diff options
| author | Android Partner Docs <noreply@android.com> | 2019-01-25 14:26:34 -0800 |
|---|---|---|
| committer | Mark Hecomovich <mheco@google.com> | 2019-01-25 14:56:27 -0800 |
| commit | 964c5956c98fb20ab44ead57e59b5c0ed9f0ab11 (patch) | |
| tree | 94e1ae7edb82c95a5da83468b6ea104d651850f3 /en | |
| parent | d8c39787c5a4061686695502e62c0477b939c633 (diff) | |
| download | source.android.com-964c5956c98fb20ab44ead57e59b5c0ed9f0ab11.tar.gz | |
Docs: Changes to source.android.com
- 230969164 Add details about supported deviceless tests by Android Partner Docs <noreply@android.com>
- 230954177 Devsite localized content from translation request 1089952. by Android Partner Docs <noreply@android.com>
- 230924636 Devsite localized content from translation request 1092604. by Android Partner Docs <noreply@android.com>
- 230924621 Devsite localized content from translation request 1091268. by Android Partner Docs <noreply@android.com>
- 230811847 Please review this new content for "Automotive Power Mana... by Janet Davies <janetd@google.com>
- 230794111 Add HWASan to the docs ready for bootcamp. by Android Partner Docs <noreply@android.com>
- 230779068 Link to NDK docs on DAC from first reference to Make by Android Partner Docs <noreply@android.com>
- 230744983 Devsite localized content from translation request 1092191. by Android Partner Docs <noreply@android.com>
- 230744981 Devsite localized content from translation request 1093422. by Android Partner Docs <noreply@android.com>
- 230744964 Devsite localized content from translation request 1094193. by Android Partner Docs <noreply@android.com>
- 230742820 Moving Marshmallow 6.0 to No Release Planned as CTS 6.0 w... by Android Partner Docs <noreply@android.com>
- 230614628 Fixed broken links (they were relative and not absolute f... by Christina Nguyen <cqn@google.com>
- 230384953 Remove rogue parenthesis by Danielle Roberts <daroberts@google.com>
- 230375898 Fix broken links to subpages with absolute paths by Android Partner Docs <noreply@android.com>
- 230364707 Devsite localized content from translation request 1093572. by Android Partner Docs <noreply@android.com>
- 230364690 Devsite localized content from translation request 1093439. by Android Partner Docs <noreply@android.com>
- 230364619 Devsite localized content from translation request 1089936. by Android Partner Docs <noreply@android.com>
- 230364605 Devsite localized content from translation request 1086836. by Android Partner Docs <noreply@android.com>
- 230364588 Devsite localized content from translation request 1093713. by Android Partner Docs <noreply@android.com>
- 230364494 Devsite localized content from translation request 1093448. by Android Partner Docs <noreply@android.com>
- 230364465 Devsite localized content from translation request 1091295. by Android Partner Docs <noreply@android.com>
- 230364454 Devsite localized content from translation request 1092609. by Android Partner Docs <noreply@android.com>
- 230364368 Devsite localized content from translation request 1048174. by Android Partner Docs <noreply@android.com>
- 230364354 Devsite localized content from translation request 1047598. by Android Partner Docs <noreply@android.com>
- 230364346 Devsite localized content from translation request 1089969. by Android Partner Docs <noreply@android.com>
- 230020584 Update the guide for using vendor provided bcc by Android Partner Docs <noreply@android.com>
- 229999258 Fix a typo in gsi.html by Android Partner Docs <noreply@android.com>
- 229997798 Add file_patterns attribute documentation by Android Partner Docs <noreply@android.com>
- 229991256 Update the characters for zh-cn and zh-tw in the Security... by Danielle Roberts <daroberts@google.com>
- 229977174 Moving time zones to Updates (from Permissions); also upd... by Heidi von Markham <hvm@google.com>
- 229831729 Devsite localized content from translation request 1090171. by Android Partner Docs <noreply@android.com>
- 229831714 Devsite localized content from translation request 1090622. by Android Partner Docs <noreply@android.com>
- 229831667 Devsite localized content from translation request 1015775. by Android Partner Docs <noreply@android.com>
- 229831656 Devsite localized content from translation request 1088392. by Android Partner Docs <noreply@android.com>
- 229831644 Devsite localized content from translation request 1090166. by Android Partner Docs <noreply@android.com>
- 229581198 Devsite localized content from translation request 1086821. by Android Partner Docs <noreply@android.com>
- 229425689 Fixing typos for Shutdown (to shutdown) by Heidi von Markham <hvm@google.com>
- 229416134 Update a paragraph in the permission model section of the... by Luke Haviland <lhaviland@google.com>
- 229402835 Devsite localized content from translation request 553155. by Android Partner Docs <noreply@android.com>
- 229305053 Devsite localized content from translation request 1091266. by Android Partner Docs <noreply@android.com>
- 229305046 Devsite localized content from translation request 1091273. by Android Partner Docs <noreply@android.com>
- 229245843 Devsite localized content from translation request 1015221. by Android Partner Docs <noreply@android.com>
- 228916961 Fix typo by Kenneth Lau <kennethlau@google.com>
- 228796242 Change "Optional" to "Required" by Kenneth Lau <kennethlau@google.com>
- 228720589 Devsite localized content from translation request 1090636. by Android Partner Docs <noreply@android.com>
- 228612958 Added Joshua Laney's information to November security ack... by Luke Haviland <lhaviland@google.com>
- 228585561 Update versions file by Kenneth Lau <kennethlau@google.com>
- 228557861 Devsite localized content from translation request 1089965. by Android Partner Docs <noreply@android.com>
- 228541590 Fix HTML. by Android Partner Docs <noreply@android.com>
- 228525372 Replace unresolved variable reference in localized files. by Android Partner Docs <noreply@android.com>
- 228439111 Add missing < by Android Partner Docs <noreply@android.com>
- 228436522 Adding the January Android bulletin acknowledgements by Luke Haviland <lhaviland@google.com>
- 228407590 Correct the naming of EGL extension, and point the link t... by Android Partner Docs <noreply@android.com>
- 228395277 Rename Test Config to Build Config to better reflect Soon... by Android Partner Docs <noreply@android.com>
- 228340013 Devsite localized content from translation request 1044284. by Android Partner Docs <noreply@android.com>
- 228340002 Devsite localized content from translation request 1048178. by Android Partner Docs <noreply@android.com>
- 228339974 Devsite localized content from translation request 1089289. by Android Partner Docs <noreply@android.com>
- 228339806 Devsite localized content from translation request 999875. by Android Partner Docs <noreply@android.com>
- 228339785 Devsite localized content from translation request 1046259. by Android Partner Docs <noreply@android.com>
- 228339757 Devsite localized content from translation request 1049718. by Android Partner Docs <noreply@android.com>
- 228267452 Add information on gdbclient.py by Kenneth Lau <kennethlau@google.com>
- 228261450 Adding the Android AOSP links to the Android January secu... by Luke Haviland <lhaviland@google.com>
- 228247613 Fill in security levels for December 2018 builds. by Android Partner Docs <noreply@android.com>
- 228241115 Add January 2019 builds. by Android Partner Docs <noreply@android.com>
- 228208289 Remove _toc-*.yaml files that are no longer used due to r... by Christina Nguyen <cqn@google.com>
- 228205865 Devsite localized content from translation request 1048626. by Android Partner Docs <noreply@android.com>
- 228205856 Devsite localized content from translation request 1048155. by Android Partner Docs <noreply@android.com>
- 228205845 Devsite localized content from translation request 1047886. by Android Partner Docs <noreply@android.com>
- 228186179 Adding the January 2019 security Android/Pixel bulletins. by Luke Haviland <lhaviland@google.com>
- 228183717 Add BCC native stack dump documentation by Android Partner Docs <noreply@android.com>
- 228181974 Devsite localized content from translation request 1089935. by Android Partner Docs <noreply@android.com>
- 227911224 Add more information on cts-dev and also --skip-precondit... by Android Partner Docs <noreply@android.com>
- 227772142 Update image path by Danielle Roberts <daroberts@google.com>
- 227719040 Fix broken links by Kenneth Lau <kennethlau@google.com>
- 227715850 Devsite localized content from translation request 1045494. by Android Partner Docs <noreply@android.com>
- 227715841 Devsite localized content from translation request 1044265. by Android Partner Docs <noreply@android.com>
- 227715826 Devsite localized content from translation request 1087340. by Android Partner Docs <noreply@android.com>
- 227709199 Fix path on images by Danielle Roberts <daroberts@google.com>
- 227620512 Devsite localized content from translation request 1032286. by Android Partner Docs <noreply@android.com>
- 227620508 Devsite localized content from translation request 1087344. by Android Partner Docs <noreply@android.com>
- 227620485 Devsite localized content from translation request 1087104. by Android Partner Docs <noreply@android.com>
- 227620481 Devsite localized content from translation request 1046261. by Android Partner Docs <noreply@android.com>
- 227620479 Devsite localized content from translation request 1087239. by Android Partner Docs <noreply@android.com>
- 227617540 Devsite localized content from translation request 1007762. by Android Partner Docs <noreply@android.com>
- 227617535 Devsite localized content from translation request 1089145. by Android Partner Docs <noreply@android.com>
- 227617491 Devsite localized content from translation request 1087109. by Android Partner Docs <noreply@android.com>
- 227617482 Devsite localized content from translation request 1047584. by Android Partner Docs <noreply@android.com>
- 227617480 Devsite localized content from translation request 1089449. by Android Partner Docs <noreply@android.com>
- 227617378 Devsite localized content from translation request 1087099. by Android Partner Docs <noreply@android.com>
- 227610447 Add variable tag to CTS downloads page by Danielle Roberts <daroberts@google.com>
- 227595909 Add link to camera section on CTS setup page by Kenneth Lau <kennethlau@google.com>
- 227595777 Change title to title case by Kenneth Lau <kennethlau@google.com>
- 227546776 Newline between function and param descriptions. by Android Partner Docs <noreply@android.com>
- 227546753 Small edits to system best practices by Danielle Roberts <daroberts@google.com>
- 227033873 Document "run cts-dev" command, present CTS V2 first by Android Partner Docs <noreply@android.com>
- 226772000 Devsite localized content from translation request 1041964. by Android Partner Docs <noreply@android.com>
- 226552899 Announce Adiantum on SAC home page by Danielle Roberts <daroberts@google.com>
- 226550934 Add Adiantum docs to encryption section by Danielle Roberts <daroberts@google.com>
- 226530870 Devsite localized content from translation request 1046265. by Android Partner Docs <noreply@android.com>
- 226497667 Devsite localized content from translation request 1047878. by Android Partner Docs <noreply@android.com>
(And 26 more changes)
PiperOrigin-RevId: 230969164
Change-Id: I2bf51b3793304247e04b953816961605fe1ba4bf
Diffstat (limited to 'en')
90 files changed, 5220 insertions, 2640 deletions
diff --git a/en/_book.yaml b/en/_book.yaml index ada73e7a..cc429ff4 100644 --- a/en/_book.yaml +++ b/en/_book.yaml @@ -61,6 +61,9 @@ upper_tabs: - name: Testing contents: - include: /security/_toc-fuzz.yaml + - name: Best Practices + contents: + - include: /security/_toc-best-practices.yaml - name: Develop lower_tabs: other: diff --git a/en/_dac_versions.html b/en/_dac_versions.html deleted file mode 100644 index bc8c244c..00000000 --- a/en/_dac_versions.html +++ /dev/null @@ -1,34 +0,0 @@ -{% comment %} - -Add this file to your doc by adding this line at the top of the body: -{% include "_shared/_versions.html" %} - -Then add an inline variable like this: -{{ gradlePluginVersion }} - -{% endcomment %} - -{# TOOLS #} -{% setvar buildToolsVersion %}27.0.3{% endsetvar %} -{% setvar gradlePluginVersion %}3.1.0{% endsetvar %} -{% setvar gradleVersion %}4.4{% endsetvar %} -{% setvar intellijVersion %}2017.3{% endsetvar %} - -{# SDK VERSIONS #} -{% setvar minSdkVersion %}15{% endsetvar %} -{% setvar compileSdkVersion %}26{% endsetvar %} -{% setvar targetSdkVersion %}{{ compileSdkVersion }}{% endsetvar %} -{% setvar supportLibMinSdkVersion %}14{% endsetvar %} -{% setvar supportLibMinSdkName %}4.0{% endsetvar %} - -{# LIBRARY VERSIONS #} -{% setvar supportLibVersion %}27.1.1{% endsetvar %} -{% setvar espressoLibVersion %}3.0.2{% endsetvar %} -{% setvar gmsLibVersion %}9.8.0{% endsetvar %} -{% setvar wearableLibVersion %}9.8.0{% endsetvar %} -{% setvar multidexLibVersion %}1.0.3{% endsetvar %} -{% setvar playCoreLibVersion %}1.3.0{% endsetvar %} - -{# PLATFORM VERSIONS #} -{% setvar androidPVersionNumber %}9{% endsetvar %} -{% setvar androidPApiLevel %}P{% endsetvar %} diff --git a/en/_index.yaml b/en/_index.yaml index e5e42f7b..6b2cc556 100644 --- a/en/_index.yaml +++ b/en/_index.yaml @@ -77,29 +77,29 @@ landing_page: image_path: /images/android_stack.png - heading: News items: - - heading: Continuous Integration Dashboard + - heading: January Security Bulletins description: > - The Android Open Source Project (AOSP) has published its continuous integration - dashboard. + The January 2019 Android and Pixel Bulletins have been published + along with links to associated fixes and new build numbers to support the + January security release. buttons: - - label: December 14th, 2018 - path: /setup/build/dashboard - - heading: December Security Bulletins + - label: January 7th, 2019 + path: /security/bulletin/2019-01-01 + - heading: Enabling Adiantum description: > - The December 2018 Android and Pixel/Nexus Security Bulletins have been - published along with links to associated fixes and new build numbers - to support the December security release. + New page for enabling Adiantum, an encryption method designed for + devices running Android 9 and higher whose CPUs lack AES instructions. buttons: - - label: December 5th, 2018 - path: /security/bulletin/2018-12-01 - - heading: Test Mapping Made Easy + - label: December 21th, 2018 + path: /security/encryption/adiantum + - heading: Security Best Practices description: > - Test Mapping is a Gerrit-based approach that allows developers to create pre- and - post-submit test rules directly in the Android source tree and leave branch and device - selection to the test infrastructure. + New section containing security best practices for device + manufacturers, including tips for system, app, network, + hardware, and organizational and operational security. buttons: - - label: December 4th, 2018 - path: /compatibility/tests/development/test-mapping + - label: December 18th, 2018 + path: /security/best-practices - classname: devsite-landing-row-100 tf-row-centered items: - buttons: diff --git a/en/_translation.yaml b/en/_translation.yaml deleted file mode 100644 index cf10a2a2..00000000 --- a/en/_translation.yaml +++ /dev/null @@ -1,17 +0,0 @@ -ignore_paths: -- /compatibility/... -- /devices/... -- /images/... -- /reference/... -- /security/... -- /setup/... -enable_continuous_translation: true -title: Android Open Source Project -description: Translations for source.android.com -language: -- zh-CN -cc: -- sac-doc-leads+translation@google.com -reviewer: -- daroberts -product: Android diff --git a/en/_versions.html b/en/_versions.html deleted file mode 100644 index ef50a838..00000000 --- a/en/_versions.html +++ /dev/null @@ -1,19 +0,0 @@ -{% comment %} - -To use this versions file, add this file to your doc by adding this line at the -top of the body: -{% include "_versions.html" %} - -Then add an inline variable like this: -{{ androidPVersionNumber }} - -For completeness and consistency, this versions file includes the version -definitions used for developers.android.com. Please add any SAC specific -version variables below. - -{% endcomment %} - -{% include "_dac_versions.html" %} - -{# SAC SPECIFIC VERSIONS #} -{% setvar putVersionNameHere %}X.x{% endsetvar %} diff --git a/en/compatibility/_toc-tests.yaml b/en/compatibility/_toc-tests.yaml index 6d9d575f..8002d3c2 100644 --- a/en/compatibility/_toc-tests.yaml +++ b/en/compatibility/_toc-tests.yaml @@ -56,15 +56,19 @@ toc: - title: Camera HAL Testing path: /compatibility/cts/camera-hal - title: Camera ITS-in-a-Box - path: /compatibility/cts/camera-its-box - - title: Wide Field of View ITS-in-a-Box Assembly - path: /compatibility/cts/camera-wfov-box-assembly - - title: Regular Field of View ITS-in-a-Box Assembly - path: /compatibility/cts/camera-its-box-assembly - - title: Sensor Fusion Box Quick Start - path: /compatibility/cts/sensor-fusion-quick-start - - title: Sensor Fusion Box Details - path: /compatibility/cts/sensor-fusion-box-assembly + section: + - title: Overview + path: /compatibility/cts/camera-its-box + - title: Regular Field of View Box + path: /compatibility/cts/camera-its-box-assembly + - title: Wide Field of View Box + path: /compatibility/cts/camera-wfov-box-assembly + - title: Sensor Fusion Box + section: + - title: Sensor Fusion Box Quick Start + path: /compatibility/cts/sensor-fusion-quick-start + - title: Sensor Fusion Box Details + path: /compatibility/cts/sensor-fusion-box-assembly - title: Secure Element path: /compatibility/cts/secure-element - title: Interpret Results @@ -147,6 +151,8 @@ toc: path: /devices/tech/debug/jank_jitter - title: Using GDB path: /devices/tech/debug/gdb + - title: Dumping User & Kernel Stacks + path: /devices/tech/debug/native_stack_dump - title: Native Memory Use path: /devices/tech/debug/native-memory - title: Network Connectivity Tests diff --git a/en/compatibility/_translation.yaml b/en/compatibility/_translation.yaml deleted file mode 100644 index 320f9ed7..00000000 --- a/en/compatibility/_translation.yaml +++ /dev/null @@ -1,30 +0,0 @@ -ignore_paths: -- /compatibility/1.6/... -- /compatibility/2.1/... -- /compatibility/2.2/... -- /compatibility/2.3/... -- /compatibility/4.0/... -- /compatibility/4.1/... -- /compatibility/4.2/... -- /compatibility/4.3/... -- /compatibility/4.4/... -- /compatibility/5.0/... -- /compatibility/5.1/... -- /compatibility/6.0/... -- /compatibility/7.0/... -- /compatibility/7.1/... -- /compatibility/8.0/... -- /compatibility/8.1/... -- /compatibility/images/... -- /compatibility/source/... -- /compatibility/android-cdd -enable_continuous_translation: true -title: Android Open Source Project Compatibility tab -description: Translations for SAC compatibility tab -language: -- zh-CN -cc: -- sac-doc-leads+translation@google.com -reviewer: -- gdimino@google.com -product: Android diff --git a/en/compatibility/cts/camera-hal.html b/en/compatibility/cts/camera-hal.html index f6db85a9..72da83db 100644 --- a/en/compatibility/cts/camera-hal.html +++ b/en/compatibility/cts/camera-hal.html @@ -24,40 +24,49 @@ <p>This document lists all tests available for evaluating the Android camera -hardware abstraction layer (HAL). It is intended for OEMs and application +hardware abstraction layer (HAL). It is intended for original equipment +manufacturers (OEMs) and application processor (AP) vendors so they may ensure proper implementation of the camera HAL with minimum defects. Although this is a voluntary addition to the Android Compatibility Test Suite (CTS), it greatly increases camera test coverage and will certainly identify potential bugs.</p> -<p>By passing these tests, original equipment manufacturers (OEM) validate -whether they have properly integrated the latest Android camera hardware -abstraction layer (HAL) 3.2 interfaces. When conforming with all items in the +<p>By passing these tests, OEMs validate +whether they have properly integrated the Android +camera hardware +abstraction layer (HAL) 3 interfaces. When conforming with all items in the checklist, a device implementation may be considered <em>full</em> with respect -to the new Android Camera HAL interfaces. This will in turn enable a device to -properly support the new <code>android.hardware.camera2</code> package that +to the Android Camera HAL interfaces. This will in turn enable a device to +properly support the +<a href="https://developer.android.com/reference/android/hardware/camera2/package-summary" class="external"> + <code>android.hardware.camera2</code></a> package that camera apps build upon.</p> -<h2 id=camera_hal_3_2_specification>Camera HAL 3.2 specification</h2> +<h2 id=camera_hal_3_2_specification>Camera HAL3 specification</h2> -<p>The Android Camera HAL 3.2 specification is the authoritative source of -information on what devices must satisfy; the document here provides a summary +<p>The <a href="/devices/camera/camera3">Android Camera HAL3</a> specification +is the authoritative source of +information on what devices must satisfy; this page provides a summary of all tests that can be used as a checklist. Camera HAL implementers (e.g. AP -vendors) should go through the HAL 3.2 specification line-by-line and ensure +vendors) should go through the Camera HAL3 specification line-by-line and ensure their devices conform to it.</p> -<p>The current HAL 3.2 specification is defined in these files within the L -generic Android Platform Development Kit (PDK):</p> +<p>The current HAL specification is defined in these files within the Android +5.0 and later generic Android Platform Development Kit (PDK):</p> <ul> <li><em>Camera HAL 3.x interface and spec</em>: <code><a -href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/camera3.h">hardware/libhardware/include/hardware/camera3.h</a></code>, +href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/camera3.h" +class="external">hardware/libhardware/include/hardware/camera3.h</a></code>, <code><a -href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/camera_common.h">hardware/libhardware/include/hardware/camera_common.h</a></code> +href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/camera_common.h" +class="external">hardware/libhardware/include/hardware/camera_common.h</a></code> <li><em>Camera HAL 3.x metadata spec</em>: <code><a -href="https://android.googlesource.com/platform/system/media/+/master/camera/docs/docs.html">system/media/camera/docs/docs.html</a></code> +href="https://android.googlesource.com/platform/system/media/+/master/camera/docs/docs.html" +class="external">system/media/camera/docs/docs.html</a></code> <li><em>HAL pixel format interface and spec</em>: <code><a -href="https://android.googlesource.com/platform/system/core/+/master/include/system/graphics.h">system/core/include/system/graphics.h</a></code> +href="https://android.googlesource.com/platform/system/core/+/master/libsystem/include/system/graphics.h" +class="external">system/core/libsystem/include/system/graphics.h</a></code> </ul> <h2 id=camera_test_types>Camera test types</h2> @@ -103,14 +112,17 @@ HIDL interface level. For more information on using VTS, see <h2 id=cts_tests>Compatibility Test Suite (CTS) tests</h2> <p>Camera Android Compatibility Test Suite (CTS) tests focus upon device -compatibility. They do not require a specific test environment (the field of -view or FOV CTS Verifier test being the lone exception). </p> +compatibility. For more information on the recommended test environment for camera CTS, see <a href="/compatibility/cts/setup#camera">Set up CTS</a>.</p> <p>The starting path for Camera CTS tests is: <code>platform/cts</code>.</p> <p>When running Camera CTS for devices that support external cameras (such as USB webcams), you must have a device plugged in when running CTS or the tests -will automatically fail.</p> +will automatically fail. Examples of external cameras include: <a +href="https://www.logitech.com/en-us/product/hd-pro-webcam-c920" +class="external">Logitech HD Pro Webcam C920</a> and the <a +href="https://www.microsoft.com/accessories/en-us/products/webcams/lifecam-hd-3000/t3h-00011" +class="external">Microsoft LifeCam HD-3000</a>.</p> <p>See the <a href="/compatibility/cts/index.html">CTS introduction</a> and its subpages for general instructions on running CTS.</p> @@ -144,66 +156,95 @@ the <code>android.hardware.camera2</code> API</h3> <h2 id=its_tests>Image Test Suite (ITS) tests</h2> -<p>The CameraITS tests focus upon image correctness. These Python scripts are -manually run on a workstation with the Android device connected over USB. The -workstation can run any operating system as long as it has the requisite Python -2.7 environment.</p> +<aside class="Note"><strong>Note:</strong> +<a href="/devices/camera/camera3">Camera HAL3</a> is required for all devices +running Android 9 or higher (except for Android Go devices).</aside> -<p class="note">Since ITS is a CTS Verifier subtest, start CTS Verifier and the -ITS subtest before running the python scripts so they have processes with which -to communicate.</p> +<p>The Camera Image Test Suite (ITS) tests focus on image correctness. + To perform the tests, run the Python scripts on a workstation with the + Android device connected over USB.</p> -<p>The CameraITS infrastructure and tests are located under: -<code>cts/apps/CameraITS</code></p> +<p>The Camera ITS infrastructure and tests are located in the +<a href="https://android.googlesource.com/platform/cts/+/master/apps/CameraITS" +class="external"> + <code>cts/apps/CameraITS</code></a> directory. Each test resides in a + <code>tests/scene<var>#</var></code> subdirectory.</p> -<p>See the latest <code>README</code> file in this top-level folder for -instructions on how to set up and run the tests. For setup: <code>make -cts</code></p> +To set up the test environment, run: <pre class="devsite-click-to-copy"> <code class="devsite-terminal">extract root/out/host/linux-x86/cts-verfier/android-cts-verifier.zip</code> <code class="devsite-terminal">cd android-cts-verifier</code> <code class="devsite-terminal">adb install -r CtsVerifier.apk</code> <code class="devsite-terminal">cd CameraITS</code> +<code class="devsite-terminal">source build/envsetup.sh</code> </pre> -<p>See <code>tutorial.py</code> in the <code>tests</code> subdirectory for a -walkthrough of the script's use. Each test resides in a corresponding -<code>tests/scene<#></code> subdirectory. See the <code>README</code> file in -each subdirectory for specific test instructions.</p> - -<p>To follow the recommended way of setting up and running the Camera Image Test -Suite, see <a href="/compatibility/cts/camera-its-box">Camera -ITS-in-a-Box</a>.</p> - -<p>To run ITS manually, you will need a simple physical environment with a +<aside class="note"><strong>Note:</strong> Because ITS is a CTS Verifier subtest, +start CTS Verifier and the ITS subtest before running the Python scripts so they +have processes with which to communicate.</aside> + +<p>For more information on how to set up and run the tests, see the +<code>CameraITS</code> PDF file in <code>cts/apps/CameraITS</code>. See +<a href="https://android.googlesource.com/platform/cts/+/master/apps/CameraITS/tests/tutorial.py" + class="external"> + <code>tutorial.py</code></a> in the <code>tests</code> subdirectory for a +guide on how to use the scripts.</p> + +<p>The ITS static tests (scenes 0-5) can run with any operating +system with the required Python 2.7 environment. However, the +<code>sensor_fusion</code> +test with the <a href="/compatibility/cts/sensor-fusion-quick-start">Sensor +Fusion Box</a> must be run with the +Linux operating system. +</p> + +<p>The recommended setup for scenes 0-4 +is described in <a +href="/compatibility/cts/camera-its-box">Camera ITS-in-a-box</a>. The +recommended setup for the sensor_fusion scene is described in <a +href="/compatibility/cts/sensor-fusion-quick-start">Sensor Fusion Box Quick + Start Guide</a>.</p> + +<p>To run ITS manually, prepare a simple physical environment with a specific, reusable target -such as a white wall, grey card, and desk lamp. The Android device is mounted -on a tripod and its camera functions are exercised by the scripts. Most tests -are pass or fail but some offer metrics, as well.</p> +such as a white wall, a grey card, and a desk lamp. Mount the Android device on + a tripod and run the scripts to test the camera functions. Most tests +are pass or fail but some offer metrics.</p> + +<p>These scripts test scenarios that are not tested in CTS and are an important + component of the HAL 3.2 test plan.</p> -<p>These tests are works-in-progress and are not yet comprehensive enough for -full automated pass/fail validation of the camera HAL. However, these scripts -do test scenarios that are not tested in CTS and are an important component of -the overall HAL 3.2 test plan.</p> +<p>ITS tests either pass or fail. All mandated +tests in each scene folder must pass. Tests that are not mandated can +fail and still count as a pass in +<code>CtsVerifier</code>.</p> -<h3 id=its_tests_on_scene_0_plain>ITS tests on scene 0 (plain)</h3> +<h3 id="scene0_to_scene4_tests">Scene 0 to scene 4 tests</h3> -<p>This test requires no specific setup. Pass all of the tests in the -<code>tests/scene0</code> folder, for all cameras (back + front + any -others).</p> +<p>These scenes represent a large part of ITS testing and are included as PDF +files in the <code>scene</code> folder. To automate these tests, use the <a +href="/compatibility/cts/camera-its-box">Camera ITS-in-a-box</a> system.</p> -<h3 id=its_tests_on_scene_1_grey_card>ITS tests on scene 1 (grey card)</h3> +<ul> + <li>Scene 0: Requires no setup.</li> + <li>Scene 1: Requires a grey card.</li> + <li>Scene 2: Requires a face scene.</li> + <li>Scene 3: ISO12233 chart.</li> + <li>Scene 4: Custom scene with a circle inside a square.</li> +</ul> -<p>Pass all of the tests in the <code>tests/scene1</code> folder, for all -cameras (back + front + any others). The <code>tests/scene1/README</code> file -describes the scene setup.</p> +<h3 id="scene5_tests">Scene 5 tests</h3> +<p>Scene 5 tests require a diffuser to be placed on top of the camera.</p> -<h3 id=its_tests_on_scene_2_camera_lab>ITS tests on scene 2 (camera lab)</h3> +<h3 id="sensor_fusion_tests">Sensor fusion tests</h3> -<p>Pass all of the tests in the <code>tests/scene2</code> folder, for all -cameras (back + front + any others). The <code>tests/scene2/README</code> file -describes the scene setup.</p> +<p>Sensor fusion tests require specific camera motion to test the timestamp +difference between the camera and the gyroscope for AR and VR applications. This +test is skipped if no gyroscope is included or if the <code>REALTIME</code> +parameter is not enabled. The <code>sensor_fusion</code> test can be automated +with the <a +href="/compatibility/cts/sensor-fusion-quick-start">Sensor Fusion Box</a>.</p> <h2 id=media_framework_tests>Media Framework tests</h2> @@ -222,11 +263,11 @@ to install the resulting .apk. Example commands are included below.</p> <pre class="devsite-click-to-copy"> <code class="devsite-terminal">make mediaframeworktest</code> -<code class="devsite-terminal">adb install out/target/product/<em><name></em>/data/app/mediaframeworktest.apk</code> +<code class="devsite-terminal">adb install out/target/product/<var>name</var>/data/app/mediaframeworktest.apk</code> </pre> -<p>Where the <em><code><name></code></em> variable represents the directory -containing the vendor's product.</p> + <p>Where the <var>name</var> variable represents the + directory containing the vendor's product.</p> <p>Find all of the tests in the following directory or its subdirectories:</p> diff --git a/en/compatibility/cts/camera-its-box-assembly.html b/en/compatibility/cts/camera-its-box-assembly.html index f6336f10..45d2f868 100644 --- a/en/compatibility/cts/camera-its-box-assembly.html +++ b/en/compatibility/cts/camera-its-box-assembly.html @@ -1,6 +1,6 @@ <html devsite> <head> - <title>Regular Field of View (RFoV) ITS-in-a-Box Assembly</title> + <title>Regular Field of View (RFoV) Box</title> <meta name="project_path" value="/_project.yaml" /> <meta name="book_path" value="/_book.yaml" /> </head> @@ -41,6 +41,8 @@ qualified vendors.</p> 95050<br>fred@acuspecinc.com</li> <li><em>MYWAY, Inc</em><br>4F., No. 163, Fu Ying Rd., New Taipei City, Taiwan<br>sales@myway.tw</li> +<li><em>West-Mark, Inc</em><br>2704 Railroad Ave, Ceres, CA +95307<br>dgoodman@west-mark.com</li> </ul> <h2 id=building-box>Building an RFoV ITS-in-a-box</h2> diff --git a/en/compatibility/cts/camera-its-box.html b/en/compatibility/cts/camera-its-box.html index 8bdc3bb3..5027656e 100644 --- a/en/compatibility/cts/camera-its-box.html +++ b/en/compatibility/cts/camera-its-box.html @@ -62,8 +62,11 @@ software.</li> </ol> <h2 id=configure-tablet>Configuring the tablet</h2> -<p>This section provides step-by-step instructions for setting up a Pixel C -tablet for use with the CameraITS software.</p> +<p>This section provides step-by-step instructions for setting up a +tablet for use with the CameraITS software. These instructions use a Pixel C as + an example tablet. For information on tablet +requirements and recommendations, see <a href="#tablet-requirements">Tablet +requirements</a>.</p> <p class="note"><strong>Note:</strong> The CameraITS python scripts automatically set the following options on the tablet for you: @@ -74,10 +77,10 @@ automatically set the following options on the tablet for you: <ol> <li>Charge the tablet and power it on. If prompted to set up an account, skip it (CameraITS does not require any account paired with the tablet).</li> -<li>Update the tablet to Android 7.0 or later (Android 6.x and earlier versions -do not support CameraITS).</li> -<li>Enable developer mode by going to <em>Settings > About tablet</em> and -tapping <strong>Build number</strong> five times.</li> +<li>Update the tablet to Android 7.0 or higher. Android 6.x and lower versions +do not support CameraITS.</li> +<li>Enable <a href="https://developer.android.com/studio/debug/dev-options#enable" + class="external">developer mode</a>.</li> <li>Return to <em>Settings</em> and select <strong>Developer options</strong>. <table> @@ -247,5 +250,67 @@ adb -s FA6BM0305016 pull /sdcard/verifierReports </ol> </li> </ul> + +<h2 id=tablet-requirements>Tablet requirements</h2> + +<p>Tablets must have a display size of around 10 inches with a screen resolution + greater than 2000 x 1500 pixels. The <code>DISPLAY_LEVEL</code> value must be + set in +<code>CameraITS/tools/wake_up_screen.py</code> according to the tablet model. +The table below lists the values for recommended tablets.