug/kasan-kcov - title: Fuzzing with libFuzzer path: /devices/tech/debug/libfuzzer diff --git a/en/security/_translation.yaml b/en/security/_translation.yaml deleted file mode 100644 index 858045e0..00000000 --- a/en/security/_translation.yaml +++ /dev/null @@ -1,13 +0,0 @@ -ignore_paths: -- /security/bulletin/... -enable_continuous_translation: true -title: Android Open Source Project Security tab -description: Translations for SAC Security tab -language: -- zh-CN -cc: -- daroberts@google.com -- sac-doc-leads+translation@google.com -reviewer: -- daroberts -product: Android diff --git a/en/security/best-practices/app.html b/en/security/best-practices/app.html new file mode 100644 index 00000000..7bd95674 --- /dev/null +++ b/en/security/best-practices/app.html @@ -0,0 +1,234 @@ +<html devsite> + <head> + <title>App Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + <p>This section contains recommendations to ensure the security of apps on + Android devices.</p> + +<h2 id="source-code-review">Source code review</h2> + +<p>Source code review can detect a broad range of security issues, including + those identified in this document. Android strongly encourages both manual + and automated source code review.</p> + +<ul> + <li>Follow comprehensive security guidance when conducting reviews to ensure + coverage. Utilize relevant internal or external standards to ensure + consistent and complete reviews.</li> + <li>Run a linter, such as the + <a href="https://developer.android.com/studio/write/lint" + class="external">Android Studio linter</a>, on all app code using the + Android SDK and correct any identified issues.</li> + <li>Analyze native code using an automated tool that can detect memory + management issues, such as buffer overflows and off-by-one errors.</li> + <li>The Android build system supports many of the LLVM sanitizers, such as + <a href="/devices/tech/debug/asan">AddressSanitizer</a> and + <a href="/devices/tech/debug/sanitizers#undefinedbehaviorsanitizer">UndefinedBehaviorSanitizer</a>, + which can be used for runtime analysis of memory-related issues. Combined + with fuzzing, supported in Android through + <a href="/devices/tech/debug/libfuzzer">libFuzzer</a>, sanitizers can + uncover unusual edge cases requiring further investigation.</li> + <li>A knowledgeable security assessor should review higher risk code, such as + crypto, payment processing, and PII processing.</li> +</ul> + +<h2 id="automated-testing">Automated testing</h2> + +<p>Automated testing can help detect a broad range of security issues and + should be performed regularly.</p> + +<ul> + <li>Run the latest version of <a href="/compatibility/cts/">CTS</a> regularly + throughout the development process to detect problems early and reduce time + to correction. Android uses CTS as part of continuous integration in our + automated build process, which builds multiple times per day.</li> + <li>Automate security testing of interfaces, including testing with malformed + inputs (fuzz testing). Android's build system supports + <a href="/devices/tech/debug/libfuzzer">libFuzzer</a> for writing fuzz + tests.</li> +</ul> + +<h2 id="vulnerability-scanning">Vulnerability scanning</h2> + +<p>Vulnerability scanning can help ensure that pre-installed apps are free of + known security vulnerabilities. Advanced detection can reduce the time and + cost required with addressing these vulnerabilities and preventing risk to + users and devices.</p> + +<ul> + <li>Scan all pre-installed apps using an industry-recognized app + vulnerability scanning tool and address detected vulnerabilities.</li> +</ul> + + +<h2 id="phas">Potentially Harmful Applications</h2> + +<p>It is important to ensure that no pre-installed apps on your device are + accidental + <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially + Harmful Applications</a> (PHAs). You are responsible for the behavior of + all apps that are included on your devices.</p> + +<h3 id="hostile-downloaders">Hostile downloaders</h3> + +<p>Hostile downloaders are apps that are not directly considered harmful but + instead download other potentially harmful apps.</p> + +<ul> + <li>Ensure there is user disclosure for all pre-installed apps that use the + <code>INSTALL_PACKAGES</code> permission.</li> + <li>Ensure that the developer is contractually obligated not to install any + apps as UID 0.</li> + <li>Evaluate permissions declared in the manifest of all apps to + be installed through the developer's network.</li> + <li>Ensure that the developer is contractually obligated to scan all download + URLs of auto-updater and installer apps with + <a href="https://developers.google.com/safe-browsing/" + class="external">Google Safe Browsing API</a> before serving apps to + the device.</li> + <li>Starting with Android 9, require all developers to use + <code>UPDATE_PACKAGES</code> permission instead of the + <code>INSTALL_PACKAGES</code> permission. When combined with + <code>INSTALL_SELF_UPDATES</code>, using <code>UPDATE_PACKAGES</code> + allows privileged apps to be granted finely scoped install privileges based + on their intended usage instead of the more broad + <code>INSTALL_PACKAGES</code> permission.</li> +</ul> + + +<h3 id="cryptomining">Cryptomining</h3> + +<p>Cryptomining apps are those that attempt to leverage a device's hardware or + cloud-based computing to generate currency in the form of "coins", typically + by way of blockchain technology. If you intend to offer this service as an + alternate form of currency or in exchange for services, ensure you request + the user's permission before leveraging the device's hardware to run this + service, including explicit consent that this will impact battery runtime.</p> + +<h3 id="imposter-apps">Impostor apps</h3> + +<p>Impostor apps are defined as ones that attempt to disguise themselves as a + well known app, such as YouTube or Facebook.</p> + +<ul> + <li>Prior to device launch, scan all pre-loaded apps for vulnerabilities.</li> +</ul> + + +<h2 id="app-permissions">App permissions</h2> + +<p>Excessive permissions for pre-installed apps can create a security + risk. Restrict pre-installed apps to the minimum necessary permissions and + ensure they don't have access to unnecessary permissions or privileges.</p> + +<ul> + <li>Do not grant unnecessary permissions or privileges to pre-installed apps. + Thoroughly review apps with system privileges as they may have very + sensitive permissions.</li> + <li>Ensure that all permissions requested are relevant and necessary for the + functionality of that specific app.</li> +</ul> + + +<h2 id="app-signing">App signing</h2> + +<p>App signatures play an important role in device security and are used for + permissions checks and software updates. When selecting a key to use for + signing apps, it is important to consider whether an app will be available + only on a single device or common across multiple devices.</p> + +<ul> + <li>Ensure that apps are not signed with a key that is publicly known, such + as the AOSP developer key.</li> + <li>Ensure that keys used to sign apps are managed in a manner consistent + with industry-standard practices for handling sensitive keys, including an + hardware security module (HSM) that provides limited, auditable access.</li> + <li>Ensure that apps are not signed with the platform key. Doing so gives an + app access to platform signature permissions, which are very powerful and + only intended to be used by components of the operating system. System apps + should use privileged permissions.</li> + <li>Ensure that apps with the same package name are not signed with different + keys. This often occurs when creating an app for different devices, + especially when using the platform key. If the app is device-independent, + use the same key across devices. If the app is device-specific, create + unique package names per device and key.</li> +</ul> + +<h2 id="isolating-apps-and-processes">Isolating apps and processes</h2> + + <p>The Android <a href="/security/app-sandbox">sandboxing model</a> + provides extra security around apps and processes when used correctly.</p> + +<h3 id="isolating-root-processes">Isolating root processes</h3> + +<p>Root processes are the most frequent target of privilege escalation attacks; + reducing the number of root processes reduces risk of privilege escalation.</p> + +<ul> + <li>Ensure that devices run the minimum necessary code as root. Where + possible, use a regular Android process rather than a root process. If a + process must run as root on a device, document the process in an AOSP + feature request so it can be publicly reviewed.</li> + <li>Where possible, root code should be isolated from untrusted data and + accessed via interprocess communication (IPC). For example, reduce root + functionality to a small Service accessible via Binder and expose the + Service with signature permission to an app with low or no privileges to + handle network traffic.</li> + <li>Root processes must not listen on a network socket.</li> + <li>Root processes must not include a general-purpose runtime, such as a Java + VM).</li> +</ul> + +<h3 id="isolating-system-apps">Isolating system apps</h3> + +<p>In general, pre-installed apps should not run with the shared system unique + identifier (UID). If it is necessary for an app to use the shared UID of + system or another privileged service (e.g., phone), the app should not export + any services, broadcast receivers, or content providers that can be accessed + by third-party apps installed by users.</p> + +<ul> + <li>Ensure devices run the minimum necessary code as system. Where possible, + use an Android process with its own UID rather than reusing the system UID.</li> + <li>Where possible, system code should be isolated from untrusted data and + expose IPC only to other trusted processes.</li> + <li>System processes must not listen on a network socket. This is a CTS + requirement.</li> +</ul> + +<h3 id="isolating-processes">Isolating processes</h3> + +<p>The Android Application Sandbox provides apps with an expectation of + isolation from other processes on the system, including root processes and + debuggers. Unless debugging is specifically enabled by the app and the user, + no app should violate that expectation.</p> + +<ul> + <li>Ensure root processes do not access data within individual app data + folders, unless using a documented Android debugging method.</li> + <li>Ensure root processes do not access memory of apps, unless using a + documented Android debugging method.</li> + <li>Ensure devices do not include any app that accesses data or memory of + other apps or processes.</li> +</ul> + </body> +</html> diff --git a/en/security/best-practices/hardware.html b/en/security/best-practices/hardware.html new file mode 100644 index 00000000..0197f7a4 --- /dev/null +++ b/en/security/best-practices/hardware.html @@ -0,0 +1,62 @@ +<html devsite> + <head> + <title>Hardware Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + <p id="hardware-security">This page contains recommendations to ensure + that the hardware present on Android devices contributes to raising the + overall security of the device instead of compromising the security of + the device.</p> + +<h2 id="device-memory">Device memory</h2> + +<p>It is important to understand the potential security tradeoffs when + selecting memory for Android devices. For example, certain types of memory + may enable the execution of + <a href="https://en.wikipedia.org/wiki/Row_hammer" + class="external">Rowhammer</a> style attacks.</p> + +<ul> + <li>Android devices should use memory that contains mitigations against + Rowhammer style attacks. Device manufacturers should work closely with + their memory manufacturers for additional details.</li> +</ul> + +<h2 id="strongbox-keymaster">StrongBox Keymaster</h2> + +<p>It is important to securely store and handle cryptographic keys that are + available on the device. This is typically done on Android devices by + utilizing a hardware-backed Keymaster implemented in an isolated environment, + such as the Trusted Execution Environment (TEE). It is further recommended to + also support a + <a href="https://developer.android.com/preview/features/security#hardware-security-module" + class="external">StrongBox Keymaster</a>, which is implemented in + tamper-resistant hardware.</p> + +<ul> + <li>Ensure that the StrongBox Keymaster is running in an environment that + has a discrete CPU, secure storage, a high quality true random number + generator, tamper resistant packaging, and side channel resistance to meet + the requirements to qualify as a StrongBox Keymaster. See the Android 9 + CDD, section 9.11.2 for more information on the requirements.</li> +</ul> + </body> +</html> diff --git a/en/security/best-practices/index.html b/en/security/best-practices/index.html new file mode 100644 index 00000000..3d91bb13 --- /dev/null +++ b/en/security/best-practices/index.html @@ -0,0 +1,52 @@ +<html devsite> + <head> + <title>Android Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p> + This topic contains best practices for device manufacturers to ship secure + devices to all Android users. The collected best practices cover: +</p> + +<ul> + <li><strong>Organizational and operational security</strong>—Creating strong + security practices in your team and organization.</li> + <li><strong>System security</strong>—Reviewing and improving core operating + system and device security.</li> + <li><strong>Application security</strong>—Reviewing and improving the + security of apps on the device.</li> + <li><strong>Network security</strong>—Reviewing and improving the security + of network communications from the device.</li> + <li><strong>Hardware security</strong>—Reviewing hardware choices to improve + device security.</li> + <li><strong>Privacy</strong>—Enabling user control over the handling of + their data.</li> +</ul> + +<p> + Many recommendations in this section are also detailed in the + <a href="/compatibility/cdd">Android Compatibility Definition Document</a> + (CDD). In many instances, these recommendations are detected through tools, + such as the <a href="/compatibility/cts/">Android Compatibility Test Suite</a> + (CTS).</p> + + </body> +</html> diff --git a/en/security/best-practices/network.html b/en/security/best-practices/network.html new file mode 100644 index 00000000..dd12de87 --- /dev/null +++ b/en/security/best-practices/network.html @@ -0,0 +1,75 @@ +<html devsite> + <head> + <title>Network Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p>This section contains recommendations to ensure the security of network + communications from Android devices.</p> + +<h2 id="securing-listening-sockets">Securing listening sockets</h2> + +<p>Use listening sockets with caution. There should generally + not be any open listening sockets on devices as these provide a vector for a + remote attacker to gain access to the device.</p> + +<ul> + <li>Android devices should minimize the number of internet listening sockets + they expose, especially on boot or by default. No socket should be + listening on the internet at boot by default. + <ul> + <li>Root processes and processes owned by the system unique identifier + (UID) shouldn't expose any listening sockets.</li> + </ul> + </li> + <li>Listening sockets must be able to be disabled without an OTA update. This + can be performed using either a server or user-device configuration change.</li> + <li>For local IPC-using sockets, apps must use a UNIX domain socket with + access limited to a group. Create a file descriptor for the IPC and make it + +RW for a specific UNIX group. Any client apps must be within that UNIX + group.</li> + <li>Some devices with multiple processors (for example, a radio/modem separate + from the app processor) use network sockets to communicate between + processors. In such instances, the network socket used for inter-processor + communication must use an isolated network interface to prevent access by + unauthorized apps on the device (i.e. use iptables to prevent access by + other apps on the device).</li> + <li>Daemons that handle listening ports must be robust against malformed + data. You should conduct fuzz-testing against the port using an + unauthorized client, and, where possible, authorized client. File bugs to + follow up on crashes.</li> +</ul> + + <p>The <a href="/compatibility/tests/">Android Compatibility Test Suite</a> + (CTS) includes tests that check for the presence of open listening ports.</p> + +<h3 id="disable-adb">Disable ADB</h3> + +<p>Android Debug Bridge (ADB) is a valuable development and debugging tool, but + is designed for use in a controlled, secure environment and should not be + enabled for general use.</p> + +<ul> + <li>Ensure that ADB is disabled by default.</li> + <li>Ensure that ADB requires the user to turn it on before accepting + connections.</li> +</ul> +</body> +</html> diff --git a/en/security/best-practices/ops.html b/en/security/best-practices/ops.html new file mode 100644 index 00000000..e119e133 --- /dev/null +++ b/en/security/best-practices/ops.html @@ -0,0 +1,166 @@ +<html devsite> + <head> + <title>Organizational and Operational Security</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + <p>The foundation of good security practices start in your organization.</p> + + +<h3 id="create-a-team">Create a security and privacy team</h3> + +<p>Create a dedicated security and privacy team and establish a leader for this +organization.</p> + +<ul> + <li><strong>Build a security team.</strong> + <ul> + <li>Ensure at least one employee is responsible for security, privacy, and + incident response.</li> + <li>Define a mission and scope for this team.</li> + <li>Develop an org chart and job descriptions for: Security Manager, + Security Engineer, Incident Manager.</li> + <li>Hire employees or external contractors to fill these roles.</li> + </ul> + </li> + <li><strong>Define a security development lifecycle (SDL)</strong>. Your SDL + should cover these areas: + <ul> + <li>Security requirements for products.</li> + <li>Risk analysis and threat modeling.</li> + <li><a href="/devices/tech/debug/fuzz-sanitize">Static and dynamic + analysis</a> of applications and code.