</p> + +<p>Recommended tablets for ITS testing are shown below:</p> + +<table> + <tr> + <th>Device</th> + <th>Display size<br>(inches)</th> + <th>Display size<br>(pixels)</th> + <th>Tablet dimensions<br>(inches)</th> + <th>DISPLAY_LEVEL</th> + <th>OS</th> + </tr> + <tr> + <td>Asus Zen Pad 3</td> + <td>9.7</td> + <td>2048 x 1536</td> + <td>9.47 x 6.44 x 0.28</td> + <td>192</td> + <td>Android 6.0</td> + </tr> + <tr> + <td>Huawei Mediapad m5</td> + <td>10.8</td> + <td>2560 x 1600</td> + <td>10.18 x 6.76 x 0.29</td> + <td>192</td> + <td>Android 8.0</td> + </tr> + <tr> + <td>Pixel C</td> + <td>10.2</td> + <td>2560 x 1800</td> + <td>9.53 x 7.05 x 0.28</td> + <td>96</td> + <td>Android 8.0</td> + </tr> + <tr> + <td>Samsung S3</td> + <td>9.7</td> + <td>2048 x 1536</td> + <td>10.76 x 6.65 x 0.24</td> + <td>192</td> + <td>Android 7.0</td> + </tr> + <tr> + <td>Sony Xperia Z4</td> + <td>10.1</td> + <td>2560 x 1600</td> + <td>10 x 6.57 x 0.24</td> + <td>192</td> + <td>Android 7.0</td> + </tr> +</table> + </body> </html> diff --git a/en/compatibility/cts/camera-wfov-box-assembly.md b/en/compatibility/cts/camera-wfov-box-assembly.md index cadc0b42..64b8373c 100644 --- a/en/compatibility/cts/camera-wfov-box-assembly.md +++ b/en/compatibility/cts/camera-wfov-box-assembly.md @@ -16,7 +16,7 @@ Book: /_book.yaml limitations under the License. --> -# Wide Field of View (WFoV) ITS-in-a-Box Assembly +# Wide Field of View (WFoV) Box Android {{ androidPVersionNumber }} introduces ITS-in-a-box revision 2, an automated test system for both wide field of view (WFoV) and regular field of diff --git a/en/compatibility/cts/development.html b/en/compatibility/cts/development.html index 3741c35e..99069374 100644 --- a/en/compatibility/cts/development.html +++ b/en/compatibility/cts/development.html @@ -277,13 +277,9 @@ updated from time to time as CTS for the given Android version matures.</p> <td>nougat-cts-dev</td> <td>Monthly</td> </tr> + <tr> - <td>6.0</td> - <td>marshmallow-cts-dev</td> - <td>Monthly</td> -</tr> -<tr> - <td colspan="3">No releases are planned for 5.1, 5.0, 4.4, 4.3 and 4.2.</td> + <td colspan="3">No releases are planned for 6.0, 5.1, 5.0, 4.4, 4.3 and 4.2.</td> </tr> </table> @@ -303,7 +299,6 @@ Open Source Project (AOSP). <p>CTS development branches have been set up so that changes submitted to each branch will automatically merge as below:<br> -marshmallow-cts-dev -> nougat-cts-dev -> nougat-mr1-cts-dev -> oreo-cts-dev -> oreo-mr1-cts-dev -> pie-cts-dev -> <private-development-branch for Android Q></p> <p>If a changelist (CL) fails to merge correctly, the author of the CL will get diff --git a/en/compatibility/cts/downloads.html b/en/compatibility/cts/downloads.html index 6f3811d0..bbc6c108 100644 --- a/en/compatibility/cts/downloads.html +++ b/en/compatibility/cts/downloads.html @@ -26,107 +26,107 @@ <p>Thank you for your interest in Android Compatibility! The links below give you access to key documents and information about the program. As CTS is updated, new versions are added to this page. CTS versions are denoted by -R<number> in the link name.</p> +R<var>number</var> in the link name.</p> <h2 id="android-90">Android 9</h2> <p>Android 9 is the release of the development milestone code-named P. The source code for the following tests, including tests for instant apps, can be synced with the -'android-cts-9.0_r4' tag in the open-source tree.</p> +'android-cts-9.0_r5' tag in the open-source tree.</p> <ul> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-9.0_r4-linux_x86-arm.zip">Android -9.0 R4 Compatibility Test Suite (CTS) - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-9.0_r5-linux_x86-arm.zip">Android +9.0 R5 Compatibility Test Suite (CTS) - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-9.0_r4-linux_x86-x86.zip">Android -9.0 R4 Compatibility Test Suite (CTS) - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-9.0_r5-linux_x86-x86.zip">Android +9.0 R5 Compatibility Test Suite (CTS) - x86</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-9.0_r4-linux_x86-arm.zip">Android -9.0 R4 CTS Verifier - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-9.0_r5-linux_x86-arm.zip">Android +9.0 R5 CTS Verifier - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-9.0_r4-linux_x86-x86.zip">Android -9.0 R4 CTS Verifier - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-9.0_r5-linux_x86-x86.zip">Android +9.0 R5 CTS Verifier - x86</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts_instant-9.0_r4-linux_x86-arm.zip">Android -9.0 R4 CTS for Instant Apps - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts_instant-9.0_r5-linux_x86-arm.zip">Android +9.0 R5 CTS for Instant Apps - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts_instant-9.0_r4-linux_x86-x86.zip">Android -9.0 R4 CTS for Instant Apps - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts_instant-9.0_r5-linux_x86-x86.zip">Android +9.0 R5 CTS for Instant Apps - x86</a></li> </ul> <h2 id="android-81">Android 8.1</h2> <p>Android 8.1 is the release of the development milestone code-named Oreo-MR1. The source code for the following tests can be synced with the -'android-cts-8.1_r11' tag in the open-source tree.</p> +'android-cts-8.1_r12' tag in the open-source tree.</p> <ul> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-8.1_r11-linux_x86-arm.zip">Android -8.1 R11 Compatibility Test Suite (CTS) - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-8.1_r12-linux_x86-arm.zip">Android +8.1 R12 Compatibility Test Suite (CTS) - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-8.1_r11-linux_x86-x86.zip">Android -8.1 R11 Compatibility Test Suite (CTS) - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-8.1_r12-linux_x86-x86.zip">Android +8.1 R12 Compatibility Test Suite (CTS) - x86</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.1_r11-linux_x86-arm.zip">Android -8.1 R11 CTS Verifier - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.1_r12-linux_x86-arm.zip">Android +8.1 R12 CTS Verifier - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.1_r11-linux_x86-x86.zip">Android -8.1 R11 CTS Verifier - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.1_r12-linux_x86-x86.zip">Android +8.1 R12 CTS Verifier - x86</a></li> </ul> <h2 id="android-80">Android 8.0</h2> <p>Android 8.0 is the release of the development milestone code-named Oreo. The source code for the following tests can be synced with the -'android-cts-8.0_r15' tag in the open-source tree.</p> +'android-cts-8.0_r16' tag in the open-source tree.</p> <ul> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-8.0_r15-linux_x86-arm.zip">Android -8.0 R15 Compatibility Test Suite (CTS) - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-8.0_r16-linux_x86-arm.zip">Android +8.0 R16 Compatibility Test Suite (CTS) - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-8.0_r15-linux_x86-x86.zip">Android -8.0 R15 Compatibility Test Suite (CTS) - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-8.0_r16-linux_x86-x86.zip">Android +8.0 R16 Compatibility Test Suite (CTS) - x86</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.0_r15-linux_x86-arm.zip">Android -8.0 R15 CTS Verifier - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.0_r16-linux_x86-arm.zip">Android +8.0 R16 CTS Verifier - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.0_r15-linux_x86-x86.zip">Android -8.0 R15 CTS Verifier - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.0_r16-linux_x86-x86.zip">Android +8.0 R16 CTS Verifier - x86</a></li> </ul> <h2 id="android-71">Android 7.1</h2> <p>Android 7.1 is the release of the development milestone code-named Nougat-MR1. The source code for the following tests can be synced with the -'android-cts-7.1_r23' tag in the open-source tree.</p> +'android-cts-7.1_r24' tag in the open-source tree.</p> <ul> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-7.1_r23-linux_x86-arm.zip">Android -7.1 R23 Compatibility Test Suite (CTS) - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-7.1_r24-linux_x86-arm.zip">Android +7.1 R24 Compatibility Test Suite (CTS) - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-7.1_r23-linux_x86-x86.zip">Android -7.1 R23 Compatibility Test Suite (CTS) - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-7.1_r24-linux_x86-x86.zip">Android +7.1 R24 Compatibility Test Suite (CTS) - x86</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r23-linux_x86-arm.zip">Android -7.1 R23 CTS Verifier - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r24-linux_x86-arm.zip">Android +7.1 R24 CTS Verifier - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r23-linux_x86-x86.zip">Android -7.1 R23 CTS Verifier - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r24-linux_x86-x86.zip">Android +7.1 R24 CTS Verifier - x86</a></li> </ul> <h2 id="android-70">Android 7.0</h2> <p>Android 7.0 is the release of the development milestone code-named Nougat. The source code for the following tests can be synced with the -'android-cts-7.0_r27' tag in the open-source tree.</p> +'android-cts-7.0_r28' tag in the open-source tree.</p> <ul> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-7.0_r27-linux_x86-arm.zip">Android -7.0 R27 Compatibility Test Suite (CTS) - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-7.0_r28-linux_x86-arm.zip">Android +7.0 R28 Compatibility Test Suite (CTS) - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-7.0_r27-linux_x86-x86.zip">Android -7.0 R27 Compatibility Test Suite (CTS) - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-7.0_r28-linux_x86-x86.zip">Android +7.0 R28 Compatibility Test Suite (CTS) - x86</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r27-linux_x86-arm.zip">Android -7.0 R27 CTS Verifier - ARM</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r28-linux_x86-arm.zip">Android +7.0 R28 CTS Verifier - ARM</a></li> <li><a -href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r27-linux_x86-x86.zip">Android -7.0 R27 CTS Verifier - x86</a></li> +href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r28-linux_x86-x86.zip">Android +7.0 R28 CTS Verifier - x86</a></li> </ul> <h2 id="android-60">Android 6.0</h2> diff --git a/en/compatibility/cts/run.html b/en/compatibility/cts/run.html index 0bd66d90..0caf4c7e 100644 --- a/en/compatibility/cts/run.html +++ b/en/compatibility/cts/run.html @@ -45,156 +45,27 @@ short) continuous test framework.</p> <li>Start the default test plan (contains all test packages) by appending: <code>run cts --plan CTS</code> . This kicks off all CTS tests required for compatibility. <ul> + <li>For CTS v2 (Android 7.0 and later), enter <code>list modules</code> to + see a list of test modules. <li>For CTS v1 (Android 6.0 and earlier), enter <code>list plans</code> to view a list of test plans in the repository or <code>list package</code>s to view a list of test packages in the repository. - <li>For CTS v2 (Android 7.0 and later), enter <code>list modules</code> to - see a list of test modules. </ul> </li> <li>Alternately, run the CTS plan of your choosing from the command line using: <code>cts-tradefed run cts --plan <plan_name> </code> -<p class="note"><strong>Note:</strong> When running Android 6.0 (Marshmallow) -CTS only, we recommend you use the <code>--skip-preconditions</code> option to -skip the experimental pre-conditions feature that may cause issues for when -executing CTS tests.</p> +<p class="note"><strong>Note:</strong> You may save run time in Android 7.0 (Nougat) and higher, by + using the <code>run cts-dev</code> command instead of <code>run cts</code>. This command skips + preconditions, device-information collection, and all system status checkers. It also runs the + tests on only a single ABI. For device validation, avoid this optimization and +include all preconditions and checks.</p> <li>View test progress and results reported on the console. <li>If your device is Android 5.0 or later and declares support for an ARM and a x86 ABI, you should run both the ARM and x86 CTS packages. </ol> -<h2 id=using-cts-v1>Using the CTS v1 console</h2> - -<p>For Android 6.0 or earlier, you'll use CTS v1.</p> -<h3 id=selecting_cts_plans>Selecting plans</h3> -<p>The following test plans are available:</p> -<ul> - <li><em>CTS</em>—all tests required for compatibility. </li> - <li><em>Signature</em>—the signature verification of all public APIs </li> - <li><em>Android</em>—tests for the Android APIs </li> - <li><em>Java</em>—tests for the Java core library </li> - <li><em>VM</em>—tests for ART or Dalvik </li> - <li><em>Performance</em>—performance tests for your implementation </li> -</ul> -<p>These can be executed with the <code>run cts</code> command.</p> -<h3 id=cts_reference>CTS v1 console command reference</h3> - -<p class="table-caption" id="console-commands"> - <strong>Table 1.</strong> This table summarizes the CTS v1 console commands for -various uses.</p> -<table> - <tbody> - <tr> - <th>Host</th> - <th>Description</th> - </tr> - <tr> - <td><code>help</code></td> - <td>Display a summary of the most commonly used commands</td> - </tr> - <tr> - <td><code>help all</code></td> - <td>Display the complete list of available commands</td> - </tr> - <tr> - <td><code>exit</code></td> - <td>Gracefully exit the CTS console. Console will close when all currently running tests are finished</td> - </tr> - <tr> - <th>Run</th> - <th>Description</th> - </tr> - <tr> - <td><code>run cts</code></td> - <td>Run the specified tests and displays progress information. One of -<code>--plan</code>, <code>--package</code>, <code>--class</code> or -<code>--continue-session</code> needs to be specified - <p>The CTS console can accept other commands while tests are in progress </p> - <p>If no devices are connected, the CTS desktop machine (or host) will wait for a device to be connected before starting tests </p> - <p>If more than one device is connected, the CTS host will choose a device automatically</p></td> - </tr> - <tr> - <td><code>--plan <test_plan_name></code></td> - <td>Run the specified test plan</td> - </tr> - <tr> - <td><code>--package/-p <test_package_name> [--package/-p <test_package2>...]</code></td> - <td>Run the specified test packages</td> - </tr> - <tr> - <td><code>--class/-c <class_name> [--method/-m <test_method_name></code></td> - <td>Run the specified test class and/or method</td> - </tr> - <tr> - <td><code>--continue-session</code></td> - <td>Run all not executed tests from previous CTS session; the sessions testResult.xml will be updated with the new results</td> - </tr> - <tr> - <td><code>--shards <number_of_shards></code></td> - <td>Shard a CTS run into given number of independent chunks, to run on multiple devices in parallel</td> - </tr> - <tr> - <td><code>--serial/-s <deviceID></code></td> - <td>Run CTS on the specific device</td> - </tr> - <tr> - <td><code>-t <class_name>#<test_method_name></code></td> - <td>Run a specific test method</td> - </tr> - <tr> - <td><code>--force-abi 32|64</code></td> - <td>On 64-bit devices, run the test against only the 32-bit or 64-bit ABI</td> - </tr> - <tr> - <th>List</th> - <th>Description</th> - </tr> - <tr> - <td><code>list packages</code></td> - <td>List all available test packages in the repository</td> - </tr> - <tr> - <td><code>list plans</code></td> - <td>List all available test plans in the repository</td> - </tr> - <tr> - <td><code>list invocations</code></td> - <td>List 'run' commands currently being executed on devices</td> - </tr> - <tr> - <td><code>list commands</code></td> - <td>List all 'run' commands currently in the queue waiting to be assigned to devices</td> - </tr> - <tr> - <td><code>list results</code></td> - <td>List CTS results currently stored in repository</td> - </tr> - <tr> - <td><code>list devices</code></td> - <td>List currently connected devices and their state - <p> </p> - <p>'Available' devices are functioning, idle devices, available for running tests</p> - <p> </p> - <p>'Unavailable' devices are devices visible via adb, but are not responding to adb commands and won't be allocated for tests</p> - <p> </p> - <p>'Allocated' devices are devices currently running tests</td> - </tr> - <tr> - <th>Add</th> - <th>Description</th> - </tr> - <tr> - <td><code>add derivedplan --plan <plan_name><br> - --result/-r<br> - [pass | fail | timeout | notExecuted]<br> - [--session/-s <session_id>]</code></td> - <td>Create a plan derived from given result session; use this option to rerun reports and validate test issues</td> - </tr> - </tbody> -</table> - <h2 id=using-cts-v2>Using the CTS v2 console</h2> <p>For Android 7.0 or later, you'll use CTS v2.</p> @@ -261,11 +132,32 @@ various uses.</p> </tr> <tr> <td><code>run cts</code></td> - <td><p>Run the default CTS plan (that is, the full CTS invocation).</p> - <p>The CTS console can accept other commands while tests are in progress.</p> + <td><p>Run the default CTS plan (that is, the full CTS invocation). Use this + comprehensive option (including preconditions) for device validation. + See <a + href="https://android.googlesource.com/platform/test/suite_harness/+/master/tools/cts-tradefed/res/config/cts.xml">/test/suite_harness/tools/cts-tradefed/res/config/cts.xml</a> + for inclusions.</p> + <p>The CTS console can accept other commands while tests are in progress.</p> + <p>If no devices are connected, the CTS desktop machine (or host) will wait + for a device to be connected before starting tests. If more than one + device is connected, the CTS host will choose a device + automatically.</p> + </tr> + <td><code>run cts-dev</code></td> + <td><p>Run the default CTS plan (that is, the full CTS invocation) but + skip preconditions to save run time for iterative development of a new + test. This bypasses verification and setup of the device's + configuration, such as pushing media files or checking for Wi-Fi + connection, as is done when the <code>--skip-preconditions</code> option is used. This + command also skips device-information collection, and all system status checkers. It also + runs the tests on only a single ABI. For device validation, avoid this optimization and + include all preconditions and checks. + See <a href="https://android.googlesource.com/platform/test/suite_harness/+/master/tools/cts-tradefed/res/config/cts-dev.xml">/test/suite_harness/tools/cts-tradefed/res/config/cts-dev.xml</a> for exclusions.</p> + <p>The CTS console can accept other commands while tests are in progress.</p> <p>If no devices are connected, the CTS desktop machine (or host) will wait - for a device to be connected before starting tests.</p> - <p>If more than one device is connected, the CTS host will choose a device automatically.</p></td> + for a device to be connected before starting tests. If more than one + device is connected, the CTS host will choose a device + automatically.</p></td> </tr> <tr> <td><code>run retry</code></td> @@ -347,7 +239,10 @@ various uses.</p> </tr> <tr> <td><code>--skip-preconditions</code></td> - <td>Bypasses verification and setup of the device's configuration, such as pushing media files or checking for Wi-Fi connection.</td> + <td>Skip preconditions to save run time for iterative development of a + new test. This bypasses verification and setup of the device's + configuration, such as pushing media files or checking for Wi-Fi + connection.</td> </tr> <tr> <th>List</th> @@ -416,5 +311,143 @@ various uses.</p> </tbody> </table> +<h2 id=using-cts-v1>Using the CTS v1 console</h2> + +<p>For Android 6.0 or earlier, you'll use CTS v1.</p> +<h3 id=selecting_cts_plans>Selecting plans</h3> +<p>The following test plans are available:</p> +<ul> + <li><em>CTS</em>—all tests required for compatibility. </li> + <li><em>Signature</em>—the signature verification of all public APIs </li> + <li><em>Android</em>—tests for the Android APIs </li> + <li><em>Java</em>—tests for the Java core library </li> + <li><em>VM</em>—tests for ART or Dalvik </li> + <li><em>Performance</em>—performance tests for your implementation </li> +</ul> +<p>These can be executed with the <code>run cts</code> command.</p> + +<h3 id=cts_reference>CTS v1 console command reference</h3> + +<p class="table-caption" id="console-commands"> + <strong>Table 1.</strong> This table summarizes the CTS v1 console commands for +various uses.</p> +<table> + <tbody> + <tr> + <th>Host</th> + <th>Description</th> + </tr> + <tr> + <td><code>help</code></td> + <td>Display a summary of the most commonly used commands</td> + </tr> + <tr> + <td><code>help all</code></td> + <td>Display the complete list of available commands</td> + </tr> + <tr> + <td><code>exit</code></td> + <td>Gracefully exit the CTS console. Console will close when all currently running tests are finished</td> + </tr> + <tr> + <th>Run</th> + <th>Description</th> + </tr> + <tr> + <td><code>run cts</code></td> + <td>Run the specified tests and displays progress information. One of +<code>--plan</code>, <code>--package</code>, <code>--class</code> or +<code>--continue-session</code> needs to be specified + <p>The CTS console can accept other commands while tests are in progress </p> + <p>If no devices are connected, the CTS desktop machine (or host) will wait for a device to be connected before starting tests </p> + <p>If more than one device is connected, the CTS host will choose a device automatically</p></td> + </tr> + <tr> + <td><code>--plan <test_plan_name></code></td> + <td>Run the specified test plan</td> + </tr> + <tr> + <td><code>--package/-p <test_package_name> [--package/-p <test_package2>...]</code></td> + <td>Run the specified test packages</td> + </tr> + <tr> + <td><code>--class/-c <class_name> [--method/-m <test_method_name></code></td> + <td>Run the specified test class and/or method</td> + </tr> + <tr> + <td><code>--continue-session</code></td> + <td>Run all not executed tests from previous CTS session; the sessions testResult.xml will be updated with the new results</td> + </tr> + <tr> + <td><code>--shards <number_of_shards></code></td> + <td>Shard a CTS run into given number of independent chunks, to run on multiple devices in parallel</td> + </tr> + <tr> + <td><code>--serial/-s <deviceID></code></td> + <td>Run CTS on the specific device</td> + </tr> + <tr> + <td><code>-t <class_name>#<test_method_name></code></td> + <td>Run a specific test method</td> + </tr> + <tr> + <td><code>--force-abi 32|64</code></td> + <td>On 64-bit devices, run the test against only the 32-bit or 64-bit ABI</td> + </tr> + <tr> + <td><code>--skip-preconditions</code></td> + <td>Skip preconditions to save run time for iterative development of a + new test. This bypasses verification and setup of the device's + configuration, such as pushing media files or checking for Wi-Fi + connection.</td> + </tr> + <tr> + <th>List</th> + <th>Description</th> + </tr> + <tr> + <td><code>list packages</code></td> + <td>List all available test packages in the repository</td> + </tr> + <tr> + <td><code>list plans</code></td> + <td>List all available test plans in the repository</td> + </tr> + <tr> + <td><code>list invocations</code></td> + <td>List 'run' commands currently being executed on devices</td> + </tr> + <tr> + <td><code>list commands</code></td> + <td>List all 'run' commands currently in the queue waiting to be assigned to devices</td> + </tr> + <tr> + <td><code>list results</code></td> + <td>List CTS results currently stored in repository</td> + </tr> + <tr> + <td><code>list devices</code></td> + <td>List currently connected devices and their state + <p> </p> + <p>'Available' devices are functioning, idle devices, available for running tests</p> + <p> </p> + <p>'Unavailable' devices are devices visible via adb, but are not responding to adb commands and won't be allocated for tests</p> + <p> </p> + <p>'Allocated' devices are devices currently running tests</td> + </tr> + <tr> + <th>Add</th> + <th>Description</th> + </tr> + <tr> + <td><code>add derivedplan --plan <plan_name><br> + --result/-r<br> + [pass | fail | timeout | notExecuted]<br> + [--session/-s <session_id>]</code></td> + <td>Create a plan derived from given result session; use this option to rerun reports and validate test issues</td> + </tr> + </tbody> +</table> + </body> </html> diff --git a/en/compatibility/cts/setup.html b/en/compatibility/cts/setup.html index 7961778a..f7600b4d 100644 --- a/en/compatibility/cts/setup.html +++ b/en/compatibility/cts/setup.html @@ -26,11 +26,11 @@ <h2 id=physical_environment>Physical environment</h2> <h3 id=ble_beacons>Bluetooth LE beacons</h3> -<p>If the DUT supports the Bluetooth LE feature, then at least three -Bluetooth LE beacons should be placed within five meters of the DUT for Bluetooth -LE scan testing. Those beacons can be any kind, do not need to be -configured or emit anything specific, and can include iBeacon, -Eddystone, or even devices simulating BLE beacons.</p> +<p>If the device-under-test (DUT) supports the Bluetooth LE feature, then at +least three Bluetooth LE beacons should be placed within five meters of the DUT +for Bluetooth LE scan testing. Those beacons can be any kind, do not need to be +configured or emit anything specific, and can include iBeacon, Eddystone, or +even devices simulating BLE beacons.</p> <h3 id=camera>Cameras</h3> <p>When running camera CTS, you are recommended to use normal lighting @@ -39,7 +39,7 @@ not too close to the lens (the distance depends on the device's minimum focus distance).</p> <p>If the DUT supports external cameras, such as USB -webcams, then an external camera must be plugged in when running CTS. +webcams, an external camera must be plugged in when running CTS. Otherwise, the CTS tests will fail.</p> <h3 id="gnss">GPS/GNSS</h3> @@ -73,15 +73,16 @@ href="http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers">list of IPv6 tunnel brokers</a>.</p> <h3 id="rtt">Wi-Fi RTT (Round Trip Time)</h3> -<p>Android 9 adds an API for a <a ref="/devices/tech/connect/wifi-rtt">Wi-Fi RTT</a> capability, which -allows devices to measure their distance to access points with an accuracy of 1 to 2 meters, -thus increasing indoor location accuracy significantly. Here are two recommended devices -supporting Wi-Fi RTT: <a href="https://store.google.com/product/google_wifi">Google Wifi</a> -and <a href="https://fit-iot.com/web/products/fitlet2/">Compulab's Filet2 Access Point</a> (set to 40MHz bandwidth at 5GHz).</p> +<p>Android 9 adds an API for a <a ref="/devices/tech/connect/wifi-rtt">Wi-Fi RTT</a> capability, +which allows devices to measure their distance to access points with an accuracy of 1 to 2 meters, +thus increasing indoor location accuracy significantly. Here are two recommended devices +supporting Wi-Fi RTT: <a href="https://store.google.com/product/google_wifi">Google Wifi</a> +and <a href="https://fit-iot.com/web/products/fitlet2/">Compulab's Filet2 Access Point</a> +(set to 40MHz bandwidth at 5GHz).</p> -<p>The access points should be powered up, but not required to be connected to any network. -Access points do not need to be next to the testing device; however, they are recommended to be within a distance of 40 ft from the DUT. -One access point is typically sufficient.</p> +<p>The access points should be powered up, but not required to be connected to any network. +Access points do not need to be next to the testing device; however, they are recommended to be +within a distance of 40 ft from the DUT. One access point is typically sufficient.</p> <h2 id=desktop_setup>Desktop machine setup</h2> @@ -219,15 +220,25 @@ source</a>) which do not contain any code except for the manifest: </p> preload the apps into the appropriate directories on the system image without re-signing them.</p> - <h3 id=sample-applet>Sample Applet</h3> - <p>Android 9 introduced Open Mobile API Test cases, which are used to check if the -underlying implementation of Secure Elements are implemented as per standard. These test -cases would require the installation of a special applet which can be used by the -CTS application to communicate with. One can use the <a href="https://android-review.googlesource.com/c/platform/cts/+/700517">sample applet</a> as provided.</p> - <p>This is applicable to devices, which have eSE(embedded Secure Element), SIM or SDs. See <a href="/compatibility/cts/secure-element">CTS Test for Secure Element</a> for more detailed information on Open Mobile -API Test cases and Access Control Test cases.</p> - -<h3 id=storage_requirements>Storage requirements</h3> + <h3 id="sample-applet">Sample Applet</h3> + <p> + Android 9 introduced Open Mobile APIs. For devices that plan to report + more than one secure element, CTS adds test cases to validate the + behavior of the Open Mobile APIs. These test cases require the one-time + installation of a sample applet into the embedded Secure Element (eSE) + of the Device Under Test (DUT) or into the SIM card used by the DUT. The + <a + href="https://android.googlesource.com/platform/cts/+/master/tests/tests/secure_element/sample_applet/Google-eSE-test.cap" class="external">eSE + sample applet</a> and the <a + href="https://android.googlesource.com/platform/cts/+/master/tests/tests/secure_element/sample_applet/uicc/google-cardlet.cap" class="external">SIM + sample applet</a> can be found in the AOSP repository. + </p> + + <p> + See <a href="/compatibility/cts/secure-element">CTS Test for Secure Element</a> for more + detailed information on Open Mobile API Test cases and Access Control Test cases.</p> + +<h3 id="storage_requirements">Storage requirements</h3> <p>The CTS media stress tests require video clips to be on external storage (<code>/sdcard</code>). Most of the clips are from <a href="https://peach.blender.org/">Big Buck Bunny</a> which is copyrighted by diff --git a/en/compatibility/tests/development/blueprints.md b/en/compatibility/tests/development/blueprints.md index 96054162..9b8a4cfb 100644 --- a/en/compatibility/tests/development/blueprints.md +++ b/en/compatibility/tests/development/blueprints.md @@ -19,7 +19,7 @@ Book: /_book.yaml limitations under the License. --> -# Simple Test Configuration +# Simple Build Configuration Each new test module must have a configuration file to direct the build system with module metadata, compile-time dependencies and packaging instructions. @@ -31,8 +31,9 @@ branch. Soong uses Blueprint or `.bp` files, which are JSON-like simple declarative descriptions of modules to build. This format replaces the -Make-based system used in previous releases. To accommodate custom testing or -use the Android [Compatibility Test Suite](compatibility/cts) (CTS), follow the +[Make-based system](https://developer.android.com/ndk/guides/android_mk){: +.external} used in previous releases. To accommodate custom testing or use the +Android [Compatibility Test Suite](compatibility/cts) (CTS), follow the [Complex Test Configuration](/compatibility/tests/development/test-config) instead. diff --git a/en/compatibility/tests/development/index.md b/en/compatibility/tests/development/index.md index 6fc66d6c..b08005b7 100644 --- a/en/compatibility/tests/development/index.md +++ b/en/compatibility/tests/development/index.md @@ -25,10 +25,10 @@ To integrate tests into a platform continuous testing service, they should meet the guidelines on this page and follow this recommended flow. 1. Use the [Soong build system](https://android.googlesource.com/platform/build/soong/) - for [Simple Test Configuration](blueprints). -1. Employ [Test Mapping](test-mapping) to easily create pre- and post-submit - test rules directly in the Android source tree. -1. Run tests locally using [Atest](atest). + for [Simple Test Configuration](/compatibility/tests/development/blueprints). +1. Employ [Test Mapping](/compatibility/tests/development/test-mapping) to + easily create pre- and post-submit test rules directly in the Android source tree. +1. Run tests locally using [Atest](/compatibility/tests/development/atest). ## Test types diff --git a/en/compatibility/tests/development/test-mapping.md b/en/compatibility/tests/development/test-mapping.md index 5f843199..1c113219 100644 --- a/en/compatibility/tests/development/test-mapping.md +++ b/en/compatibility/tests/development/test-mapping.md @@ -88,7 +88,12 @@ Here is a sample TEST_MAPPING file: { "include-annotation": "android.platform.test.annotations.RequiresDevice" } - ] + ], + "file_patterns": ["(/|^)Window[^/]*\\.java", "(/|^)Activity[^/]*\\.java"] + }, + { + "name" : "net_test_avrcp", + "host" : true } ], "postsubmit": [ @@ -120,11 +125,24 @@ use class `name` or test method `name`. To narrow down the tests to run, you can use options such as `include-filter` here. See ([include-filter sample usage](https://android.googlesource.com/platform/frameworks/base/+/master/services/core/java/com/android/server/pm/dex/TEST_MAPPING#7)). -The `imports` attribute allows you to include tests in other TEST_MAPPING files +The **host** setting of a test indicates whether the test is a deviceless test +running on host or not. The default value is **false**, meaning the test +requires a device to run. The supported test types are +[HostGTest](/compatibility/tests/development/native) for native tests and +[HostTest](/compatibility/tests/development/jar) for JUnit tests. + +The **file_patterns** attribute allows you to set a list of regex strings for +matching the relative path of any source code file (relative to the directory +containing the TEST_MAPPING file). In above example, test `CtsWindowManagerDeviceTestCases` +will run in presubmit only when any java file starts with Window or Activity, +which exists in the same directory of the TEST_MAPPING file or any of its sub +directories, is changed. Note that `\` needs to escaped as it's in a JSON file. + +The **imports** attribute allows you to include tests in other TEST_MAPPING files without copying the content. Note that the TEST_MAPPING files in the parent directories of the imported path will also be included. -The `options` attribute contains additional TradeFed command line options. In +The **options** attribute contains additional TradeFed command line options. In the above example, only tests with annotation `Presubmit` will run in presubmit; all tests will run in postsubmit. @@ -240,6 +258,17 @@ and its parent directories: <code class="devsite-terminal">atest [--test-mapping] [src_path]:postsubmit</code> </pre> +### Running only tests that require no device + +You can use option **--host** for Atest to only run tests configured against the +host that require no device. Without this option, Atest will run both tests, the +ones requiring device and the ones running on host and require no device. The +tests will be run in two seperate suites. + +<pre> +<code class="devsite-terminal">atest [--test-mapping] --host</code> +</pre> + ### Identifying test groups You can specify test groups in the Atest command. Note that presubmit tests are diff --git a/en/compatibility/vts/codelab-video.html b/en/compatibility/vts/codelab-video.html index 0144a45e..059d7667 100644 --- a/en/compatibility/vts/codelab-video.html +++ b/en/compatibility/vts/codelab-video.html @@ -24,8 +24,8 @@ <p>The Vendor Test Suite (VTS) codelabs and video tutorials provide details - on running and developing VTS and CTS-on-GSI on Android {{ - androidPVersionNumber }} and Android 8.1.</p> + on running and developing VTS and CTS-on-GSI on Android {{ androidPVersionNumber }} and Android + 8.1.</p> <h2> Videos and Codelabs for Android 9</h2> @@ -46,7 +46,9 @@ <td><strong>Overview</strong> </td> - <td>Android Vendor Test Suite (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=m6ALQGf3Yt4&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H&index=2&t=0s"> + Android Vendor Test Suite</a></td> <td><a href= "https://codelabs.developers.google.com/codelabs/android-vts/#0">Introduction</a> @@ -60,7 +62,9 @@ <td><strong>How to Run VTS and CTS-on-GSI</strong> </td> - <td>How to Run VTS and CTS-on-GSI (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=fbYx_g6bbCA&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H&index=8"> + How to Run VTS and CTS-on-GSI</a></td> <td><a href= "https://codelabs.developers.google.com/codelabs/android-vts-8/#1">Build @@ -73,7 +77,9 @@ <td><strong>How to Flash GSI</strong> </td> - <td>How to Flash General System Image (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=rRgFCEZyA7Q&index=7&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H"> + How to Flash General System Image</a></td> <td><a href= "https://codelabs.developers.google.com/codelabs/android-vts/#3">Prepare @@ -88,7 +94,9 @@ <td><strong>Test Framework</strong> </td> - <td>Test Framework Changes (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=SUG82_-V88o&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H&index=9"> + Test Framework Changes</a></td> <td><a href= "https://source.android.com/compatibility/vts/shell-commands">Test @@ -101,7 +109,9 @@ <td><strong>Test Time Optimization</strong> </td> - <td>Test Time Optimization (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=i5TKp7Wygn0&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H&index=10"> + Test Time Optimization</a></td> <td>--</td> </tr> @@ -111,7 +121,9 @@ <td><strong>Multi-Device Testing</strong> </td> - <td>Multi-Device Tests (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=NIx5IDaNovg&index=6&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H"> + Multi-Device Tests</a></td> <td><a href= "https://codelabs.developers.google.com/codelabs/android-vts/#12">Write a @@ -160,7 +172,9 @@ <td><strong>Conditional Tests</strong> </td> - <td>Conditional Tests (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=CyxNqWmcCD4&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H&index=2"> + Conditional Tests</a></td> <td>--</td> </tr> @@ -170,7 +184,9 @@ <td><strong>Service Name Aware Testing</strong> </td> - <td>Service name aware HAL (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=kbX98ur-hlE&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H&index=5"> + Service Name Aware HAL Testing</a></td> <td><a href= "https://codelabs.developers.google.com/codelabs/android-vts/#5">Choose a @@ -183,7 +199,9 @@ <td><strong>HAL Extension Tests</strong> </td> - <td>HAL Extension Test (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=B55Rkcqpncc&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H&index=3"> + HAL Extension Test</a></td> <td><a href= "https://codelabs.developers.google.com/codelabs/android-vts/#6">Write a @@ -196,7 +214,9 @@ <td><strong>Framework Backward Compatibility</strong> </td> - <td>Android Framework Backward Compatibility (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=JXqVlkJYbTE&index=4&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H"> + Android Framework Backward Compatibility</a></td> <td><a href= "https://codelabs.developers.google.com/codelabs/android-vts/#7">Write a @@ -241,7 +261,7 @@ <td><a href= "https://www.youtube.com/watch?v=F41dHKYPoic&list=PLWz5rJ2EKKc9JOMtoWWMJHFHgvXDoThva&index=6"> - Performance Testing</a> + VTS Support for Performance Testing</a> </td> <td> @@ -311,7 +331,9 @@ <td><strong>End-to-End Automation</strong> </td> - <td>Automatic Measurement Infrastructure (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=3Ay8SpoAcPw&index=11&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H"> + Automatic Measurement Infrastructure</a></td> <td>--</td> </tr> @@ -339,7 +361,9 @@ <td><strong>Partner Engineering</strong> </td> - <td>Treble Readiness (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=vB4WOe3CmO4&index=12&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H"> + Treble Readiness</a></td> <td>--</td> </tr> @@ -349,7 +373,9 @@ <td><strong>Conclusion</strong> </td> - <td>Call for Contributions (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=YzM2lGGJs70&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H&index=13"> + Call for Contributions</a></td> <td><a href= "https://codelabs.developers.google.com/codelabs/android-vts/#14">Report @@ -411,7 +437,8 @@ <td><strong>How to Flash GSI</strong> </td> - <td>How to Flash General System Image (Coming Soon)</td> + <td><a href= + "https://www.youtube.com/watch?v=rRgFCEZyA7Q&list=PLWz5rJ2EKKc_b3YitO08nBPJamBBmCL_H&index=7">How to Flash General System Image</a></td> <td><a href= "https://codelabs.developers.google.com/codelabs/android-vts/#3">Prepare diff --git a/en/compatibility/vts/index.html b/en/compatibility/vts/index.html index 982dbed9..70235877 100644 --- a/en/compatibility/vts/index.html +++ b/en/compatibility/vts/index.html @@ -32,8 +32,8 @@ <ul> <li><a href="/compatibility/vts/codelab-video">Codelab and Video Tutorials</a>. - Describes the videos and codelabs on running and developing VTS and CTS-on-GSI on Android {{ - androidPVersionNumber }} and Android 8.1.</li> + Describes the videos and codelabs on running and developing VTS and CTS-on-GSI on Android + {{ androidPVersionNumber }} and Android 8.1.</li> <li><a href="/compatibility/vts/systems">Systems Testing with VTS</a>. Describes how to use VTS to test an Android native system implementation, set up a testing environment, then test a patch using a VTS plan.</li> diff --git a/en/devices/_toc-frameworks.yaml b/en/devices/_toc-frameworks.yaml deleted file mode 100644 index 5f91e99d..00000000 --- a/en/devices/_toc-frameworks.yaml +++ /dev/null @@ -1,429 +0,0 @@ -toc: -- title: Overview - path: /devices/ -- title: Architecture - section: - - title: Overview - path: /devices/architecture/ - - title: Hardware Abstraction Layer (HAL) - path: /devices/architecture/hal - - title: HAL Types - path: /devices/architecture/hal-types - - title: Treble - path: /devices/architecture/treble - - title: Kernel - section: - - title: Overview - path: /devices/architecture/kernel/ - - title: Stable Releases & Updates - path: /devices/architecture/kernel/releases - - title: Android Common Kernels - path: /devices/architecture/kernel/android-common - - title: Modular Kernel Requirements - path: /devices/architecture/kernel/modular-kernels - - title: Interface Requirements - path: /devices/architecture/kernel/reqs-interfaces - - title: Configuration - path: /devices/architecture/kernel/config - - title: Kernel Hardening - path: /devices/architecture/kernel/hardening - - title: SquashFS - path: /devices/architecture/kernel/squashfs - - title: LLDB Debugging - path: /devices/architecture/kernel/lldb-debug - - title: Network Tests - path: /devices/architecture/kernel/network_tests - - title: HIDL (General) - section: - - title: Overview - path: /devices/architecture/hidl/ - - title: Interfaces & Packages - path: /devices/architecture/hidl/interfaces - - title: Interface Hashing - path: /devices/architecture/hidl/hashing - - title: Services & Data Transfer - path: /devices/architecture/hidl/services - - title: Fast Message Queue - path: /devices/architecture/hidl/fmq - - title: Using Binder IPC - path: /devices/architecture/hidl/binder-ipc - - title: Network Stack Configuration Tools - path: /devices/architecture/hidl/network-stack - - title: Threading Models - path: /devices/architecture/hidl/threading - - title: Converting Modules - path: /devices/architecture/hidl/converting - - title: Data Types - path: /devices/architecture/hidl/types - - title: Versioning - path: /devices/architecture/hidl/versioning - - title: Code Style Guide - path: /devices/architecture/hidl/code-style - - title: HIDL (C++) - section: - - title: Overview - path: /devices/architecture/hidl-cpp/ - - title: Packages - path: /devices/architecture/hidl-cpp/packages - - title: Interfaces - path: /devices/architecture/hidl-cpp/interfaces - - title: Data Types - path: /devices/architecture/hidl-cpp/types - - title: Functions - path: /devices/architecture/hidl-cpp/functions - - title: HIDL (Java) - section: - - title: Overview - path: /devices/architecture/hidl-java/ - - title: Data Types - path: /devices/architecture/hidl-java/types - - title: Interface Errors & Methods - path: /devices/architecture/hidl-java/interfaces - - title: Exporting Constants - path: /devices/architecture/hidl-java/constants - - title: ConfigStore HAL - section: - - title: Overview - path: /devices/architecture/configstore/ - - title: Creating the HAL Interface - path: /devices/architecture/configstore/interface - - title: Implementing the Service - path: /devices/architecture/configstore/service - - title: Client-Side Usage - path: /devices/architecture/configstore/client - - title: Adding Classes & Items - path: /devices/architecture/configstore/add-class-item - - title: Device Tree Overlays - section: - - title: Overview - path: /devices/architecture/dto/ - - title: Implementing DTO - path: /devices/architecture/dto/implement - - title: DTO Syntax - path: /devices/architecture/dto/syntax - - title: Compiling & Verifying - path: /devices/architecture/dto/compile - - title: Using Multiple DTs - path: /devices/architecture/dto/multiple - - title: DTB/DTBO Partition Format - path: /devices/architecture/dto/partitions - - title: Optimizing DTO - path: /devices/architecture/dto/optimize - - title: Vendor NDK - section: - - title: Overview - path: /devices/architecture/vndk/ - - title: Enabling the VNDK - path: /devices/architecture/vndk/enabling - - title: VNDK Build System Support - path: /devices/architecture/vndk/build-system - - title: VNDK Extensions - path: /devices/architecture/vndk/extensions - - title: VNDK Definition Tool - path: /devices/architecture/vndk/deftool - - title: Linker Namespace - path: /devices/architecture/vndk/linker-namespace - - title: Directories, Rules, and sepolicy - path: /devices/architecture/vndk/dir-rules-sepolicy - - title: Renderscript - path: /devices/architecture/vndk/renderscript - - title: Vendor Interface Object - section: - - title: Overview - path: /devices/architecture/vintf/ - - title: VINTF Object Data - path: /devices/architecture/vintf/objects - - title: Compatibility Matrices - path: /devices/architecture/vintf/comp-matrices - - title: Matching Rules - path: /devices/architecture/vintf/match-rules - - title: Resources - path: /devices/architecture/vintf/resources -- title: Audio - section: - - title: Overview - path: /devices/audio/ - - title: Terminology - path: /devices/audio/terminology - - title: Implementation - section: - - title: Overview - path: /devices/audio/implement - - title: Policy Configuration - path: /devices/audio/implement-policy - - title: Shared Library - path: /devices/audio/implement-shared-library - - title: Pre-processing Effects - path: /devices/audio/implement-pre-processing - - title: Data Formats - path: /devices/audio/data_formats - - title: Attributes - path: /devices/audio/attributes - - title: AAudio and MMAP - path: /devices/audio/aaudio - - title: Warmup - path: /devices/audio/warmup - - title: Latency - section: - - title: Overview - path: /devices/audio/latency - - title: Contributors - path: /devices/audio/latency_contrib - - title: Design - path: /devices/audio/latency_design - - title: Measure - path: /devices/audio/latency_measure - - title: Light Testing Circuit - path: /devices/audio/testing_circuit - - title: Audio Loopback Dongle - path: /devices/audio/loopback - - title: Measurements - path: /devices/audio/latency_measurements - - title: Applications - path: /devices/audio/latency_app - - title: Priority Inversion - path: /devices/audio/avoiding_pi - - title: Sample Rate Conversion - path: /devices/audio/src - - title: Debugging - path: /devices/audio/debugging - - title: MIDI - section: - - title: Overview - path: /devices/audio/midi - - title: MIDI Architecture - path: /devices/audio/midi_arch - - title: MIDI Test Procedure - path: /devices/audio/midi_test - - title: USB Digital Audio - path: /devices/audio/usb - - title: TV Audio - path: /devices/audio/tv -- title: Automotive - section: - - title: Overview - path: /devices/automotive/ - - title: Vehicle Properties - path: /devices/automotive/properties - - title: Camera HAL - path: /devices/automotive/camera-hal - - title: IVI Connectivity - path: /devices/automotive/ivi_connectivity -- title: Bluetooth - section: - - title: Overview - path: /devices/bluetooth - - title: Services - path: /devices/bluetooth/services - - title: Bluetooth Low Energy - path: /devices/bluetooth/ble - - title: BLE Advertising - path: /devices/bluetooth/ble_advertising - - title: Verifying and Debugging - path: /devices/bluetooth/verifying_debugging - - title: HCI Requirements - path: /devices/bluetooth/hci_requirements -- title: Bootloader - section: - - title: Overview - path: /devices/bootloader - - title: Partitions and Images - path: /devices/bootloader/partitions-images - - title: Flashing and Updating - path: /devices/bootloader/flashing-updating - - title: Unlocking and Trusty - path: /devices/bootloader/unlock-trusty -- title: Camera - section: - - title: Overview - path: /devices/camera/ - - title: Camera3 - path: /devices/camera/camera3 - - title: HAL Subsystem - path: /devices/camera/camera3_requests_hal - - title: Metadata and Controls - path: /devices/camera/camera3_metadata - - title: 3A Modes and State - path: /devices/camera/camera3_3Amodes - - title: Output and Cropping - path: /devices/camera/camera3_crop_reprocess - - title: Errors and Streams - path: /devices/camera/camera3_error_stream - - title: Request Creation - path: /devices/camera/camera3_requests_methods - - title: Version Support - path: /devices/camera/versioning -- title: DRM - path: /devices/drm -- title: Graphics - section: - - title: Overview - path: /devices/graphics/ - - title: Architecture - section: - - title: Overview - path: /devices/graphics/architecture - - title: BufferQueue - path: /devices/graphics/arch-bq-gralloc - - title: SurfaceFlinger and HWC - path: /devices/graphics/arch-sf-hwc - - title: Surface and SurfaceHolder - path: /devices/graphics/arch-sh - - title: OpenGL ES - path: /devices/graphics/arch-egl-opengl - - title: OpenGLRenderer Configuration - path: /devices/graphics/renderer - - title: Vulkan - path: /devices/graphics/arch-vulkan - - title: SurfaceView - path: /devices/graphics/arch-sv-glsv - - title: SurfaceTexture - path: /devices/graphics/arch-st - - title: TextureView - path: /devices/graphics/arch-tv - - title: Game Loops - path: /devices/graphics/arch-gameloops - - title: Implementation - section: - - title: Overview - path: /devices/graphics/implement - - title: Hardware Composer HAL - path: /devices/graphics/implement-hwc - - title: VSYNC - path: /devices/graphics/implement-vsync - - title: Vulkan - path: /devices/graphics/implement-vulkan - - title: Virtual Displays - path: /devices/graphics/implement-vdisplays - - title: OpenGL ES Testing - section: - - title: Overview - path: /devices/graphics/testing - - title: Building Test Programs - path: /devices/graphics/build-tests - - title: Porting the Test Framework - path: /devices/graphics/port-tests - - title: Running the Tests - path: /devices/graphics/run-tests - - title: Automating the Tests - path: /devices/graphics/automate-tests - - title: Using Special Test Groups - path: /devices/graphics/test-groups - - title: Integrating with Android CTS - path: /devices/graphics/cts-integration -- title: Input - section: - - title: Overview - path: /devices/input/ - - title: Key Layout Files - path: /devices/input/key-layout-files - - title: Key Character Map Files - path: /devices/input/key-character-map-files - - title: Input Device Configuration Files - path: /devices/input/input-device-configuration-files - - title: Migration Guide - path: /devices/input/migration-guide - - title: Keyboard Devices - path: /devices/input/keyboard-devices - - title: Touch Devices - path: /devices/input/touch-devices - - title: Getevent - path: /devices/input/getevent - - title: Validate Keymaps - path: /devices/input/validate-keymaps -- title: Media - section: - - title: Overview - path: /devices/media/ - - title: Framework Hardening - path: /devices/media/framework-hardening - - title: SoC Dependencies - path: /devices/media/soc - - title: OEM Dependencies - path: /devices/media/oem -- title: Peripherals - path: /devices/accessories - section: - - title: Audio Accessories - section: - - title: Overview - path: /devices/accessories/audio - - title: 3.5 mm Headset - section: - - title: Headset Spec - path: /devices/accessories/headset/plug-headset-spec - - title: Device Spec - path: /devices/accessories/headset/jack-headset-spec - - title: USB Headset - section: - - title: Headset Spec - path: /devices/accessories/headset/usb-headset-spec - - title: Adapter Spec - path: /devices/accessories/headset/usb-adapter - - title: Device Spec - path: /devices/accessories/headset/usb-device - - title: Expected Behavior - path: /devices/accessories/headset/expected-behavior - - title: Testing - path: /devices/accessories/headset/testing - - title: Custom Accessories - section: - - title: Overview - path: /devices/accessories/custom - - title: AOA - section: - - title: Overview - path: /devices/accessories/protocol - - title: AOA 2.0 - path: /devices/accessories/aoa2 - - title: AOA 1.0 - path: /devices/accessories/aoa - - title: Stylus - path: /devices/accessories/stylus -- title: Sensors - section: - - title: Overview - path: /devices/sensors/ - - title: Sensor Stack - path: /devices/sensors/sensor-stack - - title: Reporting Modes - path: /devices/sensors/report-modes - - title: Suspend Mode - path: /devices/sensors/suspend-mode - - title: Power Consumption - path: /devices/sensors/power-use - - title: Interaction - path: /devices/sensors/interaction - - title: HAL Interface - path: /devices/sensors/hal-interface - - title: Batching - path: /devices/sensors/batching - - title: Sensor Types - path: /devices/sensors/sensor-types - - title: Version Deprecation - path: /devices/sensors/versioning -- title: Storage - section: - - title: Overview - path: /devices/storage/ - - title: Traditional Storage - path: /devices/storage/traditional - - title: Adoptable Storage - path: /devices/storage/adoptable - - title: Device Configuration - path: /devices/storage/config - - title: Configuration Examples - path: /devices/storage/config-example - - title: Faster Statistics - path: /devices/storage/faster-stats -- title: TV - section: - - title: Overview - path: /devices/tv - - title: HDMI-CEC Control Service - path: /devices/tv/hdmi-cec - - title: Reference TV App - path: /devices/tv/reference-tv-app - - title: Customize the TV App - path: /devices/tv/customize-tv-app - diff --git a/en/devices/_toc-interaction.yaml b/en/devices/_toc-interaction.yaml index 252a7a3b..20c440c7 100644 --- a/en/devices/_toc-interaction.yaml +++ b/en/devices/_toc-interaction.yaml @@ -41,6 +41,8 @@ toc: path: /devices/automotive/ivi_connectivity - title: Vehicle Properties path: /devices/automotive/properties + - title: Power Management + path: /devices/automotive/power - title: Flash Wear Management path: /devices/tech/perf/flash-wear - title: Neural Networks diff --git a/en/devices/_toc-permissions.yaml b/en/devices/_toc-permissions.yaml index 5857602e..51bb9585 100644 --- a/en/devices/_toc-permissions.yaml +++ b/en/devices/_toc-permissions.yaml @@ -1,17 +1,15 @@ toc: - - title: Privileged Permission Whitelist - path: /devices/tech/config/perms-whitelist - - title: Runtime Permissions - path: /devices/tech/config/runtime_perms - - title: Time Zone Rules - path: /devices/tech/config/timezone-rules - - title: Ambient Capabilities - path: /devices/tech/config/ambient - - title: Discretionary Access Control - path: /devices/tech/config/filesystem - - title: Library Namespaces - path: /devices/tech/config/namespaces_libraries - - title: USB HAL - path: /devices/tech/config/usb-hal - - title: Visual Voicemail - path: /devices/tech/config/voicemail +- title: Privileged Permission Whitelist + path: /devices/tech/config/perms-whitelist +- title: Runtime Permissions + path: /devices/tech/config/runtime_perms +- title: Ambient Capabilities + path: /devices/tech/config/ambient +- title: Discretionary Access Control + path: /devices/tech/config/filesystem +- title: Library Namespaces + path: /devices/tech/config/namespaces_libraries +- title: USB HAL + path: /devices/tech/config/usb-hal +- title: Visual Voicemail + path: /devices/tech/config/voicemail diff --git a/en/devices/_toc-systems.yaml b/en/devices/_toc-systems.yaml deleted file mode 100644 index 5f91e99d..00000000 --- a/en/devices/_toc-systems.yaml +++ /dev/null @@ -1,429 +0,0 @@ -toc: -- title: Overview - path: /devices/ -- title: Architecture - section: - - title: Overview - path: /devices/architecture/ - - title: Hardware Abstraction Layer (HAL) - path: /devices/architecture/hal - - title: HAL Types - path: /devices/architecture/hal-types - - title: Treble - path: /devices/architecture/treble - - title: Kernel - section: - - title: Overview - path: /devices/architecture/kernel/ - - title: Stable Releases & Updates - path: /devices/architecture/kernel/releases - - title: Android Common Kernels - path: /devices/architecture/kernel/android-common - - title: Modular Kernel Requirements - path: /devices/architecture/kernel/modular-kernels - - title: Interface Requirements - path: /devices/architecture/kernel/reqs-interfaces - - title: Configuration - path: /devices/architecture/kernel/config - - title: Kernel Hardening - path: /devices/architecture/kernel/hardening - - title: SquashFS - path: /devices/architecture/kernel/squashfs - - title: LLDB Debugging - path: /devices/architecture/kernel/lldb-debug - - title: Network Tests - path: /devices/architecture/kernel/network_tests - - title: HIDL (General) - section: - - title: Overview - path: /devices/architecture/hidl/ - - title: Interfaces & Packages - path: /devices/architecture/hidl/interfaces - - title: Interface Hashing - path: /devices/architecture/hidl/hashing - - title: Services & Data Transfer - path: /devices/architecture/hidl/services - - title: Fast Message Queue - path: /devices/architecture/hidl/fmq - - title: Using Binder IPC - path: /devices/architecture/hidl/binder-ipc - - title: Network Stack Configuration Tools - path: /devices/architecture/hidl/network-stack - - title: Threading Models - path: /devices/architecture/hidl/threading - - title: Converting Modules - path: /devices/architecture/hidl/converting - - title: Data Types - path: /devices/architecture/hidl/types - - title: Versioning - path: /devices/architecture/hidl/versioning - - title: Code Style Guide - path: /devices/architecture/hidl/code-style - - title: HIDL (C++) - section: - - title: Overview - path: /devices/architecture/hidl-cpp/ - - title: Packages - path: /devices/architecture/hidl-cpp/packages - - title: Interfaces - path: /devices/architecture/hidl-cpp/interfaces - - title: Data Types - path: /devices/architecture/hidl-cpp/types - - title: Functions - path: /devices/architecture/hidl-cpp/functions - - title: HIDL (Java) - section: - - title: Overview - path: /devices/architecture/hidl-java/ - - title: Data Types - path: /devices/architecture/hidl-java/types - - title: Interface Errors & Methods - path: /devices/architecture/hidl-java/interfaces - - title: Exporting Constants - path: /devices/architecture/hidl-java/constants - - title: ConfigStore HAL - section: - - title: Overview - path: /devices/architecture/configstore/ - - title: Creating the HAL Interface - path: /devices/architecture/configstore/interface - - title: Implementing the Service - path: /devices/architecture/configstore/service - - title: Client-Side Usage - path: /devices/architecture/configstore/client - - title: Adding Classes & Items - path: /devices/architecture/configstore/add-class-item - - title: Device Tree Overlays - section: - - title: Overview - path: /devices/architecture/dto/ - - title: Implementing DTO - path: /devices/architecture/dto/implement - - title: DTO Syntax - path: /devices/architecture/dto/syntax - - title: Compiling & Verifying - path: /devices/architecture/dto/compile - - title: Using Multiple DTs - path: /devices/architecture/dto/multiple - - title: DTB/DTBO Partition Format - path: /devices/architecture/dto/partitions - - title: Optimizing DTO - path: /devices/architecture/dto/optimize - - title: Vendor NDK - section: - - title: Overview - path: /devices/architecture/vndk/ - - title: Enabling the VNDK - path: /devices/architecture/vndk/enabling - - title: VNDK Build System Support - path: /devices/architecture/vndk/build-system - - title: VNDK Extensions - path: /devices/architecture/vndk/extensions - - title: VNDK Definition Tool - path: /devices/architecture/vndk/deftool - - title: Linker Namespace - path: /devices/architecture/vndk/linker-namespace - - title: Directories, Rules, and sepolicy - path: /devices/architecture/vndk/dir-rules-sepolicy - - title: Renderscript - path: /devices/architecture/vndk/renderscript - - title: Vendor Interface Object - section: - - title: Overview - path: /devices/architecture/vintf/ - - title: VINTF Object Data - path: /devices/architecture/vintf/objects - - title: Compatibility Matrices - path: /devices/architecture/vintf/comp-matrices - - title: Matching Rules - path: /devices/architecture/vintf/match-rules - - title: Resources - path: /devices/architecture/vintf/resources -- title: Audio - section: - - title: Overview - path: /devices/audio/ - - title: Terminology - path: /devices/audio/terminology - - title: Implementation - section: - - title: Overview - path: /devices/audio/implement - - title: Policy Configuration - path: /devices/audio/implement-policy - - title: Shared Library - path: /devices/audio/implement-shared-library - - title: Pre-processing Effects - path: /devices/audio/implement-pre-processing - - title: Data Formats - path: /devices/audio/data_formats - - title: Attributes - path: /devices/audio/attributes - - title: AAudio and MMAP - path: /devices/audio/aaudio - - title: Warmup - path: /devices/audio/warmup - - title: Latency - section: - - title: Overview - path: /devices/audio/latency - - title: Contributors - path: /devices/audio/latency_contrib - - title: Design - path: /devices/audio/latency_design - - title: Measure - path: /devices/audio/latency_measure - - title: Light Testing Circuit - path: /devices/audio/testing_circuit - - title: Audio Loopback Dongle - path: /devices/audio/loopback - - title: Measurements - path: /devices/audio/latency_measurements - - title: Applications - path: /devices/audio/latency_app - - title: Priority Inversion - path: /devices/audio/avoiding_pi - - title: Sample Rate Conversion - path: /devices/audio/src - - title: Debugging - path: /devices/audio/debugging - - title: MIDI - section: - - title: Overview - path: /devices/audio/midi - - title: MIDI Architecture - path: /devices/audio/midi_arch - - title: MIDI Test Procedure - path: /devices/audio/midi_test - - title: USB Digital Audio - path: /devices/audio/usb - - title: TV Audio - path: /devices/audio/tv -- title: Automotive - section: - - title: Overview - path: /devices/automotive/ - - title: Vehicle Properties - path: /devices/automotive/properties - - title: Camera HAL - path: /devices/automotive/camera-hal - - title: IVI Connectivity - path: /devices/automotive/ivi_connectivity -- title: Bluetooth - section: - - title: Overview - path: /devices/bluetooth - - title: Services - path: /devices/bluetooth/services - - title: Bluetooth Low Energy - path: /devices/bluetooth/ble - - title: BLE Advertising - path: /devices/bluetooth/ble_advertising - - title: Verifying and Debugging - path: /devices/bluetooth/verifying_debugging - - title: HCI Requirements - path: /devices/bluetooth/hci_requirements -- title: Bootloader - section: - - title: Overview - path: /devices/bootloader - - title: Partitions and Images - path: /devices/bootloader/partitions-images - - title: Flashing and Updating - path: /devices/bootloader/flashing-updating - - title: Unlocking and Trusty - path: /devices/bootloader/unlock-trusty -- title: Camera - section: - - title: Overview - path: /devices/camera/ - - title: Camera3 - path: /devices/camera/camera3 - - title: HAL Subsystem - path: /devices/camera/camera3_requests_hal - - title: Metadata and Controls - path: /devices/camera/camera3_metadata - - title: 3A Modes and State - path: /devices/camera/camera3_3Amodes - - title: Output and Cropping - path: /devices/camera/camera3_crop_reprocess - - title: Errors and Streams - path: /devices/camera/camera3_error_stream - - title: Request Creation - path: /devices/camera/camera3_requests_methods - - title: Version Support - path: /devices/camera/versioning -- title: DRM - path: /devices/drm -- title: Graphics - section: - - title: Overview - path: /devices/graphics/ - - title: Architecture - section: - - title: Overview - path: /devices/graphics/architecture - - title: BufferQueue - path: /devices/graphics/arch-bq-gralloc - - title: SurfaceFlinger and HWC - path: /devices/graphics/arch-sf-hwc - - title: Surface and SurfaceHolder - path: /devices/graphics/arch-sh - - title: OpenGL ES - path: /devices/graphics/arch-egl-opengl - - title: OpenGLRenderer Configuration - path: /devices/graphics/renderer - - title: Vulkan - path: /devices/graphics/arch-vulkan - - title: SurfaceView - path: /devices/graphics/arch-sv-glsv - - title: SurfaceTexture - path: /devices/graphics/arch-st - - title: TextureView - path: /devices/graphics/arch-tv - - title: Game Loops - path: /devices/graphics/arch-gameloops - - title: Implementation - section: - - title: Overview - path: /devices/graphics/implement - - title: Hardware Composer HAL - path: /devices/graphics/implement-hwc - - title: VSYNC - path: /devices/graphics/implement-vsync - - title: Vulkan - path: /devices/graphics/implement-vulkan - - title: Virtual Displays - path: /devices/graphics/implement-vdisplays - - title: OpenGL ES Testing - section: - - title: Overview - path: /devices/graphics/testing - - title: Building Test Programs - path: /devices/graphics/build-tests - - title: Porting the Test Framework - path: /devices/graphics/port-tests - - title: Running the Tests - path: /devices/graphics/run-tests - - title: Automating the Tests - path: /devices/graphics/automate-tests - - title: Using Special Test Groups - path: /devices/graphics/test-groups - - title: Integrating with Android CTS - path: /devices/graphics/cts-integration -- title: Input - section: - - title: Overview - path: /devices/input/ - - title: Key Layout Files - path: /devices/input/key-layout-files - - title: Key Character Map Files - path: /devices/input/key-character-map-files - - title: Input Device Configuration Files - path: /devices/input/input-device-configuration-files - - title: Migration Guide - path: /devices/input/migration-guide - - title: Keyboard Devices - path: /devices/input/keyboard-devices - - title: Touch Devices - path: /devices/input/touch-devices - - title: Getevent - path: /devices/input/getevent - - title: Validate Keymaps - path: /devices/input/validate-keymaps -- title: Media - section: - - title: Overview - path: /devices/media/ - - title: Framework Hardening - path: /devices/media/framework-hardening - - title: SoC Dependencies - path: /devices/media/soc - - title: OEM Dependencies - path: /devices/media/oem -- title: Peripherals - path: /devices/accessories - section: - - title: Audio Accessories - section: - - title: Overview - path: /devices/accessories/audio - - title: 3.5 mm Headset - section: - - title: Headset Spec - path: /devices/accessories/headset/plug-headset-spec - - title: Device Spec - path: /devices/accessories/headset/jack-headset-spec - - title: USB Headset - section: - - title: Headset Spec - path: /devices/accessories/headset/usb-headset-spec - - title: Adapter Spec - path: /devices/accessories/headset/usb-adapter - - title: Device Spec - path: /devices/accessories/headset/usb-device - - title: Expected Behavior - path: /devices/accessories/headset/expected-behavior - - title: Testing - path: /devices/accessories/headset/testing - - title: Custom Accessories - section: - - title: Overview - path: /devices/accessories/custom - - title: AOA - section: - - title: Overview - path: /devices/accessories/protocol - - title: AOA 2.0 - path: /devices/accessories/aoa2 - - title: AOA 1.0 - path: /devices/accessories/aoa - - title: Stylus - path: /devices/accessories/stylus -- title: Sensors - section: - - title: Overview - path: /devices/sensors/ - - title: Sensor Stack - path: /devices/sensors/sensor-stack - - title: Reporting Modes - path: /devices/sensors/report-modes - - title: Suspend Mode - path: /devices/sensors/suspend-mode - - title: Power Consumption - path: /devices/sensors/power-use - - title: Interaction - path: /devices/sensors/interaction - - title: HAL Interface - path: /devices/sensors/hal-interface - - title: Batching - path: /devices/sensors/batching - - title: Sensor Types - path: /devices/sensors/sensor-types - - title: Version Deprecation - path: /devices/sensors/versioning -- title: Storage - section: - - title: Overview - path: /devices/storage/ - - title: Traditional Storage - path: /devices/storage/traditional - - title: Adoptable Storage - path: /devices/storage/adoptable - - title: Device Configuration - path: /devices/storage/config - - title: Configuration Examples - path: /devices/storage/config-example - - title: Faster Statistics - path: /devices/storage/faster-stats -- title: TV - section: - - title: Overview - path: /devices/tv - - title: HDMI-CEC Control Service - path: /devices/tv/hdmi-cec - - title: Reference TV App - path: /devices/tv/reference-tv-app - - title: Customize the TV App - path: /devices/tv/customize-tv-app - diff --git a/en/devices/_toc-tech.yaml b/en/devices/_toc-tech.yaml deleted file mode 100644 index 211a990e..00000000 --- a/en/devices/_toc-tech.yaml +++ /dev/null @@ -1,269 +0,0 @@ -toc: -- title: Overview - path: /devices/tech/ -- title: ART and Dalvik - section: - - title: Overview - path: /devices/tech/dalvik - - title: Improvements - path: /devices/tech/dalvik/improvements - - title: Bytecode Format - path: /devices/tech/dalvik/dalvik-bytecode - - title: Dex Format - path: /devices/tech/dalvik/dex-format - - title: Instruction Formats - path: /devices/tech/dalvik/instruction-formats - - title: Constraints - path: /devices/tech/dalvik/constraints - - title: Configuration - path: /devices/tech/dalvik/configure - - title: Garbage Collection - path: /devices/tech/dalvik/gc-debug - - title: JIT Compilation - path: /devices/tech/dalvik/jit-compiler -- title: Configuration - section: - - title: Overview - path: /devices/tech/config/ - - title: Ambient Capabilities - path: /devices/tech/config/ambient - - title: Carrier Customization - section: - - title: Carrier Configuration - path: /devices/tech/config/carrier - - title: APN and CarrierConfig - path: /devices/tech/config/update - - title: UICC - path: /devices/tech/config/uicc - - title: File DAC Configuration - path: /devices/tech/config/filesystem - - title: Namespaces for Libraries - path: /devices/tech/config/namespaces_libraries - - title: Privileged Permission Whitelist - path: /devices/tech/config/perms-whitelist - - title: Runtime Permissions - path: /devices/tech/config/runtime_perms - - title: Time Zone Rules - path: /devices/tech/config/timezone-rules - - title: USB HAL - path: /devices/tech/config/usb-hal - - title: Visual Voicemail - path: /devices/tech/config/voicemail -- title: Connectivity - section: - - title: Overview - path: /devices/tech/connect/ - - title: Block Phone Numbers - path: /devices/tech/connect/block-numbers - - title: Call Notifications - path: /devices/tech/connect/call-notification - - title: Data Saver Mode - path: /devices/tech/connect/data-saver - - title: Emergency Affordance - path: /devices/tech/connect/emergency-affordance - - title: Host Card Emulation of FeliCa - path: /devices/tech/connect/felica - - title: Out-of-Balance Users - path: /devices/tech/connect/oob-users - - title: Network Connectivity Tests - path: /devices/tech/connect/connect_tests - - title: Radio Interface Layer (RIL) - path: /devices/tech/connect/ril - - title: Wi-Fi Aware - path: /devices/tech/connect/wifi-aware -- title: Data Usage - section: - - title: Overview - path: /devices/tech/datausage/ - - title: Network Interface Statistics Overview - path: /devices/tech/datausage/iface-overview - - title: Excluding Network Types from Data