</li> + <li>Final security review processes for products.</li> + <li>Incident response.</li> + </ul> + </li> + <li><strong>Assess organizational risk</strong>. Create a risk assessment and + develop plans to eliminate or mitigate those risks.</li> +</ul> + +<h3 id="build-verification">Build verification process</h3> + +<p>Evaluate gaps in your existing internal build verification and approval +processes.</p> + +<ul> + <li>Identify any gaps in your current build verification process that could + lead to the introduction of a + <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially + Harmful Application</a> (PHA) into your build.</li> + <li>Ensure you have a code review and approval process, even for in-house + patches to <a href="https://android.googlesource.com/" + class="external">AOSP</a>.</li> + <li>Improve build integrity by implementing controls in these areas: + <ul> + <li><strong>Track changes</strong>. Track software engineers; keep + change logs.</li> + <li><strong>Assess risk</strong>. Assess permissions used by an app; + require manual review of code changes.</li> + <li><strong>Monitor</strong>. Evaluate changes made to privileged code.</li> + </ul> + </li> +</ul> + +<h3 id="source-code-change-tracking">Source code change tracking</h3> + +<p>Monitor for unintentional modifications of source code or third-party +apps / binaries / SDKs.</p> + +<ul> + <li><strong>Assess partnerships</strong>. Assess the risk of working with a + technical partner using the following steps: + + <ul> + <li>Establish criteria for how to assess the risk of working with a + specific supplier.</li> + <li>Create a form that asks the supplier how they resolve incidents and + manage security and privacy.</li> + <li>Verify their claims with a periodic audit.</li> + </ul> + </li> + <li><strong>Track changes</strong>. Record which companies and employees + modify source code and conduct periodic audits to ensure only appropriate + changes take place.</li> + <li><strong>Keep records</strong>. Record which companies add third-party + binaries to your build and document what function those apps perform and + what data they collect.</li> + <li><strong>Plan updates</strong>. Ensure that your suppliers are required to + provide software updates for the full life of your product. Unforeseen + vulnerabilities may require support from vendors to address.</li> +</ul> + +<h3 id="validate-source-code">Validate source code integrity and pedigree</h3> + +<p>Inspect and validate source code supplied by an original device manufacturer +(ODM), Over-the-air update (OTA), or carrier.</p> + +<ul> + <li><strong>Manage signing certificates</strong>. + <ul> + <li>Store keys in a hardware security module (HSM) or secure cloud service + (don't share them).</li> + <li>Ensure access to signing certificates is controlled and audited.</li> + <li>Require all code signing be done in your build system.</li> + <li>Revoke lost keys.</li> + <li>Generate keys using best practices.</li> + </ul> + </li> + <li><strong>Analyze new code</strong>. Test newly added code with security + code analysis tools to check for the introduction of new vulnerabilities. + In addition, analyze overall functionality to detect expression of new + vulnerabilities.</li> + <li><strong>Review before publishing</strong>. Look for security + vulnerabilities in source code and third-party apps before you push them + into production. For example: + <ul> + <li>Require apps to use secure communication.</li> + <li>Follow the principle of least privilege and grant the minimum set of + permissions needed for the app to operate.</li> + <li>Ensure data is stored and transferred over secure channels.</li> + <li>Keep service dependencies up-to-date.</li> + <li>Apply security patches to SDKs and open source libraries.</li> + </ul> + </li> +</ul> + +<h2 id="incident-response">Incident response</h2> + +<p>Android believes in the power of a strong security community to help find +issues. You should create and publicize a way for external parties to contact +you about device-specific security issues.</p> + +<ul> + <li><strong>Establish contact</strong>. Create an email address, such as + security@<var>your-company</var>.com or a website with clear instructions + for reporting potential security issues associated with your product + (<a href="https://security.samsungmobile.com/securityReporting.smsb" + class="external">example</a>).</li> + <li><strong>Contribute changes upstream</strong>. If you become aware of a + security issue affecting the Android platform or devices from multiple + device manufacturers, contact the Android Security Team by filing a <a + href="g.co/AndroidSecurityReport" class="external">security bug report</a>. + </li> + <li><strong>Promote good security practices</strong>. Proactively assess the + security practices of hardware and software vendors who provide services, + components, and/or code for your devices. Hold vendors accountable for + maintaining a good security posture.</li> +</ul> + </body> +</html> diff --git a/en/security/best-practices/privacy.html b/en/security/best-practices/privacy.html new file mode 100644 index 00000000..69c217d4 --- /dev/null +++ b/en/security/best-practices/privacy.html @@ -0,0 +1,96 @@ +<html devsite> + <head> + <title>Privacy Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p>This page contains a collection of data collection guidance + and recommendations to ensure that Android users have control over the + handling of their data.</p> + +<h2 id="logging-data">Logging data</h2> + +<p>Logging data increases the risk of exposure of that data and reduces system + performance. Multiple public security incidents have occurred as a result of + logging sensitive user data.</p> + +<ul> + <li>Do not log to the sdcard.</li> + <li>Apps or system services should not log data provided from third-party + apps that might include sensitive information.</li> + <li>Apps must not log any Personally Identifiable Information (PII) as + part of normal operation, unless it's absolutely necessary to provide the + core functionality of the app.</li> +</ul> + +<p>CTS includes tests that check for the presence of potentially sensitive + information in logs.</p> + +<h2 id="metrics-collection">Metrics collection</h2> + +<p>Collecting metrics can be an essential part of understanding usage of your + app and making improvements for the overall user experience. However, overly + broad metrics collection can also present a risk to user privacy.</p> + +<ul> + <li>If at all possible, don't collect metrics. + <ul> + <li>If you must collect metrics, first request explicit, informed, + and meaningful user consent.</li> + </ul> + </li> + <li>With few exceptions, only collect metrics that are necessary to support + the reliability of the service.</li> + <li>Avoid collecting identifiable or potentially sensitive data whenever + possible, such as + <a href="https://developer.android.com/training/articles/user-data-ids" + class="external">hardware identifiers</a>.</li> + <li>Ensure data is sufficiently aggregated and anonymized whenever possible.</li> +</ul> + +<h2 id="spyware">Spyware</h2> + +<p>Spyware is defined as software that aims to gather information about a user + or device without their knowledge, that may send user information to another + entity without consent.</p> + +<ul> + <li>Transmission of the following user or device data without disclosure or + in a manner that is unexpected to the user is considered spyware (this + list contains top examples, but is not an exhaustive list): + <ul> + <li>Information about the user's contacts (names, numbers, emails)</li> + <li>Photos or other files</li> + <li>Content from user email</li> + <li>Call log</li> + <li>SMS log</li> + <li>Web history</li> + <li>Browser bookmarks</li> + <li>Private information from other apps (private <code>/data/</code> + directories)</li> + <li>Audio or call recording</li> + <li>Passwords</li> + <li>OAuth tokens</li> + <li>Location</li> + </ul> + <li>Ensure that all apps provide a reasonable explanation disclosure to + the user prior to installation.</li> +</ul> +</body> +</html> diff --git a/en/security/best-practices/system.html b/en/security/best-practices/system.html new file mode 100644 index 00000000..7431950e --- /dev/null +++ b/en/security/best-practices/system.html @@ -0,0 +1,332 @@ +<html devsite> + <head> + <title>System Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p>This section contains recommendations for ensuring the security of the core + Android operating system and devices.</p> + +<h2 id="biometric-authentication">Biometric authentication</h2> + +<p>Acquire, store, and process <a href="/security/biometric">biometric data</a> + for user authentication carefully. You should: +</p> + +<ul> + <li>Mandate the primary authentication method before using any other form of + authentication (including biometrics).</li> + <li>Require an explicit confirmation to indicate intent when using passive + biometric modalities, such as facial recognition, for transactions (for + example, payments) that involve authentication-bound keys.</li> + <li>Require the primary authentication method every 72 hours.</li> + <li>Use a fully secure pipeline for all biometric data and handling.</li> + <li>Never send biometric data (including raw sensor measurements and derived + features) off-device. If possible, keep this data in a secure isolated + environment, such as the <a href="/security/trusty">Trusted Execution + Environment (TEE)</a> or Secure Element.</li> +</ul> + +<p>Devices with biometrics should support the + <a href="https://developer.android.com/preview/features/security#fingerprint-auth" + class="external">BiometricPrompt API</a>, which offers a common and + consistent interface for app developers to take advantage of biometrics-based + authentication in their apps. Only + <a href="/security/biometric/#strong-weak-unlocks" class="external">strong + biometrics</a> can integrate with <code>BiometricPrompt</code> and + integrations must follow <a href="/compatibility/cdd">Android Compatibility + Definition Document</a> (CDD) guidelines.</p> + +<p>For more biometric guidelines, see +<a href="/security/biometric#hal-implementation">Biometric HAL implementation + guidelines</a>.</p> + +<h2 id="selinux">SELinux</h2> + +<p>SELinux provides the definition and enforcement of much of Android's + security model. Correctly using SELinux is critical to the security of + Android devices and can help mitigate the impact of security vulnerabilities. + All Android devices should implement a + <a href="/security/selinux/device-policy#granting_the_dac_override_capability">robust + SELinux policy</a> for this reason.</p> + +<ul> + <li>Implement a least privilege policy.</li> + <li>Avoid granting <code>CAP_DAC_OVERRIDE</code>, <code>CAP_SYS_ADMIN</code>, + and <code>CAP_NET_ADMIN</code> permissions.</li> + <li>Don't log system data to the SD card.</li> + <li>Use provided types for driver access, such as <code>gpu_device</code>, + <code>audio_device</code>, etc.</li> + <li>Use meaningful names for processes, files, and SELinux types. + <ul> + <li>Ensure default labels are not used and access is not granted to them.</li> + </ul> + </li> + <li>Device-specific policy should account for 5–10% of the overall policy + running on a device. Customizations in the 20%+ range almost certainly + contain over-privileged domains and dead policy. Unnecessarily large policy + wastes memory, wastes disk space by necessitating a larger boot image, + and negatively affects runtime policy lookup times. + </li> +</ul> + +<h3 id="dynamic-loading-selinux-policy">Dynamic loading of SELinux policy</h3> + +<p>Do not dynamically load SELinux policy on Android devices. Doing so can + result in issues, such as:</p> + +<ul> + <li>Preventing the acceptance of critical security patches.</li> + <li>Exposing the ability to root a device through reloading of policies.</li> + <li>Exposing a vector for man-in-the-middle attacks against the policy + updater.</li> + <li>Resulting in bricked devices due to errors with policy updates.</li> +</ul> + +<h2 id="backdoors">Backdoors</h2> + +<p>Android apps should not have any backdoors or ways to access the system or + data that bypass normal security mechanisms. This includes diagnostics, + debugging, development, or warranty repair special access gated by secrets + known to the developer. To prevent backdoors:</p> + +<ul> + <li>Scan all third-party apps using an industry-recognized app vulnerability + scanning tool.</li> + <li>Perform code reviews of all code with sensitive access, including + third-party libraries.</li> + <li>Utilize Google Play Protect by uploading apps to Google Play for + scanning. You can upload apps for scanning without publishing to Google + Play.</li> + <li>Do not preload diagnostics- or repair-focused tools on release + builds. Only install these tools on-demand to solve specific issues. + Additionally, these tools must not operate upon or upload any + account-specific data.</li> +</ul> + +<h2 id="development-tools">Development tools</h2> + +<p>Development tools, such as debugging, testing, and diagnostic tools, can + often create unintended security gaps on your device by revealing how they + operate and the data that they collect. To make sure that development tools + don't make it into production builds:</p> + +<ul> + <li>Develop a blacklist of in-house debug and testing tool hashes and scan + builds for these APKs prior to using the system image.</li> + <li>Scan all first-party apps using an industry-recognized app vulnerability + scanning tool.</li> + <li>Hire a third-party app security testing firm to evaluate all critical + on-device diagnostic apps before any major update, especially if the app is + developed by a third party.</li> + <li>Ensure that only the user can enable the tool, either verbally or over + chat, during a support session. Store artifacts of consent and disable the + tool after collecting the necessary diagnostic information.</li> + <li>Store this tool's record of use in a log accessible by the user in their + carrier account.</li> + <li>Ensure that any personally identifiable information (PII) or device + telemetry data collected by the tool is subject to anonymization, retention + and deletion practices relevant to the country. Only data relevant for the + support call should be collected. This data should be deleted after each + call.</li> + <li>Ensure that techniques that can be used for spyware, such as keystroke + logging, microphone usage, or camera usage, are not used without explicit + user consent. Apps utilizing these potentially privacy-invasive methods + should be very clearly disclosed along with a privacy policy that the user + must consent to. Apps like this should not be enabled without explicit + consent by the user.</li> +</ul> + +<p>Here are some additional suggestions to refer to when implementing + disclosure and consent:</p> + +<h3 id="in-app-disclosure">In-app disclosure</h3> + +<ul> + <li>Display the normal usage of the app directly in-app. Do not require the + user to navigate into a menu or settings.</li> + <li>Describe the type of data being collected and explain how the data will + be used.</li> + <li>Ideally do not embed this information in a privacy policy or terms of + service. Do not include it with other disclosures unrelated to personal or + sensitive data collection.</li> +</ul> + +<h3 id="request-consent">Request for consent</h3> + +<ul> + <li>Consent must be affirmative. Don't consider navigation away from the + disclosure, including tapping away or pressing the back or home button, + as consent.</li> + <li>Present the consent dialog in a clear and unambiguous way.</li> + <li>Require affirmative user action, such as tap to accept or speak a + command, to accept.</li> + <li>Don't collect personal or sensitive data before obtaining + affirmative consent.</li> + <li>Don't use auto-dismissing or expiring messages.</li> +</ul> + +<h2 id="embedded-functionality-in-aosp">Embedded functionality in AOSP</h2> + +<p>Embedding additional functionality in AOSP can often have unexpected + behavior and consequences; proceed with caution.</p> + +<ul> + <li>Ensure that the user is prompted if they want to use different default + apps (for example, search engine, web browser, launcher) and disclose + sending data off device.</li> + <li>Ensure that AOSP APKs are signed with the AOSP certificate.</li> + <li>Run regression tests and keep a change-log to determine whether the AOSP + APKs have had code added.</li> +</ul> + +<h2 id="security-updates">Security updates</h2> + +<p>Android devices should receive ongoing security support for at least two + years from launch. This includes receiving regular updates that address + known security vulnerabilities.</p> + +<ul> + <li>Work with hardware partners, such as your SoC vendors, to put + appropriate support agreements in place for all components on your + Android device.</li> + <li>Ensure that security updates can be installed with minimal user + interaction to increase the likelihood of users accepting and installing + updates on their Android device. Implementing + <a href="/devices/tech/ota/ab/">Seamless System Updates</a> or an + equivalent security feature is strongly recommended.</li> + <li>Ensure that you understand the cumulative requirement of the Android + Security Patch Level (SPL) as declared in the + <a href="/security/bulletin/">Android Security Bulletin</a>. For example, + devices that use the 2018-02-01 security patch level must include all + issues associated with that security patch level, as well as fixes for + all issues reported in all previous security bulletins.</li> +</ul> + +<h3 id="dynamic-kernel-updates">Dynamic kernel updates</h3> + +<p>Do not dynamically modify critical system components. While there is some + research to suggest that dynamic kernel updates help protect against + emergency threats, the assessed cost currently outweighs the benefits. + Instead, create a robust OTA update method to quickly distribute + vulnerability protections.