Usage - path: /devices/tech/datausage/excluding-network-types - - title: Tethering Data - path: /devices/tech/datausage/tethering-data - - title: Usage Cycle Reset Dates - path: /devices/tech/datausage/usage-cycle-resets-dates - - title: Kernel Overview - path: /devices/tech/datausage/kernel-overview - - title: Data Usage Tags Explained - path: /devices/tech/datausage/tags-explained - - title: Kernel Changes - path: /devices/tech/datausage/kernel-changes -- title: Debugging - section: - - title: Overview - path: /devices/tech/debug/ - - title: Diagnosing Native Crashes - path: /devices/tech/debug/native-crash - - title: Evaluating Performance - section: - - title: Overview - path: /devices/tech/debug/eval_perf - - title: Understanding systrace - path: /devices/tech/debug/systrace - - title: Using ftrace - path: /devices/tech/debug/ftrace - - title: Identifying Capacity Jank - path: /devices/tech/debug/jank_capacity - - title: Identifying Jitter Jank - path: /devices/tech/debug/jank_jitter - - title: Fuzzing and Sanitizing - section: - - title: Overview - path: /devices/tech/debug/fuzz-sanitize - - title: AddressSanitizer - path: /devices/tech/debug/asan - - title: LLVM Sanitizers - path: /devices/tech/debug/sanitizers - - title: Build kernel with KASAN+KCOV - path: /devices/tech/debug/kasan-kcov - - title: Fuzzing with libFuzzer - path: /devices/tech/debug/libfuzzer - - title: Using GDB - path: /devices/tech/debug/gdb - - title: Native Memory Use - path: /devices/tech/debug/native-memory - - title: Rescue Party - path: /devices/tech/debug/rescue-party - - title: Storaged - path: /devices/tech/debug/storaged - - title: Strace - path: /devices/tech/debug/strace - - title: Valgrind - path: /devices/tech/debug/valgrind -- title: Device Administration - section: - - title: Overview - path: /devices/tech/admin/ - - title: Implementation - path: /devices/tech/admin/implement - - title: Multiple Users - path: /devices/tech/admin/multi-user - - title: Managed Profiles - path: /devices/tech/admin/managed-profiles - - title: Provisioning - path: /devices/tech/admin/provision - - title: Multiuser Apps - path: /devices/tech/admin/multiuser-apps - - title: Enterprise Telephony - path: /devices/tech/admin/enterprise-telephony - - title: Testing Device Provisioning - path: /devices/tech/admin/testing-provision - - title: Testing Device Administration - path: /devices/tech/admin/testing-setup -- title: Display - section: - - title: Overview - path: /devices/tech/display/ - - title: Adaptive Icons - path: /devices/tech/display/adaptive-icons - - title: App Shortcuts - path: /devices/tech/display/app-shortcuts - - title: Circular Icons - path: /devices/tech/display/circular-icons - - title: Color Management - path: /devices/tech/display/color-mgmt - - title: Do Not Disturb - path: /devices/tech/display/dnd - - title: HDR Video - path: /devices/tech/display/hdr - - title: Multi-Window - path: /devices/tech/display/multi-window - - title: Night Light - path: /devices/tech/display/night-light - - title: Picture-in-picture - path: /devices/tech/display/pip - - title: Retail Demo Mode - path: /devices/tech/display/retail-mode - - title: Split-Screen Interactions - path: /devices/tech/display/split-screen - - title: TEXTCLASSIFIER - path: /devices/tech/display/textclassifier - - title: Widgets & Shortcuts - path: /devices/tech/display/widgets-shortcuts -- title: OTA Updates - section: - - title: Overview - path: /devices/tech/ota/ - - title: OTA Tools - path: /devices/tech/ota/tools - - title: Signing Builds for Release - path: /devices/tech/ota/sign_builds - - title: Reducing OTA Size - path: /devices/tech/ota/reduce_size - - title: A/B System Updates - section: - - title: Overview - path: /devices/tech/ota/ab/ - - title: Implementing A/B Updates - path: /devices/tech/ota/ab/ab_implement - - title: Frequently Asked Questions - path: /devices/tech/ota/ab/ab_faqs - - title: Non-A/B System Updates - section: - - title: Overview - path: /devices/tech/ota/nonab/ - - title: Block-Based OTA - path: /devices/tech/ota/nonab/block - - title: Inside OTA Packages - path: /devices/tech/ota/nonab/inside_packages - - title: Device-Specific Code - path: /devices/tech/ota/nonab/device_code -- title: Performance - section: - - title: Overview - path: /devices/tech/perf/ - - title: Boot Times - path: /devices/tech/perf/boot-times - - title: Flash Wear Management - path: /devices/tech/perf/flash-wear - - title: Low RAM - path: /devices/tech/perf/low-ram - - title: Task Snapshots - path: /devices/tech/perf/task-snapshots -- title: Power - section: - - title: Overview - path: /devices/tech/power/ - - title: Power Management - path: /devices/tech/power/mgmt - - title: Performance Management - path: /devices/tech/power/performance - - title: Component Power - path: /devices/tech/power/component - - title: Device Power - path: /devices/tech/power/device - - title: Power Values - path: /devices/tech/power/values -- title: Settings Menu - section: - - title: Overview - path: /devices/tech/settings/ - - title: Patterns and Components - path: /devices/tech/settings/patterns-components - - title: Information Architecture - path: /devices/tech/settings/info-architecture - - title: Personalized Settings - path: /devices/tech/settings/personalized - - title: Universal Search - path: /devices/tech/settings/universal-search - - title: Design Guidelines - path: /devices/tech/settings/settings-guidelines -- title: Testing Infrastructure - section: - - title: Overview - path: /devices/tech/test_infra/tradefed/ - - title: Start Here - path: /devices/tech/test_infra/tradefed/fundamentals - - title: Machine Setup - path: /devices/tech/test_infra/tradefed/fundamentals/machine_setup - - title: Working with Devices - path: /devices/tech/test_infra/tradefed/fundamentals/devices - - title: Test Lifecycle - path: /devices/tech/test_infra/tradefed/fundamentals/lifecycle - - title: Option Handling - path: /devices/tech/test_infra/tradefed/fundamentals/options - - title: An End-to-End Example - path: /devices/tech/test_infra/tradefed/full_example - - title: Package Index - path: /reference/tradefed/ diff --git a/en/devices/_toc-update.yaml b/en/devices/_toc-update.yaml index e3b86dde..5158be28 100644 --- a/en/devices/_toc-update.yaml +++ b/en/devices/_toc-update.yaml @@ -25,3 +25,5 @@ toc: path: /devices/tech/ota/nonab/inside_packages - title: Device-Specific Code path: /devices/tech/ota/nonab/device_code +- title: Time Zone Rules + path: /devices/tech/config/timezone-rules diff --git a/en/devices/_translation.yaml b/en/devices/_translation.yaml deleted file mode 100644 index 32d1e74b..00000000 --- a/en/devices/_translation.yaml +++ /dev/null @@ -1,10 +0,0 @@ -enable_continuous_translation: true -title: Android Open Source Project Devices tab -description: Translations for SAC devices tab -language: -- zh-CN -cc: -- sac-doc-leads+translation@google.com -reviewer: -- daroberts -product: Android diff --git a/en/devices/architecture/hidl/code-style.html b/en/devices/architecture/hidl/code-style.html index 5f787d71..5f451851 100644 --- a/en/devices/architecture/hidl/code-style.html +++ b/en/devices/architecture/hidl/code-style.html @@ -52,12 +52,14 @@ interface <a href="#interface-names">IFoo</a> { /** * This is a <a href="#comments">multiline docstring</a>. + * * <a href="#return">@return</a> result 0 if successful, nonzero otherwise. */ <a href="#function-declarations">foo() generates (FooStatus result);</a> /** * Restart controller by power cycle. + * * <a href="#param">@param</a> bar callback interface that… * @return result 0 if successful, nonzero otherwise. */ @@ -69,6 +71,7 @@ interface <a href="#interface-names">IFoo</a> { /** * The bar function. + * * <a href="#param">@param</a> <a href="#functions">clientCallback</a> callback after function is called * @param baz related baz object * @param data input data blob @@ -107,7 +110,7 @@ package android.hardware.foo@1.0; <h2 id=naming>Naming conventions</h2> <p>Function names, variable names, and filenames should be descriptive; avoid over-abbreviation. Treat acronyms as words (e.g., use <code>INfc</code> instead -of <code>INFC</code>.</p> +of <code>INFC</code>).</p> <h3 id=dir-structure>Directory structure and file naming</h3> <p>The directory structure should appear as follows:</p> @@ -455,6 +458,7 @@ the package directory).</p> interface IFooController { /** * Opens the controller. + * * @return status HAL_FOO_OK if successful. */ open() generates (FooStatus status); @@ -478,6 +482,7 @@ should be followed by the name of the return value then the docstring.</li> <pre class="prettyprint"> /** * Explain what foo does. + * * @param arg1 explain what arg1 is * @param arg2 explain what arg2 is * @return ret1 explain what ret1 is diff --git a/en/devices/architecture/vndk/renderscript.html b/en/devices/architecture/vndk/renderscript.html index a2b5a8bd..873b24a2 100644 --- a/en/devices/architecture/vndk/renderscript.html +++ b/en/devices/architecture/vndk/renderscript.html @@ -533,14 +533,8 @@ namespace.sphal.link.rs.shared_libs = libRS_internal.so </p> <pre class="prettyprint"> -device/vendor_foo/device_bar/sepolicy/file.te: -type renderscript_exec, exec_type, file_type; - -device/vendor_foo/device_bar/sepolicy/app.te: -allow appdomain renderscript_exec:file { read open getattr execute execute_no_trans }; - device/vendor_foo/device_bar/sepolicy/file_contexts: -/vendor/bin/bcc u:object_r:renderscript_exec:s0 +/vendor/bin/bcc u:object_r:same_process_hal_file:s0 </pre> <h3 id="legacy-devices">Legacy devices</h3> diff --git a/en/devices/automotive/images/automotive_power_class_diagram.png b/en/devices/automotive/images/automotive_power_class_diagram.png Binary files differnew file mode 100644 index 00000000..736dadb8 --- /dev/null +++ b/en/devices/automotive/images/automotive_power_class_diagram.png diff --git a/en/devices/automotive/images/automotive_power_deep_sleep.png b/en/devices/automotive/images/automotive_power_deep_sleep.png Binary files differnew file mode 100644 index 00000000..2ccfda75 --- /dev/null +++ b/en/devices/automotive/images/automotive_power_deep_sleep.png diff --git a/en/devices/automotive/images/automotive_power_deep_sleep_exit.png b/en/devices/automotive/images/automotive_power_deep_sleep_exit.png Binary files differnew file mode 100644 index 00000000..b920eb20 --- /dev/null +++ b/en/devices/automotive/images/automotive_power_deep_sleep_exit.png diff --git a/en/devices/automotive/images/automotive_power_object_state.png b/en/devices/automotive/images/automotive_power_object_state.png Binary files differnew file mode 100644 index 00000000..0e0aba62 --- /dev/null +++ b/en/devices/automotive/images/automotive_power_object_state.png diff --git a/en/devices/automotive/images/automotive_power_reference_diagram.png b/en/devices/automotive/images/automotive_power_reference_diagram.png Binary files differnew file mode 100644 index 00000000..625450f1 --- /dev/null +++ b/en/devices/automotive/images/automotive_power_reference_diagram.png diff --git a/en/devices/automotive/images/automotive_power_states.png b/en/devices/automotive/images/automotive_power_states.png Binary files differnew file mode 100644 index 00000000..d0c5cab6 --- /dev/null +++ b/en/devices/automotive/images/automotive_power_states.png diff --git a/en/devices/automotive/power.html b/en/devices/automotive/power.html new file mode 100644 index 00000000..f126825d --- /dev/null +++ b/en/devices/automotive/power.html @@ -0,0 +1,753 @@ +<html devsite> + <head> + <title>Power Management</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p>Android Automotive (AAE) P introduces a new state – <em>deep sleep</em> – into the AAE P power +management state machine. To implement this state, AAE P provides a new power management service +and interface: <code>CarPowerManagementService</code> and <code>CarPowerManager</code>.</p> + +<p>State transitions are triggered by the Vehicle MCU (VMCU). To enable AAE to communicate with the +VMCU, integrators must implement several components. Integrators are responsible for integrating +with the VHAL and the kernel implementation. Integrators are also responsible for disabling wake +sources and ensuring that shutdowns are not postponed indefinitely.</p> + +<h2>Terminology</h2> + +<p>These terms are used throughout this document:</p> + +<table> +<thead> +<tr> +<th>Term</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>Application Processor (AP)</td> +<td>Part of the System on Chip (SoC).</td> +</tr> +<tr> +<td>Board Support Processor (BSP)</td> +<td>All of the chip and hardware specific code +necessary for the product to work. Typically provided by the SoC vendor and hardware +manufacturer. This covers items such as device drivers, the PMIC sequencing code, and SoC +bringup.</td> +</tr> +<tr> +<td>CarPowerManager (CPM)</td> +<td>Exposes an API for applications to register for power state changes.</td> +</tr> +<tr> +<td>CarPowerManagementService (CPMS)</td> +<td>Implements the car power state machine, interfaces with VHAL, and performs the final calls to <code>suspend()</code> and <code>shutdown()</code>.</td> +</tr> +<tr> +<td>CarServiceHelperService</strong> (<strong>CSHS</strong>)</td> +<td>Provides a hook into SystemServer for OK, provided that is the Car Service.</td> +</tr> +<tr> +<td>General Purpose Input / Output (GPIO)</td> +<td>A digital signal pin for general purpose use.</td> +</tr> +<tr> +<td>Hibernate</td> +<td>AKA <em>Suspend to Disk</em> (S2D/S4). The SoC is placed into S4 power mode (hibernate) and RAM +content is written to non-volatile media (such as flash or disk) and the entire system is powered +off. Android does <strong><em>not</em></strong> currently implement hibernate.</td> +</tr> +<tr> +<td>Media Processor (MP)</td> +<td>See System on Chip (SoC).</td> +</tr> +<tr> +<td>Power Management Integrated Circuit (PMIC)</td> +<td>Chip used to manage power requirements for the host system.</td> +</tr> +<tr> +<td>System on a Chip (SoC)</td> +<td>Main processor that runs Android, typically supplied by manufacturers such as Intel, Mediatek, +Nvidia, Qualcomm, Renesas, and Texas Instruments. </td> +</tr> +<tr> +<td>Suspend</td> +<td>AKA <em>Suspend to RAM</em> (S2R or STR). The SoC is placed into S3 power mode and the CPU is +powered off while RAM remains powered on.</td> +</tr> +<tr> +<td>Vehicle HAL (VHAL)</td> +<td>The Android API used to interface with the vehicle network. The Tier 1 partner or OEM is +responsible for writing this module. The vehicle network can use any physical layer (such as CAN, +LIN, MOST, and Ethernet). The VHAL abstracts this vehicle network to enable Android to interact with +the vehicle.</td> +</tr> +<tr> +<td>Vehicle Interface Processor (VIP)</td> +<td>See Vehicle MCU.</td> +</tr> +<tr> +<td>Vehicle MCU (VMCU)</td> +<td>The microcontroller that provides the interface between the vehicle network and the SoC. The SoC +communicates with the VMCU via USB, UART, SPI, and GPIO signals. </td> +</tr> +</tbody> +</table> + +<h2>System design</h2> + +<p>This section describes how AAE represents the application processor's power state and which +modules implement the power management system. This material also describes how these modules work +together and how state transitions typically occur.</p> + +<h3>Car power state machine</h3> + +<p>AAE uses a <em>state machine</em> to represent the power state of the AP. This state machine +provides these five states, as illustrated below: + +<p><img src="/devices/automotive/images/automotive_power_states.png"></p> + +<p><b>Figure 1</b>. Car power state machine</p> + +<p>The initial state of this state machine is OFF. This state can transition into two states, +ON:DISP OFF and ON: FULL. Both states indicate the AP is on. The difference lies in the +display's power state. ON: DISP OFF means that the AP is running and displays are turned off. +When display turns on, the ON: DISP OFF state transitions into ON:FULL (and vice versa).</p> + +<p>The AP is turned off in two cases. In both cases, the state machine first changes state to +SHUTDOWN PREPARE and then transitions to OFF or DEEP SLEEP:</p> + +<ul> +<li>Power off</li> +<li>Suspended to RAM</li> +</ul> + +<p>When this power management state machine enters the DEEP SLEEP state, the AP runs Suspend to +RAM. For example, the AP suspends its state (such as register stored value) in RAM. When the AP +wakes up, all states are restored.</p> + +<h3>Power management modules</h3> + +<p>These five modules comprise the power management system:</p> + +<table> +<thead> +<tr> +<th><strong>Module name</strong></th> +<th><strong>Description</strong></th> +</tr> +</thead> +<tbody> +<tr> +<td>CarPowerManager</td> +<td>Java/C++ API</td> +</tr> +<tr> +<td>CarPowerManagementService</td> +<td>Responsible for coordinating the sleep/suspend power state</td> +</tr> +<tr> +<td>Vehicle HAL</td> +<td>Interface to VMCU</td> +</tr> +<tr> +<td>libsuspend</td> +<td>Native library to place the device into suspend</td> +</tr> +<tr> +<td>Kernel</td> +<td>Suspend to RAM implementation</td> +</tr> +</tbody> +</table> + +<p>The deep sleep feature (suspending Android to RAM) is implemented in the kernel. This feature is +exposed to the user space as a special file located at <code>/sys/power/state</code>. AAE is +suspended by writing <code>mem</code> to this file. </p> + +<p><code>libsuspend</code> is a native library that implements <code>forcesuspend()</code>. This +function uses <code>/sys/power/state</code> to suspend AAE. <code>forcesuspend()</code> can be +called from system services, including CPMS.</p> + +<p>The CPMS coordinates the power state with other services and HALs. The CPMS implements the state +machine described above and sends notifications to every observer when a power state transition +occurs. This service also uses <code>libsuspend</code> and the VHAL to send messages to the +hardware. </p> + +<p>Some properties are defined in the VHAL. To communicate with the VMCU, the CPMS reads and writes +these properties. Applications can use the interface defined in the CPM to monitor power state +changes. This interface also enables applications to acquire the boot reason and to send shutdown +requests. This API can be called from Java and C++ and are annotated with @hide / @System API, which +means it is available to privileged applications <em>only</em>. The relationship between these five +modules, applications, and services is illustrated below:</p> + +<p><img src="/devices/automotive/images/automotive_power_reference_diagram.png"></p> + +<p><b>Figure 2</b>. Power components reference diagram</p> + +<h3>Typical message sequence</h3> + +<p>The previous section described the modules that comprise the power management system. This +section uses the following two examples to explain how the modules and applications communicate:</p> + +<ul> +<li>Enter deep sleep</li> +<li>Exit deep sleep</li> +</ul> + +<h4>Enter deep sleep</h4> + +<p>Only the VMCU can initiate deep sleep. Once deep sleep is initiated, the VMCU sends a +notification to the CPMS via the VHAL. The CPMS changes the state to SHUTDOWN PREPARE and +broadcasts this state transition to all observers (the applications and services that monitor +CPMS) by calling the <code>onStateChanged()</code> method with a new state ID provided by the +CPM.</p> + +The CPM mediates between the applications/services and the CPMS. The <code>onStateChanged()</code> +method for the applications/services is synchronously invoked in the CPM's +<code>onStateChanged()</code> method. After which, the finished method of the CPMS is invoked to +notify the CPMS that the target application or service is ready to suspend. The CPM's +<code>onStateChanged()</code> method runs asynchronously. Therefore, some delay occurs between the +calling of the <code>onStateChanged()</code> method to all CPM objects and the receiving of the +finished message from all these objects. During this time, the CPMS continues to send shutdown +postpone requests to the VHAL.</p> + +<p>Once the CPMS receives the finished message from all CPM objects, the CPMS sends +<code>AP_POWER_STATE_REPORT</code> to the VHAL, which then notifies the VMCU that the AP is ready to +suspend. The CPMS also calls its suspend method, which suspends the kernel with a feature provided +by <code>libsuspend</code>.</p> + +<p>The entire sequence described above is illustrated in the following sequence diagram: + +<p><img src="/devices/automotive/images/automotive_power_deep_sleep.png"></p> + +<p><b>Figure 3</b>. Enter deep sleep sequence diagram</p> + +<h4>Exit deep sleep</h4> + +<p>The sequence to exit suspend is also initiated by the VMCU. The VMCU turns on the AP and the AP +restores the suspended Android from RAM. The CPMS uses <code>onStateChanged</code>method to send a +<code>SUSPEND_EXIT</code> message to applications and services when it wakes up. </p> + +To access the reason, applications and services can call the <code>getBootReason()</code> method +provided by the CPM. This method returns these values, as notified from the VMCU to the VHAL:</p> + +<ul> +<li>BOOT_REASON_USER_POWER_ON</li> +<li>BOOT_REASON_DOOR_UNLOCK</li> +<li>BOOT_REASON_TIMER</li> +<li>BOOT_REASON_DOOR_OPEN</li> +<li>BOOT_REASON_REMOTE_START</li> +</ul> + +<p><img src="/devices/automotive/images/automotive_power_deep_sleep_exit.png"></p> + +<p><b>Figure 4</b>. Exit deep sleep sequence diagram</p> + +<h2>Programming interfaces provided by CPM</h2> + +<p>This section describes the Java and C++ API provided by the CPM for system applications and +services. The process to call the CPM in C++ is identical to that used by the Java API. This API +enables the system software to:</p> + +<ul> +<li>Monitor the AP's power state changes</li> +<li>Acquire boot reasons from the CPMS</li> +<li>Request the VMCU to shut down the AP on the next suspend instruction</li> +</ul> + +<p><code>PowerTestFragment.java</code> in <code>com.google.android.car.kitchensink.power</code> +illustrates how to use these APIs in Java. Use these steps to call the APIs provided by the CPM:</p> + +<ol> +<li>To acquire the CPM instance, call the Car API.</li> +<li>Call the appropriate method on the object created in Step 1.</li> +</ol> + +<h3>Creating a CarPowerManager object</h3> + +<p>To create a CPM object, call the Car object's <code>getCarManager()</code> method. This method is +a facade used to create CM objects. Specify <code>android.car.Car.POWER_SERVICE</code> as an +argument to create a CPM object.</p> + +<div> +<pre class="prettyprint"> +Car car = Car.createCar(this, carCallbacks); +car.connect(); +CarPowerManager powerManager = + (CarPowerManager)car.getCarManager(android.car.Car.POWER_SERVICE); +</pre> +</div> + +<h2>CarPowerStateListener and registration</h2> + +<p>System applications and services can receive power state change notifications by implementing +<code>CarPowerManager.CarPowerStateListener</code>. This interface defines one method +<code>onStateChanged()</code>, which is a callback function invoked when the power state of CPMS +is changed. The following example defines a new anonymous class that implements the interface:</p> + +<div> +<pre class="prettyprint"> +private final CarPowerManager.CarPowerStateListener listener = + new CarPowerManager.CarPowerStateListener () { + @Override + public void onStateChanged(int state) { + Log.i(TAG, "onStateChanged() state = " + state); + } +}; +</pre> +</div> + +<p>To instruct this listener object to monitor a power state transition, create a new execution +thread and register the listener and this thread to the PM object: </p> + +<div> +<pre class="prettyprint"> +executer = new ThreadPerTaskExecuter(); +powerManager.setListener(powerListener, executer); +</pre> +</div> + +<p>When the power state is changed, the <code>onStateChanged()</code> method of the listener object +is invoked with a value to represent the new power state. The association between actual value and +power state is defined in <code>CarPowerManager.CarPowerStateListene</code>r and is shown in the +following table:</p> + +<table> +<thead> +<tr> +<th><strong>Name</strong></th> +<th><strong>Description</strong></th> +</tr> +</thead> +<tbody> +<tr> +<td>SHUTDOWN_CANCELED</td> +<td>Shutdown is canceled and power state is returned to the normal state.</td> +</tr> +<tr> +<td>SHUTDOWN_ENTER</td> +<td>Enter the shutdown state. Applications are expected to clean up and be ready to shutdown.</td> +</tr> +<tr> +<td>SUSPEND_ENTER</td> +<td>Enter the suspend state. Applications are expected to clean up and be ready to suspend.</td> +</tr> +<tr> +<td>SUSPEND_EXIT</td> +<td>Wake up from suspend or resume from a cancelled suspend.</td> +</tr> +</tbody> +</table> + +<h3>CarPowerStateListener unregistration</h3> + +<p>To unregister all listener objects registered to CPM, call the <code>clearListener</code> method:</p> + +<p><pre class="prettyprint"> +powerManager.clearListener(); +</pre> +</div> + +<h3>Boot reason acquisition</h3> + +<p>To acquire the boot reason, call the <code>getBootReason</code> method, which communicates with +the CPMS and returns one of the following five boot reasons:</p> + +<table> +<thead> +<tr> +<th><strong>Name</strong></th> +<th><strong>Description</strong></th> +</tr> +</thead> +<tbody> +<tr> +<td>BOOT_REASON_USER_POWER_ON</td> +<td>A user presses the power key or rotates the ignition switch to boot the device.</td> +</tr> +<tr> +<td>BOOT_REASON_DOOR_UNLOCK</td> +<td>Door unlocks, which causes the device to boot.</td> +</tr> +<tr> +<td>BOOT_REASON_TIMER</td> +<td>Timer expires and vehicle wakes up the AP.</td> +</tr> +<tr> +<td>BOOT_REASON_DOOR_OPEN</td> +<td>Door opens, which causes the device to boot.</td> +</tr> +<tr> +<td>BOOT_REASON_REMOTE_START</td> +<td>User activates remote start.</td> +</tr> +</tbody> +</table> + +<p>These boot reasons are defined in the CPM. The following sample code demonstrates boot reason +acquisition:</p> + +<div> +<pre class="prettyprint"> +try{ + int bootReason = carPowerManager.getBootReason(); + if (bootReason == CarPowerManager.BOOT_REASON_TIMER){ + doSomething; + }else{ + doSomethingElse(); + } +}catch(CarNotConnectedException e){ + Log.e("Failed to getBootReason()" + e); +} +</pre> +</div> + +<p>This method throws a <code>CarNotConnectedException</code> when it fails to communicate with the +CPMS.</p> + +<h3>Shutdown request on next suspend</h3> + +<p>The <code>requestShutdownOnNextSuspend()</code>method instructs CPMS to shut down instead of deep +sleep at the next opportunity.</p> + +<h2>System integration on your Android implementation</h2> + +<p>Integrators are responsible for implementing the following items:</p> + +<ul> +<li>Kernel interface to suspend Android</li> +<li>The VHAL to:<ul type="circle"> +<li>Propagate the initiation of suspend or shutdown from the car to Android</li> +<li>Send the shutdown ready message from Android to the car</li> +<li>Initiate shutdown or suspend of Android via the Linux kernel interface</li> +<li>Propagate the wake reason from the car to Android upon resume from suspend</li> +</ul> +<li>Wakesources to be disabled when the device is in suspend</li> +<li>Applications to shut down quickly enough so as not to indefinitely postpone the shutdown +process</li> +</ul> + +<h3>Kernel interface: /sys/power/state</h3> + +<p>First, implement the Linux suspend power state. Android places a device into suspend mode when +an application or service writes <code>mem</code> into a file located at +<code>/sys/power/state.</code> This function may include the sending of a GPIO to the VMCU to notify +the VMCU that the device has shut down completely. The Integrator is also responsible for removing +any race conditions between VHAL sending the final message to the VMCU and the system going into +suspend or shutdown mode.</p> + +<h3>VHAL responsibility</h3> + +<p>The VHAL provides an interface between the vehicle network and Android. The VHAL:</p> + +<ul> +<li>Propagates the initiation of suspend or shutdown from the car to Android</li> +<li>Sends the shutdown ready message from Android to the car</li> +<li>Initiates the shutdown or suspend of Android via the Linux kernel interface</li> +<li>Propagates the wake reason from the car to Android upon resume from suspend</li> +</ul> + +<p>When the CPMS informs the VHAL that it is ready to shut down, the VHAL sends the shutdown ready +message to the VMCU. Typically, on-chip peripherals such as UART, SPI, and USB transmit the +message. Once the message has been sent, the VHAL calls the kernel command to suspend or shutdown +the device. Before doing so, in the case of a shutdown, the VHAL or BSP may toggle a GPIO to +instruct the VMCU that it is safe to remove power from the device.</p> + +<p>The VHAL must support the following properties, which control power management via the VHAL:</p> + +<table> +<thead> +<tr> +<th><strong>Name</strong></th> +<th><strong>Description</strong></th> +</tr> +</thead> +<tbody> +<tr> +<td>AP_POWER_STATE_REPORT</td> +<td>Android reports state transitions to the VMCU with this property, using VehicleApPowerStateSet enum values.</td> +</tr> +<tr> +<td>AP_POWER_STATE_REQ</td> +<td>The VMCU uses this property to instruct Android to transition to different power states, using VehicleApPowerStateReq enum values.</td> +</tr> +<tr> +<td>AP_POWER_BOOTUP_REASON</td> +<td>The VMCU reports the wake reason to Android, using the VehicleApPowerBootupReason enum values.</td> +</tr> +</tbody> +</table> + +<h4>AP_POWER_STATE_REPORT</h4> + +<p>Use this property to report Android's current power management state.This property contains two +integers:</p> + +<ul> +<li><code>int32Values[0]</code>: <code>VehicleApPowerStateReport</code> enum of current state </li> +<li><code>int32Values[1]</code>: Time in milliseconds to postpone or sleep/shutdown. This value +depends on the first value.</li> +</ul> + +<p>The first value can take one of the following values. <code>Types.hal</code> contains more +specific descriptions, which are stored in the +<code>hardware/interfaces/automotive/vehicle/2.0.</code></p> + +<table> +<thead> +<tr> +<th><strong>Value name</strong></th> +<th><strong>Description</strong></th> +<th><strong>Second value</strong></th> +</tr> +</thead> +<tbody> +<tr> +<td>BOOT_COMPLETE</td> +<td>AP has completed boot up and can start shutdown.</td> +<td></td> +</tr> +<tr> +<td>DEEP_SLEEP_ENTRY</td> +<td>AP is entering the deep sleep state.</td> +<td>Must be set</td> +</tr> +<tr> +<td>DEEP_SLEEP_EXIT</td> +<td>AP is exiting the deep sleep state.</td> +<td></td> +</tr> +<tr> +<td>SHUTDOWN_POSTPONE</td> +<td>Android is requesting to postpone shutdown .</td> +<td>Must be set</td> +</tr> +<tr> +<td>SHUTDOWN_START</td> +<td>AP is starting shutdown. The VMCU can turn on AP after the time specified in the second +value.</td> +<td>Must be set</td> +</tr> +<tr> +<td>DISPLAY_OFF</td> +<td>User has requested to turn off the display of the head unit.</td> +<td></td> +</tr> +<tr> +<td>DISPLAY_ON</td> +<td>User has requested to turn on the display of the head unit.</td> +<td></td> +</tr> +</tbody> +</table> + +<p>The state can be set asynchronously (in the case of <code>BOOT_COMPLETE</code>) or in response to +a request via the VMCU. When the state is set to <code>SHUTDOWN_START</code>, +<code>DEEP_SLEEP_ENTRY,</code> or <code>SHUTDOWN_POSTPONE</code>, an integer value in +milliseconds is sent to notify the VMCU for how long the AP must postpone shutdown or sleep.</p> + +<h4>AP_POWER_STATE_REQ</h4> + +<p>This property is sent by the VMCU to transition Android into a different power state and contains +two integers:</p> + +<ul> +<li><code>int32Values[0]</code>: <code>VehicleApPowerStateReq</code> enum value, which represents +the new state into which to transition</li> +<li><code>int32Values[1]</code>: <code>VehicleApPowerStateShutdownParam</code> enum value. This is +sent only for a <code>SHUTDOWN_PREPARE</code> message and conveys to Android what options it +contains.</li> +</ul> + +<p>The first integer value represents the new state into which Android is to transit. The semantics +are defined in <code>types.hal</code> and provided in the following table:</p> + +<table> +<thead> +<tr> +<th><strong>Value name</strong></th> +<th><strong>Description</strong></th> +</tr> +</thead> +<tbody> +<tr> +<td>OFF</td> +<td>AP is turned off.</td> +</tr> +<tr> +<td>DEEP_SLEEP</td> +<td>AP is in deep sleep.</td> +</tr> +<tr> +<td>ON_DISP_OFF</td> +<td>AP is on, but display is off.</td> +</tr> +<tr> +<td>N_FULL</td> +<td>AP and display are on.</td> +</tr> +<tr> +<td>SHUTDOWN_START</td> +<td>AP is starting shutdown. The VMCU can turn on the AP after the time specified in the second +value.</td> +</tr> +<tr> +<td>SHUTDOWN_PREPARE</td> +<td>The VMCU has requested the AP to shut down. The AP can either enter sleep state or start a full +shutdown.</td> +</tr> +</tbody> +</table> + +<p><code>VehicleApPowerStateShutdownParam</code> is also defined in <code>types.hal</code>. This +enum has three elements, as described below:</p> + +<table> +<thead> +<tr> +<th><strong>Value name</strong></th> +<th><strong>Description</strong></th> +</tr> +</thead> +<tbody> +<tr> +<td>SHUTDOWN_IMMEDIATELY</td> +<td>The AP must shut down immediately. Postpone is not allowed.</td> +</tr> +<tr> +<td>CAN_SLEEP</td> +<td>The AP can enter deep sleep instead of shutting down completely.</td> +</tr> +<tr> +<td>SHUTDOWN_ONLY</td> +<td>The AP can only shut down when postponing is allowed.</td> +</tr> +</tbody> +</table> + +<h4>AP_POWER_BOOTUP_REASON</h4> + +<p>This property is set by the VMCU whenever Android is booted up or resumed from suspend. This +property instructs Android which event triggered the wakeup. This value must remain static until +Android is rebooted or completes a suspend/wake cycle. This property can take a +<code>VehicleApPowerBootupReason</code> value, which is defined in <code>types.hal</code> as +follows:</p> + +<table> +<thead> +<tr> +<th><strong>Value name</strong></th> +<th><strong>Description</strong></th> +</tr> +</thead> +<tbody> +<tr> +<td>USER_POWER_ON</td> +<td>Power on because the user pressed the power key or rotated the ignition switch.</td> +</tr> +<tr> +<td>USER_UNLOCK</td> +<td>Automatic power on triggered by a user unlocking a door (or any other type of automatic user +detection).</td> +</tr> +<tr> +<td>TIMER</td> +<td>Automatic power on triggered by a timer. This occurs only when the AP has requested wakeup after +a specific duration, as specified in <code>VehicleApPowerSetState</code>#SHUTDOWN_START.</td> +</tr> +</tbody> +</table> + +<h3>Wake sources</h3> + +<p>Use Integrator to disable the appropriate wake sources when the device is in suspend mode. +Common wake sources include heartbeats, modem, wifi, and Bluetooth. The only valid wake source must +be an interrupt from the VMCU to wake up the SoC. This assumes that the VMCU can listen to the modem +for remote wakeup events (such as remote engine start). If this functionality is pushed to the AP, +then another wake source to service the modem must be added. In the current design, the Integrator +supplies a file with a list of wake sources to be turned off. The CPMS iterates through this file +and manages the turning off and on of the wake sources at suspend time.</p> + +<h3>Applications</h3> + +<p>OEMs must be careful to write applications so that they can be shut down quickly and not postpone +the process indefinitely. </p> + +<h2>Appendix</h2> + +<h3>Directories in the source code tree</h3> + +<table> +<thead> +<tr> +<th><strong>Content</strong></th> +<th><strong>Directory</strong></th> +</tr> +</thead> +<tbody> +<tr> +<td>CarPowerManager-related code.