</p> + +<h2 id="key-management">Key management</h2> + +<p>Maintain good key management policies and practices to ensure the security + of signing keys.</p> + +<ul> + <li>Do not share signing keys with external parties.</li> + <li>If a signing key is compromised, generate a new key and double sign all + apps going forward.</li> + <li>Store all keys in high-security module hardware or services requiring + multiple factors to access.</li> +</ul> + +<h2 id="system-image-signing">System image signing</h2> + +<p>The signature of the system image is critical to determine device integrity.</p> + +<ul> + <li>Do not sign devices with a publicly known key.</li> + <li>Manage device-signing keys in a manner consistent with industry-standard + practices for handling sensitive keys, including a hardware security module + (HSM) that provides limited, auditable access.</li> +</ul> + +<h2 id="unlockable-bootloaders">Unlockable bootloaders</h2> + +<p>Many Android devices support unlocking, enabling the device owner to modify + the system partition or install a custom operating system. Common use + cases include installing a third-party system image and performing + systems-level development on the device. For example, to unlock the system + image on a Google Nexus or Pixel, a user can run <code>fastboot oem + unlock</code>, which displays this message:</p> + +<aside class="caution"> + <p><strong>Unlock bootloader?</strong></p> + + <p>If you unlock the bootloader, you will be able to install custom + operating system software on this phone.</p> + + <p>A custom OS is not subject to the same testing as the original OS, and + can cause your phone and installed apps to stop working properly.</p> + + <p>To prevent unauthorized access to your personal data, unlocking the + bootloader will also delete all personal data from your phone (a "factory + data reset").</p> + + <p>Press the Volume Up/Down buttons to select Yes or No. Then press the + Power button to continue.</p> + + <p><strong>Yes:</strong> Unlock bootloader (may void warranty)</p> + + <p><strong>No</strong>: Do not unlock bootloader and restart phone.</p> +</aside> + +<p>As a best practice, unlockable Android devices must securely erase all user + data prior to being unlocked. Failure to properly delete all data on + unlocking may allow a physically proximate attacker to gain unauthorized + access to confidential Android user data. To prevent the disclosure of user + data, a device that supports unlocking must implement it properly.</p> + +<ul> + <li>After the user confirms the unlocking command, the device must start an + immediate data wipe. The <code>unlocked</code> flag must not be set until + after the secure deletion is complete.</li> + <li>If a secure deletion can't be completed, the device must stay in a locked + state.</li> + <li>If supported by the underlying block device, + <code>ioctl(BLKSECDISCARD)</code>or equivalent should be used. For + embedded MultiMediaCard (eMMC) devices, this means using a Secure Erase or + Secure Trim command. For eMMC 4.5 and later, this means using a normal Erase + or Trim followed by a Sanitize operation.</li> + <li>If <code>BLKSECDISCARD</code> is not supported by the underlying block + device, <code>ioctl(BLKDISCARD)</code> must be used instead. On eMMC + devices, this is a normal Trim operation.</li> + <li>If <code>BLKDISCARD</code> is not supported, overwriting the block + devices with all zeros is acceptable.</li> + <li>A user must have the option to require that user data be wiped + beofre flashing a partition. For example, Nexus devices use the + <code>fastboot oem lock</code> command to wipe user data.</li> + <li>A device may record, via eFuses or similar mechanism, whether a device + was unlocked and/or relocked. However, we strongly recommend that relocking + the bootloader with subsequent factory reset should restore full device + functionality.</li> +</ul> + +<p>These requirements ensure that all data is destroyed upon the completion of + an unlock operation. Failure to implement these protections is considered a + <a href="/security/overview/updates-resources#severity">moderate level + security vulnerability</a>.</p> + +<p>A device that is unlocked may be subsequently relocked using the + <code>fastboot oem lock</code> command. Locking the bootloader provides the + same protection of user data with the new custom OS as was available with the + original device manufacturer OS (e.g. user data will be wiped if the device + is unlocked again).</p> + +<h2 id="device-pentesting">Device pentesting</h2> + +<p>Devices should be reviewed by a competent pentester prior to shipment. + Pentesting should establish that the device followed security guidance + provided here as well as internal OEM security guidance.</p> +</body> +</html> diff --git a/en/security/bulletin/2015.html b/en/security/bulletin/2015.html index 380764f3..63cb9533 100644 --- a/en/security/bulletin/2015.html +++ b/en/security/bulletin/2015.html @@ -45,8 +45,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 7, 2015</td> <td>2015-12-01</td> @@ -58,8 +58,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 2, 2015</td> <td>2015-11-01</td> @@ -71,8 +71,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 5, 2015</td> <td>2015-10-01</td> @@ -84,8 +84,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 9, 2015</td> <td>N/A</td> @@ -97,8 +97,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 13, 2015</td> <td>N/A</td> diff --git a/en/security/bulletin/2016.html b/en/security/bulletin/2016.html index 6f8782f2..9f1624fb 100644 --- a/en/security/bulletin/2016.html +++ b/en/security/bulletin/2016.html @@ -43,8 +43,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 5, 2016</td> <td>2016-12-01<br> @@ -57,8 +57,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 7, 2016</td> <td>2016-11-01<br> @@ -72,8 +72,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 3, 2016</td> <td>2016-10-01<br> @@ -86,8 +86,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 6, 2016</td> <td>2016-09-01<br> @@ -101,8 +101,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 1, 2016</td> <td>2016-08-01<br> @@ -115,8 +115,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 6, 2016</td> <td>2016-07-01<br> @@ -129,8 +129,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 6, 2016</td> <td>2016-06-01</td> @@ -142,8 +142,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 2, 2016</td> <td>2016-05-01</td> @@ -155,8 +155,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 4, 2016</td> <td>2016-04-02</td> @@ -168,8 +168,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 7, 2016</td> <td>2016-03-01</td> @@ -181,8 +181,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 1, 2016</td> <td>2016-02-01</td> @@ -194,8 +194,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 4, 2016</td> <td>2016-01-01</td> diff --git a/en/security/bulletin/2017.html b/en/security/bulletin/2017.html index aa003eb5..af645994 100644 --- a/en/security/bulletin/2017.html +++ b/en/security/bulletin/2017.html @@ -43,8 +43,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 4, 2017</td> <td>2017-12-01<br> @@ -57,8 +57,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 6, 2017</td> <td>2017-11-01<br> @@ -72,8 +72,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 2, 2017</td> <td>2017-10-01<br> @@ -86,8 +86,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 5, 2017</td> <td>2017-09-01<br> @@ -100,8 +100,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 7, 2017</td> <td>2017-08-01<br> @@ -114,8 +114,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 5, 2017</td> <td>2017-07-01<br> @@ -128,8 +128,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 5, 2017</td> <td>2017-06-01<br> @@ -142,8 +142,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 1, 2017</td> <td>2017-05-01<br> @@ -156,8 +156,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 3, 2017</td> <td>2017-04-01<br> @@ -170,8 +170,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 6, 2017</td> <td>2017-03-01<br> @@ -184,8 +184,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 6, 2017</td> <td>2017-02-01<br> @@ -198,8 +198,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 3, 2017</td> <td>2017-01-01<br> diff --git a/en/security/bulletin/2018.html b/en/security/bulletin/2018.html index 3eeceac6..b574f288 100644 --- a/en/security/bulletin/2018.html +++ b/en/security/bulletin/2018.html @@ -43,8 +43,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 3, 2018</td> <td>2018-12-01<br> @@ -57,8 +57,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 5, 2018</td> <td>2018-11-01<br> @@ -71,8 +71,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 1, 2018</td> <td>2018-10-01<br> @@ -85,8 +85,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 4, 2018</td> <td>2018-09-01<br> @@ -99,8 +99,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 6, 2018</td> <td>2018-08-01<br> @@ -114,8 +114,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 2, 2018</td> <td>2018-07-01<br> @@ -128,8 +128,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 4, 2018</td> <td>2018-06-01<br> @@ -142,8 +142,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 7, 2018</td> <td>2018-05-01<br> @@ -156,8 +156,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 2, 2018</td> <td>2018-04-01<br> @@ -170,8 +170,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 2018</td> <td>2018-03-01<br> @@ -184,8 +184,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 2018</td> <td>2018-02-01<br> @@ -198,8 +198,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 2018</td> <td>2018-01-01<br> diff --git a/en/security/bulletin/2019-01-01.html b/en/security/bulletin/2019-01-01.html new file mode 100644 index 00000000..9afc1aef --- /dev/null +++ b/en/security/bulletin/2019-01-01.html @@ -0,0 +1,650 @@ +<html devsite> + <head> + <title>Android Security Bulletin—January 2019</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p><em>Published January 7, 2019 | Updated January 7, 2019</em></p> + +<p> +The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Security patch levels of 2019-01-05 or later address +all of these issues. To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705" + class="external">Check and update your Android version</a>. +</p> +<p> +Android partners are notified of all issues at least a month before +publication. Source code patches for these issues have been released to the +Android Open Source Project (AOSP) repository and linked from this bulletin. +This bulletin also includes links to patches outside of AOSP. +</p> +<p> +The most severe of these issues is a critical security vulnerability in +System that could enable a remote attacker using a specially crafted +file to execute arbitrary code within the context of a privileged process. The +<a href="/security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are turned off for development purposes or if successfully bypassed. +</p> +<p> +We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the +<a href="#mitigations">Android and Google Play Protect mitigations</a> +section for details on the +<a href="/security/enhancements/">Android security platform protections</a> +and Google Play Protect, which improve the security of the Android platform. +</p> +<p class="note"> +<strong>Note:</strong> Information on the latest over-the-air update (OTA) and +firmware images for Google devices is available in the +<a href="/security/bulletin/pixel/2019-01-01">January 2019 +Pixel Update Bulletin</a>. +</p> + +<h2 id="mitigations">Android and Google service mitigations</h2> + +<p> +This is a summary of the mitigations provided by the +<a href="/security/enhancements/">Android security platform</a> +and service protections such as +<a href="https://www.android.com/play-protect" class="external">Google Play +Protect</a>. These capabilities reduce the likelihood that security +vulnerabilities could be successfully exploited on Android. +</p> +<ul> +<li>Exploitation for many issues on Android is made more difficult by +enhancements in newer versions of the Android platform. We encourage all users +to update to the latest version of Android where possible.</li> +<li>The Android security team actively monitors for abuse through +<a href="https://www.android.com/play-protect" class="external">Google Play +Protect</a> and warns users about +<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially +Harmful Applications</a>. Google Play Protect is enabled by default on devices +with <a href="http://www.android.com/gms" class="external">Google Mobile +Services</a>, and is especially important for users who install apps from +outside of Google Play.</li> +</ul> +<h2 id="2019-01-01-details">2019-01-01 security patch level vulnerability details</h2> +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2019-01-01 patch level. Vulnerabilities are +grouped under the component they affect. There is a description of the +issue and a table with the CVE, associated references, +<a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +and updated AOSP versions (where applicable). When available, we link the public +change that addressed the issue to the bug ID, such as the AOSP change list. When +multiple changes relate to a single bug, additional references are linked to +numbers following the bug ID. +</p> + +<h3 id="framework">Framework</h3> + +<p>The most severe vulnerability in this section could enable a local malicious +application to bypass user interaction requirements in order to gain access to +additional permissions.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9582</td> + <td><a + href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/ab39f6cb7afc48584da3c59d8e2a5e1ef121aafb" + class="external">A-112031362</a></td> + <td>EoP</td> + <td>High</td> + <td>8.0, 8.1, 9</td> + </tr> +</table> + +<h3 id="system">System</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +a privileged process.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9583</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/94d718eb61cbb1e6fd08288039d7e62913735c6c" + class="external">A-112860487</a></td> + <td>RCE</td> + <td>Critical</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9584</td> + <td><a + href="https://android.googlesource.com/platform/system/nfc/+/5f0f0cc6a10f710dea7e1ddd4ba19acb877a7081" + class="external">A-114047681</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9585</td> + <td><a + href="https://android.googlesource.com/platform/system/nfc/+/71764b791f262491e3f628c14ce3949863dd6058" + class="external">A-117554809</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9586</td> + <td><a + href="https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/fe4c71a7a3a8a2184b3096203aa9240e01af621e" + class="external">A-116754444</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9587</td> + <td><a + href="https://android.googlesource.com/platform/packages/apps/Contacts/+/66abad90093df5231f24654a64cf90d9b70ab228" + class="external">A-113597344</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9588</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/bf9ff0c5215861ab673e211cd06e009f3157aab2" + class="external">A-111450156</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9589</td> + <td><a + href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/38af82c5ca615f56febcebde714c7cba653fd5ec" + class="external">A-111893132</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9590</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/297598898683b81e921474e6e74c0ddaedbb8bb5" + class="external">A-115900043</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9591</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/e1685cfa533db4155a447c405d7065cc17af2ae9" + class="external">A-116108738</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9592</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/8679463ade0ee029ef826ed4fb7a847e2a981375" + class="external">A-116319076</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9593</td> + <td><a + href="https://android.googlesource.com/platform/system/nfc/+/8bc53213110fed8360d3e212dd61fbc0218e0b1e" + class="external">A-116722267</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9594</td> + <td><a + href="https://android.googlesource.com/platform/system/nfc/+/494cd888eb2c5cfda05584dd598815c9268ff3c2" + class="external">A-116791157</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> +</table> + +<h2 id="2019-01-05-details">2019-01-05 security patch level vulnerability details</h2> + +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2019-01-05 patch level. Vulnerabilities are +grouped under the component they affect and include details such as the +CVE, associated references, <a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +component (where applicable), and updated AOSP versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +such as the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="kernel-components">Kernel components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-10876</td> + <td>A-116406122<br /> + <a href="http://patchwork.ozlabs.org/patch/929239/">Upstream +kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>ext4 filesystem</td> + </tr> + <tr> + <td>CVE-2018-10880</td> + <td>A-116406509<br /> + <a href="http://patchwork.ozlabs.org/patch/930639/">Upstream +kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>ext4 filesystem</td> + </tr> + <tr> + <td>CVE-2018-10882</td> + <td>A-116406626<br /> + <a href="https://bugzilla.kernel.org/show_bug.cgi?id=200069">Upstream +kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>ext4 filesystem</td> + </tr> + <tr> + <td>CVE-2018-13405</td> + <td>A-113452403<br /> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"> +Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>Filesystem</td> + </tr> + <tr> + <td>CVE-2018-18281</td> + <td>A-118836219<br /> + <a +href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821"> +Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>TLB</td> + </tr> + <tr> + <td>CVE-2018-17182</td> + <td>A-117280327<br /> + <a +href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"> +Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>Memory Manager</td> + </tr> + <tr> + <td>CVE-2018-10877</td> + <td>A-116406625<br /> + <a +href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877">Upstream +kernel</a></td> + <td>ID</td> + <td>High</td> + <td>ext4 filesystem</td> + </tr> +</table> + +<h3 id="nvidia-components">NVIDIA components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-6241</td> + <td>A-62540032<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>High</td> + <td>Dragon BSP</td> + </tr> +</table> + + +<h3 id="qualcomm-components">Qualcomm components</h3> + +<p>These vulnerabilities affect Qualcomm components and + are described in further detail in the appropriate + Qualcomm security bulletin or security alert. + The severity assessment of these issues is provided directly by Qualcomm.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-11962</td> + <td>A-117118292<br /> + <a +href="https://source.codeaurora.org/quic/la/platform/frameworks/av/commit?id=217604d69ce4dcf7c6433a9eafdfceefe25e8fd3"> +QC-CR#2267916</a></td> + <td>N/A</td> + <td>High</td> + <td>Audio</td> + </tr> + <tr> + <td>CVE-2018-12014</td> + <td>A-117118062<br /> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=545e03e8420164506457367959ccf01bd055e1aa"> +QC-CR#2278688</a></td> + <td>N/A</td> + <td>High</td> + <td>Data HLOS - LNX</td> + </tr> + <tr> + <td>CVE-2018-13889</td> + <td>A-117118677<br /> + <a +href="https://source.codeaurora.org/quic/le/platform/hardware/qcom/gps/commit/?id=03885c6896a88d993dd49c64ada02bec52af08a1"> +QC-CR#2288358</a></td> + <td>N/A</td> + <td>High</td> + <td>GPS</td> + </tr> +</table> + +<h3 id="qualcomm-closed-source-components">Qualcomm closed-source +components</h3> +<p> + These vulnerabilities affect Qualcomm components + and are described in further detail in the appropriate + Qualcomm security bulletin or security alert. + The severity assessment of these issues is provided directly by Qualcomm. +</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-11847</td> + <td>A-111092812<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component </td> + </tr> + <tr> + <td>CVE-2018-11888</td> + <td>A-111093241<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component </td> + </tr> + <tr> + <td>CVE-2018-13888</td> + <td>A-117119136<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component </td> + </tr> +</table> + +<h2 id="common-questions-and-answers">Common questions and answers</h2> + +<p>This section answers common questions that may occur after reading this +bulletin.</p> +<p><strong>1. How do I determine if my device is updated to address these +issues?</strong></p> +<p>To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices" + class="external">Check and update your Android version</a>.</p> +<ul> +<li>Security patch levels of 2019-01-01 or later address all issues associated +with the 2019-01-01 security patch level.</li> +<li>Security patch levels of 2019-01-05 or later address all issues associated +with the 2019-01-05 security patch level and all previous patch levels.</li> +</ul> +<p>Device manufacturers that include these updates should set the patch string +level to:</p> +<ul> + <li>[ro.build.version.security_patch]:[2019-01-01]</li> + <li>[ro.build.version.security_patch]:[2019-01-05]</li> +</ul> +<p><strong>2. Why does this bulletin have two security patch levels?</strong></p> +<p> +This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level. +</p> +<ul> +<li>Devices that use the 2019-01-01 security patch level must include all +issues associated with that security patch level, as well as fixes for all +issues reported in previous security bulletins.</li> +<li>Devices that use the security patch level of 2019-01-05 or newer must +include all applicable patches in this (and previous) security +bulletins.</li> +</ul> +<p> +Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update. +</p> +<p id="type"> +<strong>3. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table +reference the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>4. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>5. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally +contained in the latest binary drivers for Pixel devices +available from the +<a href="https://developers.google.com/android/drivers" class="external">Google +Developer site</a>. +</p> +<p> +<strong>6. Why are security vulnerabilities split between this bulletin and +device / partner security bulletins, such as the +Pixel bulletin?</strong> +</p> +<p> +Security vulnerabilities that are documented in this security bulletin are +required to declare the latest security patch level on Android +devices. Additional security vulnerabilities that are documented in the +device / partner security bulletins are not required for +declaring a security patch level. Android device and chipset manufacturers are +encouraged to document the presence of other fixes on their devices through +their own security websites, such as the +<a href="https://security.samsungmobile.com/securityUpdate.smsb" + class="external">Samsung</a>, +<a href="https://lgsecurity.lge.com/security_updates.html" + class="external">LGE</a>, or +<a href="/security/bulletin/pixel/" + class="external">Pixel</a> security bulletins. +</p> + +<h2 id="versions">Versions</h2> + +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>January 7, 2019</td> + <td>Bulletin published</td> + </tr> + <tr> + <td>1.1</td> + <td>January 7, 2019</td> + <td>Bulletin revised to include AOSP links.</td> + </tr> +</table> +</body> +</html> diff --git a/en/security/bulletin/2019.html b/en/security/bulletin/2019.html new file mode 100644 index 00000000..f5e41f15 --- /dev/null +++ b/en/security/bulletin/2019.html @@ -0,0 +1,215 @@ +<html devsite> + <head> + <title>2019 Android Security Bulletins</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2019 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + +<p>This page contains all available 2019 Android Security Bulletins. For a list +of all bulletins, see the <a href="/security/bulletin/index.html"> +Android Security Bulletins</a> homepage.</p> + +<table> + <col width="15%"> + <col width="49%"> + <col width="17%"> + <col width="19%"> + <tr> + <th>Bulletin</th> + <th>Languages</th> + <th>Published date</th> + <th>Security patch level</th> + </tr> + <!-- +<tr> + <td><a href="/security/bulletin/2019-12-01.html">December 2019</a></td> + <td> + <a href="/security/bulletin/2019-12-01.html">English</a> / + <a href="/security/bulletin/2019-12-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-12-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-12-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>December 2, 2019</td> + <td>2019-12-01<br> + 2019-12-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-11-01.html">November 2019</a></td> + <td> + <a href="/security/bulletin/2019-11-01.html">English</a> / + <a href="/security/bulletin/2019-11-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-11-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-11-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>November 4, 2019</td> + <td>2019-11-01<br> + 2019-11-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-10-01.html">October 2019</a></td> + <td> + <a href="/security/bulletin/2019-10-01.html">English</a> / + <a href="/security/bulletin/2019-10-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-10-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-10-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>October 7, 2019</td> + <td>2019-10-01<br> + 2019-10-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-09-01.html">September 2019</a></td> + <td> + <a href="/security/bulletin/2019-09-01.html">English</a> / + <a href="/security/bulletin/2019-09-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-09-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-09-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>September 2, 2019</td> + <td>2019-09-01<br> + 2019-09-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-08-01.html">August 2019</a></td> + <td> + <a href="/security/bulletin/2019-08-01.html">English</a> / + <a href="/security/bulletin/2019-08-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-08-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-08-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>August 5, 2019</td> + <td>2019-08-01<br> + 2019-08-05</td> + </tr> + + <tr> + <td><a href="/security/bulletin/2019-07-01.html">July 2019</a></td> + <td> + <a href="/security/bulletin/2019-07-01.html">English</a> / + <a href="/security/bulletin/2019-07-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-07-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-07-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>July 1, 2019</td> + <td>2019-07-01<br> + 2019-07-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-06-01.html">June 2019</a></td> + <td> + <a href="/security/bulletin/2019-06-01.html">English</a> / + <a href="/security/bulletin/2019-06-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-06-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-06-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>June 3, 2019</td> + <td>2019-06-01<br> + 2019-06-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-05-01.html">May 2019</a></td> + <td> + <a href="/security/bulletin/2019-05-01.html">English</a> / + <a href="/security/bulletin/2019-05-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-05-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-05-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>May 6, 2019</td> + <td>2019-05-01<br> + 2019-05-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-04-01.html">April 2019</a></td> + <td> + <a href="/security/bulletin/2019-04-01.html">English</a> / + <a href="/security/bulletin/2019-04-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-04-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-04-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>April 1, 2019</td> + <td>2019-04-01<br> + 2019-04-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-03-01.html">March 2019</a></td> + <td> + <a href="/security/bulletin/2019-03-01.html">English</a> / + <a href="/security/bulletin/2019-03-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-03-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-03-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>March 4, 2019</td> + <td>2019-03-01<br> + 2019-03-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-02-01.html">February 2019</a></td> + <td> + <a href="/security/bulletin/2019-02-01.html">English</a> / + <a href="/security/bulletin/2019-02-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-02-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-02-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>February 4, 2019</td> + <td>2019-02-01<br> + 2019-02-05</td> + </tr> +--> + <tr> + <td><a href="/security/bulletin/2019-01-01.html">January 2019</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2019-01-01.html">English</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> + --> + </td> + <td>January 7, 2019</td> + <td>2019-01-01<br> + 2019-01-05</td> + </tr> +</table> + </body> +</html> diff --git a/en/security/bulletin/_translation.yaml b/en/security/bulletin/_translation.yaml deleted file mode 100644 index 1a07c4e8..00000000 --- a/en/security/bulletin/_translation.yaml +++ /dev/null @@ -1,59 +0,0 @@ -ignore_paths: -- /security/bulletin/2018-06-01 -- /security/bulletin/2018-05-01 -- /security/bulletin/2018-04-01 -- /security/bulletin/2018-03-01 -- /security/bulletin/2018-02-01 -- /security/bulletin/2018-01-01 -- /security/bulletin/2017 -- /security/bulletin/2017-12-01 -- /security/bulletin/2017-11-01 -- /security/bulletin/2017-10-01 -- /security/bulletin/2017-09-01 -- /security/bulletin/2017-08-01 -- /security/bulletin/2017-07-01 -- /security/bulletin/2017-06-01 -- /security/bulletin/2017-05-01 -- /security/bulletin/2017-04-01 -- /security/bulletin/2017-03-01 -- /security/bulletin/2017-02-01 -- /security/bulletin/2017-01-01 -- /security/bulletin/2016 -- /security/bulletin/2016-12-01 -- /security/bulletin/2016-11-01 -- /security/bulletin/2016-10-01 -- /security/bulletin/2016-09-01 -- /security/bulletin/2016-08-01 -- /security/bulletin/2016-07-01 -- /security/bulletin/2016-06-01 -- /security/bulletin/2016-05-01 -- /security/bulletin/2016-04-02 -- /security/bulletin/2016-03-01 -- /security/bulletin/2016-02-01 -- /security/bulletin/2016-01-01 -- /security/bulletin/2015 -- /security/bulletin/2015-12-01 -- /security/bulletin/2015-11-01 -- /security/bulletin/2015-10-01 -- /security/bulletin/2015-09-01 -- /security/bulletin/2015-08-01 -- /security/bulletin/pixel/2017 -- /security/bulletin/pixel/2017-12-01 -- /security/bulletin/pixel/2017-11-01 -- /security/bulletin/pixel/2017-10-01 -enable_continuous_translation: true -title: Android Security Bulletins -description: Translations for Android Security Bulletins -language: -- ja -- ko -- ru -- zh-CN -- zh-TW -cc: -- daroberts@google.com -- sac-doc-leads+translation@google.com -- lhaviland@google.com -reviewer: -- daroberts -product: Android diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html index 6fdea4d0..ee61a610 100644 --- a/en/security/bulletin/index.html +++ b/en/security/bulletin/index.html @@ -28,12 +28,21 @@ Bulletins, which provide fixes for possible issues affecting devices running Android. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as:</p> <ul> - <li><a href="/security/bulletin/pixel/">Google</a></li> - <li><a href="https://lgsecurity.lge.com/security_updates.html">LG</a></li> - <li><a href="https://motorola-global-portal.custhelp.com/app/software-upgrade-news/g_id/1949"> + <li><a + href="/security/bulletin/pixel/">Google</a></li> + <li><a + href="https://lgsecurity.lge.com/security_updates.html" + class="external">LG</a></li> + <li><a + href="https://motorola-global-portal.custhelp.com/app/software-upgrade-news/g_id/1949" + class="external"> Motorola</a></li> - <li><a href="https://www.nokia.com/en_int/phones/security-updates">Nokia</a></li> - <li><a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a></li> + <li><a + href="https://www.nokia.com/en_int/phones/security-updates" + class="external">Nokia</a></li> + <li><a + href="https://security.samsungmobile.com/securityUpdate.smsb" + class="external">Samsung</a></li> </ul> <h3 id="sources">Sources</h3> @@ -62,14 +71,30 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/2019-01-01.html">January 2019</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2019-01-01.html">English</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> + --> + </td> + <td>January 7, 2019</td> + <td>2019-01-01<br> + 2019-01-05</td> + </tr> + <tr> <td><a href="/security/bulletin/2018-12-01.html">December 2018</a></td> <td> <a href="/security/bulletin/2018-12-01.html">English</a> / <a href="/security/bulletin/2018-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> <td>December 3, 2018</td> <td>2018-12-01<br> 2018-12-05</td> @@ -81,8 +106,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 5, 2018</td> <td>2018-11-01<br> @@ -95,8 +120,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 1, 2018</td> <td>2018-10-01<br> @@ -109,8 +134,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 4, 2018</td> <td>2018-09-01<br> @@ -123,8 +148,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 6, 2018</td> <td>2018-08-01<br> @@ -137,8 +162,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 2, 2018</td> <td>2018-07-01<br> @@ -151,8 +176,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 4, 2018</td> <td>2018-06-01<br> @@ -165,8 +190,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 7, 2018</td> <td>2018-05-01<br> @@ -179,8 +204,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 2, 2018</td> <td>2018-04-01<br> @@ -193,8 +218,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 5, 2018</td> <td>2018-03-01<br> @@ -207,8 +232,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 5, 2018</td> <td>2018-02-01<br> @@ -221,8 +246,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 2, 2018</td> <td>2018-01-01<br> @@ -235,8 +260,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 4, 2017</td> <td>2017-12-01<br> @@ -249,8 +274,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 6, 2017</td> <td>2017-11-01<br> @@ -264,8 +289,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 2, 2017</td> <td>2017-10-01<br> @@ -278,8 +303,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 5, 2017</td> <td>2017-09-01<br> @@ -292,8 +317,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 7, 2017</td> <td>2017-08-01<br> @@ -306,8 +331,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 5, 2017</td> <td>2017-07-01<br> @@ -320,8 +345,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 5, 2017</td> <td>2017-06-01<br> @@ -334,8 +359,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 1, 2017</td> <td>2017-05-01<br> @@ -347,8 +372,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 3, 2017</td> <td>2017-04-01<br> @@ -360,8 +385,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 6, 2017</td> <td>2017-03-01<br> @@ -373,8 +398,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 6, 2017</td> <td>2017-02-01<br> @@ -386,8 +411,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 3, 2017</td> <td>2017-01-01<br> @@ -400,8 +425,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 5, 2016</td> <td>2016-12-01<br> @@ -414,8 +439,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 7, 2016</td> <td>2016-11-01<br> @@ -429,8 +454,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 3, 2016</td> <td>2016-10-01<br> @@ -443,8 +468,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 6, 2016</td> <td>2016-09-01<br> @@ -458,8 +483,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 1, 2016</td> <td>2016-08-01<br> @@ -472,8 +497,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 6, 2016</td> <td>2016-07-01<br> @@ -486,8 +511,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 6, 2016</td> <td>2016-06-01</td> @@ -499,8 +524,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 2, 2016</td> <td>2016-05-01</td> @@ -512,8 +537,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-04-02.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-04-02.