</td> +<td><code>packages/services/Car/car-lib/src/android/car/hardware/power</code></td> +</tr> +<tr> +<td>CarPowerManagementService and so on.</td> +<td><code>packages/services/Car/service/src/com/android/car</code></td> +</tr> +<tr> +<td>Services dealing with the VHAL, such as <code>VehicleHal</code> and <code>HAlClient</code>.</td> +<td><code>packages/services/Car/service/src/com/android/car/hal</code></td> +</tr> +<tr> +<td>VHAL interface and property definitions.</td> +<td><code>hardware/interfaces/automotive/vehicle/2.0</code></td> +</tr> +<tr> +<td>Sample app to provide some idea about the <code>CarPowerManager</code>.</td> +<td><code>packages/services/Car/tests/EmbeddedKitchenSinkApp/src/com/google/android/car/kitchensink</code></td> +</tr> +<tr> +<td>libsuspend resides in this directory.</td> +<td><code>system/core/libsuspend</code></td> +</tr> +</tbody> +</table> + +<h3>Class diagram</h3> + +<p>This class diagram displays the Java classes and interfaces in the power management system:</p> + +<p><img src="/devices/automotive/images/automotive_power_class_diagram.png"></p> + +<p><b>Figure 5</b>. Power class diagram</p> + +<h3>Object relationship </h3> + +<p>The following graph illustrates which objects have references to other objects. An edge +means that the source object holds a reference to the target object. For example, VehicleHAL has a +reference to a PropertyHalService object.</p> + +<p><img src="/devices/automotive/images/automotive_power_object_state.png"></p> + +<p><b>Figure 6</b>. Object reference diagram</p> + + </body> +</html> diff --git a/en/devices/bootloader/boot-reason.html b/en/devices/bootloader/boot-reason.html index 4071e32b..b7a1ffc4 100644 --- a/en/devices/bootloader/boot-reason.html +++ b/en/devices/bootloader/boot-reason.html @@ -232,9 +232,9 @@ <ul> <li><code>"reboot,userrequested"</code></li> <li><code>"shutdown,userrequested"</code></li> - <li><code>"Shutdown,thermal"</code> (from <code>thermald</code>)</li> + <li><code>"shutdown,thermal"</code> (from <code>thermald</code>)</li> <li><code>"shutdown,battery"</code></li> - <li><code>"Shutdown,battery,thermal"</code> (from + <li><code>"shutdown,battery,thermal"</code> (from <code>BatteryStatsService</code>)</li> <li><code>"reboot,adb"</code></li> <li><code>"reboot,shell"</code></li> diff --git a/en/devices/camera/camera3_requests_hal.html b/en/devices/camera/camera3_requests_hal.html index 314082a2..ca7c74ea 100644 --- a/en/devices/camera/camera3_requests_hal.html +++ b/en/devices/camera/camera3_requests_hal.html @@ -1,6 +1,6 @@ <html devsite> <head> - <title>HAL subsystem</title> + <title>HAL Subsystem</title> <meta name="project_path" value="/_project.yaml" /> <meta name="book_path" value="/_book.yaml" /> </head> diff --git a/en/devices/camera/external-usb-cameras.md b/en/devices/camera/external-usb-cameras.md index d39d849d..dd554f50 100644 --- a/en/devices/camera/external-usb-cameras.md +++ b/en/devices/camera/external-usb-cameras.md @@ -189,7 +189,8 @@ implementation ## Validation -Devices with external camera support must pass camera CTS. The external USB +Devices with external camera support must pass +[camera CTS](/compatibility/cts/camera-hal#cts_tests). The external USB webcam must remain plugged in the specific device during the entire test run, otherwise some test cases will fail. diff --git a/en/devices/sensors/index.html b/en/devices/sensors/index.html index 1613131a..962ba868 100644 --- a/en/devices/sensors/index.html +++ b/en/devices/sensors/index.html @@ -24,124 +24,150 @@ <img style="float: right; margin: 0px 15px 15px 15px;" src="images/ape_fwk_hal_sensors.png" alt="Android Sensors HAL icon"/> -<p>Android sensors give applications access to a mobile device's underlying physical sensors. They are data-providing virtual devices defined by <a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/sensors.h">sensors.h</a>, the sensor Hardware Abstraction Layer (HAL).</p> +<p>Android sensors give applications access to a mobile device's underlying +physical sensors. They are data-providing virtual devices defined by <a +href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/sensors.h" +class="external">sensors.h</a>, the sensor Hardware Abstraction Layer (HAL).</p> -<h2 id="what_are_“android_sensors”">What are Android sensors?</h2> -<p>Android sensors are virtual devices that provide data coming from a set of physical sensors: accelerometers, gyroscopes, magnetometers, barometer, humidity, pressure, light, proximity and heart rate sensors.</p> -<p>Not included in the list of physical devices providing data are camera, fingerprint sensor, microphone, and touch screen. These devices have their own reporting mechanism; the separation is arbitrary, but in general, Android sensors provide lower bandwidth data. For example, “100hz x 3 channels” for an accelerometer versus “25hz x 8 MP x 3 channels” for a camera or “44kHz x 1 channel” for a microphone.</p> - <p>Android does not define how the different physical sensors are connected to the system on chip (SoC).</p> +<h2 id="what_are_android_sensors">What are Android sensors?</h2> +<p>Android sensors are virtual devices that provide data coming from a set of +physical sensors: accelerometers, gyroscopes, magnetometers, barometer, humidity, +pressure, light, proximity and heart rate sensors.</p> +<p>Not included in the list of physical devices providing data are camera, +fingerprint sensor, microphone, and touch screen. These devices have their own +reporting mechanism; the separation is arbitrary, but in general, Android sensors +provide lower bandwidth data. For example, “100hz x 3 channels” for an +accelerometer versus “25hz x 8 MP x 3 channels” for a camera or “44kHz x 1 +channel” for a microphone.</p> + <p>Android does not define how the different physical sensors are connected + to the system on chip (SoC).</p> <ul> - <li> Often, sensor chips are connected to the SoC through a <a href="sensor-stack.html#sensor_hub">sensor hub</a>, allowing some low-power monitoring and processing of the data. </li> - <li> Often, Inter-Integrated Circuit (I2C) or Serial Peripheral Interface - (SPI) is used as the transport mechanism. </li> - <li> To reduce power consumption, some architectures are hierarchical, with some - minimal processing being done in the application-specific integrated - circuit (ASIC - like motion detection on the accelerometer chip), and - more is done in a microcontroller (like step detection - in a sensor hub). </li> - <li> It is up to the device manufacturer to choose an architecture based on - accuracy, power, price and package-size characteristics. See <a - href="sensor-stack.html">Sensor stack</a> for more information. </li> - <li> Batching capabilities are an important consideration for power optimization. - See <a href="batching.html">Batching</a> for more information. </li> - </ul> - <p>Each Android sensor has a “type” representing how the sensor behaves and what - data it provides.</p> + <li>Often, sensor chips are connected to the SoC through a <a + href="/devices/sensors/sensor-stack#sensor_hub">sensor hub</a>, allowing + some low-power monitoring and processing of the data.</li> + <li>Often, Inter-Integrated Circuit (I2C) or Serial Peripheral Interface + (SPI) is used as the transport mechanism.</li> + <li>To reduce power consumption, some architectures are hierarchical, with + some minimal processing being done in the application-specific integrated + circuit (ASIC - like motion detection on the accelerometer chip), and more + is done in a microcontroller (like step detection in a sensor hub).</li> + <li>It is up to the device manufacturer to choose an architecture based on + accuracy, power, price and package-size characteristics. See <a + href="/devices/sensors/sensor-stack">Sensor stack</a> for more + information. </li> + <li>Batching capabilities are an important consideration for power + optimization. See <a href="/devices/sensors/batching">Batching</a> for + more information.</li> </ul> + <p>Each Android sensor has a “type” representing how the sensor behaves and + what data it provides.</p> <ul> - <li> The official Android <a href="sensor-types.html">Sensor types</a> are defined in <a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/sensors.h">sensors.h</a> under the names SENSOR_TYPE_… + <li>The official Android <a href="/devices/sensors/sensor-types">Sensor + types</a> are defined in <a + href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/sensors.h" + class="external">sensors.h</a> under the names SENSOR_TYPE_… <ul> - <li> The vast majority of sensors have an official sensor type. </li> - <li> Those types are documented in the Android SDK. </li> - <li> Behavior of sensors with those types are tested in the Android - Compatibility Test Suite (CTS). </li> + <li>The vast majority of sensors have an official sensor type.</li> + <li>Those types are documented in the Android SDK.</li> + <li>Behavior of sensors with those types are tested in the Android + Compatibility Test Suite (CTS).</li> </ul> </li> - <li> If a manufacturer integrates a new kind of sensor on an Android device, the - manufacturer can define its own temporary type to refer to it. + <li>If a manufacturer integrates a new kind of sensor on an Android + device, the manufacturer can define its own temporary type to refer to + it. <ul> - <li> Those types are undocumented, so application developers are unlikely to use - them, either because they don’t know about them, or know that they are rarely - present (only on some devices from this specific manufacturer). </li> - <li> They are not tested by CTS. </li> - <li> Once Android defines an official sensor type for this kind of - sensor, manufacturers must stop using their own temporary type - and use the official type instead. This way, the sensor will be - used by more application developers. </li> + <li>Those types are undocumented, so application developers are + unlikely to use them, either because they don’t know about them, or + know that they are rarely present (only on some devices from this + specific manufacturer).</li> + <li>They are not tested by CTS.</li> + <li>Once Android defines an official sensor type for this kind of sensor, + manufacturers must stop using their own temporary type and use the + official type instead. This way, the sensor will be used by more + application developers.</li> </ul> - </li> - <li> The list of all sensors present on the device is reported by the HAL + </li> + <li>The list of all sensors present on the device is reported by the HAL implementation. <ul> - <li> There can be several sensors of the same type. For example, two proximity - sensors or two accelerometers. </li> - <li> The vast majority of applications request only a single sensor of a given type. - For example, an application requesting the default accelerometer will get the - first accelerometer in the list. </li> - <li> Sensors are often defined by <a href="suspend-mode.html#wake-up_sensors">wake-up</a> and <a href="suspend-mode.html#non-wake-up_sensors">non-wake-up</a> pairs, both sensors sharing the same type, but differing by their wake-up - characteristic. </li> + <li>There can be several sensors of the same type. For example, two + proximity sensors or two accelerometers.</li> + <li>The vast majority of applications request only a single sensor of + a given type. For example, an application requesting the default + accelerometer will get the first accelerometer in the list.</li> + <li>Sensors are often defined by <a + href="/devices/sensors/suspend-mode#wake-up_sensors">wake-up</a> and + <a + href="/devices/sensors/suspend-mode#non-wake-up_sensors">non-wake-up</a> + pairs, both sensors sharing the same type, but differing by their + wake-up characteristic.</li> </ul> - </li> + </li> </ul> <p>Android sensors provide data as a series of sensor events.</p> - <p> Each <a href="hal-interface.html#sensors_event_t">event</a> contains:</p> + <p> Each <a href="/devices/sensors/hal-interface#sensors_event_t">event</a> + contains:</p> <ul> - <li> a handle to the sensor that generated it </li> - <li> the timestamp at which the event was detected or measured </li> - <li> and some data </li> + <li>a handle to the sensor that generated it</li> + <li>the timestamp at which the event was detected or measured</li> + <li>and some data</li> </ul> - <p>The interpretation of the reported data depends on the sensor type. - See the <a href="sensor-types.html">sensor type</a> definitions for details on - what data is reported for each sensor type.</p> + <p>The interpretation of the reported data depends on the sensor type. See + the <a href="/devices/sensors/sensor-types">sensor type</a> + definitions for details on what data is reported for each sensor type.</p> <h2 id="existing_documentation2">Existing documentation</h2> <h3 id="targeted_at_developers">Targeted at developers</h3> <ul> - <li> Overview + <li>Overview <ul> - <li><a href="https://developer.android.com/guide/topics/sensors/sensors_overview.html"> https://developer.android.com/guide/topics/sensors/sensors_overview.html </a></li> + <li><a href="https://developer.android.com/guide/topics/sensors/sensors_overview.html" class="external">https://developer.android.com/guide/topics/sensors/sensors_overview.html</a></li> </ul> </li> - <li> SDK reference + <li>SDK reference <ul> - <li> <a href="https://developer.android.com/reference/android/hardware/SensorManager.html">https://developer.android.com/reference/android/hardware/SensorManager.html</a></li> - <li><a href="https://developer.android.com/reference/android/hardware/SensorEventListener.html"> https://developer.android.com/reference/android/hardware/SensorEventListener.html</a></li> - <li> <a href="https://developer.android.com/reference/android/hardware/SensorEvent.html">https://developer.android.com/reference/android/hardware/SensorEvent.html</a></li> - <li><a href="https://developer.android.com/reference/android/hardware/Sensor.html"> https://developer.android.com/reference/android/hardware/Sensor.html</a></li> + <li><a href="https://developer.android.com/reference/android/hardware/SensorManager" class="external">https://developer.android.com/reference/android/hardware/SensorManager</a></li> + <li><a href="https://developer.android.com/reference/android/hardware/SensorEventListener" class="external">https://developer.android.com/reference/android/hardware/SensorEventListener</a></li> + <li><a href="https://developer.android.com/reference/android/hardware/SensorEvent" class="external">https://developer.android.com/reference/android/hardware/SensorEvent</a></li> + <li><a href="https://developer.android.com/reference/android/hardware/Sensor" class="external"> https://developer.android.com/reference/android/hardware/Sensor</a></li> </ul> </li> - <li> StackOverflow and tutorial websites + <li>Stack Overflow and tutorial websites <ul> - <li> Because sensors documentation was sometimes lacking, developers resorted to Q&A - websites like StackOverflow to find answers. </li> - <li> Some tutorial websites exist as well, but do not cover the latest features like - batching, significant motion and game rotation vectors. </li> - <li> The answers over there are not always right, and show where more documentation - is needed. </li> + <li>Because sensors documentation was sometimes lacking, developers + resorted to Q&A websites like Stack Overflow to find answers. + </li> + <li>Some tutorial websites exist as well, but do not cover the latest + features like batching, significant motion and game rotation vectors. + </li> + <li>The answers over there are not always right, and show where more + documentation is needed.</li> </ul> </li> </ul> <h3 id="targeted_at_manufacturers_public">Targeted at manufacturers</h3> <ul> - <li> Overview + <li>Overview <ul> - <li>This <a href="/devices/sensors/index.html">Sensors</a> + <li>This <a href="/devices/sensors/">Sensors</a> page and its sub-pages. </li> </ul> - </li> - <li> Hardware abstraction layer (HAL) + </li> + <li>Hardware abstraction layer (HAL) <ul> - <li> <a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/sensors.h">https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/sensors.h</a></li> - <li> Also known as “sensors.h” </li> - <li> The source of truth. First document to be updated when new features are - developed. </li> + <li><a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/sensors.h" class="external">/platform/hardware/libhardware/+/master/include/hardware/sensors.h</a></li> + <li>Also known as “sensors.h”</li> + <li>The source of truth. First document to be updated when new + features are developed.</li> </ul> </li> - <li> Android CDD (Compatibility Definition Document) + <li>Android CDD (Compatibility Definition Document) <ul> - <li><a href="/compatibility/android-cdd.pdf">https://source.android.com/compatibility/android-cdd.pdf</a></li> - <li> See sections relative to sensors. </li> - <li> The CDD is lenient, so satisfying the CDD requirements is not enough to ensure - high quality sensors. </li> + <li><a + href="/compatibility/9/android-9-cdd">https://source.android.com/compatibility/9/android-9-cdd</a></li> + <li>See sections relative to sensors.</li> + <li>The CDD is lenient, so satisfying the CDD requirements is not + enough to ensure high quality sensors.</li> </ul> </li> </ul> diff --git a/en/devices/tech/admin/index.html b/en/devices/tech/admin/index.html index 39ba66e6..fcceee57 100644 --- a/en/devices/tech/admin/index.html +++ b/en/devices/tech/admin/index.html @@ -23,42 +23,57 @@ -<p>Devices running Android 5.0 and later with the managed_users feature -declared can be used in a <a href="http://www.android.com/work/">corporate -environment</a> under the auspices of each company’s information technology (IT) -department. This is possible with the introduction of <a href="multi-user.html">multiple -users</a>, <a href="managed-profiles.html">managed profiles</a>, and enterprise -mobility management (EMM) applications, as well as enhancements to default -<a -href="/security/encryption/index.html">encryption</a>, -<a -href="/security/verifiedboot/index.html">verified -boot</a>, and <a -href="/security/selinux/index.html">SELinux</a>.</p> +<p> + Devices running Android 5.0 and later with the <code>managed_users</code> feature + declared can be used in a <a href="http://www.android.com/work/" + class="external">corporate environment</a> under the auspices of each company’s + information technology (IT) department. This is possible with the introduction of + <a href="/devices/tech/admin/multi-user">multiple users</a>, + <a href="/devices/tech/admin/managed-profiles">managed profiles</a>, and + enterprise mobility management (EMM) applications, as well as enhancements to default + <a href="/security/encryption/index">encryption</a>, + <a href="/security/verifiedboot/index">verified boot</a>, and + <a href="/security/selinux/index">SELinux</a>. +</p> -<p>With these enhancements, either users or their IT departments may create -managed profiles that separate corporate employer data from personal user -information. Follow the documents within this section of the site to properly -implement corporate device administration.</p> +<p> + With these enhancements, either users or their IT departments may create + managed profiles that separate corporate employer data from personal user + information. Follow the documents within this section of the site to properly + implement corporate device administration. +</p> -<h2 id=summary>Summary</h2> +<h2 id="summary">Summary</h2> -<p>Follow this flow to employ device administration:</p> + <p>Follow this flow to employ device administration:</p> -<ol> - <li>Gain an understanding of key concepts, such as <a -href="multi-user.html">multiple users</a> and <a -href="managed-profiles.html">managed profiles</a>. - <li><a href="implement.html">Implement device administration</a> via custom -overlay files. - <li><a href="testing-setup.html">Test</a> and validate your devices with EMM providers and applications. -</ol> + <ol> + <li> + Gain an understanding of key concepts, such as + <a href="/devices/tech/admin/multi-user">multiple users</a> and + <a href="/devices/tech/admin/managed-profiles">managed profiles</a>. + </li> + <li> + <a href="/devices/tech/admin/implement">Implement device + administration</a> via custom overlay files. + </li> + <li> + <a href="/devices/tech/admin/testing-setup">Test</a> and validate + your devices with EMM providers and applications. + </li> + </ol> -<h2 id=supporting_documentation>Supporting documentation</h2> +<h2 id="supporting_documentation">Supporting documentation</h2> -<p><a href="http://developer.android.com/guide/topics/admin/device-admin.html">Device Administration API</a></p> + <p> + <a href="http://developer.android.com/guide/topics/admin/device-admin.html" + class="external">Device Administration API</a> + </p> -<p><a href="https://developer.android.com/training/enterprise/index.html">Building Apps for Work</a></p> + <p> + <a href="https://developer.android.com/training/enterprise/index.html" + class="external">Building Apps for Work</a> + </p> </body> </html> diff --git a/en/devices/tech/connect/call-notification.html b/en/devices/tech/connect/call-notification.html index a8f5c2c6..a7a6c9a9 100644 --- a/en/devices/tech/connect/call-notification.html +++ b/en/devices/tech/connect/call-notification.html @@ -114,7 +114,7 @@ functionality. For details, refer to the following documentation:</p> <h2 id=implement>Implementation</h2> <p>Device implementers may need to update Telecom/Telephony components that -expose APIs available for use by by the default Dialer.</p> +expose APIs available for use by the default Dialer.</p> </body> </html> diff --git a/en/devices/tech/connect/wifi-passpoint.md b/en/devices/tech/connect/wifi-passpoint.md index 4ee96591..9f540339 100644 --- a/en/devices/tech/connect/wifi-passpoint.md +++ b/en/devices/tech/connect/wifi-passpoint.md @@ -91,7 +91,7 @@ application/x-x509-ca-cert </code> </td> -<td>Optional for EAP-TLS and EAP-TTLS</td> +<td>Required for EAP-TLS and EAP-TTLS</td> <td>A single X.509v3 base64-encoded certificate payload.</td> </tr> <tr> diff --git a/en/devices/tech/debug/asan.html b/en/devices/tech/debug/asan.html index 1c12ad62..9ea32939 100644 --- a/en/devices/tech/debug/asan.html +++ b/en/devices/tech/debug/asan.html @@ -21,55 +21,81 @@ limitations under the License. --> - - <p>AddressSanitizer (ASan) is a fast compiler-based tool for detecting memory bugs -in native code. It is comparable to Valgrind (Memcheck tool), but, unlike it, -ASan:</p> +in native code. Android supports both regular ASan and hardware-accelerated ASan (HWASan). +HWAsan is based on memory tagging and is only available on AArch64 because it relies on +the Top-Byte-Ignore feature.</p> +<p>These tools detect:</p> <ul> - <li> + detects overflows on stack and global objects - <li> - does not detect uninitialized reads and memory leaks - <li> + is much faster (two-three times slowdown compared to Valgrind’s 20-100x) - <li> + has less memory overhead +<li>Stack and heap buffer overflow/underflow. +<li>Heap use after free. +<li>Stack use outside scope. +<li>Stack use after return (HWAsan only on Android). +<li>Double free/wild free. </ul> -<p>This document describes how to build and run parts of the Android platform with -AddressSanitizer. If you are looking to build a standalone (i.e. SDK/NDK) -application with AddressSanitizer, see the <a -href="https://github.com/google/sanitizers/wiki/AddressSanitizerOnAndroid">AddressSanitizerOnAndroid</a> -public project site instead.</p> +<p>ASan runs on both 32-bit and 64-bit ARM, plus x86 and x86-64. ASan's CPU overhead +is roughly 2x, code size overhead is between 50% and 2x, and a large memory overhead +(dependent on your allocation patterns, but on the order of 2x).</p> -<p>AddressSanitizer consists of a compiler (<code>external/clang</code>) and a runtime library -(<code>external/compiler-rt/lib/asan</code>).</p> +<p>HWASan has similar CPU and code size overheads, but a much smaller RAM overhead (15%). +HWASan is non-deterministic. There are only 256 possible tag values, so there is a flat 0.4% +probability of missing any bug. HWAsan does not have ASan's limited-size redzones for +detecting overflows and limited-capacity quarantine for detecting use-after-free, +so it does not matter to HWAsan how large the overflow is or how long ago the memory +was deallocated. This makes HWASan better than ASan.</p> -<p class="note"><strong>Note</strong>: Use the current master -branch to gain access to the <a href="#sanitize_target">SANITIZE_TARGET</a> -feature and the ability to build the entire Android platform with -AddressSanitizer at once. Otherwise, you are limited to using -<code>LOCAL_SANITIZE</code>.</p> +<p>Valgrind's Memcheck tool is similar, but ASan also detects stack/global overflows +in addition to heap overflows, and is much faster with less memory overhead. Conversely, +Valgrind detects uninitialized reads and memory leaks that ASan does not. +Valgrind may be useful for debugging apps but is not practical for the entire OS, +which is why the Android team uses ASan instead.</p> -<h2 id=building_with_clang>Building with Clang</h2> +<p>This document describes how to build and run parts/all of the Android OS itself with +AddressSanitizer. If you are building an SDK/NDK application with AddressSanitizer, see +<a href="https://github.com/google/sanitizers/wiki/AddressSanitizerOnAndroid" class="external">AddressSanitizerOnAndroid</a> +instead.</p> -<p>As a first step to building an ASan-instrumented binary, make sure that your -code builds with Clang. This is done by default on the master branch, so there should be nothing -you need to do. If you believe that the module you'd like to test is being built with GCC, -you can switch to Clang by adding <code>LOCAL_CLANG:=true</code> -to the build rules. Clang may find bugs in your code that GCC missed.</p> -<h2 id=building_executables_with_addresssanitizer>Building executables with AddressSanitizer</h2> +<h2 id="using-hwasan">Using HWAsan</h2> -<p>Add <code>LOCAL_SANITIZE:=address</code> to the build rule of the -executable.</p> +<p>As of December 2018 only Pixel 2 and Pixel 2 XL are supported. Supporting another device +requires backporting several kernel patches. The Android team is working on getting those into +the common kernel. +You may also need to remove some optional extras to make room on your system partition for the +larger libraries. See the <code>walleye_hwasan</code> target for an example.</p> -<pre class="devsite-click-to-copy"> -LOCAL_SANITIZE:=address +<p>Use the following commands to build the entire platform using HWASan:</p> + +<pre class="prettyprint"> +<code class="devsite-terminal">lunch walleye_hwasan-userdebug</code> +<code class="devsite-terminal">make SANITIZE_TARGET=hwaddress</code> </pre> +<p>Unlike ASan, with HWASan there's no need to build twice, incremental builds just work, +there are no special flashing instructions or wiping, static executables are supported, +and it's okay to skip sanitization of any library other than <code>libc</code>. +There's also no requirement that if a library is sanitized, any executable that links +to it must also be sanitized. + +<p>To skip sanitization of a module, use <code>LOCAL_NOSANITIZE := hwaddress</code> or +<code>sanitize: { hwaddress: false }</code>.</p> + +<aside class="note"> +<strong>Note:</strong> Currently there is no support for sanitizing individual modules with HWASan. Use ASan to sanitize individual modules. +</aside> + +<h2 id="sanitizing_individual_executables_with_asan">Sanitizing individual executables with ASan</h2> + +<p>Add <code>LOCAL_SANITIZE:=address</code> or <code>sanitize: { address: true } }</code> to +the build rule for the executable. You can search the code for existing examples or to find +the other available sanitizers.</p> + <p>When a bug is detected, ASan prints a verbose report both to the standard output and to <code>logcat</code> and then crashes the process.</p> -<h2 id=building_shared_libraries_with_addresssanitizer>Building shared libraries with AddressSanitizer</h2> +<h2 id="sanitizing_shared_libraries_with_asan">Sanitizing shared libraries with ASan</h2> <p>Due to the way ASan works, a library built with ASan cannot be used by an executable that's built without ASan.</p> @@ -151,7 +177,7 @@ script. <p>The second approach can provide more data (i.e. file:line locations) because of the availability of symbolized libraries on the host.</p> -<h2 id=addresssanitizer_in_the_apps>AddressSanitizer in the apps</h2> +<h2 id=addresssanitizer_in_the_apps>AddressSanitizer in apps</h2> <p>AddressSanitizer cannot see into Java code, but it can detect bugs in the JNI libraries. For that, you'll need to build the executable with ASan, which in @@ -204,8 +230,8 @@ the log.</p> <h2 id=sanitize_target>SANITIZE_TARGET</h2> -<p>The master branch has support for building the entire Android platform with -AddressSanitizer at once.</p> +<p>Since Android 7.0 Nougat, there is support for building the entire Android platform with +ASan at once. (If you're building a release newer than Android 9.0 Pie, HWASan is a better choice.)</p> <p>Run the following commands in the same build tree.</p> @@ -221,8 +247,6 @@ flashed to the device as well. Use the following command line:</p> fastboot flash userdata && fastboot flashall </pre> -<p>At the moment of this writing, modern Nexus and Pixel devices boot to the UI in this mode.</p> - <p>This works by building two sets of shared libraries: normal in <code>/system/lib</code> (the first make invocation), ASan-instrumented in <code>/data/asan/lib</code> (the second make invocation). Executables from the diff --git a/en/devices/tech/debug/gdb.html b/en/devices/tech/debug/gdb.html index e43ca3c3..49d62aa3 100644 --- a/en/devices/tech/debug/gdb.html +++ b/en/devices/tech/debug/gdb.html @@ -25,7 +25,21 @@ <p>The GNU Project debugger (GDB) is a commonly used Unix debugger. This page details using <code>gdb</code> to debug Android apps and processes for platform developers. For third-party app development, see -<a href="https://developer.android.com/studio/debug/index.html">Debug Your App</a>.</p> +<a class="external" +href="https://developer.android.com/studio/debug/index.html">Debug Your +App</a>.</p> + +<h2 id="prerequisites">Prerequisites</h2> + +<p>To use GDB for debugging apps and processes:</p> + + <ul> + <li>Set up environment with <code>envsetup.sh</code> + <li>Run the <code>lunch</code> command</li> + </ul> + +<p>For more help with setting up your environment, see + <a href="/setup/build/building#initialize">Preparing to Build</a>.</p> <h2 id=running>Debugging running apps or processes</h2> @@ -42,8 +56,9 @@ gdbclient.py -p 1234 the host, configures <code>gdb</code> to find symbols, and connects <code>gdb</code> to the remote <code>gdbserver</code>.</p> -<aside class="note"><strong>Note:</strong> in Android 6 and earlier the script was a shell script -called <code>gdbclient</code> instead of a Python script called <code>gdbclient.py</code>.</aside> +<aside class="note"><strong>Note:</strong> In Android 6 and lower the script was +a shell script called <code>gdbclient</code> instead of a Python script called +<code>gdbclient.py</code>.</aside> <h2 id=starts>Debugging native process startup</h2> @@ -99,7 +114,7 @@ your app from the list, then press <strong>Wait for debugger</strong>.</li> <li>Start the app, either from the launcher or by using the command line to run: <pre class="devsite-terminal devsite-click-to-copy"> -am start -a android.intent.action.MAIN -n <var>APP_NAME</var>/.<var>APP_ACTIVITY</var> +adb shell am start -a android.intent.action.MAIN -n <var>APP_NAME</var>/.<var>APP_ACTIVITY</var> </pre></li> <li>Wait for the app to load and a dialog to appear telling you the app is @@ -136,7 +151,6 @@ instructions on how to connect <code>gdb</code> using the command: gdbclient.py -p <var>PID</var> </pre> - <h2 id=symbols>Debugging without symbols</h2> <p>For 32-bit ARM, if you don’t have symbols, <code>gdb</code> can get confused diff --git a/en/devices/tech/debug/native_stack_dump.md b/en/devices/tech/debug/native_stack_dump.md new file mode 100644 index 00000000..6a964478 --- /dev/null +++ b/en/devices/tech/debug/native_stack_dump.md @@ -0,0 +1,179 @@ +Project: /_project.yaml +Book: /_book.yaml + +{% include "_versions.html" %} + +<!-- + Copyright 2019 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +# Dumping User and Kernel Stacks on Kernel Events + +Dumping the native kernel and userspace stack when a certain code path in the +kernel is executed can help with understanding the code flow when you are debugging +a certain behavior, such as an error you found in the logs. One such case is when +you notice SELinux denial messages in logs but want to know which path triggered +it to better understand why it happened. + +In this article we will show you how to use kernel instrumentation and BPF Compiler Collection (BCC) to +dump both the user and kernel stack when a kernel event occurs in an Android +system. BCC is a toolkit for creating efficient kernel tracing. + +## Installing adeb + +The [adeb](https://android.googlesource.com/platform/external/adeb) +project installs a chroot environment on your Android device. We will use adeb in later +steps in the articles. + +Install adeb using the instructions in the [adeb README](https://android.googlesource.com/platform/external/adeb/+/master/README.md). + +Run the following command to install adeb on your target Android device: +<pre class="devsite-terminal devsite-click-to-copy"> +adeb prepare --full +</pre> +adeb comes prepackaged with BCC, so the previous step also installs BCC's `trace` utility +we need for later steps. + +## Example: Understanding which path triggered an SELinux denial + +### Adding a tracepoint to the kernel +The diff below adds a tracepoint at the point where an SELinux denial is logged +in the kernel, we will need it in later parts of this article to use with BCC. +You can apply the diff to your kernel sources to add an SELinux denial tracepoint. +If the diff does not apply cleanly, patch it in manually using the diff as a reference. + +<pre class="prettyprint"> +diff --git a/include/trace/events/selinux.h b/include/trace/events/selinux.h +new file mode 100644 +index 000000000000..dac185062634 +--- /dev/null ++++ b/include/trace/events/selinux.h +@@ -0,0 +1,34 @@ ++#undef TRACE_SYSTEM ++#define TRACE_SYSTEM selinux ++ ++#if !defined(_TRACE_SELINUX_H) || defined(TRACE_HEADER_MULTI_READ) ++#define _TRACE_SELINUX_H ++ ++#include <linux/ktime.h> ++#include <linux/tracepoint.h> ++ ++TRACE_EVENT(selinux_denied, ++ ++ TP_PROTO(int cls, int av), ++ ++ TP_ARGS(cls, av), ++ ++ TP_STRUCT__entry( ++ __field( int, cls ) ++ __field( int, av ) ++ ), ++ ++ TP_fast_assign( ++ __entry->cls = cls; ++ __entry->av = av; ++ ), ++ ++ TP_printk("denied %d %d", ++ __entry->cls, ++ __entry->av) ++); ++ ++#endif /* _TRACE_SELINUX_H */ ++ ++/* This part ust be outside protection */ ++#include <trace/define_trace.