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-04-02.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-04-02.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-04-02.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-04-02.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-04-02.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 4, 2016</td> <td>2016-04-02</td> @@ -525,8 +550,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 7, 2016</td> <td>2016-03-01</td> @@ -538,8 +563,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 1, 2016</td> <td>2016-02-01</td> @@ -551,8 +576,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 4, 2016</td> <td>2016-01-01</td> @@ -564,8 +589,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 7, 2015</td> <td>2015-12-01</td> @@ -577,8 +602,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 2, 2015</td> <td>2015-11-01</td> @@ -590,8 +615,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 5, 2015</td> <td>2015-10-01</td> @@ -603,8 +628,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 9, 2015</td> <td>N/A</td> @@ -616,8 +641,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 13, 2015</td> <td>N/A</td> diff --git a/en/security/bulletin/pixel/2017.html b/en/security/bulletin/pixel/2017.html index 23f1c15c..d8317f66 100644 --- a/en/security/bulletin/pixel/2017.html +++ b/en/security/bulletin/pixel/2017.html @@ -45,8 +45,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 4, 2017</td> <td>2017-12-05</td> @@ -58,8 +58,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2017-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 6, 2017</td> <td>2017-11-05</td> @@ -71,8 +71,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2017-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 2, 2017</td> <td>2017-10-05</td> diff --git a/en/security/bulletin/pixel/2018.html b/en/security/bulletin/pixel/2018.html index a1cace8f..7517c91b 100644 --- a/en/security/bulletin/pixel/2018.html +++ b/en/security/bulletin/pixel/2018.html @@ -45,8 +45,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 3, 2018</td> <td>2018-12-05</td> @@ -58,8 +58,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 5, 2018</td> <td>2018-11-05</td> @@ -71,8 +71,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 1, 2018</td> <td>2018-10-05</td> @@ -84,8 +84,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 4, 2018</td> <td>2018-09-05</td> @@ -97,8 +97,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 6, 2018</td> <td>2018-08-05</td> @@ -110,8 +110,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 2, 2018</td> <td>2018-07-05</td> @@ -123,8 +123,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 4, 2018</td> <td>2018-06-05</td> @@ -136,8 +136,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 7, 2018</td> <td>2018-05-05</td> @@ -149,8 +149,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 2, 2018</td> <td>2018-04-05</td> @@ -162,8 +162,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 2018</td> <td>2018-03-05</td> @@ -175,8 +175,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 2018</td> <td>2018-02-05</td> @@ -188,8 +188,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 2018</td> <td>2018-01-05</td> diff --git a/en/security/bulletin/pixel/2019-01-01.html b/en/security/bulletin/pixel/2019-01-01.html new file mode 100644 index 00000000..e6e9939d --- /dev/null +++ b/en/security/bulletin/pixel/2019-01-01.html @@ -0,0 +1,258 @@ +<html devsite> + <head> + <title>Pixel Update Bulletin—January 2019</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2019 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p><em>Published January 7, 2019</em></p> + +<p> +The Pixel Update Bulletin contains details of security +vulnerabilities and functional improvements affecting <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices" +class="external">supported Google Pixel devices</a> (Google devices). +For Google devices, security patch levels of 2019-01-05 or later address all +issues in this bulletin and all issues in the January 2019 Android Security +Bulletin. To learn how to check a device's security patch level, see <a +href="https://support.google.com/pixelphone/answer/4457705" +class="external">Check & update your Android version</a>. +</p> +<p> +All supported Google devices will receive an update to the 2019-01-05 patch +level. We encourage all customers to accept these updates to their devices. +</p> +<p class="note"> +<strong>Note:</strong> The Google device firmware images are available on the +<a href="https://developers.google.com/android/images" class="external">Google +Developer site</a>. +</p> + +<h2 id="announcements">Announcements</h2> + +<p>In addition to the security vulnerabilities described in the +<a href="/security/bulletin/2019-01-01">January 2019 Android Security +Bulletin</a>, Google devices also contain patches for the security +vulnerabilities described below. Partners were notified of these issues at +least a month ago and may choose to incorporate them as part of their device +updates. +</p> + +<h2 id="security-patches">Security patches</h2> +<p> +Vulnerabilities are grouped under the component they affect. There is a +description of the issue and a table with the CVE, associated references, +<a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources#severity">severity</a>, +and updated Android Open Source Project (AOSP) versions (where applicable). +When available, we link the public change that addressed the issue to the bug +ID, such as the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="kernel-components">Kernel components</h3> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-13098</td> + <td>A-113148387<br /> + <a +href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76d56d4ab4f2a9e4f085c7d77172194ddaccf7d2"> +Upstream kernel</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Filesystem</td> + </tr> + <tr> + <td>CVE-2018-13099</td> + <td>A-113148515<br /> + <a +href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dbe38dc386910c668c75ae616b99b823b59f3eb"> +Upstream kernel</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Filesystem</td> + </tr> +</table> + + +<h3 id="functional-patches">Functional patches</h3> +<p>These updates are included for affected Pixel devices to address +functionality issues not related to the security of Pixel devices. The table +includes associated references, the affected category (such as, Bluetooth and +mobile data), improvements, and affected devices. +</p> + +<table> + <tr> + <col width="15%"> + <col width="15%"> + <col width="40%"> + <col width="30%"> + <th>References</th> + <th>Category</th> + <th>Improvements</th> + <th>Devices</th> + </tr> + <tr> + <td>A-113776612, A-118022272</td> + <td>Audio</td> + <td>Improved audio quality when recording videos</td> + <td>Pixel 3, Pixel 3 XL</td> + </tr> +</table> + +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p> +This section answers common questions that may occur after reading this +bulletin. +</p> +<p> +<strong>1. How do I determine if my device is updated to address these issues? +</strong> +</p> +<p> +Security patch levels of 2019-01-05 or later address all issues associated with +the 2019-01-05 security patch level and all previous patch levels. To learn how +to check a device's security patch level, read the instructions on the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices" +class="external">Pixel update schedule</a>. +</p> +<p id="type"> +<strong>2. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>3. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>4. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Pixel devices available +from the <a href="https://developers.google.com/android/drivers" +class="external">Google Developer site</a>. +</p> +<p> +<strong>5. Why are security vulnerabilities split between this bulletin and the +Android Security Bulletins?</strong> +</p> +<p> +Security vulnerabilities that are documented in the Android Security Bulletins +are required to declare the latest security patch level on Android +devices. Additional security vulnerabilities, such as those documented in this +bulletin are not required for declaring a security patch level. +</p> +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>January 7, 2019</td> + <td>Bulletin published.</td> + </tr> +</table> +</body> +</html> diff --git a/en/security/bulletin/pixel/2019.html b/en/security/bulletin/pixel/2019.html new file mode 100644 index 00000000..65eb244d --- /dev/null +++ b/en/security/bulletin/pixel/2019.html @@ -0,0 +1,203 @@ +<html devsite> + <head> + <title>2019 Pixel Update Bulletins</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2019 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + +<p>This page contains all available 2019 Pixel Update +Bulletins. For a list of all bulletins, see the +<a href="/security/bulletin/pixel/index.html">Pixel Update +Bulletins</a> homepage.</p> + +<table> + <col width="15%"> + <col width="49%"> + <col width="17%"> + <col width="19%"> + <tr> + <th>Bulletin</th> + <th>Languages</th> + <th>Published date</th> + <th>Security patch level</th> + </tr> +<!-- +<tr> + <td><a href="/security/bulletin/pixel/2019-12-01.html">December 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-12-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>December 2, 2019</td> + <td>2019-12-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-11-01.html">November 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-11-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>November 4, 2019</td> + <td>2019-11-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-10-01.html">October 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-10-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>October 7, 2019</td> + <td>2019-10-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-09-01.html">September 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-09-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>September 2, 2019</td> + <td>2019-09-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-08-01.html">August 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-08-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>August 5, 2019</td> + <td>2019-08-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-07-01.html">July 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-07-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>July 1, 2019</td> + <td>2019-07-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-06-01.html">June 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-06-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>June 3, 2019</td> + <td>2019-06-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-05-01.html">May 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-05-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>May 6, 2019</td> + <td>2019-05-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-04-01.html">April 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-04-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>April 1, 2019</td> + <td>2019-04-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-03-01.html">March 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-03-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>March 4, 2019</td> + <td>2019-03-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-02-01.html">February 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-02-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>February 4, 2019</td> + <td>2019-02-05</td> + </tr> +--> + <tr> + <td><a href="/security/bulletin/pixel/2019-01-01.html">January 2019</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/pixel/2019-01-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> + --> + </td> + <td>January 7, 2019</td> + <td>2019-01-05</td> + </tr> +</table> + </body> +</html> diff --git a/en/security/bulletin/pixel/index.html b/en/security/bulletin/pixel/index.html index a32aa036..45a70c7b 100644 --- a/en/security/bulletin/pixel/index.html +++ b/en/security/bulletin/pixel/index.html @@ -1,6 +1,6 @@ <html devsite> <head> - <title>Pixel / Nexus Security Bulletins</title> + <title>Pixel Update Bulletins</title> <meta name="project_path" value="/_project.yaml" /> <meta name="book_path" value="/_book.yaml" /> </head> @@ -22,28 +22,30 @@ --> -<p>This page contains the available Pixel / Nexus monthly -bulletins. These bulletins supplement the -<a href="/security/bulletin">Android Security Bulletins</a> with -additional security patches and functional improvements on Pixel and Nexus -devices. These bulletins apply to -<a href="https://support.google.com/nexus/answer/4457705">supported Pixel and -Nexus devices</a>.</p> +<p>This page contains the available monthly Pixel Update Bulletins. These + bulletins were previously known as the + Pixel / Nexus security bulletins. These bulletins supplement + the <a href="/security/bulletin">Android Security Bulletins</a> with + additional security patches and functional improvements on <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices" +class="external">supported Google Pixel and Nexus devices</a> (Google devices). +</p> <h3 id="notification">Notifications</h3> -<p>Pixel and Nexus devices start receiving OTA updates on the same day the -monthly bulletin is released. In general, it takes about one and a half calendar -weeks for the OTA to reach every Nexus device. The Nexus firmware images are -also released each month to the -<a href="https://developers.google.com/android/nexus/images">Google Developer -site</a>. -</p> -<h3 id="sources">Sources</h3> -<p>Patches listed in the Pixel / Nexus bulletin come from various -sources: the Android Open Source Project (AOSP), the upstream Linux kernel, -and system-on-chip (SOC) manufacturers. Android platform fixes are merged into -AOSP 24–48 hours after the Pixel / Nexus bulletin is released.</p> + <p>Google devices start receiving OTA updates on the same day the + monthly bulletin is released. In general, it takes about one and a half + calendar weeks for the OTA to reach every Google device. The Google device + firmware images are available on the + <a href="https://developers.google.com/android/images" + class="external">Google Developer site</a>. + </p> +<h3 id="sources">Sources</h3> + <p>Patches listed in the Pixel Update bulletins can come from various + sources, including: the Android Open Source Project (AOSP), the upstream + Linux kernel, and system-on-chip (SOC) manufacturers. Android platform + fixes are merged into AOSP 24–48 hours after the Pixel Update + Bulletin is released.</p> <h3 id="bulletins">Bulletins</h3> @@ -59,14 +61,29 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/pixel/2019-01-01.html">January 2019</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/pixel/2019-01-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> + --> + </td> + <td>January 7, 2018</td> + <td>2018-12-05</td> + </tr> +<tr> <td><a href="/security/bulletin/pixel/2018-12-01.html">December 2018</a></td> <td> <a href="/security/bulletin/pixel/2018-12-01.html">English</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 3, 2018</td> <td>2018-12-05</td> @@ -78,8 +95,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 5, 2018</td> <td>2018-11-05</td> @@ -91,8 +108,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 1, 2018</td> <td>2018-10-05</td> @@ -104,8 +121,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 4, 2018</td> <td>2018-09-05</td> @@ -117,8 +134,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 6, 2018</td> <td>2018-08-05</td> @@ -130,8 +147,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 2, 2018</td> <td>2018-07-05</td> @@ -143,8 +160,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 4, 2018</td> <td>2018-06-05</td> @@ -156,8 +173,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 7, 2018</td> <td>2018-05-05</td> @@ -169,8 +186,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 2, 2018</td> <td>2018-04-05</td> @@ -182,8 +199,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 5, 2018</td> <td>2018-03-05</td> @@ -195,8 +212,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 5, 2018</td> <td>2018-02-05</td> @@ -208,8 +225,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 2, 2018</td> <td>2018-01-05</td> @@ -221,8 +238,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 4, 2017</td> <td>2017-12-05</td> @@ -234,8 +251,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2017-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 6, 2017</td> <td>2017-11-05</td> @@ -247,8 +264,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2017-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 2, 2017</td> <td>2017-10-05</td> diff --git a/en/security/encryption/adiantum.html b/en/security/encryption/adiantum.html new file mode 100644 index 00000000..37288920 --- /dev/null +++ b/en/security/encryption/adiantum.html @@ -0,0 +1,260 @@ +<html devsite> + <head> + <title>Enabling Adiantum</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p> +<a href="https://eprint.iacr.org/2018/720.pdf" class="external">Adiantum</a> + is an encryption method designed for devices running Android 9 and higher + whose CPUs lack + <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" + class="external">AES</a> instructions. If you are shipping an ARM-based + device with ARMv8 Cryptography Extensions or an x86-based device with AES-NI, + you should <strong>not</strong> use Adiantum. AES is faster on those + platforms. +</p> +<p> + For devices lacking these AES CPU instructions, Adiantum provides encryption on + your device with very little performance overhead. For benchmarking numbers, + see the <a href="https://eprint.iacr.org/2018/720.pdf" + class="external">Adiantum paper</a>. For the benchmarking source + to run on your hardware, see the + <a href="https://github.com/google/adiantum" class="external">Adiantum source + on GitHub</a>. +</p> +<p> + To enable Adiantum on a device running Android 9 or higher, you need to + make kernel changes and userspace changes. +</p> + +<h2 id="kernel-changes">Kernel changes</h2> +<p> + Cherry-pick the Adiantum changes to your kernel and apply an additional + <code>dm-crypt</code> patch. If you're having trouble cherry-picking, devices + using <a href="https://source.android.com/security/encryption/full-disk" + class="external">full-disk encryption</a> (FDE) can exclude the + "fscrypt: " patch. +</p> + +<table> + <tr> + <th>Kernel version</th> + <th>Kernel changes</th> + <th><code>dm-crypt</code> patch</th> + </tr> + <tr> + <td>4.19 + </td> + <td><a href="https://android-review.googlesource.com/q/topic:%22adiantum-4.19%22+(status:open%20OR%20status:merged)" + class="external">4.19 kernel</a> + </td> + <td><a href="https://android-review.googlesource.com/c/kernel/common/+/851273" + class="external"><code>dm-crypt</code> patch</a> + </td> + </tr> + <tr> + <td>4.14 + </td> + <td><a href="https://android-review.googlesource.com/q/topic:%22adiantum-4.14%22+(status:open%20OR%20status:merged)" + class="external">4.14 kernel</a> + </td> + <td><a href="https://android-review.googlesource.com/c/kernel/common/+/851275" + class="external"><code>dm-crypt</code> patch</a> + </td> + </tr> + <tr> + <td>4.9 + </td> + <td><a href="https://android-review.googlesource.com/q/topic:%22adiantum-4.9%22+(status:open%20OR%20status:merged)" + class="external">4.9 kernel</a> + </td> + <td><a href="https://android-review.googlesource.com/c/kernel/common/+/851278" + class="external"><code>dm-crypt</code> patch</a> + </td> + </tr> +</table> + +<h3 id="enable-adiantum-kernel">Enable Adiantum in your kernel</h3> + +<p> +After integrating the kernel changes, change your kernel config by adding the +lines: +</p> + +<pre class="devsite-click-to-copy">CONFIG_CRYPTO_ADIANTUM=y +CONFIG_DM_CRYPT=y +</pre> + +<p> +If your device uses a 4.4 kernel, also add: +</p> + + +<pre class="devsite-click-to-copy">CONFIG_CRYPTO_SEQIV=y +</pre> +<p> +If your device uses file-based encryption (FBE), also add: +</p> + + +<pre class="devsite-click-to-copy">CONFIG_F2FS_FS_ENCRYPTION=y +</pre> +<p> +To ensure good performance on a 32-bit ARM kernel, enable NEON instructions for +the kernel: +</p> + + +<pre +class="devsite-click-to-copy">CONFIG_CRYPTO_AES_ARM=y +CONFIG_CRYPTO_CHACHA20_NEON=y +CONFIG_CRYPTO_NHPOLY1305_NEON=y +CONFIG_KERNEL_MODE_NEON=y +</pre> + +<h2 id="userspace-changes">Userspace changes</h2> +<p> + For devices running Android 9, cherry-pick the + <a href="https://android-review.googlesource.com/q/topic:%22userspace_adiantum_support_pie%22+(status:open%20OR%20status:merged)" + class="external">Adiantum userspace changes</a> in the + <code>userspace_adiantum_support_pie</code> topic on the + <code>pie-platform-release</code> branch in AOSP. +</p> +<p> +These changes are also in the + <a href="https://android-review.googlesource.com/q/topic:%22userspace_adiantum_support%22+(status:open%20OR%20status:merged)" + class="external">master branch of AOSP</a>. +</p> + +<h2 id="enable-adiantum-device">Enable Adiantum in your device</h2> +<p> +These settings are for the userdata on the device, and also for adoptable +storage. +</p> + +<h3 id="fbe-devices">Devices with file-based encryption</h3> +<p> +To enable Adiantum and improve its performance, set these properties in +<code>PRODUCT_PROPERTY_OVERRIDES</code>: +</p> + + +<pre +class="devsite-click-to-copy">ro.crypto.fde_algorithm=adiantum +ro.crypto.fde_sector_size=4096 +ro.crypto.volume.contents_mode=adiantum +ro.crypto.volume.filenames_mode=adiantum +</pre> + +<aside class="caution"><strong>Important</strong>: +This setting references FDE but is needed also on FBE devices; it +affects adoptable storage. +</aside> + +<p> +Setting <code>fde_sector_size</code> to 4096 improves performance, but is not +required for Adiantum to work. Setting the sector size requires that the offset +and alignment of the userdata partition and adoptable storage is 4096-byte +aligned. +</p> +<p> + In the <code>fstab</code>, for userdata use the option: +</p> + + +<pre class="devsite-click-to-copy">fileencryption=adiantum +</pre> +<p> +To verify that your implementation worked, take a bug report or run: +</p> + + +<pre class="devsite-click-to-copy"> +<code class="devsite-terminal">adb root</code> +<code class="devsite-terminal">adb shell dmesg</code> +</pre> +<p> +If Adiantum is enabled correctly, you should see this in the kernel log: +</p> + + +<pre +class="devsite-click-to-copy">fscrypt: Adiantum using implementation "adiantum(xchacha12-neon,aes-arm,nhpoly1305-neon)" +</pre> + +<aside class="note"> +<strong>Note</strong>: For ARM-based devices, the implementation name should +match exactly. If you don't see references to <code>neon</code>, your device +won't perform as well. See the <em><a href="#enable-adiantum-kernel">Enable +Adiantum in your kernel</a></em> section for details on enabling NEON +instructions. +</aside> + +<h3 id="fde-devices">Devices with full-disk encryption</h3> +<p> +To enable Adiantum and improve its performance, set these properties in +<code>PRODUCT_PROPERTY_OVERRIDES</code>: +</p> + + +<pre +class="devsite-click-to-copy">ro.crypto.fde_algorithm=adiantum +ro.crypto.fde_sector_size=4096 +</pre> +<p> +Setting <code>fde_sector_size</code> to 4096 improves performance, but is not +required for Adiantum to work. Setting the sector size requires that the offset +and alignment of the userdata partition and adoptable storage is 4096-byte +aligned. +</p> +<p> +In the <code>fstab</code>, for userdata set: +</p> + + +<pre class="devsite-click-to-copy">forceencrypt +</pre> +<p> +To verify that your implementation worked, take a bug report or run: +</p> + +<pre class="devsite-click-to-copy"> +<code class="devsite-terminal">adb root</code> +<code class="devsite-terminal">adb shell dmesg</code> +</pre> + +<p> +If Adiantum is enabled correctly, you should see this in the kernel log: +</p> + + +<pre +class="devsite-click-to-copy">device-mapper: crypt: adiantum(xchacha12,aes) using implementation "adiantum(xchacha12-neon,aes-arm,nhpoly1305-neon)" +</pre> +<aside class="note"> +<strong>Note</strong>: For ARM-based devices, the implementation name should +match exactly. If you don't see references to <code>neon</code>, your device +won't perform as well. See the <em><a href="#enable-adiantum-kernel">Enable +Adiantum in your kernel</a></em> section for details on enabling NEON +instructions. +</aside> + </body> +</html> diff --git a/en/security/images/trustyApps_900w.png b/en/security/images/trustyApps_900w.png Binary files differnew file mode 100644 index 00000000..3bf93634 --- /dev/null +++ b/en/security/images/trustyApps_900w.png diff --git a/en/security/images/trustyOverview_900w.png b/en/security/images/trustyOverview_900w.png Binary files differnew file mode 100644 index 00000000..e80fdc4f --- /dev/null +++ b/en/security/images/trustyOverview_900w.png diff --git a/en/security/overview/acknowledgements.html b/en/security/overview/acknowledgements.html index b6f7074e..52cb91da 100644 --- a/en/security/overview/acknowledgements.html +++ b/en/security/overview/acknowledgements.html @@ -33,6 +33,79 @@ impact on Android security, including code that qualifies for the <a href="https://www.google.com/about/appsecurity/patch-rewards/">Patch Rewards</a> program.</p> +<h2 id="2019">2019</h2> +<p>Starting in 2018 and continuing in 2019, the security acknowledgements are listed by month. + In prior years, acknowledgements were listed together. +</p> + +<h4 id="jan-2019">January</h4> + +<table> + <col width="85%"> + <col width="15%"> + <tr> + <th>Researchers</th> + <th>CVEs</th> + </tr> + <tr> + <td>Chong Wang (<a + href="https://www.weibo.com/csddl" class="external">weibo.com/csddl</a>) + of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. + </td> + <td>CVE-2018-9589</td> + </tr> + <tr> + <td>D2.Y.P of NON Team</td> + <td>CVE-2018-9594</td> + </tr> + <tr> + <td><a + href="https://www.linkedin.com/in/dzima" + class="external">Dzmitry Lukyanenka</a></td> + <td>CVE-2018-9587</td> + </tr> + <tr> + <td><a href="mailto:arnow117@gmail.com" class="external">Hanxiang Wen</a> + and Mingjian Zhou (周明建) (<a href="https://twitter.com/Mingjian_Zhou" + class="external">@Mingjian_Zhou</a>) + of <a href="http://c0reteam.org/" class="external">C0RE Team</a></td> + <td>CVE-2018-6241</td> + </tr> + <tr> + <td>Jann Horn of Google Project Zero</td> + <td>CVE-2018-17182, CVE-2018-18281</td> + </tr> + <tr> + <td>Maddie Stone of Google</td> + <td>CVE-2018-9586</td> + </tr> + <tr> + <td>Niky1235 (<a href="https://twitter.com/jiych_guru" + class="external">@jiych_guru</a>) + </td> + <td>CVE-2018-9584</td> + </tr> + <tr> + <td>Ricky Wai of Google</td> + <td>CVE-2018-9582</td> + </tr> + <tr> + <td>Yongke Wang (王永科) + (<a href="https://twitter.com/rudykewang" class="external">@Rudykewang</a>) + and Xiangqian Zhang (张向前) + (<a href="https://twitter.com/h3rb0x" class="external">@h3rb0x</a>) of + <a href="https://xlab.tencent.com/en/" class="external">Tencent Security + Xuanwu Lab</a></td> + <td>CVE-2018-9585, CVE-2018-9588</td> + </tr> + <tr> + <td>Zinuo Han (<a href="http://weibo.com/ele7enxxh" + class="external">weibo.com/ele7enxxh</a>) + of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.</td> + <td>CVE-2018-9583, CVE-2018-9590, CVE-2018-9591, CVE-2018-9592, CVE-2018-9593</td> + </tr> +</table> + <h2 id="2018">2018</h2> <p>In 2018, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.</p> @@ -116,6 +189,10 @@ acknowledgements were listed together.</p> <td>CVE-2018-9457</td> </tr> <tr> + <td>Joshua Laney of Deja vu Security</td> + <td>CVE-2018-9542</td> + </tr> + <tr> <td><a href="https://github.com/michalbednarski" class="external">Michał Bednarski</a></td> <td>CVE-2018-9522, CVE-2018-9523</td> diff --git a/en/security/overview/app-security.html b/en/security/overview/app-security.html index 317b57b6..1ebbef16 100644 --- a/en/security/overview/app-security.html +++ b/en/security/overview/app-security.html @@ -94,15 +94,14 @@ href="/security/app-sandbox">Application Sandbox</a>. <li>SMS/MMS functions</li> <li>Network/data connections</li> </ul> -<p>These resources are only accessible through the operating system. To make use +<p>These resources are only accessible through the operating system. To make use of the protected APIs on the device, an application must define the - capabilities it needs in its manifest. When preparing to install an - application, the system displays a dialog to the user that indicates the - permissions requested and asks whether to continue the installation. If the - user continues with the installation, the system accepts that the user has - granted all of the requested permissions. The user can not grant or deny - individual permissions -- the user must grant or deny all of the requested - permissions as a block.</p> + capabilities it needs in its manifest. All Android versions 6.0 and higher use + a <a href="/devices/tech/config/runtime_perms">runtime permissions</a> model. + If a user requests a feature from an app that requires a protected API the + system displays a dialog, prompting the user to <strong>deny</strong> + or <strong>allow</strong> the permission.</p> +</p> <p>Once granted, the permissions are applied to the application as long as it is installed. To avoid user confusion, the system does not notify the user again of the permissions granted to the application, and applications that are diff --git a/en/security/trusty/download-and-build.html b/en/security/trusty/download-and-build.html new file mode 100644 index 00000000..bd1c2697 --- /dev/null +++ b/en/security/trusty/download-and-build.html @@ -0,0 +1,70 @@ +<html devsite> + <head> + <title>Download and Build</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p>The <a href="https://android-review.googlesource.com/admin/repos/q/filter:trusty" + class="external">Trusty repositories</a> are available in the Android Open +Source Project (AOSP).</p> + +<p>Use these links to find the appropriate Trusty kernel branches in AOSP:</p> + +<ul> + <li><a class="external" + href="https://android.googlesource.com/kernel/common/+/android-trusty-4.4">4.4</a></li> + <li><a class="external" + href="https://android.googlesource.com/kernel/common/+/android-trusty-4.9">4.9</a></li> + <li><a class="external" + href="https://android.googlesource.com/kernel/common/+/android-trusty-4.14">4.14</a></li> +</ul> + + <h2 id="installing_repo">Installing Repo</h2> +<p>To download Trusty, first <a +href="/setup/build/downloading#installing-repo">download and install Repo</a>.</p> + +<p>After Repo has been successfully installed you can clone the Android Trusty repository.</p> +<pre class="prettyprint"> +<code class="devsite-terminal">mkdir trusty</code> +<code class="devsite-terminal">cd trusty</code> +<code class="devsite-terminal">repo init -u https://android.googlesource.com/trusty/manifest -b master</code> +<code class="devsite-terminal">repo sync -j32</code> +</pre> + +<h3 id="build">Build</h3> +<p>Use the following to build the generic arm64 image for Trusty. + +<pre class="devsite-terminal devsite-click-to-copy"> +./trusty/vendor/google/aosp/scripts/build.py generic-arm64 +</pre> + +<p>Build results will be under <code>build-root/build-generic-arm64/.</code> + Look for lk.bin which is a TEE image with all apps compiled in: +</p> + +<pre class="devsite-terminal devsite-click-to-copy"> +ls build-root/build-generic-arm64/lk.bin +</pre> + +<h3 id="install">Install</h3> + <p>You can assemble lk.bin into a firmware image and flash it to the device. +Generating firmware images varies depending on the board being used. + Contact your board manufacturer for instructions.</p> + </body> +</html> diff --git a/en/security/trusty/index.html b/en/security/trusty/index.html index c5bacdad..3640a226 100644 --- a/en/security/trusty/index.html +++ b/en/security/trusty/index.html @@ -20,140 +20,142 @@ See the License for the specific language governing permissions and limitations under the License. --> - - - -<p>Trusty is a set of software components supporting a Trusted Execution -Environment (TEE) on mobile devices.</p> +<p>Trusty is a secure Operating System (OS) that provides a Trusted Execution + Environment (TEE) for Android. The Trusty OS runs on the same processor + as the Android OS, but Trusty is isolated from the rest of the system + by both hardware and software. Trusty and Android run parallel + to each other. Trusty has access to the full power of a device’s main + processor and memory but is completely isolated. Trusty's isolation + protects it from malicious apps installed by the user and potential + vulnerabilities that may be discovered in Android. +</p> + + <p>Trusty is compatible with ARM and Intel processors. On ARM systems, + Trusty uses ARM’s Trustzone™ to virtualize the main processor and create + a secure trusted execution environment. Similar support is also available + on Intel x86 platforms using Intel’s Virtualization Technology. +</p> + +<img style="display: block;margin-left: auto;margin-right: auto;" + src="/security/images/trustyOverview_900w.png" /> +<p class="img-caption"> +<strong>Figure 1</strong>. Trusty overview diagram. +</p> <p>Trusty consists of:</p> - <ul> - <li>An operating system (the Trusty OS) that runs on a processor intended to -provide a TEE - <li>Drivers for the Android kernel (Linux) to facilitate communication with -applications running under the Trusty OS - <li>A set of libraries for Android systems software to facilitate communication -with trusted applications executed within the Trusty OS using the kernel -drivers + <li>A small OS kernel derived from <a + href="https://github.com/littlekernel/lk" class="external"> + Little Kernel</a></li> + <li>A Linux kernel driver to transfer data between the secure environment + and Android</li> + <li>An Android <a + href="https://android.googlesource.com/trusty/lib/" class="external"> + userspace library</a> to communicate with trusted applications + (that is, secure tasks/services) via the kernel driver</li> </ul> -<p><strong>Important</strong>: Trusty and the Trusty API are subject -to change.</p> -<p>For information about the Trusty API, see the <a +<p class="note"><strong>Note:</strong> Trusty and the Trusty API are subject +to change. For information about the Trusty API, see the <a href="/security/trusty/trusty-ref">API Reference</a>.</p> -<h2 id=uses_examples>Uses and examples</h2> - -<p>Any TEE OS (not just Trusty) can be used for TEE implementations.</p> - -<p>A TEE processor is typically a separate microprocessor in the system or a -virtualized instance of the main processor. The TEE processor is isolated from -the rest of the system using memory and I/O protection mechanisms supported by -the hardware.</p> - -<p>TEE processors have become a mainstay in today's mobile devices. The main -processor on these devices is considered "untrusted" and cannot access certain -areas of RAM, hardware registers and fuses where secret data (such as -device-specific cryptographic keys) is stored by the manufacturer. Software -running on the main processor delegates any operations that require use of -secret data to the TEE processor.</p> - -<p>The most widely known example of this in the Android ecosystem -is the <a href="/devices/drm.html">DRM framework</a> for -protected content. Software running on the TEE processor can access -device-specific keys required to decrypt protected content. The main processor -sees only the encrypted content, providing a high level of security and -protection against software-based attacks.</p> +<h2 id="whyTrusty">Why Trusty?