> +diff --git a/security/selinux/avc.c b/security/selinux/avc.c +index 84d9a2e2bbaf..ab04b7c2dd01 100644 +--- a/security/selinux/avc.c ++++ b/security/selinux/avc.c +@@ -34,6 +34,9 @@ + #include "avc_ss.h" + #include "classmap.h" + ++#define CREATE_TRACE_POINTS ++#include <trace/events/selinux.h> ++ + #define AVC_CACHE_SLOTS 512 + #define AVC_DEF_CACHE_THRESHOLD 512 + #define AVC_CACHE_RECLAIM 16 +@@ -713,6 +716,12 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) + struct common_audit_data *ad = a; + audit_log_format(ab, "avc: %s ", + ad->selinux_audit_data->denied ? "denied" : "granted"); ++ ++ if (ad->selinux_audit_data->denied) { ++ trace_selinux_denied(ad->selinux_audit_data->tclass, ++ ad->selinux_audit_data->audited); ++ } ++ + avc_dump_av(ab, ad->selinux_audit_data->tclass, + ad->selinux_audit_data->audited); + audit_log_format(ab, " for "); +</pre> + +### Tracing the user and kernel stacks +To trace stacks when the SELinux denial tracepoint is hit, run the following command: +<pre class="prettyprint"> +<code class="devsite-terminal">adeb shell</code> +<code class="devsite-terminal">trace -K -U 't:selinux:selinux_denial'</code> +</pre> + +You should see something like this when denials are triggered: +<pre class="prettyprint"> +2286 2434 Binder:2286_4 selinux_denied + avc_audit_pre_callback+0xd8 [kernel] + avc_audit_pre_callback+0xd8 [kernel] + common_lsm_audit+0x64 [kernel] + slow_avc_audit+0x74 [kernel] + avc_has_perm+0xb8 [kernel] + selinux_binder_transfer_file+0x158 [kernel] + security_binder_transfer_file+0x50 [kernel] + binder_translate_fd+0xcc [kernel] + binder_transaction+0x1b64 [kernel] + binder_ioctl+0xadc [kernel] + do_vfs_ioctl+0x5c8 [kernel] + sys_ioctl+0x88 [kernel] + __sys_trace_return+0x0 [kernel] + __ioctl+0x8 [libc.so] + android::IPCThreadState::talkWithDriver(bool)+0x104 [libbinder.so] + android::IPCThreadState::waitForResponse(android::Parcel*, int*)+0x40 + [libbinder.so] + android::IPCThreadState::executeCommand(int)+0x460 [libbinder.so] + android::IPCThreadState::getAndExecuteCommand()+0xa0 [libbinder.so] + android::IPCThreadState::joinThreadPool(bool)+0x40 [libbinder.so] + [unknown] [libbinder.so] + android::Thread::_threadLoop(void*)+0x12c [libutils.so] + android::AndroidRuntime::javaThreadShell(void*)+0x90 [libandroid_runtime.so] + __pthread_start(void*)+0x28 [libc.so] + __start_thread+0x48 [libc.so] +</pre> + +The call chain above is a unified kernel and user native call chain giving you +a better view of the code flow starting from userspace all the way down to the kernel where +the denial happens. In the example call chain above, a binder transaction +initiated from userspace involved passing a file descriptor. Since the file +descriptor did not have the needed SELinux policy settings, SELinux denied it and +the binder transaction failed. + +The same tracing technique can be used for dumping the stack on system calls, kernel +function entry, and more by changing the arguments passed to the `trace` command +in most cases. + +## Additional references + +For more information on `trace`, see the [BCC trace tool documentation](https://android.googlesource.com/platform/external/bcc/+/master/tools/trace_example.txt). +For more information about running BCC on Android devices, see the +[adeb project's BCC howto](https://android.googlesource.com/platform/external/adeb/+/master/BCC.md). diff --git a/en/devices/tech/display/color-mgmt.html b/en/devices/tech/display/color-mgmt.html index d73f091d..a61c9b76 100644 --- a/en/devices/tech/display/color-mgmt.html +++ b/en/devices/tech/display/color-mgmt.html @@ -89,7 +89,7 @@ display referred space with the same white point and color primaries as sRGB support and can be implemented in the Android EGL wrapper. To be useful, this extension requires support for 16-bit floating point (FP16).</li> <li> -<a href="https://github.com/KhronosGroup/EGL-Registry/pull/10/files" class="external">EGL_KHR_gl_colorspace_display_p3 +<a href="https://www.khronos.org/registry/EGL/extensions/EXT/EGL_EXT_gl_colorspace_display_p3.txt" class="external">EGL_EXT_gl_colorspace_display_p3 and EGL_EXT_gl_colorspace_display_p3_linear</a>. For applications that want to use Display-P3 format default framebuffers to more easily achieve sRGB rendering to display devices, this extension allows creating EGLSurfaces that diff --git a/en/devices/tech/ota/index.html b/en/devices/tech/ota/index.html index 946a6f4c..6c0431c8 100644 --- a/en/devices/tech/ota/index.html +++ b/en/devices/tech/ota/index.html @@ -25,50 +25,53 @@ <p> Android devices in the field can receive and install over-the-air (OTA) - updates to the system and application software. This section describes - the structure of the update packages and the tools provided to build - them. It is intended for developers who want to make the OTA update - system work on new Android devices and those who are building update - packages for use with released devices. OTA updates are designed to - upgrade the underlying operating system and the read-only apps installed - on the system partition; these updates do <em>not</em> affect - applications installed by the user from Google Play. + updates to the system, application software, and time zone rules. This + section describes the structure of update packages and the tools provided + to build them. It is intended for developers who want to make OTA updates + work on new Android devices and those who want to build update packages + for released devices. </p> + <p>OTA updates are designed to upgrade the underlying operating system, the + read-only apps installed on the system partition, and/or time zone rules; + these updates do <em>not</em> affect applications installed by the user + from Google Play. + </p> + + <h2 id="ab_updates">A/B (Seamless) system updates</h2> <p> - The Android Open Source Project (AOSP) includes a + Modern Android devices have two copies of each partition (A and B) and can + apply an update to the currently unused partition while the system is + running but idle. A/B devices do not need space to download the update + package because they can apply the update as they read it from the + network; this is known as <em>streaming A/B</em>. For more information + about OTA updates for A/B devices, see + <a href="/devices/tech/ota/ab/index.html">A/B (Seamless) System + Updates</a>. For a sample app that provides examples on using Android + system update APIs (i.e., <code>update_engine</code>) to install A/B + updates, refer to <a href="https://android.googlesource.com/platform/bootable/recovery/+/master/updater_sample/" - class="external">SystemUpdaterSample</a> app that gives examples on - how to use Android system update APIs to install OTA updates. The sample - app is an example on how to use <code>update_engine</code> for A/B - updates. - For more information, see <a href="https://android.googlesource.com/platform/bootable/recovery/+/master/updater_sample/README.md" - class="external"><code>updater_sample/README.md</code></a>. + class="external">SystemUpdaterSample</a> (app details available in + <a href="https://android.googlesource.com/platform/bootable/recovery/+/master/updater_sample/README.md" + class="external"><code>updater_sample/README.md</code></a>). </p> - <h2 id="ab_updates">A/B (seamless) system updates</h2> - + <h2 id="nonab_updates">Non-A/B system updates</h2> <p> - Modern A/B devices have two copies of each partition, A and B. Devices - apply the update to the currently unused partition while the system is - running but idle. A/B devices do not need space to download the update - package because they can apply the update as they read it from the - network. This is called <em>streaming A/B</em>. A/B updates are also - known as <em>seamless updates</em>. For more information about OTA - updates for A/B devices, see - <a href="/devices/tech/ota/ab/index.html">A/B (Seamless) System - Updates - </a>. + Older Android devices have a dedicated recovery partition containing the + software needed to unpack a downloaded update package and apply the + update to the other partitions. For more information, see + <a href="/devices/tech/ota/nonab/index.html">Non-A/B System Updates</a>. </p> - <h2 id="nonab_updates">Non-A/B system updates</h2> - + <h2 id=time-zone-updates>Time zone rule updates</h2> <p> - Older devices have a special recovery partition containing the software - needed to unpack a downloaded update package and apply the update to - the other partitions. For more information, see - <a href="/devices/tech/ota/nonab/index.html">Non-A/B System Updates - </a>. + As of Android 8.1, OEMs can push updated time zone rules data to devices + without requiring a system update. This mechanism enables users to + receive timely updates (thus extending the useful lifetime of an Android + device) and OEMs to test time zone updates independently of system image + updates. For details, see + <a href="/devices/tech/config/timezone-rules">Time Zone Rules</a>. </p> </body> diff --git a/en/security/_toc-best-practices.yaml b/en/security/_toc-best-practices.yaml new file mode 100644 index 00000000..ab2d8831 --- /dev/null +++ b/en/security/_toc-best-practices.yaml @@ -0,0 +1,15 @@ +toc: +- title: Overview + path: /security/best-practices/ +- title: Operational Security + path: /security/best-practices/ops +- title: System Security + path: /security/best-practices/system +- title: App Security + path: /security/best-practices/app +- title: Network Security + path: /security/best-practices/network +- title: Hardware Security + path: /security/best-practices/hardware +- title: Privacy Security + path: /security/best-practices/privacy diff --git a/en/security/_toc-bulletins.yaml b/en/security/_toc-bulletins.yaml index fd95a0ae..4f062436 100644 --- a/en/security/_toc-bulletins.yaml +++ b/en/security/_toc-bulletins.yaml @@ -9,6 +9,12 @@ toc: path: /security/advisory/2016-03-18 - title: Android Bulletins section: + - title: 2019 Bulletins + section: + - title: January + path: /security/bulletin/2019-01-01 + - title: Index + path: /security/bulletin/2019 - title: 2018 Bulletins section: - title: December @@ -111,6 +117,12 @@ toc: section: - title: Overview path: /security/bulletin/pixel/index + - title: 2019 Bulletins + section: + - title: January + path: /security/bulletin/pixel/2019-01-01 + - title: Index + path: /security/bulletin/pixel/2019 - title: 2018 Bulletins section: - title: December diff --git a/en/security/_toc-features.yaml b/en/security/_toc-features.yaml index eb4a9087..5c93129a 100644 --- a/en/security/_toc-features.yaml +++ b/en/security/_toc-features.yaml @@ -41,6 +41,8 @@ toc: section: - title: Overview path: /security/trusty/ + - title: Download and Build + path: /security/trusty/download-and-build - title: Trusty API Reference path: /security/trusty/trusty-ref - title: Encryption @@ -53,6 +55,8 @@ toc: path: /security/encryption/full-disk - title: Metadata Encryption path: /security/encryption/metadata + - title: Enabling Adiantum + path: /security/encryption/adiantum - title: SELinux section: - title: Overview diff --git a/en/security/_toc-fuzz.yaml b/en/security/_toc-fuzz.yaml index 2e51dff5..8228d8d9 100644 --- a/en/security/_toc-fuzz.yaml +++ b/en/security/_toc-fuzz.yaml @@ -5,7 +5,7 @@ toc: path: /devices/tech/debug/asan - title: LLVM Sanitizers path: /devices/tech/debug/sanitizers -- title: Build kernel with KASAN+KCOV +- title: Build Kernel with KASAN+KCOV path: /devices/tech/debug/kasan-kcov - title: Fuzzing with libFuzzer path: /devices/tech/debug/libfuzzer diff --git a/en/security/_translation.yaml b/en/security/_translation.yaml deleted file mode 100644 index 858045e0..00000000 --- a/en/security/_translation.yaml +++ /dev/null @@ -1,13 +0,0 @@ -ignore_paths: -- /security/bulletin/... -enable_continuous_translation: true -title: Android Open Source Project Security tab -description: Translations for SAC Security tab -language: -- zh-CN -cc: -- daroberts@google.com -- sac-doc-leads+translation@google.com -reviewer: -- daroberts -product: Android diff --git a/en/security/best-practices/app.html b/en/security/best-practices/app.html new file mode 100644 index 00000000..7bd95674 --- /dev/null +++ b/en/security/best-practices/app.html @@ -0,0 +1,234 @@ +<html devsite> + <head> + <title>App Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + <p>This section contains recommendations to ensure the security of apps on + Android devices.</p> + +<h2 id="source-code-review">Source code review</h2> + +<p>Source code review can detect a broad range of security issues, including + those identified in this document. Android strongly encourages both manual + and automated source code review.</p> + +<ul> + <li>Follow comprehensive security guidance when conducting reviews to ensure + coverage. Utilize relevant internal or external standards to ensure + consistent and complete reviews.</li> + <li>Run a linter, such as the + <a href="https://developer.android.com/studio/write/lint" + class="external">Android Studio linter</a>, on all app code using the + Android SDK and correct any identified issues.</li> + <li>Analyze native code using an automated tool that can detect memory + management issues, such as buffer overflows and off-by-one errors.</li> + <li>The Android build system supports many of the LLVM sanitizers, such as + <a href="/devices/tech/debug/asan">AddressSanitizer</a> and + <a href="/devices/tech/debug/sanitizers#undefinedbehaviorsanitizer">UndefinedBehaviorSanitizer</a>, + which can be used for runtime analysis of memory-related issues. Combined + with fuzzing, supported in Android through + <a href="/devices/tech/debug/libfuzzer">libFuzzer</a>, sanitizers can + uncover unusual edge cases requiring further investigation.</li> + <li>A knowledgeable security assessor should review higher risk code, such as + crypto, payment processing, and PII processing.</li> +</ul> + +<h2 id="automated-testing">Automated testing</h2> + +<p>Automated testing can help detect a broad range of security issues and + should be performed regularly.</p> + +<ul> + <li>Run the latest version of <a href="/compatibility/cts/">CTS</a> regularly + throughout the development process to detect problems early and reduce time + to correction. Android uses CTS as part of continuous integration in our + automated build process, which builds multiple times per day.</li> + <li>Automate security testing of interfaces, including testing with malformed + inputs (fuzz testing). Android's build system supports + <a href="/devices/tech/debug/libfuzzer">libFuzzer</a> for writing fuzz + tests.</li> +</ul> + +<h2 id="vulnerability-scanning">Vulnerability scanning</h2> + +<p>Vulnerability scanning can help ensure that pre-installed apps are free of + known security vulnerabilities. Advanced detection can reduce the time and + cost required with addressing these vulnerabilities and preventing risk to + users and devices.</p> + +<ul> + <li>Scan all pre-installed apps using an industry-recognized app + vulnerability scanning tool and address detected vulnerabilities.</li> +</ul> + + +<h2 id="phas">Potentially Harmful Applications</h2> + +<p>It is important to ensure that no pre-installed apps on your device are + accidental + <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially + Harmful Applications</a> (PHAs). You are responsible for the behavior of + all apps that are included on your devices.</p> + +<h3 id="hostile-downloaders">Hostile downloaders</h3> + +<p>Hostile downloaders are apps that are not directly considered harmful but + instead download other potentially harmful apps.</p> + +<ul> + <li>Ensure there is user disclosure for all pre-installed apps that use the + <code>INSTALL_PACKAGES</code> permission.</li> + <li>Ensure that the developer is contractually obligated not to install any + apps as UID 0.</li> + <li>Evaluate permissions declared in the manifest of all apps to + be installed through the developer's network.</li> + <li>Ensure that the developer is contractually obligated to scan all download + URLs of auto-updater and installer apps with + <a href="https://developers.google.com/safe-browsing/" + class="external">Google Safe Browsing API</a> before serving apps to + the device.</li> + <li>Starting with Android 9, require all developers to use + <code>UPDATE_PACKAGES</code> permission instead of the + <code>INSTALL_PACKAGES</code> permission. When combined with + <code>INSTALL_SELF_UPDATES</code>, using <code>UPDATE_PACKAGES</code> + allows privileged apps to be granted finely scoped install privileges based + on their intended usage instead of the more broad + <code>INSTALL_PACKAGES</code> permission.</li> +</ul> + + +<h3 id="cryptomining">Cryptomining</h3> + +<p>Cryptomining apps are those that attempt to leverage a device's hardware or + cloud-based computing to generate currency in the form of "coins", typically + by way of blockchain technology. If you intend to offer this service as an + alternate form of currency or in exchange for services, ensure you request + the user's permission before leveraging the device's hardware to run this + service, including explicit consent that this will impact battery runtime.</p> + +<h3 id="imposter-apps">Impostor apps</h3> + +<p>Impostor apps are defined as ones that attempt to disguise themselves as a + well known app, such as YouTube or Facebook.</p> + +<ul> + <li>Prior to device launch, scan all pre-loaded apps for vulnerabilities.</li> +</ul> + + +<h2 id="app-permissions">App permissions</h2> + +<p>Excessive permissions for pre-installed apps can create a security + risk. Restrict pre-installed apps to the minimum necessary permissions and + ensure they don't have access to unnecessary permissions or privileges.</p> + +<ul> + <li>Do not grant unnecessary permissions or privileges to pre-installed apps. + Thoroughly review apps with system privileges as they may have very + sensitive permissions.</li> + <li>Ensure that all permissions requested are relevant and necessary for the + functionality of that specific app.</li> +</ul> + + +<h2 id="app-signing">App signing</h2> + +<p>App signatures play an important role in device security and are used for + permissions checks and software updates. When selecting a key to use for + signing apps, it is important to consider whether an app will be available + only on a single device or common across multiple devices.</p> + +<ul> + <li>Ensure that apps are not signed with a key that is publicly known, such + as the AOSP developer key.</li> + <li>Ensure that keys used to sign apps are managed in a manner consistent + with industry-standard practices for handling sensitive keys, including an + hardware security module (HSM) that provides limited, auditable access.</li> + <li>Ensure that apps are not signed with the platform key. Doing so gives an + app access to platform signature permissions, which are very powerful and + only intended to be used by components of the operating system. System apps + should use privileged permissions.</li> + <li>Ensure that apps with the same package name are not signed with different + keys. This often occurs when creating an app for different devices, + especially when using the platform key. If the app is device-independent, + use the same key across devices. If the app is device-specific, create + unique package names per device and key.</li> +</ul> + +<h2 id="isolating-apps-and-processes">Isolating apps and processes</h2> + + <p>The Android <a href="/security/app-sandbox">sandboxing model</a> + provides extra security around apps and processes when used correctly.</p> + +<h3 id="isolating-root-processes">Isolating root processes</h3> + +<p>Root processes are the most frequent target of privilege escalation attacks; + reducing the number of root processes reduces risk of privilege escalation.</p> + +<ul> + <li>Ensure that devices run the minimum necessary code as root. Where + possible, use a regular Android process rather than a root process. If a + process must run as root on a device, document the process in an AOSP + feature request so it can be publicly reviewed.</li> + <li>Where possible, root code should be isolated from untrusted data and + accessed via interprocess communication (IPC). For example, reduce root + functionality to a small Service accessible via Binder and expose the + Service with signature permission to an app with low or no privileges to + handle network traffic.</li> + <li>Root processes must not listen on a network socket.</li> + <li>Root processes must not include a general-purpose runtime, such as a Java + VM).</li> +</ul> + +<h3 id="isolating-system-apps">Isolating system apps</h3> + +<p>In general, pre-installed apps should not run with the shared system unique + identifier (UID). If it is necessary for an app to use the shared UID of + system or another privileged service (e.g., phone), the app should not export + any services, broadcast receivers, or content providers that can be accessed + by third-party apps installed by users.</p> + +<ul> + <li>Ensure devices run the minimum necessary code as system. Where possible, + use an Android process with its own UID rather than reusing the system UID.</li> + <li>Where possible, system code should be isolated from untrusted data and + expose IPC only to other trusted processes.</li> + <li>System processes must not listen on a network socket. This is a CTS + requirement.</li> +</ul> + +<h3 id="isolating-processes">Isolating processes</h3> + +<p>The Android Application Sandbox provides apps with an expectation of + isolation from other processes on the system, including root processes and + debuggers. Unless debugging is specifically enabled by the app and the user, + no app should violate that expectation.</p> + +<ul> + <li>Ensure root processes do not access data within individual app data + folders, unless using a documented Android debugging method.</li> + <li>Ensure root processes do not access memory of apps, unless using a + documented Android debugging method.</li> + <li>Ensure devices do not include any app that accesses data or memory of + other apps or processes.</li> +</ul> + </body> +</html> diff --git a/en/security/best-practices/hardware.html b/en/security/best-practices/hardware.html new file mode 100644 index 00000000..0197f7a4 --- /dev/null +++ b/en/security/best-practices/hardware.html @@ -0,0 +1,62 @@ +<html devsite> + <head> + <title>Hardware Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + <p id="hardware-security">This page contains recommendations to ensure + that the hardware present on Android devices contributes to raising the + overall security of the device instead of compromising the security of + the device.</p> + +<h2 id="device-memory">Device memory</h2> + +<p>It is important to understand the potential security tradeoffs when + selecting memory for Android devices. For example, certain types of memory + may enable the execution of + <a href="https://en.wikipedia.org/wiki/Row_hammer" + class="external">Rowhammer</a> style attacks.</p> + +<ul> + <li>Android devices should use memory that contains mitigations against + Rowhammer style attacks. Device manufacturers should work closely with + their memory manufacturers for additional details.</li> +</ul> + +<h2 id="strongbox-keymaster">StrongBox Keymaster</h2> + +<p>It is important to securely store and handle cryptographic keys that are + available on the device. This is typically done on Android devices by + utilizing a hardware-backed Keymaster implemented in an isolated environment, + such as the Trusted Execution Environment (TEE). It is further recommended to + also support a + <a href="https://developer.android.com/preview/features/security#hardware-security-module" + class="external">StrongBox Keymaster</a>, which is implemented in + tamper-resistant hardware.</p> + +<ul> + <li>Ensure that the StrongBox Keymaster is running in an environment that + has a discrete CPU, secure storage, a high quality true random number + generator, tamper resistant packaging, and side channel resistance to meet + the requirements to qualify as a StrongBox Keymaster. See the Android 9 + CDD, section 9.11.2 for more information on the requirements.</li> +</ul> + </body> +</html> diff --git a/en/security/best-practices/index.html b/en/security/best-practices/index.html new file mode 100644 index 00000000..3d91bb13 --- /dev/null +++ b/en/security/best-practices/index.html @@ -0,0 +1,52 @@ +<html devsite> + <head> + <title>Android Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p> + This topic contains best practices for device manufacturers to ship secure + devices to all Android users. The collected best practices cover: +</p> + +<ul> + <li><strong>Organizational and operational security</strong>—Creating strong + security practices in your team and organization.</li> + <li><strong>System security</strong>—Reviewing and improving core operating + system and device security.</li> + <li><strong>Application security</strong>—Reviewing and improving the + security of apps on the device.</li> + <li><strong>Network security</strong>—Reviewing and improving the security + of network communications from the device.</li> + <li><strong>Hardware security</strong>—Reviewing hardware choices to improve + device security.</li> + <li><strong>Privacy</strong>—Enabling user control over the handling of + their data.</li> +</ul> + +<p> + Many recommendations in this section are also detailed in the + <a href="/compatibility/cdd">Android Compatibility Definition Document</a> + (CDD). In many instances, these recommendations are detected through tools, + such as the <a href="/compatibility/cts/">Android Compatibility Test Suite</a> + (CTS).</p> + + </body> +</html> diff --git a/en/security/best-practices/network.html b/en/security/best-practices/network.html new file mode 100644 index 00000000..dd12de87 --- /dev/null +++ b/en/security/best-practices/network.html @@ -0,0 +1,75 @@ +<html devsite> + <head> + <title>Network Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p>This section contains recommendations to ensure the security of network + communications from Android devices.</p> + +<h2 id="securing-listening-sockets">Securing listening sockets</h2> + +<p>Use listening sockets with caution. There should generally + not be any open listening sockets on devices as these provide a vector for a + remote attacker to gain access to the device.</p> + +<ul> + <li>Android devices should minimize the number of internet listening sockets + they expose, especially on boot or by default. No socket should be + listening on the internet at boot by default. + <ul> + <li>Root processes and processes owned by the system unique identifier + (UID) shouldn't expose any listening sockets.</li> + </ul> + </li> + <li>Listening sockets must be able to be disabled without an OTA update. This + can be performed using either a server or user-device configuration change.</li> + <li>For local IPC-using sockets, apps must use a UNIX domain socket with + access limited to a group. Create a file descriptor for the IPC and make it + +RW for a specific UNIX group. Any client apps must be within that UNIX + group.</li> + <li>Some devices with multiple processors (for example, a radio/modem separate + from the app processor) use network sockets to communicate between + processors. In such instances, the network socket used for inter-processor + communication must use an isolated network interface to prevent access by + unauthorized apps on the device (i.e. use iptables to prevent access by + other apps on the device).</li> + <li>Daemons that handle listening ports must be robust against malformed + data. You should conduct fuzz-testing against the port using an + unauthorized client, and, where possible, authorized client. File bugs to + follow up on crashes.</li> +</ul> + + <p>The <a href="/compatibility/tests/">Android Compatibility Test Suite</a> + (CTS) includes tests that check for the presence of open listening ports.</p> + +<h3 id="disable-adb">Disable ADB</h3> + +<p>Android Debug Bridge (ADB) is a valuable development and debugging tool, but + is designed for use in a controlled, secure environment and should not be + enabled for general use.</p> + +<ul> + <li>Ensure that ADB is disabled by default.</li> + <li>Ensure that ADB requires the user to turn it on before accepting + connections.</li> +</ul> +</body> +</html> diff --git a/en/security/best-practices/ops.html b/en/security/best-practices/ops.html new file mode 100644 index 00000000..e119e133 --- /dev/null +++ b/en/security/best-practices/ops.html @@ -0,0 +1,166 @@ +<html devsite> + <head> + <title>Organizational and Operational Security</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + <p>The foundation of good security practices start in your organization.</p> + + +<h3 id="create-a-team">Create a security and privacy team</h3> + +<p>Create a dedicated security and privacy team and establish a leader for this +organization.</p> + +<ul> + <li><strong>Build a security team.</strong> + <ul> + <li>Ensure at least one employee is responsible for security, privacy, and + incident response.</li> + <li>Define a mission and scope for this team.</li> + <li>Develop an org chart and job descriptions for: Security Manager, + Security Engineer, Incident Manager.</li> + <li>Hire employees or external contractors to fill these roles.</li> + </ul> + </li> + <li><strong>Define a security development lifecycle (SDL)</strong>. Your SDL + should cover these areas: + <ul> + <li>Security requirements for products.</li> + <li>Risk analysis and threat modeling.</li> + <li><a href="/devices/tech/debug/fuzz-sanitize">Static and dynamic + analysis</a> of applications and code.</li> + <li>Final security review processes for products.</li> + <li>Incident response.</li> + </ul> + </li> + <li><strong>Assess organizational risk</strong>. Create a risk assessment and + develop plans to eliminate or mitigate those risks.</li> +</ul> + +<h3 id="build-verification">Build verification process</h3> + +<p>Evaluate gaps in your existing internal build verification and approval +processes.</p> + +<ul> + <li>Identify any gaps in your current build verification process that could + lead to the introduction of a + <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially + Harmful Application</a> (PHA) into your build.</li> + <li>Ensure you have a code review and approval process, even for in-house + patches to <a href="https://android.googlesource.com/" + class="external">AOSP</a>.</li> + <li>Improve build integrity by implementing controls in these areas: + <ul> + <li><strong>Track changes</strong>. Track software engineers; keep + change logs.</li> + <li><strong>Assess risk</strong>. Assess permissions used by an app; + require manual review of code changes.</li> + <li><strong>Monitor</strong>. Evaluate changes made to privileged code.</li> + </ul> + </li> +</ul> + +<h3 id="source-code-change-tracking">Source code change tracking</h3> + +<p>Monitor for unintentional modifications of source code or third-party +apps / binaries / SDKs.</p> + +<ul> + <li><strong>Assess partnerships</strong>. Assess the risk of working with a + technical partner using the following steps: + + <ul> + <li>Establish criteria for how to assess the risk of working with a + specific supplier.</li> + <li>Create a form that asks the supplier how they resolve incidents and + manage security and privacy.</li> + <li>Verify their claims with a periodic audit.</li> + </ul> + </li> + <li><strong>Track changes</strong>. Record which companies and employees + modify source code and conduct periodic audits to ensure only appropriate + changes take place.</li> + <li><strong>Keep records</strong>. Record which companies add third-party + binaries to your build and document what function those apps perform and + what data they collect.</li> + <li><strong>Plan updates</strong>. Ensure that your suppliers are required to + provide software updates for the full life of your product. Unforeseen + vulnerabilities may require support from vendors to address.</li> +</ul> + +<h3 id="validate-source-code">Validate source code integrity and pedigree</h3> + +<p>Inspect and validate source code supplied by an original device manufacturer +(ODM), Over-the-air update (OTA), or carrier.</p> + +<ul> + <li><strong>Manage signing certificates</strong>. + <ul> + <li>Store keys in a hardware security module (HSM) or secure cloud service + (don't share them).</li> + <li>Ensure access to signing certificates is controlled and audited.</li> + <li>Require all code signing be done in your build system.</li> + <li>Revoke lost keys.</li> + <li>Generate keys using best practices.</li> + </ul> + </li> + <li><strong>Analyze new code</strong>. Test newly added code with security + code analysis tools to check for the introduction of new vulnerabilities. + In addition, analyze overall functionality to detect expression of new + vulnerabilities.</li> + <li><strong>Review before publishing</strong>. Look for security + vulnerabilities in source code and third-party apps before you push them + into production. For example: + <ul> + <li>Require apps to use secure communication.</li> + <li>Follow the principle of least privilege and grant the minimum set of + permissions needed for the app to operate.</li> + <li>Ensure data is stored and transferred over secure channels.</li> + <li>Keep service dependencies up-to-date.</li> + <li>Apply security patches to SDKs and open source libraries.</li> + </ul> + </li> +</ul> + +<h2 id="incident-response">Incident response</h2> + +<p>Android believes in the power of a strong security community to help find +issues. You should create and publicize a way for external parties to contact +you about device-specific security issues.</p> + +<ul> + <li><strong>Establish contact</strong>. Create an email address, such as + security@<var>your-company</var>.com or a website with clear instructions + for reporting potential security issues associated with your product + (<a href="https://security.samsungmobile.com/securityReporting.smsb" + class="external">example</a>).</li> + <li><strong>Contribute changes upstream</strong>. If you become aware of a + security issue affecting the Android platform or devices from multiple + device manufacturers, contact the Android Security Team by filing a <a + href="g.co/AndroidSecurityReport" class="external">security bug report</a>. + </li> + <li><strong>Promote good security practices</strong>. Proactively assess the + security practices of hardware and software vendors who provide services, + components, and/or code for your devices. Hold vendors accountable for + maintaining a good security posture.</li> +</ul> + </body> +</html> diff --git a/en/security/best-practices/privacy.html b/en/security/best-practices/privacy.html new file mode 100644 index 00000000..69c217d4 --- /dev/null +++ b/en/security/best-practices/privacy.html @@ -0,0 +1,96 @@ +<html devsite> + <head> + <title>Privacy Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p>This page contains a collection of data collection guidance + and recommendations to ensure that Android users have control over the + handling of their data.</p> + +<h2 id="logging-data">Logging data</h2> + +<p>Logging data increases the risk of exposure of that data and reduces system + performance. Multiple public security incidents have occurred as a result of + logging sensitive user data.</p> + +<ul> + <li>Do not log to the sdcard.</li> + <li>Apps or system services should not log data provided from third-party + apps that might include sensitive information.</li> + <li>Apps must not log any Personally Identifiable Information (PII) as + part of normal operation, unless it's absolutely necessary to provide the + core functionality of the app.</li> +</ul> + +<p>CTS includes tests that check for the presence of potentially sensitive + information in logs.</p> + +<h2 id="metrics-collection">Metrics collection</h2> + +<p>Collecting metrics can be an essential part of understanding usage of your + app and making improvements for the overall user experience. However, overly + broad metrics collection can also present a risk to user privacy.</p> + +<ul> + <li>If at all possible, don't collect metrics. + <ul> + <li>If you must collect metrics, first request explicit, informed, + and meaningful user consent.</li> + </ul> + </li> + <li>With few exceptions, only collect metrics that are necessary to support + the reliability of the service.</li> + <li>Avoid collecting identifiable or potentially sensitive data whenever + possible, such as + <a href="https://developer.android.com/training/articles/user-data-ids" + class="external">hardware identifiers</a>.</li> + <li>Ensure data is sufficiently aggregated and anonymized whenever possible.</li> +</ul> + +<h2 id="spyware">Spyware</h2> + +<p>Spyware is defined as software that aims to gather information about a user + or device without their knowledge, that may send user information to another + entity without consent.</p> + +<ul> + <li>Transmission of the following user or device data without disclosure or + in a manner that is unexpected to the user is considered spyware (this + list contains top examples, but is not an exhaustive list): + <ul> + <li>Information about the user's contacts (names, numbers, emails)</li> + <li>Photos or other files</li> + <li>Content from user email</li> + <li>Call log</li> + <li>SMS log</li> + <li>Web history</li> + <li>Browser bookmarks</li> + <li>Private information from other apps (private <code>/data/</code> + directories)</li> + <li>Audio or call recording</li> + <li>Passwords</li> + <li>OAuth tokens</li> + <li>Location</li> + </ul> + <li>Ensure that all apps provide a reasonable explanation disclosure to + the user prior to installation.</li> +</ul> +</body> +</html> diff --git a/en/security/best-practices/system.html b/en/security/best-practices/system.html new file mode 100644 index 00000000..7431950e --- /dev/null +++ b/en/security/best-practices/system.html @@ -0,0 +1,332 @@ +<html devsite> + <head> + <title>System Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p>This section contains recommendations for ensuring the security of the core + Android operating system and devices.</p> + +<h2 id="biometric-authentication">Biometric authentication</h2> + +<p>Acquire, store, and process <a href="/security/biometric">biometric data</a> + for user authentication carefully. You should: +</p> + +<ul> + <li>Mandate the primary authentication method before using any other form of + authentication (including biometrics).</li> + <li>Require an explicit confirmation to indicate intent when using passive + biometric modalities, such as facial recognition, for transactions (for + example, payments) that involve authentication-bound keys.</li> + <li>Require the primary authentication method every 72 hours.</li> + <li>Use a fully secure pipeline for all biometric data and handling.</li> + <li>Never send biometric data (including raw sensor measurements and derived + features) off-device. If possible, keep this data in a secure isolated + environment, such as the <a href="/security/trusty">Trusted Execution + Environment (TEE)</a> or Secure Element.</li> +</ul> + +<p>Devices with biometrics should support the + <a href="https://developer.android.com/preview/features/security#fingerprint-auth" + class="external">BiometricPrompt API</a>, which offers a common and + consistent interface for app developers to take advantage of biometrics-based + authentication in their apps. Only + <a href="/security/biometric/#strong-weak-unlocks" class="external">strong + biometrics</a> can integrate with <code>BiometricPrompt</code> and + integrations must follow <a href="/compatibility/cdd">Android Compatibility + Definition Document</a> (CDD) guidelines.</p> + +<p>For more biometric guidelines, see +<a href="/security/biometric#hal-implementation">Biometric HAL implementation + guidelines</a>.</p> + +<h2 id="selinux">SELinux</h2> + +<p>SELinux provides the definition and enforcement of much of Android's + security model. Correctly using SELinux is critical to the security of + Android devices and can help mitigate the impact of security vulnerabilities. + All Android devices should implement a + <a href="/security/selinux/device-policy#granting_the_dac_override_capability">robust + SELinux policy</a> for this reason.</p> + +<ul> + <li>Implement a least privilege policy.</li> + <li>Avoid granting <code>CAP_DAC_OVERRIDE</code>, <code>CAP_SYS_ADMIN</code>, + and <code>CAP_NET_ADMIN</code> permissions.</li> + <li>Don't log system data to the SD card.</li> + <li>Use provided types for driver access, such as <code>gpu_device</code>, + <code>audio_device</code>, etc.</li> + <li>Use meaningful names for processes, files, and SELinux types. + <ul> + <li>Ensure default labels are not used and access is not granted to them.</li> + </ul> + </li> + <li>Device-specific policy should account for 5–10% of the overall policy + running on a device. Customizations in the 20%+ range almost certainly + contain over-privileged domains and dead policy. Unnecessarily large policy + wastes memory, wastes disk space by necessitating a larger boot image, + and negatively affects runtime policy lookup times. + </li> +</ul> + +<h3 id="dynamic-loading-selinux-policy">Dynamic loading of SELinux policy</h3> + +<p>Do not dynamically load SELinux policy on Android devices. Doing so can + result in issues, such as:</p> + +<ul> + <li>Preventing the acceptance of critical security patches.</li> + <li>Exposing the ability to root a device through reloading of policies.</li> + <li>Exposing a vector for man-in-the-middle attacks against the policy + updater.</li> + <li>Resulting in bricked devices due to errors with policy updates.</li> +</ul> + +<h2 id="backdoors">Backdoors</h2> + +<p>Android apps should not have any backdoors or ways to access the system or + data that bypass normal security mechanisms. This includes diagnostics, + debugging, development, or warranty repair special access gated by secrets + known to the developer. To prevent backdoors:</p> + +<ul> + <li>Scan all third-party apps using an industry-recognized app vulnerability + scanning tool.</li> + <li>Perform code reviews of all code with sensitive access, including + third-party libraries.</li> + <li>Utilize Google Play Protect by uploading apps to Google Play for + scanning. You can upload apps for scanning without publishing to Google + Play.</li> + <li>Do not preload diagnostics- or repair-focused tools on release + builds. Only install these tools on-demand to solve specific issues. + Additionally, these tools must not operate upon or upload any + account-specific data.</li> +</ul> + +<h2 id="development-tools">Development tools</h2> + +<p>Development tools, such as debugging, testing, and diagnostic tools, can + often create unintended security gaps on your device by revealing how they + operate and the data that they collect. To make sure that development tools + don't make it into production builds:</p> + +<ul> + <li>Develop a blacklist of in-house debug and testing tool hashes and scan + builds for these APKs prior to using the system image.</li> + <li>Scan all first-party apps using an industry-recognized app vulnerability + scanning tool.</li> + <li>Hire a third-party app security testing firm to evaluate all critical + on-device diagnostic apps before any major update, especially if the app is + developed by a third party.</li> + <li>Ensure that only the user can enable the tool, either verbally or over + chat, during a support session. Store artifacts of consent and disable the + tool after collecting the necessary diagnostic information.</li> + <li>Store this tool's record of use in a log accessible by the user in their + carrier account.</li> + <li>Ensure that any personally identifiable information (PII) or device + telemetry data collected by the tool is subject to anonymization, retention + and deletion practices relevant to the country. Only data relevant for the + support call should be collected. This data should be deleted after each + call.</li> + <li>Ensure that techniques that can be used for spyware, such as keystroke + logging, microphone usage, or camera usage, are not used without explicit + user consent. Apps utilizing these potentially privacy-invasive methods + should be very clearly disclosed along with a privacy policy that the user + must consent to. Apps like this should not be enabled without explicit + consent by the user.</li> +</ul> + +<p>Here are some additional suggestions to refer to when implementing + disclosure and consent:</p> + +<h3 id="in-app-disclosure">In-app disclosure</h3> + +<ul> + <li>Display the normal usage of the app directly in-app. Do not require the + user to navigate into a menu or settings.</li> + <li>Describe the type of data being collected and explain how the data will + be used.</li> + <li>Ideally do not embed this information in a privacy policy or terms of + service. Do not include it with other disclosures unrelated to personal or + sensitive data collection.</li> +</ul> + +<h3 id="request-consent">Request for consent</h3> + +<ul> + <li>Consent must be affirmative. Don't consider navigation away from the + disclosure, including tapping away or pressing the back or home button, + as consent.</li> + <li>Present the consent dialog in a clear and unambiguous way.</li> + <li>Require affirmative user action, such as tap to accept or speak a + command, to accept.</li> + <li>Don't collect personal or sensitive data before obtaining + affirmative consent.</li> + <li>Don't use auto-dismissing or expiring messages.</li> +</ul> + +<h2 id="embedded-functionality-in-aosp">Embedded functionality in AOSP</h2> + +<p>Embedding additional functionality in AOSP can often have unexpected + behavior and consequences; proceed with caution.</p> + +<ul> + <li>Ensure that the user is prompted if they want to use different default + apps (for example, search engine, web browser, launcher) and disclose + sending data off device.</li> + <li>Ensure that AOSP APKs are signed with the AOSP certificate.</li> + <li>Run regression tests and keep a change-log to determine whether the AOSP + APKs have had code added.</li> +</ul> + +<h2 id="security-updates">Security updates</h2> + +<p>Android devices should receive ongoing security support for at least two + years from launch. This includes receiving regular updates that address + known security vulnerabilities.</p> + +<ul> + <li>Work with hardware partners, such as your SoC vendors, to put + appropriate support agreements in place for all components on your + Android device.</li> + <li>Ensure that security updates can be installed with minimal user + interaction to increase the likelihood of users accepting and installing + updates on their Android device. Implementing + <a href="/devices/tech/ota/ab/">Seamless System Updates</a> or an + equivalent security feature is strongly recommended.</li> + <li>Ensure that you understand the cumulative requirement of the Android + Security Patch Level (SPL) as declared in the + <a href="/security/bulletin/">Android Security Bulletin</a>. For example, + devices that use the 2018-02-01 security patch level must include all + issues associated with that security patch level, as well as fixes for + all issues reported in all previous security bulletins.</li> +</ul> + +<h3 id="dynamic-kernel-updates">Dynamic kernel updates</h3> + +<p>Do not dynamically modify critical system components. While there is some + research to suggest that dynamic kernel updates help protect against + emergency threats, the assessed cost currently outweighs the benefits. + Instead, create a robust OTA update method to quickly distribute + vulnerability protections.</p> + +<h2 id="key-management">Key management</h2> + +<p>Maintain good key management policies and practices to ensure the security + of signing keys.</p> + +<ul> + <li>Do not share signing keys with external parties.</li> + <li>If a signing key is compromised, generate a new key and double sign all + apps going forward.</li> + <li>Store all keys in high-security module hardware or services requiring + multiple factors to access.</li> +</ul> + +<h2 id="system-image-signing">System image signing</h2> + +<p>The signature of the system image is critical to determine device integrity.</p> + +<ul> + <li>Do not sign devices with a publicly known key.</li> + <li>Manage device-signing keys in a manner consistent with industry-standard + practices for handling sensitive keys, including a hardware security module + (HSM) that provides limited, auditable access.</li> +</ul> + +<h2 id="unlockable-bootloaders">Unlockable bootloaders</h2> + +<p>Many Android devices support unlocking, enabling the device owner to modify + the system partition or install a custom operating system. Common use + cases include installing a third-party system image and performing + systems-level development on the device. For example, to unlock the system + image on a Google Nexus or Pixel, a user can run <code>fastboot oem + unlock</code>, which displays this message:</p> + +<aside class="caution"> + <p><strong>Unlock bootloader?</strong></p> + + <p>If you unlock the bootloader, you will be able to install custom + operating system software on this phone.</p> + + <p>A custom OS is not subject to the same testing as the original OS, and + can cause your phone and installed apps to stop working properly.</p> + + <p>To prevent unauthorized access to your personal data, unlocking the + bootloader will also delete all personal data from your phone (a "factory + data reset").</p> + + <p>Press the Volume Up/Down buttons to select Yes or No. Then press the + Power button to continue.</p> + + <p><strong>Yes:</strong> Unlock bootloader (may void warranty)</p> + + <p><strong>No</strong>: Do not unlock bootloader and restart phone.</p> +</aside> + +<p>As a best practice, unlockable Android devices must securely erase all user + data prior to being unlocked. Failure to properly delete all data on + unlocking may allow a physically proximate attacker to gain unauthorized + access to confidential Android user data. To prevent the disclosure of user + data, a device that supports unlocking must implement it properly.</p> + +<ul> + <li>After the user confirms the unlocking command, the device must start an + immediate data wipe. The <code>unlocked</code> flag must not be set until + after the secure deletion is complete.</li> + <li>If a secure deletion can't be completed, the device must stay in a locked + state.</li> + <li>If supported by the underlying block device, + <code>ioctl(BLKSECDISCARD)</code>or equivalent should be used. For + embedded MultiMediaCard (eMMC) devices, this means using a Secure Erase or + Secure Trim command. For eMMC 4.5 and later, this means using a normal Erase + or Trim followed by a Sanitize operation.</li> + <li>If <code>BLKSECDISCARD</code> is not supported by the underlying block + device, <code>ioctl(BLKDISCARD)</code> must be used instead. On eMMC + devices, this is a normal Trim operation.</li> + <li>If <code>BLKDISCARD</code> is not supported, overwriting the block + devices with all zeros is acceptable.</li> + <li>A user must have the option to require that user data be wiped + beofre flashing a partition. For example, Nexus devices use the + <code>fastboot oem lock</code> command to wipe user data.</li> + <li>A device may record, via eFuses or similar mechanism, whether a device + was unlocked and/or relocked. However, we strongly recommend that relocking + the bootloader with subsequent factory reset should restore full device + functionality.</li> +</ul> + +<p>These requirements ensure that all data is destroyed upon the completion of + an unlock operation. Failure to implement these protections is considered a + <a href="/security/overview/updates-resources#severity">moderate level + security vulnerability</a>.</p> + +<p>A device that is unlocked may be subsequently relocked using the + <code>fastboot oem lock</code> command. Locking the bootloader provides the + same protection of user data with the new custom OS as was available with the + original device manufacturer OS (e.g. user data will be wiped if the device + is unlocked again).</p> + +<h2 id="device-pentesting">Device pentesting</h2> + +<p>Devices should be reviewed by a competent pentester prior to shipment. + Pentesting should establish that the device followed security guidance + provided here as well as internal OEM security guidance.</p> +</body> +</html> diff --git a/en/security/bulletin/2015.html b/en/security/bulletin/2015.html index 380764f3..63cb9533 100644 --- a/en/security/bulletin/2015.html +++ b/en/security/bulletin/2015.html @@ -45,8 +45,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 7, 2015</td> <td>2015-12-01</td> @@ -58,8 +58,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 2, 2015</td> <td>2015-11-01</td> @@ -71,8 +71,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 5, 2015</td> <td>2015-10-01</td> @@ -84,8 +84,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 9, 2015</td> <td>N/A</td> @@ -97,8 +97,8 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <a href="/security/bulletin/2015-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 13, 2015</td> <td>N/A</td> diff --git a/en/security/bulletin/2016.html b/en/security/bulletin/2016.html index 6f8782f2..9f1624fb 100644 --- a/en/security/bulletin/2016.html +++ b/en/security/bulletin/2016.html @@ -43,8 +43,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 5, 2016</td> <td>2016-12-01<br> @@ -57,8 +57,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 7, 2016</td> <td>2016-11-01<br> @@ -72,8 +72,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 3, 2016</td> <td>2016-10-01<br> @@ -86,8 +86,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 6, 2016</td> <td>2016-09-01<br> @@ -101,8 +101,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 1, 2016</td> <td>2016-08-01<br> @@ -115,8 +115,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 6, 2016</td> <td>2016-07-01<br> @@ -129,8 +129,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 6, 2016</td> <td>2016-06-01</td> @@ -142,8 +142,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 2, 2016</td> <td>2016-05-01</td> @@ -155,8 +155,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 4, 2016</td> <td>2016-04-02</td> @@ -168,8 +168,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 7, 2016</td> <td>2016-03-01</td> @@ -181,8 +181,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 1, 2016</td> <td>2016-02-01</td> @@ -194,8 +194,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2016-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 4, 2016</td> <td>2016-01-01</td> diff --git a/en/security/bulletin/2017.html b/en/security/bulletin/2017.html index aa003eb5..af645994 100644 --- a/en/security/bulletin/2017.html +++ b/en/security/bulletin/2017.html @@ -43,8 +43,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 4, 2017</td> <td>2017-12-01<br> @@ -57,8 +57,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 6, 2017</td> <td>2017-11-01<br> @@ -72,8 +72,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 2, 2017</td> <td>2017-10-01<br> @@ -86,8 +86,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 5, 2017</td> <td>2017-09-01<br> @@ -100,8 +100,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 7, 2017</td> <td>2017-08-01<br> @@ -114,8 +114,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 5, 2017</td> <td>2017-07-01<br> @@ -128,8 +128,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 5, 2017</td> <td>2017-06-01<br> @@ -142,8 +142,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 1, 2017</td> <td>2017-05-01<br> @@ -156,8 +156,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 3, 2017</td> <td>2017-04-01<br> @@ -170,8 +170,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 6, 2017</td> <td>2017-03-01<br> @@ -184,8 +184,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 6, 2017</td> <td>2017-02-01<br> @@ -198,8 +198,8 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <a href="/security/bulletin/2017-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 3, 2017</td> <td>2017-01-01<br> diff --git a/en/security/bulletin/2018.html b/en/security/bulletin/2018.html index 3eeceac6..b574f288 100644 --- a/en/security/bulletin/2018.html +++ b/en/security/bulletin/2018.html @@ -43,8 +43,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 3, 2018</td> <td>2018-12-01<br> @@ -57,8 +57,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 5, 2018</td> <td>2018-11-01<br> @@ -71,8 +71,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 1, 2018</td> <td>2018-10-01<br> @@ -85,8 +85,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 4, 2018</td> <td>2018-09-01<br> @@ -99,8 +99,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 6, 2018</td> <td>2018-08-01<br> @@ -114,8 +114,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 2, 2018</td> <td>2018-07-01<br> @@ -128,8 +128,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 4, 2018</td> <td>2018-06-01<br> @@ -142,8 +142,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 7, 2018</td> <td>2018-05-01<br> @@ -156,8 +156,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 2, 2018</td> <td>2018-04-01<br> @@ -170,8 +170,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 2018</td> <td>2018-03-01<br> @@ -184,8 +184,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 2018</td> <td>2018-02-01<br> @@ -198,8 +198,8 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <a href="/security/bulletin/2018-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 2018</td> <td>2018-01-01<br> diff --git a/en/security/bulletin/2019-01-01.html b/en/security/bulletin/2019-01-01.html new file mode 100644 index 00000000..9afc1aef --- /dev/null +++ b/en/security/bulletin/2019-01-01.html @@ -0,0 +1,650 @@ +<html devsite> + <head> + <title>Android Security Bulletin—January 2019</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p><em>Published January 7, 2019 | Updated January 7, 2019</em></p> + +<p> +The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Security patch levels of 2019-01-05 or later address +all of these issues. To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705" + class="external">Check and update your Android version</a>. +</p> +<p> +Android partners are notified of all issues at least a month before +publication. Source code patches for these issues have been released to the +Android Open Source Project (AOSP) repository and linked from this bulletin. +This bulletin also includes links to patches outside of AOSP. +</p> +<p> +The most severe of these issues is a critical security vulnerability in +System that could enable a remote attacker using a specially crafted +file to execute arbitrary code within the context of a privileged process. The +<a href="/security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are turned off for development purposes or if successfully bypassed. +</p> +<p> +We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the +<a href="#mitigations">Android and Google Play Protect mitigations</a> +section for details on the +<a href="/security/enhancements/">Android security platform protections</a> +and Google Play Protect, which improve the security of the Android platform. +</p> +<p class="note"> +<strong>Note:</strong> Information on the latest over-the-air update (OTA) and +firmware images for Google devices is available in the +<a href="/security/bulletin/pixel/2019-01-01">January 2019 +Pixel Update Bulletin</a>. +</p> + +<h2 id="mitigations">Android and Google service mitigations</h2> + +<p> +This is a summary of the mitigations provided by the +<a href="/security/enhancements/">Android security platform</a> +and service protections such as +<a href="https://www.android.com/play-protect" class="external">Google Play +Protect</a>. These capabilities reduce the likelihood that security +vulnerabilities could be successfully exploited on Android. +</p> +<ul> +<li>Exploitation for many issues on Android is made more difficult by +enhancements in newer versions of the Android platform. We encourage all users +to update to the latest version of Android where possible.</li> +<li>The Android security team actively monitors for abuse through +<a href="https://www.android.com/play-protect" class="external">Google Play +Protect</a> and warns users about +<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially +Harmful Applications</a>. Google Play Protect is enabled by default on devices +with <a href="http://www.android.com/gms" class="external">Google Mobile +Services</a>, and is especially important for users who install apps from +outside of Google Play.</li> +</ul> +<h2 id="2019-01-01-details">2019-01-01 security patch level vulnerability details</h2> +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2019-01-01 patch level. Vulnerabilities are +grouped under the component they affect. There is a description of the +issue and a table with the CVE, associated references, +<a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +and updated AOSP versions (where applicable). When available, we link the public +change that addressed the issue to the bug ID, such as the AOSP change list. When +multiple changes relate to a single bug, additional references are linked to +numbers following the bug ID. +</p> + +<h3 id="framework">Framework</h3> + +<p>The most severe vulnerability in this section could enable a local malicious +application to bypass user interaction requirements in order to gain access to +additional permissions.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9582</td> + <td><a + href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/ab39f6cb7afc48584da3c59d8e2a5e1ef121aafb" + class="external">A-112031362</a></td> + <td>EoP</td> + <td>High</td> + <td>8.0, 8.1, 9</td> + </tr> +</table> + +<h3 id="system">System</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +a privileged process.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9583</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/94d718eb61cbb1e6fd08288039d7e62913735c6c" + class="external">A-112860487</a></td> + <td>RCE</td> + <td>Critical</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9584</td> + <td><a + href="https://android.googlesource.com/platform/system/nfc/+/5f0f0cc6a10f710dea7e1ddd4ba19acb877a7081" + class="external">A-114047681</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9585</td> + <td><a + href="https://android.googlesource.com/platform/system/nfc/+/71764b791f262491e3f628c14ce3949863dd6058" + class="external">A-117554809</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9586</td> + <td><a + href="https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/fe4c71a7a3a8a2184b3096203aa9240e01af621e" + class="external">A-116754444</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9587</td> + <td><a + href="https://android.googlesource.com/platform/packages/apps/Contacts/+/66abad90093df5231f24654a64cf90d9b70ab228" + class="external">A-113597344</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9588</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/bf9ff0c5215861ab673e211cd06e009f3157aab2" + class="external">A-111450156</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9589</td> + <td><a + href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/38af82c5ca615f56febcebde714c7cba653fd5ec" + class="external">A-111893132</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9590</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/297598898683b81e921474e6e74c0ddaedbb8bb5" + class="external">A-115900043</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9591</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/e1685cfa533db4155a447c405d7065cc17af2ae9" + class="external">A-116108738</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9592</td> + <td><a + href="https://android.googlesource.com/platform/system/bt/+/8679463ade0ee029ef826ed4fb7a847e2a981375" + class="external">A-116319076</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9593</td> + <td><a + href="https://android.googlesource.com/platform/system/nfc/+/8bc53213110fed8360d3e212dd61fbc0218e0b1e" + class="external">A-116722267</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> + <tr> + <td>CVE-2018-9594</td> + <td><a + href="https://android.googlesource.com/platform/system/nfc/+/494cd888eb2c5cfda05584dd598815c9268ff3c2" + class="external">A-116791157</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + </tr> +</table> + +<h2 id="2019-01-05-details">2019-01-05 security patch level vulnerability details</h2> + +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2019-01-05 patch level. Vulnerabilities are +grouped under the component they affect and include details such as the +CVE, associated references, <a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +component (where applicable), and updated AOSP versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +such as the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="kernel-components">Kernel components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-10876</td> + <td>A-116406122<br /> + <a href="http://patchwork.ozlabs.org/patch/929239/">Upstream +kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>ext4 filesystem</td> + </tr> + <tr> + <td>CVE-2018-10880</td> + <td>A-116406509<br /> + <a href="http://patchwork.ozlabs.org/patch/930639/">Upstream +kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>ext4 filesystem</td> + </tr> + <tr> + <td>CVE-2018-10882</td> + <td>A-116406626<br /> + <a href="https://bugzilla.kernel.org/show_bug.cgi?id=200069">Upstream +kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>ext4 filesystem</td> + </tr> + <tr> + <td>CVE-2018-13405</td> + <td>A-113452403<br /> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"> +Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>Filesystem</td> + </tr> + <tr> + <td>CVE-2018-18281</td> + <td>A-118836219<br /> + <a +href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821"> +Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>TLB</td> + </tr> + <tr> + <td>CVE-2018-17182</td> + <td>A-117280327<br /> + <a +href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"> +Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>Memory Manager</td> + </tr> + <tr> + <td>CVE-2018-10877</td> + <td>A-116406625<br /> + <a +href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877">Upstream +kernel</a></td> + <td>ID</td> + <td>High</td> + <td>ext4 filesystem</td> + </tr> +</table> + +<h3 id="nvidia-components">NVIDIA components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-6241</td> + <td>A-62540032<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>High</td> + <td>Dragon BSP</td> + </tr> +</table> + + +<h3 id="qualcomm-components">Qualcomm components</h3> + +<p>These vulnerabilities affect Qualcomm components and + are described in further detail in the appropriate + Qualcomm security bulletin or security alert. + The severity assessment of these issues is provided directly by Qualcomm.</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-11962</td> + <td>A-117118292<br /> + <a +href="https://source.codeaurora.org/quic/la/platform/frameworks/av/commit?id=217604d69ce4dcf7c6433a9eafdfceefe25e8fd3"> +QC-CR#2267916</a></td> + <td>N/A</td> + <td>High</td> + <td>Audio</td> + </tr> + <tr> + <td>CVE-2018-12014</td> + <td>A-117118062<br /> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=545e03e8420164506457367959ccf01bd055e1aa"> +QC-CR#2278688</a></td> + <td>N/A</td> + <td>High</td> + <td>Data HLOS - LNX</td> + </tr> + <tr> + <td>CVE-2018-13889</td> + <td>A-117118677<br /> + <a +href="https://source.codeaurora.org/quic/le/platform/hardware/qcom/gps/commit/?id=03885c6896a88d993dd49c64ada02bec52af08a1"> +QC-CR#2288358</a></td> + <td>N/A</td> + <td>High</td> + <td>GPS</td> + </tr> +</table> + +<h3 id="qualcomm-closed-source-components">Qualcomm closed-source +components</h3> +<p> + These vulnerabilities affect Qualcomm components + and are described in further detail in the appropriate + Qualcomm security bulletin or security alert. + The severity assessment of these issues is provided directly by Qualcomm. +</p> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-11847</td> + <td>A-111092812<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component </td> + </tr> + <tr> + <td>CVE-2018-11888</td> + <td>A-111093241<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component </td> + </tr> + <tr> + <td>CVE-2018-13888</td> + <td>A-117119136<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component </td> + </tr> +</table> + +<h2 id="common-questions-and-answers">Common questions and answers</h2> + +<p>This section answers common questions that may occur after reading this +bulletin.</p> +<p><strong>1. How do I determine if my device is updated to address these +issues?</strong></p> +<p>To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices" + class="external">Check and update your Android version</a>.</p> +<ul> +<li>Security patch levels of 2019-01-01 or later address all issues associated +with the 2019-01-01 security patch level.</li> +<li>Security patch levels of 2019-01-05 or later address all issues associated +with the 2019-01-05 security patch level and all previous patch levels.</li> +</ul> +<p>Device manufacturers that include these updates should set the patch string +level to:</p> +<ul> + <li>[ro.build.version.security_patch]:[2019-01-01]</li> + <li>[ro.build.version.security_patch]:[2019-01-05]</li> +</ul> +<p><strong>2. Why does this bulletin have two security patch levels?</strong></p> +<p> +This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level. +</p> +<ul> +<li>Devices that use the 2019-01-01 security patch level must include all +issues associated with that security patch level, as well as fixes for all +issues reported in previous security bulletins.</li> +<li>Devices that use the security patch level of 2019-01-05 or newer must +include all applicable patches in this (and previous) security +bulletins.</li> +</ul> +<p> +Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update. +</p> +<p id="type"> +<strong>3. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table +reference the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>4. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>5. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally +contained in the latest binary drivers for Pixel devices +available from the +<a href="https://developers.google.com/android/drivers" class="external">Google +Developer site</a>. +</p> +<p> +<strong>6. Why are security vulnerabilities split between this bulletin and +device / partner security bulletins, such as the +Pixel bulletin?</strong> +</p> +<p> +Security vulnerabilities that are documented in this security bulletin are +required to declare the latest security patch level on Android +devices. Additional security vulnerabilities that are documented in the +device / partner security bulletins are not required for +declaring a security patch level. Android device and chipset manufacturers are +encouraged to document the presence of other fixes on their devices through +their own security websites, such as the +<a href="https://security.samsungmobile.com/securityUpdate.smsb" + class="external">Samsung</a>, +<a href="https://lgsecurity.lge.com/security_updates.html" + class="external">LGE</a>, or +<a href="/security/bulletin/pixel/" + class="external">Pixel</a> security bulletins. +</p> + +<h2 id="versions">Versions</h2> + +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>January 7, 2019</td> + <td>Bulletin published</td> + </tr> + <tr> + <td>1.1</td> + <td>January 7, 2019</td> + <td>Bulletin revised to include AOSP links.