</h2> + +<p>Other TEE operating systems are traditionally supplied as binary + blobs by third-party vendors or developed internally. + Developing internal TEE systems or licensing a TEE from a third-party + can be costly to System-on-Chip (SoC) vendors and OEMs. + The monetary cost combined with unreliable third-party systems creates an + unstable ecosystem for Android. Trusty is being provided to its partners + as a reliable and free open source alternative for their Trusted Execution + Environment. Trusty offers a level of transparency that is just not possible + with closed source systems. +</p> + + <p>Android supports various TEE implementations so you are not restricted + to using Trusty. Each TEE OS has its own unique way of deploying trusted + applications. This fragmentation can be a problem for trusted application + developers trying to ensure their apps work on every Android device. + Using Trusty as a standard helps application developers to easily + create and deploy applications without accounting + for the fragmentation of multiple TEE systems. Trusty TEE provides developers + and partners with transparency, collaboration, inspectability of code, and + ease of debugging. Trusted application developers can converge around common + tools and APIs to reduce the risk of introducing security vulnerabilities. + These developers will have the confidence that they can develop an application + and have it reused across multiple devices without further development. +</p> + +<h2 id="application_services">Applications and services</h3> + +<p>A Trusty application is defined as a collection of binary files + (executables and resource files), a binary manifest, and a + cryptographic signature. + At runtime, Trusty applications run as isolated processes in + unprivileged mode under the Trusty kernel. Each process runs + in its own virtual memory sandbox utilizing the memory management + unit capabilities of the TEE processor. The build of the hardware + changes the exact process that Trusty follows, but for example, + the kernel schedules these processes using a priority-based, + round-robin scheduler driven by a secure timer tick. + All Trusty applications share the same priority. +</p> + +<img style="display: block;margin-left: auto;margin-right: auto;" + src="/security/images/trustyApps_900w.png" /> +<p class="img-caption"> +<strong>Figure 2</strong>. Trusty application overview.</p> + +<h2 id="third-party_trusty_applications">Third-party Trusty applications</h2> + +<p>Currently all Trusty applications are developed by a single + party and packaged with the Trusty kernel image. + The entire image is signed and verified by the bootloader during boot. + Third-party application development is not supported in Trusty at + this time. Although Trusty enables the development of new + applications, doing so must be exercised with extreme care; each + new application increases the area of the trusted computing base + (TCB) of the system. + Trusted applications can access device secrets and can perform + computations or data transformations using them. The ability to + develop new applications that run in the TEE opens up many + possibilities for innovation. However, due to the very definition + of a TEE, these applications cannot be distributed without some + form of trust attached. Typically this comes in the form of a + digital signature by an entity trusted by the user of the + product on which the application runs. +</p> + +<h2 id="uses_examples">Uses and examples</h2> + +<p>Trusted execution environments are fast becoming a standard in + mobile devices. Users are relying more and more on their mobile + devices for their everyday lives and the need for security is always + growing. + Mobile devices with a TEE are more secure than devices without a TEE. +</p> + +<p>On devices with a TEE implementation, the main processor is often + referred to as “untrusted”, meaning it cannot access certain areas + of RAM, hardware registers, and write-once fuses where secret data + (such as, device-specific cryptographic keys) are stored by the manufacturer. + Software running on the main processor delegates any operations that + require use of secret data to the TEE processor. +</p> + +<p>The most widely known example of this in the Android ecosystem is the <a + href="/devices/drm.html">DRM framework</a> + for protected content. Software running on the TEE processor can + access device-specific keys required to decrypt protected content. + The main processor sees only the encrypted content, providing + a high level of security and protection against software-based attacks. +</p> <p>There are many other uses for a TEE such as mobile payments, secure banking, -full-disk encryption, multi-factor authentication, device reset protection, -replay-protected persistent storage, wireless display ("cast") of protected -content, secure PIN and fingerprint processing, and even malware detection.</p> - -<p>Trusty provides APIs for developing two classes of applications:</p> - -<ul> - <li>Trusted applications or services that run on the TEE processor - <li>Normal/untrusted applications that run on the main processor and use services -provided by Trusted applications -</ul> - -<p>Software running on the main processor can use Trusty APIs to connect to -trusted applications and exchange arbitrary messages with them, just like a -network service over IP. It is up to the application to determine the data -format and semantics of these messages using an app-level protocol. Reliable -delivery of messages is guaranteed by the underlying Trusty infrastructure (in -the form of drivers running on the main processor), and the communication is -completely asynchronous.</p> - -<h2 id=trusted_applications_and_services>Trusted applications and services</h2> - -<p>Trusted applications run as isolated processes under the Trusty OS kernel. Each -process runs in its own virtual memory sandbox utilizing the MMU capabilities -of the TEE processor. The kernel schedules these processes using a -priority-based, round-robin scheduler driven by a secure timer tick. In the -current version of Trusty, all Trusty applications share the same priority.</p> - -<p>Applications for the Trusty OS can be written in C/C++ (C++ support is -limited), and they have access to a small C library. The <code>main()</code> -function currently does not take any arguments. System call stubs are provided -in native assembly code as part of this library, so system calls can be -accessed by name.</p> - -<h3 id=language_threading>Language and threading support</h3> - -<p>All Trusty applications are single-threaded; multithreading in Trusty userspace -currently is unsupported.</p> - -<h3 id=application_structure>Application structure</h3> - -<p>Trusty applications initialize once during load and reside in memory until the -TEE processor is reset. Trusty currently does not support dynamic loading and -unloading of applications.</p> - -<p>Trusted applications are written as <strong>event-driven servers</strong> -waiting for commands from other applications or from applications running on -the main processor. Trusted applications can also be clients of other trusted -server applications. Events described in the following API sections will be -delivered to trusted applications by the Trusty kernel.</p> - -<h2 id=third-party_trusty_applications>Third-party Trusty applications</h2> - -<p>Currently all Trusty applications are developed by a single party and packaged -with the Trusty kernel image. The entire image is signed and verified by the -bootloader during boot. Third-party application development is not supported in -this version of Trusty.</p> - -<p>Although the Trusty OS enables the development of new applications, doing so -must be exercised with extreme care; each new application increases the area of -the trusted computing base (TCB) of the system. Trusted applications can access -device secrets and can perform computations or data transformations using them.</p> - -<p>The ability to develop new applications that run in the TEE opens up many -possibilities for innovation. However, due to the very definition of TEE, these -applications cannot be distributed without some form of <strong>trust</strong> attached. -Typically this comes in the form of a digital signature by an entity -trusted by the user of the product on which the application runs.</p> - -<h2 id=downloading_building>Downloading and building Trusty</h2> - -<p>You can find the Trusty implementation in the Android Open Source Project (AOSP) here:<br/> -<a href="https://android-review.googlesource.com/#/admin/projects/?filter=trusty">https://android-review.googlesource.com/#/admin/projects/?filter=trusty</a></p> - -<p>The Trusty kernel branches on AOSP are here:<br/> -<a href="https://android.googlesource.com/kernel/common/+/android-trusty-3.10">https://android.googlesource.com/kernel/common/+/android-trusty-3.10</a><br/> -<a href="https://android.googlesource.com/kernel/common/+/android-trusty-3.18">https://android.googlesource.com/kernel/common/+/android-trusty-3.18</a></p> - -<p>To make Trusty, run the following commands (assuming the Android toolchain is already in the path):</p> -<pre class="devsite-click-to-copy"> -<code class="devsite-terminal">repo init -u https://android.googlesource.com/trusty/manifest</code> -<code class="devsite-terminal">repo sync</code> -<code class="devsite-terminal">make -j24 generic-arm64</code> -</pre> - -<p>You may select another supported build target from: <code>device/*/*/project/*</code></p> - + multi-factor authentication, device reset protection, + replay-protected persistent storage, secure PIN and fingerprint processing, + and even malware detection. +</p> </body> </html> diff --git a/en/security/trusty/trusty-ref.html b/en/security/trusty/trusty-ref.html index 9f0cb2d1..b13e6307 100644 --- a/en/security/trusty/trusty-ref.html +++ b/en/security/trusty/trusty-ref.html @@ -21,39 +21,53 @@ limitations under the License. --> - - -<p>The <a href="index.html">Trusty</a> API generally describes the -Trusty inter-process communication (IPC) -system, including communications with the non-secure world. This page defines the -relevant terms and provides a reference for the API -calls.</p> - -<h2 id=ports_and_channels>Ports and channels</h2> +<p>Trusty provides APIs for developing two classes of applications/services:</p> + <ul> + <li>Trusted applications or services that run on the TEE processor</li> + <li>Normal/untrusted applications that run on the main processor and use the services provided + by trusted applications</li> + </ul> +<p>The <a + href="/security/index.html">Trusty</a> + API generally describes the Trusty inter-process communication (IPC) system, + including communications with the non-secure world. Software running on the + main processor can use Trusty APIs to connect to trusted applications/services + and exchange arbitrary messages with them just like a network service over IP. + It is up to the application to determine the data format and semantics of these + messages using an app-level protocol. Reliable delivery of messages is + guaranteed by the underlying Trusty infrastructure (in the form of drivers + running on the main processor), and the communication is completely asynchronous. +</p> + +<h2 id="ports_and_channels">Ports and channels</h2> <p>Ports are used by Trusty applications to expose service end-points in the form -of a named path to which clients connect. This gives a simple, string-based -service ID for clients to use. The naming convention is reverse-DNS-style -naming, e.g. <code>com.google.servicename</code>.</p> + of a named path to which clients connect. This gives a simple, string-based + service ID for clients to use. The naming convention is reverse-DNS-style + naming, e.g. <code>com.google.servicename</code>. +</p> <p>When a client connects to a port, the client receives a channel for interacting -with a service. The service must accept an incoming connection, and when it -does, it too receives a channel. In essence, ports are used to look up services -and then communication occurs over a pair of connected channels (i.e., -connection instances on a port). When a client connects to a port, a symmetric, -bi-directional connection is established. Using this full-duplex path, clients -and servers can exchange arbitrary messages until either side decides to tear -down the connection.</p> + with a service. The service must accept an incoming connection, and when it + does, it too receives a channel. In essence, ports are used to look up services + and then communication occurs over a pair of connected channels (i.e., + connection instances on a port). When a client connects to a port, a symmetric, + bi-directional connection is established. Using this full-duplex path, clients + and servers can exchange arbitrary messages until either side decides to tear + down the connection. +</p> <p>Only secure-side trusted applications or Trusty kernel modules can create -ports. Applications running on the non-secure side (in the normal world) can -only connect to services published by the secure side.</p> + ports. Applications running on the non-secure side (in the normal world) can + only connect to services published by the secure side. +</p> <p>Depending on requirements, a trusted application can be both a client and a -server at the same time. A trusted application that publishes a service (as a -server) might need to connect to other services (as a client).</p> + server at the same time. A trusted application that publishes a service (as a + server) might need to connect to other services (as a client). +</p> -<h2 id=handle_api>Handle API</h2> +<h2 id="handle_api">Handle API</h2> <p>Handles are unsigned integers representing resources such as ports and channels, similar to file descriptors in UNIX. After handles are created, they @@ -63,7 +77,7 @@ later.</p> <p>A caller can associate private data with a handle by using the <code>set_cookie()</code> method.</p> -<h3 id=methods_handle_api>Methods in the Handle API</h3> +<h3 id="methods_handle_api">Methods in the Handle API</h3> <p>Handles are only valid in the context of an application. An application should not pass the value of a handle to other applications unless explicitly @@ -71,7 +85,7 @@ specified. A handle value only should be interpreted by comparing it with the <code>INVALID_IPC_HANDLE #define,</code> which an application can use as an indication that a handle is invalid or unset.</p> -<h4 id=set_cookie>set_cookie()</h4> +<h4 id="set_cookie">set_cookie()</h4> <p>Associates the caller-provided private data with a specified handle.</p> @@ -89,10 +103,9 @@ long set_cookie(uint32_t handle, void *cookie) the handle has been created. The event-handling mechanism supplies the handle and its cookie back to the event handler.</p> -<p>Handles can be waited upon for events by using the <code>wait()</code> -or <code>wait_any()</code> calls.</p> +<p>Handles can be waited upon for events by using the <code>wait()</code> call.</p> -<h4 id=wait>wait()</h4> +<h4 id="wait">wait()</h4> <p>Waits for an event to occur on a given handle for specified period of time.</p> @@ -112,28 +125,8 @@ value of -1 is an infinite timeout</p> specified timeout interval; <code>ERR_TIMED_OUT</code> if a specified timeout elapsed but no event has occurred; <code>< 0</code> for other errors</p> -<h4 id=wait_any>wait_any()</h4> - -<p>Waits for any event to occur on any handle in the application handle table for -the specified period of time.</p> - -<pre class="prettyprint"> -long wait_any(uevent_t *event, unsigned long timeout_msecs); -</pre> - -<p>[out] <code>event</code>: A pointer to the structure representing an -event that occurred on this handle</p> - -<p>[in] <code>timeout_msecs</code>: A timeout value in milliseconds. -A value of -1 is an infinite timeout</p> - -<p>[retval]: <code>NO_ERROR</code> if a valid event occurred within a -specified timeout interval; <code>ERR_TIMED_OUT</code> if a specified timeout elapsed but no -event has occurred; <code>< 0</code> for other errors</p> - -<p>Upon success (<code>retval == NO_ERROR</code>), the <code>wait()</code> -and <code>wait_any()</code> calls -fill a specified <code>uevent_t</code> structure with information about +<p>Upon success (<code>retval == NO_ERROR</code>), the <code>wait()</code> call +fills a specified <code>uevent_t</code> structure with information about the event that occurred.</p> <pre class="prettyprint"> @@ -195,7 +188,7 @@ handle it.</p> <p>Handles can be destroyed by calling the <code>close()</code> method.</p> -<h4 id=close>close()</h4> +<h4 id="close">close()</h4> <p>Destroys the resource associated with the specified handle and removes it from the handle table.</p> @@ -208,14 +201,14 @@ long close(uint32_t handle_id); <p>[retval]: 0 if success; a negative error otherwise</p> -<h2 id=server_api>Server API</h2> +<h2 id="server_api">Server API</h2> <p>A server begins by creating one or more <strong>named ports</strong> representing its service end-points. Each port is represented by a handle.</p> -<h3 id=methods_server_api>Methods in the Server API</h3> +<h3 id="methods_server_api">Methods in the Server API</h3> -<h4 id=port_create>port_create()</h4> +<h4 id="port_create">port_create()</h4> <p>Creates a named service port.</p> @@ -256,14 +249,14 @@ with peer</p> negative</p> <p>The server then polls the list of port handles for incoming connections -using <code>wait()</code> or <code>wait_any()</code> calls. Upon receiving a connection +using <code>wait()</code> call. Upon receiving a connection request indicated by the <code>IPC_HANDLE_POLL_READY</code> bit set in the <code>event</code> field of the <code>uevent_t</code> structure, the server should call <code>accept()</code> to finish establishing a connection and create a channel (represented by another handle) that can then be polled for incoming messages.</p> -<h4 id=accept>accept()</h4> +<h4 id="accept">accept()</h4> <p>Accepts an incoming connection and gets a handle to a channel.</p> @@ -280,13 +273,13 @@ will be set to all zeros if the connection originated from the non-secure world< <p>[retval]: Handle to a channel (if non-negative) on which the server can exchange messages with the client (or an error code otherwise)</p> -<h2 id=client_api>Client API</h2> +<h2 id="client_api">Client API</h2> <p>This section contains the methods in the Client API.</p> -<h3 id=methods_client_api>Methods in the Client API</h3> +<h3 id="methods_client_api">Methods in the Client API</h3> -<h4 id=connect>connect()</h4> +<h4 id="connect">connect()</h4> <p>Initiates a connection to a port specified by name.</p> @@ -323,12 +316,12 @@ instead of failing immediately.</p> <p><code>IPC_CONNECT_ASYNC</code> - if set, initiates an asynchronous connection. An application has to poll for -the returned handle (by calling <code>wait()</code> or <code>wait_any()</code>) for +the returned handle (by calling <code>wait()</code> for a connection completion event indicated by the <code>IPC_HANDLE_POLL_READY</code> bit set in the event field of the <code>uevent_t</code> structure before starting normal operation.</p> -<h2 id=messaging_api>Messaging API</h2> +<h2 id="messaging_api">Messaging API</h2> <p>The Messaging API calls enable the sending and reading of messages over a previously established connection (channel). The Messaging API calls are the @@ -338,7 +331,7 @@ same for servers and clients.</p> call, and a server gets a channel handle from an <code>accept()</code> call, described above.</p> -<h4 id=structure_of_a_trusty_message>Structure of a Trusty message</h4> +<h4 id="structure_of_a_trusty_message">Structure of a Trusty message</h4> <p>As shown in the following, messages exchanged by the Trusty API have a minimal structure, leaving it to the server and client to agree on the semantics of the @@ -368,9 +361,9 @@ reads and writes to these blocks using the <code>iov</code> array. The content of buffers that can be described by the <code>iov</code> array is completely arbitrary.</p> -<h3 id=methods_messaging_api>Methods in the Messaging API</h3> +<h3 id="methods_messaging_api">Methods in the Messaging API</h3> -<h4 id=send_msg>send_msg()</h4> +<h4 id="send_msg">send_msg()</h4> <p>Sends a message over a specified channel.</p> @@ -393,9 +386,9 @@ In such a case the caller must wait until the peer frees some space in its receive queue by retrieving the handling and retiring messages, indicated by the <code>IPC_HANDLE_POLL_SEND_UNBLOCKED</code> bit set in the <code>event</code> field of the <code>uevent_t</code> structure -returned by the <code>wait()</code> or <code>wait_any()</code> call.</p> +returned by the <code>wait()</code> call.</p> -<h4 id=get_msg>get_msg()</h4> +<h4 id="get_msg">get_msg()</h4> <p>Gets meta-information about the next message in an incoming message queue</p> @@ -423,7 +416,7 @@ particular channel.</p> <p>[retval]: <code>NO_ERROR</code> on success; a negative error otherwise</p> -<h4 id=read_msg>read_msg()</h4> +<h4 id="read_msg">read_msg()</h4> <p>Reads the content of the message with the specified ID starting from the specified offset.</p> @@ -450,7 +443,7 @@ success; a negative error otherwise</p> a different (not necessarily sequential) offset as needed.</p> -<h4 id=put_msg>put_msg()</h4> +<h4 id="put_msg">put_msg()</h4> <p>Retires a message with a specified ID.</p> @@ -467,7 +460,7 @@ long put_msg(uint32_t handle, uint32_t msg_id); <p>Message content cannot be accessed after a message has been retired and the buffer it occupied has been freed.</p> -<h2 id=file_descriptor_api>File Descriptor API</h2> +<h2 id="file_descriptor_api">File Descriptor API</h2> <p>The File Descriptor API includes <code>read()</code>, <code>write()</code>, and <code>ioctl()</code> calls. All of these calls can operate on a predefined (static) set of file @@ -500,9 +493,9 @@ error, as this stream is very likely to be unthrottled. The <code>read()</code> to be exercised with caution. Extending file descriptors is prone to create conflicts and is not generally recommended.</p> -<h3 id=methods_file_descriptor_api>Methods in the File Descriptor API</h3> +<h3 id="methods_file_descriptor_api">Methods in the File Descriptor API</h3> -<h4 id=read>read()</h4> +<h4 id="read">read()</h4> <p>Attempts to read up to <code>count</code> bytes of data from a specified file descriptor.</p> @@ -518,7 +511,7 @@ long read(uint32_t fd, void *buf, uint32_t count); <p>[retval]: Returned number of bytes read; a negative error otherwise</p> -<h4 id=write>write()</h4> +<h4 id="write">write()</h4> <p>Writes up to <code>count</code> bytes of data to specified file descriptor.</p> @@ -534,7 +527,7 @@ long write(uint32_t fd, void *buf, uint32_t count); <p>[retval]: Returned number of bytes written; a negative error otherwise</p> -<h4 id=ioctl>ioctl()</h4> +<h4 id="ioctl">ioctl()</h4> <p>Invokes a specified <code>ioctl</code> command for a given file descriptor.</p> @@ -548,11 +541,11 @@ long ioctl(uint32_t fd, uint32_t cmd, void *args); <p>[in/out] <code>args</code>: Pointer to <code>ioctl()</code> arguments</p> -<h2 id=miscellaneous_api>Miscellaneous API</h2> +<h2 id="miscellaneous_api">Miscellaneous API</h2> -<h3 id=methods_misc_api>Methods in the Miscellaneous API</h3> +<h3 id="methods_misc_api">Methods in the Miscellaneous API</h3> -<h4 id=gettime>gettime()</h4> +<h4 id="gettime">gettime()</h4> <p>Returns the current system time (in nanoseconds).</p> @@ -568,7 +561,7 @@ long gettime(uint32_t clock_id, uint32_t flags, uint64_t *time); <p>[retval]: <code>NO_ERROR</code> on success; a negative error otherwise</p> -<h4 id=nanosleep>nanosleep()</h4> +<h4 id="nanosleep">nanosleep()</h4> <p>Suspends execution of the calling application for a specified period of time and resumes it after that period.</p> @@ -585,7 +578,7 @@ long nanosleep(uint32_t clock_id, uint32_t flags, uint64_t sleep_time) <p>[retval]: <code>NO_ERROR</code> on success; a negative error otherwise</p> -<h2 id=example_of_a_trusted_application_server>Example of a trusted application server</h2> +<h2 id="example_of_a_trusted_application_server">Example of a trusted application server</h2> <p>The following sample application shows the usage of the above APIs. The sample creates an "echo" service that handles multiple incoming connections and @@ -593,61 +586,57 @@ reflects back to the caller all messages it receives from clients originated from the secure or non-secure side.</p> <pre class="prettyprint"> -#include <assert.h> -#include <err.h> -#include <stddef.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <trusty_std.h> - -#include <app/echo/uuids.h> - +#include < stddef.h > +#include < stdio.h > +#include < stdlib.h > +#include < string.h > +#include < trusty_std.h > +#include < app / echo / uuids.h > #define LOG_TAG "echo_srv" +#define TLOGE(fmt, ...)\ +fprintf(stderr, "%s: %d: " + fmt, LOG_TAG, __LINE__, ##__VA_ARGS__) -#define TLOGE(fmt, ...) \ - fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ## __VA_ARGS__) +# define MAX_ECHO_MSG_SIZE 64 -#define MAX_ECHO_MSG_SIZE 64 - -static const char *srv_name = "com.android.echo.srv.echo"; +static +const char * srv_name = "com.android.echo.srv.echo"; static uint8_t msg_buf[MAX_ECHO_MSG_SIZE]; /* * Message handler */ -static int handle_msg(handle_t chan) -{ +static int handle_msg(handle_t chan) { int rc; iovec_t iov; ipc_msg_t msg; ipc_msg_info_t msg_inf; iov.base = msg_buf; - iov.len = sizeof(msg_buf); + iov.len = sizeof(msg_buf); msg.num_iov = 1; - msg.iov = &iov; + msg.iov = & iov; msg.num_handles = 0; - msg.handles = NULL; + msg.handles = NULL; /* get message info */ - rc = get_msg(chan, &msg_inf); + rc = get_msg(chan, & msg_inf); if (rc == ERR_NO_MSG) return NO_ERROR; /* no new messages */ if (rc != NO_ERROR) { TLOGE("failed (%d) to get_msg for chan (%d)\n", - rc, chan); + rc, chan); return rc; } /* read msg content */ - rc = read_msg(chan, msg_inf.id, 0, &msg); - if (rc < 0) { + rc = read_msg(chan, msg_inf.id, 0, & msg); + if (rc < 0) { TLOGE("failed (%d) to read_msg for chan (%d)\n", - rc, chan); + rc, chan); return rc; } @@ -655,18 +644,18 @@ static int handle_msg(handle_t chan) iov.len = (size_t) rc; /* send message back to the caller */ - rc = send_msg(chan, &msg); - if (rc < 0) { + rc = send_msg(chan, & msg); + if (rc < 0) { TLOGE("failed (%d) to send_msg for chan (%d)\n", - rc, chan); + rc, chan); return rc; } /* retire message */ rc = put_msg(chan, msg_inf.id); - if ( rc != NO_ERROR) { + if (rc != NO_ERROR) { TLOGE("failed (%d) to put_msg for chan (%d)\n", - rc, chan); + rc, chan); return rc; } @@ -676,23 +665,22 @@ static int handle_msg(handle_t chan) /* * Channel event handler */ -static void handle_channel_event(const uevent_t *ev) -{ +static void handle_channel_event(const uevent_t * ev) { int rc; - if (ev->event & IPC_HANDLE_POLL_MSG) { - rc = handle_msg(ev->handle); + if (ev - > event & IPC_HANDLE_POLL_MSG) { + rc = handle_msg(ev - > handle); if (rc != NO_ERROR) { /* report an error and close channel */ TLOGE("failed (%d) to handle event on channel %d\n", - rc, ev->handle); - close(ev->handle); + rc, ev - > handle); + close(ev - > handle); } return; } - if (ev->event & IPC_HANDLE_POLL_HUP) { + if (ev - > event & IPC_HANDLE_POLL_HUP) { /* closed by peer. */ - close(ev->handle); + close(ev - > handle); return; } } @@ -700,110 +688,84 @@ static void handle_channel_event(const uevent_t *ev) /* * Port event handler */ -static void handle_port_event(const uevent_t *ev) -{ - uuid_t peer_uuid; - - if ((ev->event & IPC_HANDLE_POLL_ERROR) || - (ev->event & IPC_HANDLE_POLL_HUP) || - (ev->event & IPC_HANDLE_POLL_MSG) || - (ev->event & IPC_HANDLE_POLL_SEND_UNBLOCKED)) { - /* should never happen with port handles */ - TLOGE("error event (0x%x) for port (%d)\n", - ev->event, ev->handle); - abort(); - } - if (ev->event & IPC_HANDLE_POLL_READY) { - /* incoming connection: accept it */ - int rc = accept(ev->handle, &peer_uuid); - if (rc < 0) { - TLOGE("failed (%d) to accept on port %d\n", - rc, ev->handle); - return; +static void handle_port_event(const uevent_t * ev) { + uuid_t peer_uuid; + + if ((ev - > event & IPC_HANDLE_POLL_ERROR) || + (ev - > event & IPC_HANDLE_POLL_HUP) || + (ev - > event & IPC_HANDLE_POLL_MSG) || + (ev - > event & IPC_HANDLE_POLL_SEND_UNBLOCKED)) { + /* should never happen with port handles */ + TLOGE("error event (0x%x) for port (%d)\n", + ev - > event, ev - > handle); + abort(); } - } -} - -/* - * Main application entry point - */ -int main(void) -{ - int rc; - handle_t port; - - /* Initialize service */ - rc = port_create(srv_name, 1, MAX_ECHO_MSG_SIZE, - IPC_PORT_ALLOW_NS_CONNECT | - IPC_PORT_ALLOW_TA_CONNECT ); - if (rc < 0) { - TLOGE("Failed (%d) to create port %s\n", - rc, srv_name); - abort(); - } - port = (handle_t)rc; - - /* enter main event loop */ - while (true) { - uevent_t ev; - - ev.handle = INVALID_IPC_HANDLE; - ev.event = 0; - ev.cookie = NULL; - - /* wait forever */ - rc = wait_any(&ev, -1); - if (rc == NO_ERROR) { - /* got an event */ - if (ev.handle == port) { - handle_port_event(&ev); - } else { - handle_channel_event(&ev); + if (ev - > event & IPC_HANDLE_POLL_READY) { + /* incoming connection: accept it */ + int rc = accept(ev - > handle, &peer_uuid); + if (ev - > event & IPC_HANDLE_POLL_READY) { + /* incoming connection: accept it */ + int rc = accept(ev - > handle, &peer_uuid); + if (rc < 0) { + TLOGE("failed (%d) to accept on port %d\n", + rc, ev - > handle); + return; + } + handle_t chan = rc; + while (true){ + struct uevent cev; + + rc = wait(handle, &cev, -1); + if (rc < 0) { + TLOGE("wait returned (%d)\n", rc); + abort(); + } + handle_channel_event(&cev); + if (cev.event & IPC_HANDLE_POLL_HUP) { + return; + } } - } else { - TLOGE("wait_any returned (%d)\n", rc); - abort(); } - } - return 0; -} -</pre> -<h2 id=example_of_a_trusted_application_client>Example of a trusted application client</h2> -<p>The following code snippets show the use of the Trusty messaging APIs to -implement a client of an "echo" service (shown in the code above). The <code>sync_connect()</code> -method shows an implementation of a synchronous connect with a timeout on top -of an asynchronous <code>connect()</code> call.</p> + /* + * Main application entry point + */ + int main(void) { + int rc; + handle_t port; -<pre class="prettyprint"> -/* - * Local wrapper on top of an async connect that provides a - * synchronous connect with timeout. - */ -int sync_connect(const char *path, uint timeout) -{ - int rc; - uevent_t evt; - handle_t chan; - - rc = connect(path, IPC_CONNECT_ASYNC | IPC_CONNECT_WAIT_FOR_PORT); - if (rc >= 0) { - chan = (handle_t) rc; - rc = wait(chan, &evt, timeout); - if (rc == 0) { - rc = ERR_BAD_STATE; - if (evt.handle == chan) { - if (evt.event & IPC_HANDLE_POLL_READY) - return chan; - if (evt.event & IPC_HANDLE_POLL_HUP) - rc = ERR_CHANNEL_CLOSED; + /* Initialize service */ + rc = port_create(srv_name, 1, MAX_ECHO_MSG_SIZE, + IPC_PORT_ALLOW_NS_CONNECT | + IPC_PORT_ALLOW_TA_CONNECT); + if (rc < 0) { + TLOGE("Failed (%d) to create port %s\n", + rc, srv_name); + abort(); + } + port = (handle_t) rc; + + /* enter main event loop */ + while (true) { + uevent_t ev; + + ev.handle = INVALID_IPC_HANDLE; + ev.event = 0; + ev.cookie = NULL; + + /* wait forever */ + rc = wait(port, &ev, -1) + if (rc == NO_ERROR) { + /* got an event */ + handle_port_event(&ev); + } else { + TLOGE("wait returned (%d)\n", rc); + abort(); + } } + return 0; } - close(chan); - } - return rc; -} </pre> <p>The <code>run_end_to_end_msg_test()</code> method sends 10,000 messages asynchronously @@ -906,7 +868,7 @@ abort_test: } </pre> -<h2 id=non-secure_world_apis_and_applications>Non-secure world APIs and applications</h2> +<h2 id="non-secure_world_apis_and_applications">Non-secure world APIs and applications</h2> <p>A set of Trusty services, published from the secure side and marked with the <code>IPC_PORT_ALLOW_NS_CONNECT</code> attribute, are accessible to kernel @@ -921,7 +883,7 @@ trusty-ipc kernel driver and registers a character device node that can be used by user space processes to communicate with services running on the secure side.</p> -<h3 id=user_space_trusty_ipc_client_api>User space Trusty IPC Client API</h3> +<h3 id="user_space_trusty_ipc_client_api">User space Trusty IPC Client API</h3> <p>The user space Trusty IPC Client API library is a thin layer on top of the device node <code>fd</code>.</p> @@ -967,7 +929,7 @@ messages that are delivered back to the non-secure side and placed in the appropriate channel file descriptor message queue to be retrieved by the user space application <code>read()</code> call.</p> -<h4 id=tipc_connect>tipc_connect()</h4> +<h4 id="tipc_connect">tipc_connect()</h4> <p>Opens a specified <code>tipc</code> device node and initiates a connection to a specified Trusty service.</p> @@ -982,7 +944,7 @@ int tipc_connect(const char *dev_name, const char *srv_name); <p>[retval]: Valid file descriptor on success, -1 otherwise.</p> -<h4 id=tipc_close>tipc_close()</h4> +<h4 id="tipc_close">tipc_close()</h4> <p>Closes the connection to the Trusty service specified by a file descriptor.</p> @@ -993,7 +955,7 @@ int tipc_close(int fd); <p>[in] <code>fd</code>: File descriptor previously opened by a <code>tipc_connect()</code> call</p> -<h2 id=kernel_trusty_ipc_client_api>Kernel Trusty IPC Client API</h2> +<h2 id="kernel_trusty_ipc_client_api">Kernel Trusty IPC Client API</h2> <p>The kernel Trusty IPC Client API is available for kernel drivers. The user space Trusty IPC API is implemented on top of this API.</p> @@ -1039,9 +1001,9 @@ for further processing. A detached <code>rx</code> buffer must be tracked and eventually released using a <code>tipc_chan_put_rxbuf()</code> call when it is no longer needed.</p> -<h3 id=methods_ktic_api>Methods in the Kernel Trusty IPC Client API</h3> +<h3 id="methods_ktic_api">Methods in the Kernel Trusty IPC Client API</h3> -<h4 id=tipc_create_channel>tipc_create_channel()</h4> +<h4 id="tipc_create_channel">tipc_create_channel()</h4> <p>Creates and configures an instance of a Trusty IPC channel for a particular trusty-ipc device.</p> @@ -1104,7 +1066,7 @@ received over a specified channel:</p> can be a new buffer obtained by the <code>tipc_chan_get_rxbuf()</code> call) </ul> -<h4 id=tipc_chan_connect>tipc_chan_connect()</h4> +<h4 id="tipc_chan_connect">tipc_chan_connect()</h4> <p>Initiates a connection to the specified Trusty IPC service.</p> @@ -1123,7 +1085,7 @@ service name to which to connect</p> <p>The caller is notified when a connection is established by receiving a <code>handle_event</code> callback.</p> -<h4 id=tipc_chan_shutdown>tipc_chan_shutdown()</h4> +<h4 id="tipc_chan_shutdown">tipc_chan_shutdown()</h4> <p>Terminates a connection to the Trusty IPC service previously initiated by a <code>tipc_chan_connect()</code> call.</p> @@ -1135,7 +1097,7 @@ int tipc_chan_shutdown(struct tipc_chan *chan); <p>[in] <code>chan</code>: Pointer to a channel returned by a <code>tipc_create_chan()</code> call</p> -<h4 id=tipc_chan_destroy>tipc_chan_destroy()</h4> +<h4 id="tipc_chan_destroy">tipc_chan_destroy()</h4> <p>Destroys a specified Trusty IPC channel.</p> @@ -1146,7 +1108,7 @@ void tipc_chan_destroy(struct tipc_chan *chan); <p>[in] <code>chan</code>: Pointer to a channel returned by the <code>tipc_create_chan()</code> call</p> -<h4 id=tipc_chan_get_txbuf_timeout>tipc_chan_get_txbuf_timeout()</h4> +<h4 id="tipc_chan_get_txbuf_timeout">tipc_chan_get_txbuf_timeout()</h4> <p>Obtains a message buffer that can be used to send data over a specified channel. If the buffer is not immediately available the caller may be blocked @@ -1165,7 +1127,7 @@ tipc_chan_get_txbuf_timeout(struct tipc_chan *chan, long timeout); <p>[retval]: A valid message buffer on success, <code>ERR_PTR(err)</code> on error</p> -<h4 id=tipc_chan_queue_msg>tipc_chan_queue_msg()</h4> +<h4 id="tipc_chan_queue_msg">tipc_chan_queue_msg()</h4> <p>Queues a message to be sent over the specified Trusty IPC channels.</p> @@ -1181,7 +1143,7 @@ int tipc_chan_queue_msg(struct tipc_chan *chan, struct tipc_msg_buf *mb); <p>[retval]: 0 on success, a negative error otherwise</p> -<h4 id=tipc_chan_put_txbuf>tipc_chan_put_txbuf()</h4> +<h4 id="tipc_chan_put_txbuf">tipc_chan_put_txbuf()</h4> <p>Releases the specified <code>Tx</code> message buffer previously obtained by a <code>tipc_chan_get_txbuf_timeout()</code> call.</p> @@ -1198,7 +1160,7 @@ this message buffer belongs</p> <p>[retval]: None</p> -<h4 id=tipc_chan_get_rxbuf>tipc_chan_get_rxbuf()</h4> +<h4 id="tipc_chan_get_rxbuf">tipc_chan_get_rxbuf()</h4> <p>Obtains a new message buffer that can be used to receive messages over the specified channel.</p> @@ -1211,7 +1173,7 @@ struct tipc_msg_buf *tipc_chan_get_rxbuf(struct tipc_chan *chan); <p>[retval]: A valid message buffer on success, <code>ERR_PTR(err)</code> on error</p> -<h4 id=tipc_chan_put_rxbuf>tipc_chan_put_rxbuf()</h4> +<h4 id="tipc_chan_put_rxbuf">tipc_chan_put_rxbuf()</h4> <p>Releases a specified message buffer previously obtained by a <code>tipc_chan_get_rxbuf()</code> call.</p> @@ -1229,3 +1191,4 @@ void tipc_chan_put_rxbuf(struct tipc_chan *chan, </body> </html> + |