</td> + </tr> +</table> +</body> +</html> diff --git a/en/security/bulletin/2019.html b/en/security/bulletin/2019.html new file mode 100644 index 00000000..f5e41f15 --- /dev/null +++ b/en/security/bulletin/2019.html @@ -0,0 +1,215 @@ +<html devsite> + <head> + <title>2019 Android Security Bulletins</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2019 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + +<p>This page contains all available 2019 Android Security Bulletins. For a list +of all bulletins, see the <a href="/security/bulletin/index.html"> +Android Security Bulletins</a> homepage.</p> + +<table> + <col width="15%"> + <col width="49%"> + <col width="17%"> + <col width="19%"> + <tr> + <th>Bulletin</th> + <th>Languages</th> + <th>Published date</th> + <th>Security patch level</th> + </tr> + <!-- +<tr> + <td><a href="/security/bulletin/2019-12-01.html">December 2019</a></td> + <td> + <a href="/security/bulletin/2019-12-01.html">English</a> / + <a href="/security/bulletin/2019-12-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-12-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-12-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>December 2, 2019</td> + <td>2019-12-01<br> + 2019-12-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-11-01.html">November 2019</a></td> + <td> + <a href="/security/bulletin/2019-11-01.html">English</a> / + <a href="/security/bulletin/2019-11-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-11-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-11-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>November 4, 2019</td> + <td>2019-11-01<br> + 2019-11-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-10-01.html">October 2019</a></td> + <td> + <a href="/security/bulletin/2019-10-01.html">English</a> / + <a href="/security/bulletin/2019-10-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-10-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-10-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>October 7, 2019</td> + <td>2019-10-01<br> + 2019-10-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-09-01.html">September 2019</a></td> + <td> + <a href="/security/bulletin/2019-09-01.html">English</a> / + <a href="/security/bulletin/2019-09-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-09-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-09-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>September 2, 2019</td> + <td>2019-09-01<br> + 2019-09-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-08-01.html">August 2019</a></td> + <td> + <a href="/security/bulletin/2019-08-01.html">English</a> / + <a href="/security/bulletin/2019-08-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-08-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-08-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>August 5, 2019</td> + <td>2019-08-01<br> + 2019-08-05</td> + </tr> + + <tr> + <td><a href="/security/bulletin/2019-07-01.html">July 2019</a></td> + <td> + <a href="/security/bulletin/2019-07-01.html">English</a> / + <a href="/security/bulletin/2019-07-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-07-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-07-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>July 1, 2019</td> + <td>2019-07-01<br> + 2019-07-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-06-01.html">June 2019</a></td> + <td> + <a href="/security/bulletin/2019-06-01.html">English</a> / + <a href="/security/bulletin/2019-06-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-06-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-06-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>June 3, 2019</td> + <td>2019-06-01<br> + 2019-06-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-05-01.html">May 2019</a></td> + <td> + <a href="/security/bulletin/2019-05-01.html">English</a> / + <a href="/security/bulletin/2019-05-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-05-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-05-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>May 6, 2019</td> + <td>2019-05-01<br> + 2019-05-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-04-01.html">April 2019</a></td> + <td> + <a href="/security/bulletin/2019-04-01.html">English</a> / + <a href="/security/bulletin/2019-04-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-04-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-04-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>April 1, 2019</td> + <td>2019-04-01<br> + 2019-04-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-03-01.html">March 2019</a></td> + <td> + <a href="/security/bulletin/2019-03-01.html">English</a> / + <a href="/security/bulletin/2019-03-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-03-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-03-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>March 4, 2019</td> + <td>2019-03-01<br> + 2019-03-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2019-02-01.html">February 2019</a></td> + <td> + <a href="/security/bulletin/2019-02-01.html">English</a> / + <a href="/security/bulletin/2019-02-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-02-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-02-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>February 4, 2019</td> + <td>2019-02-01<br> + 2019-02-05</td> + </tr> +--> + <tr> + <td><a href="/security/bulletin/2019-01-01.html">January 2019</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2019-01-01.html">English</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> + --> + </td> + <td>January 7, 2019</td> + <td>2019-01-01<br> + 2019-01-05</td> + </tr> +</table> + </body> +</html> diff --git a/en/security/bulletin/_translation.yaml b/en/security/bulletin/_translation.yaml deleted file mode 100644 index 1a07c4e8..00000000 --- a/en/security/bulletin/_translation.yaml +++ /dev/null @@ -1,59 +0,0 @@ -ignore_paths: -- /security/bulletin/2018-06-01 -- /security/bulletin/2018-05-01 -- /security/bulletin/2018-04-01 -- /security/bulletin/2018-03-01 -- /security/bulletin/2018-02-01 -- /security/bulletin/2018-01-01 -- /security/bulletin/2017 -- /security/bulletin/2017-12-01 -- /security/bulletin/2017-11-01 -- /security/bulletin/2017-10-01 -- /security/bulletin/2017-09-01 -- /security/bulletin/2017-08-01 -- /security/bulletin/2017-07-01 -- /security/bulletin/2017-06-01 -- /security/bulletin/2017-05-01 -- /security/bulletin/2017-04-01 -- /security/bulletin/2017-03-01 -- /security/bulletin/2017-02-01 -- /security/bulletin/2017-01-01 -- /security/bulletin/2016 -- /security/bulletin/2016-12-01 -- /security/bulletin/2016-11-01 -- /security/bulletin/2016-10-01 -- /security/bulletin/2016-09-01 -- /security/bulletin/2016-08-01 -- /security/bulletin/2016-07-01 -- /security/bulletin/2016-06-01 -- /security/bulletin/2016-05-01 -- /security/bulletin/2016-04-02 -- /security/bulletin/2016-03-01 -- /security/bulletin/2016-02-01 -- /security/bulletin/2016-01-01 -- /security/bulletin/2015 -- /security/bulletin/2015-12-01 -- /security/bulletin/2015-11-01 -- /security/bulletin/2015-10-01 -- /security/bulletin/2015-09-01 -- /security/bulletin/2015-08-01 -- /security/bulletin/pixel/2017 -- /security/bulletin/pixel/2017-12-01 -- /security/bulletin/pixel/2017-11-01 -- /security/bulletin/pixel/2017-10-01 -enable_continuous_translation: true -title: Android Security Bulletins -description: Translations for Android Security Bulletins -language: -- ja -- ko -- ru -- zh-CN -- zh-TW -cc: -- daroberts@google.com -- sac-doc-leads+translation@google.com -- lhaviland@google.com -reviewer: -- daroberts -product: Android diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html index 6fdea4d0..ee61a610 100644 --- a/en/security/bulletin/index.html +++ b/en/security/bulletin/index.html @@ -28,12 +28,21 @@ Bulletins, which provide fixes for possible issues affecting devices running Android. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as:</p> <ul> - <li><a href="/security/bulletin/pixel/">Google</a></li> - <li><a href="https://lgsecurity.lge.com/security_updates.html">LG</a></li> - <li><a href="https://motorola-global-portal.custhelp.com/app/software-upgrade-news/g_id/1949"> + <li><a + href="/security/bulletin/pixel/">Google</a></li> + <li><a + href="https://lgsecurity.lge.com/security_updates.html" + class="external">LG</a></li> + <li><a + href="https://motorola-global-portal.custhelp.com/app/software-upgrade-news/g_id/1949" + class="external"> Motorola</a></li> - <li><a href="https://www.nokia.com/en_int/phones/security-updates">Nokia</a></li> - <li><a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a></li> + <li><a + href="https://www.nokia.com/en_int/phones/security-updates" + class="external">Nokia</a></li> + <li><a + href="https://security.samsungmobile.com/securityUpdate.smsb" + class="external">Samsung</a></li> </ul> <h3 id="sources">Sources</h3> @@ -62,14 +71,30 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/2019-01-01.html">January 2019</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2019-01-01.html">English</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2019-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2019-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2019-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> + --> + </td> + <td>January 7, 2019</td> + <td>2019-01-01<br> + 2019-01-05</td> + </tr> + <tr> <td><a href="/security/bulletin/2018-12-01.html">December 2018</a></td> <td> <a href="/security/bulletin/2018-12-01.html">English</a> / <a href="/security/bulletin/2018-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> <td>December 3, 2018</td> <td>2018-12-01<br> 2018-12-05</td> @@ -81,8 +106,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 5, 2018</td> <td>2018-11-01<br> @@ -95,8 +120,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 1, 2018</td> <td>2018-10-01<br> @@ -109,8 +134,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 4, 2018</td> <td>2018-09-01<br> @@ -123,8 +148,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 6, 2018</td> <td>2018-08-01<br> @@ -137,8 +162,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 2, 2018</td> <td>2018-07-01<br> @@ -151,8 +176,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 4, 2018</td> <td>2018-06-01<br> @@ -165,8 +190,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 7, 2018</td> <td>2018-05-01<br> @@ -179,8 +204,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 2, 2018</td> <td>2018-04-01<br> @@ -193,8 +218,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 5, 2018</td> <td>2018-03-01<br> @@ -207,8 +232,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 5, 2018</td> <td>2018-02-01<br> @@ -221,8 +246,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2018-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 2, 2018</td> <td>2018-01-01<br> @@ -235,8 +260,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 4, 2017</td> <td>2017-12-01<br> @@ -249,8 +274,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 6, 2017</td> <td>2017-11-01<br> @@ -264,8 +289,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 2, 2017</td> <td>2017-10-01<br> @@ -278,8 +303,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 5, 2017</td> <td>2017-09-01<br> @@ -292,8 +317,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 7, 2017</td> <td>2017-08-01<br> @@ -306,8 +331,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 5, 2017</td> <td>2017-07-01<br> @@ -320,8 +345,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 5, 2017</td> <td>2017-06-01<br> @@ -334,8 +359,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 1, 2017</td> <td>2017-05-01<br> @@ -347,8 +372,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 3, 2017</td> <td>2017-04-01<br> @@ -360,8 +385,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 6, 2017</td> <td>2017-03-01<br> @@ -373,8 +398,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 6, 2017</td> <td>2017-02-01<br> @@ -386,8 +411,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2017-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2017-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2017-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2017-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2017-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 3, 2017</td> <td>2017-01-01<br> @@ -400,8 +425,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 5, 2016</td> <td>2016-12-01<br> @@ -414,8 +439,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 7, 2016</td> <td>2016-11-01<br> @@ -429,8 +454,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 3, 2016</td> <td>2016-10-01<br> @@ -443,8 +468,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 6, 2016</td> <td>2016-09-01<br> @@ -458,8 +483,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 1, 2016</td> <td>2016-08-01<br> @@ -472,8 +497,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 6, 2016</td> <td>2016-07-01<br> @@ -486,8 +511,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 6, 2016</td> <td>2016-06-01</td> @@ -499,8 +524,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 2, 2016</td> <td>2016-05-01</td> @@ -512,8 +537,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-04-02.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-04-02.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-04-02.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-04-02.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-04-02.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-04-02.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-04-02.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 4, 2016</td> <td>2016-04-02</td> @@ -525,8 +550,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 7, 2016</td> <td>2016-03-01</td> @@ -538,8 +563,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 1, 2016</td> <td>2016-02-01</td> @@ -551,8 +576,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2016-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2016-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2016-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2016-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2016-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2016-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2016-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 4, 2016</td> <td>2016-01-01</td> @@ -564,8 +589,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 7, 2015</td> <td>2015-12-01</td> @@ -577,8 +602,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 2, 2015</td> <td>2015-11-01</td> @@ -590,8 +615,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 5, 2015</td> <td>2015-10-01</td> @@ -603,8 +628,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 9, 2015</td> <td>N/A</td> @@ -616,8 +641,8 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <a href="/security/bulletin/2015-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2015-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2015-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/2015-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/2015-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/2015-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/2015-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 13, 2015</td> <td>N/A</td> diff --git a/en/security/bulletin/pixel/2017.html b/en/security/bulletin/pixel/2017.html index 23f1c15c..d8317f66 100644 --- a/en/security/bulletin/pixel/2017.html +++ b/en/security/bulletin/pixel/2017.html @@ -45,8 +45,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 4, 2017</td> <td>2017-12-05</td> @@ -58,8 +58,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2017-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 6, 2017</td> <td>2017-11-05</td> @@ -71,8 +71,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2017-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 2, 2017</td> <td>2017-10-05</td> diff --git a/en/security/bulletin/pixel/2018.html b/en/security/bulletin/pixel/2018.html index a1cace8f..7517c91b 100644 --- a/en/security/bulletin/pixel/2018.html +++ b/en/security/bulletin/pixel/2018.html @@ -45,8 +45,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 3, 2018</td> <td>2018-12-05</td> @@ -58,8 +58,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 5, 2018</td> <td>2018-11-05</td> @@ -71,8 +71,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 1, 2018</td> <td>2018-10-05</td> @@ -84,8 +84,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 4, 2018</td> <td>2018-09-05</td> @@ -97,8 +97,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 6, 2018</td> <td>2018-08-05</td> @@ -110,8 +110,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 2, 2018</td> <td>2018-07-05</td> @@ -123,8 +123,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 4, 2018</td> <td>2018-06-05</td> @@ -136,8 +136,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 7, 2018</td> <td>2018-05-05</td> @@ -149,8 +149,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 2, 2018</td> <td>2018-04-05</td> @@ -162,8 +162,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 2018</td> <td>2018-03-05</td> @@ -175,8 +175,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 2018</td> <td>2018-02-05</td> @@ -188,8 +188,8 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 2018</td> <td>2018-01-05</td> diff --git a/en/security/bulletin/pixel/2019-01-01.html b/en/security/bulletin/pixel/2019-01-01.html new file mode 100644 index 00000000..e6e9939d --- /dev/null +++ b/en/security/bulletin/pixel/2019-01-01.html @@ -0,0 +1,258 @@ +<html devsite> + <head> + <title>Pixel Update Bulletin—January 2019</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2019 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p><em>Published January 7, 2019</em></p> + +<p> +The Pixel Update Bulletin contains details of security +vulnerabilities and functional improvements affecting <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices" +class="external">supported Google Pixel devices</a> (Google devices). +For Google devices, security patch levels of 2019-01-05 or later address all +issues in this bulletin and all issues in the January 2019 Android Security +Bulletin. To learn how to check a device's security patch level, see <a +href="https://support.google.com/pixelphone/answer/4457705" +class="external">Check & update your Android version</a>. +</p> +<p> +All supported Google devices will receive an update to the 2019-01-05 patch +level. We encourage all customers to accept these updates to their devices. +</p> +<p class="note"> +<strong>Note:</strong> The Google device firmware images are available on the +<a href="https://developers.google.com/android/images" class="external">Google +Developer site</a>. +</p> + +<h2 id="announcements">Announcements</h2> + +<p>In addition to the security vulnerabilities described in the +<a href="/security/bulletin/2019-01-01">January 2019 Android Security +Bulletin</a>, Google devices also contain patches for the security +vulnerabilities described below. Partners were notified of these issues at +least a month ago and may choose to incorporate them as part of their device +updates. +</p> + +<h2 id="security-patches">Security patches</h2> +<p> +Vulnerabilities are grouped under the component they affect. There is a +description of the issue and a table with the CVE, associated references, +<a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources#severity">severity</a>, +and updated Android Open Source Project (AOSP) versions (where applicable). +When available, we link the public change that addressed the issue to the bug +ID, such as the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="kernel-components">Kernel components</h3> + +<table> +<col width="21%"> +<col width="21%"> +<col width="14%"> +<col width="14%"> +<col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-13098</td> + <td>A-113148387<br /> + <a +href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76d56d4ab4f2a9e4f085c7d77172194ddaccf7d2"> +Upstream kernel</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Filesystem</td> + </tr> + <tr> + <td>CVE-2018-13099</td> + <td>A-113148515<br /> + <a +href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dbe38dc386910c668c75ae616b99b823b59f3eb"> +Upstream kernel</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Filesystem</td> + </tr> +</table> + + +<h3 id="functional-patches">Functional patches</h3> +<p>These updates are included for affected Pixel devices to address +functionality issues not related to the security of Pixel devices. The table +includes associated references, the affected category (such as, Bluetooth and +mobile data), improvements, and affected devices. +</p> + +<table> + <tr> + <col width="15%"> + <col width="15%"> + <col width="40%"> + <col width="30%"> + <th>References</th> + <th>Category</th> + <th>Improvements</th> + <th>Devices</th> + </tr> + <tr> + <td>A-113776612, A-118022272</td> + <td>Audio</td> + <td>Improved audio quality when recording videos</td> + <td>Pixel 3, Pixel 3 XL</td> + </tr> +</table> + +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p> +This section answers common questions that may occur after reading this +bulletin. +</p> +<p> +<strong>1. How do I determine if my device is updated to address these issues? +</strong> +</p> +<p> +Security patch levels of 2019-01-05 or later address all issues associated with +the 2019-01-05 security patch level and all previous patch levels. To learn how +to check a device's security patch level, read the instructions on the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices" +class="external">Pixel update schedule</a>. +</p> +<p id="type"> +<strong>2. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>3. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>4. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Pixel devices available +from the <a href="https://developers.google.com/android/drivers" +class="external">Google Developer site</a>. +</p> +<p> +<strong>5. Why are security vulnerabilities split between this bulletin and the +Android Security Bulletins?</strong> +</p> +<p> +Security vulnerabilities that are documented in the Android Security Bulletins +are required to declare the latest security patch level on Android +devices. Additional security vulnerabilities, such as those documented in this +bulletin are not required for declaring a security patch level. +</p> +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>January 7, 2019</td> + <td>Bulletin published.</td> + </tr> +</table> +</body> +</html> diff --git a/en/security/bulletin/pixel/2019.html b/en/security/bulletin/pixel/2019.html new file mode 100644 index 00000000..65eb244d --- /dev/null +++ b/en/security/bulletin/pixel/2019.html @@ -0,0 +1,203 @@ +<html devsite> + <head> + <title>2019 Pixel Update Bulletins</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2019 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + +<p>This page contains all available 2019 Pixel Update +Bulletins. For a list of all bulletins, see the +<a href="/security/bulletin/pixel/index.html">Pixel Update +Bulletins</a> homepage.</p> + +<table> + <col width="15%"> + <col width="49%"> + <col width="17%"> + <col width="19%"> + <tr> + <th>Bulletin</th> + <th>Languages</th> + <th>Published date</th> + <th>Security patch level</th> + </tr> +<!-- +<tr> + <td><a href="/security/bulletin/pixel/2019-12-01.html">December 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-12-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>December 2, 2019</td> + <td>2019-12-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-11-01.html">November 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-11-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>November 4, 2019</td> + <td>2019-11-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-10-01.html">October 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-10-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>October 7, 2019</td> + <td>2019-10-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-09-01.html">September 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-09-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>September 2, 2019</td> + <td>2019-09-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-08-01.html">August 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-08-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>August 5, 2019</td> + <td>2019-08-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-07-01.html">July 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-07-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>July 1, 2019</td> + <td>2019-07-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-06-01.html">June 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-06-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>June 3, 2019</td> + <td>2019-06-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-05-01.html">May 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-05-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>May 6, 2019</td> + <td>2019-05-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-04-01.html">April 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-04-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>April 1, 2019</td> + <td>2019-04-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-03-01.html">March 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-03-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>March 4, 2019</td> + <td>2019-03-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2019-02-01.html">February 2019</a></td> + <td> + <a href="/security/bulletin/pixel/2019-02-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> + </td> + <td>February 4, 2019</td> + <td>2019-02-05</td> + </tr> +--> + <tr> + <td><a href="/security/bulletin/pixel/2019-01-01.html">January 2019</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/pixel/2019-01-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> + --> + </td> + <td>January 7, 2019</td> + <td>2019-01-05</td> + </tr> +</table> + </body> +</html> diff --git a/en/security/bulletin/pixel/index.html b/en/security/bulletin/pixel/index.html index a32aa036..45a70c7b 100644 --- a/en/security/bulletin/pixel/index.html +++ b/en/security/bulletin/pixel/index.html @@ -1,6 +1,6 @@ <html devsite> <head> - <title>Pixel / Nexus Security Bulletins</title> + <title>Pixel Update Bulletins</title> <meta name="project_path" value="/_project.yaml" /> <meta name="book_path" value="/_book.yaml" /> </head> @@ -22,28 +22,30 @@ --> -<p>This page contains the available Pixel / Nexus monthly -bulletins. These bulletins supplement the -<a href="/security/bulletin">Android Security Bulletins</a> with -additional security patches and functional improvements on Pixel and Nexus -devices. These bulletins apply to -<a href="https://support.google.com/nexus/answer/4457705">supported Pixel and -Nexus devices</a>.</p> +<p>This page contains the available monthly Pixel Update Bulletins. These + bulletins were previously known as the + Pixel / Nexus security bulletins. These bulletins supplement + the <a href="/security/bulletin">Android Security Bulletins</a> with + additional security patches and functional improvements on <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices" +class="external">supported Google Pixel and Nexus devices</a> (Google devices). +</p> <h3 id="notification">Notifications</h3> -<p>Pixel and Nexus devices start receiving OTA updates on the same day the -monthly bulletin is released. In general, it takes about one and a half calendar -weeks for the OTA to reach every Nexus device. The Nexus firmware images are -also released each month to the -<a href="https://developers.google.com/android/nexus/images">Google Developer -site</a>. -</p> -<h3 id="sources">Sources</h3> -<p>Patches listed in the Pixel / Nexus bulletin come from various -sources: the Android Open Source Project (AOSP), the upstream Linux kernel, -and system-on-chip (SOC) manufacturers. Android platform fixes are merged into -AOSP 24–48 hours after the Pixel / Nexus bulletin is released.</p> + <p>Google devices start receiving OTA updates on the same day the + monthly bulletin is released. In general, it takes about one and a half + calendar weeks for the OTA to reach every Google device. The Google device + firmware images are available on the + <a href="https://developers.google.com/android/images" + class="external">Google Developer site</a>. + </p> +<h3 id="sources">Sources</h3> + <p>Patches listed in the Pixel Update bulletins can come from various + sources, including: the Android Open Source Project (AOSP), the upstream + Linux kernel, and system-on-chip (SOC) manufacturers. Android platform + fixes are merged into AOSP 24–48 hours after the Pixel Update + Bulletin is released.</p> <h3 id="bulletins">Bulletins</h3> @@ -59,14 +61,29 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/pixel/2019-01-01.html">January 2019</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/pixel/2019-01-01.html">English</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2019-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> + --> + </td> + <td>January 7, 2018</td> + <td>2018-12-05</td> + </tr> +<tr> <td><a href="/security/bulletin/pixel/2018-12-01.html">December 2018</a></td> <td> <a href="/security/bulletin/pixel/2018-12-01.html">English</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 3, 2018</td> <td>2018-12-05</td> @@ -78,8 +95,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 5, 2018</td> <td>2018-11-05</td> @@ -91,8 +108,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 1, 2018</td> <td>2018-10-05</td> @@ -104,8 +121,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-09-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-09-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-09-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-09-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>September 4, 2018</td> <td>2018-09-05</td> @@ -117,8 +134,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>August 6, 2018</td> <td>2018-08-05</td> @@ -130,8 +147,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-07-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-07-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-07-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>July 2, 2018</td> <td>2018-07-05</td> @@ -143,8 +160,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-06-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-06-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-06-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-06-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>June 4, 2018</td> <td>2018-06-05</td> @@ -156,8 +173,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-05-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-05-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-05-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>May 7, 2018</td> <td>2018-05-05</td> @@ -169,8 +186,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-04-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-04-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-04-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>April 2, 2018</td> <td>2018-04-05</td> @@ -182,8 +199,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>March 5, 2018</td> <td>2018-03-05</td> @@ -195,8 +212,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-02-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-02-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-02-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-02-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>February 5, 2018</td> <td>2018-02-05</td> @@ -208,8 +225,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>January 2, 2018</td> <td>2018-01-05</td> @@ -221,8 +238,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>December 4, 2017</td> <td>2017-12-05</td> @@ -234,8 +251,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2017-11-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-11-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-11-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>November 6, 2017</td> <td>2017-11-05</td> @@ -247,8 +264,8 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2017-10-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-10-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-10-01.html?hl=ru">ру́сский</a> / - <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-tw">中文 (台灣)</a> + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-cn">简体中文</a> / + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-tw">繁體中文 (台灣)</a> </td> <td>October 2, 2017</td> <td>2017-10-05</td> diff --git a/en/security/encryption/adiantum.html b/en/security/encryption/adiantum.html new file mode 100644 index 00000000..37288920 --- /dev/null +++ b/en/security/encryption/adiantum.html @@ -0,0 +1,260 @@ +<html devsite> + <head> + <title>Enabling Adiantum</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p> +<a href="https://eprint.iacr.org/2018/720.pdf" class="external">Adiantum</a> + is an encryption method designed for devices running Android 9 and higher + whose CPUs lack + <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" + class="external">AES</a> instructions. If you are shipping an ARM-based + device with ARMv8 Cryptography Extensions or an x86-based device with AES-NI, + you should <strong>not</strong> use Adiantum. AES is faster on those + platforms. +</p> +<p> + For devices lacking these AES CPU instructions, Adiantum provides encryption on + your device with very little performance overhead. For benchmarking numbers, + see the <a href="https://eprint.iacr.org/2018/720.pdf" + class="external">Adiantum paper</a>. For the benchmarking source + to run on your hardware, see the + <a href="https://github.com/google/adiantum" class="external">Adiantum source + on GitHub</a>. +</p> +<p> + To enable Adiantum on a device running Android 9 or higher, you need to + make kernel changes and userspace changes. +</p> + +<h2 id="kernel-changes">Kernel changes</h2> +<p> + Cherry-pick the Adiantum changes to your kernel and apply an additional + <code>dm-crypt</code> patch. If you're having trouble cherry-picking, devices + using <a href="https://source.android.com/security/encryption/full-disk" + class="external">full-disk encryption</a> (FDE) can exclude the + "fscrypt: " patch. +</p> + +<table> + <tr> + <th>Kernel version</th> + <th>Kernel changes</th> + <th><code>dm-crypt</code> patch</th> + </tr> + <tr> + <td>4.19 + </td> + <td><a href="https://android-review.googlesource.com/q/topic:%22adiantum-4.19%22+(status:open%20OR%20status:merged)" + class="external">4.19 kernel</a> + </td> + <td><a href="https://android-review.googlesource.com/c/kernel/common/+/851273" + class="external"><code>dm-crypt</code> patch</a> + </td> + </tr> + <tr> + <td>4.14 + </td> + <td><a href="https://android-review.googlesource.com/q/topic:%22adiantum-4.14%22+(status:open%20OR%20status:merged)" + class="external">4.14 kernel</a> + </td> + <td><a href="https://android-review.googlesource.com/c/kernel/common/+/851275" + class="external"><code>dm-crypt</code> patch</a> + </td> + </tr> + <tr> + <td>4.9 + </td> + <td><a href="https://android-review.googlesource.com/q/topic:%22adiantum-4.9%22+(status:open%20OR%20status:merged)" + class="external">4.9 kernel</a> + </td> + <td><a href="https://android-review.googlesource.com/c/kernel/common/+/851278" + class="external"><code>dm-crypt</code> patch</a> + </td> + </tr> +</table> + +<h3 id="enable-adiantum-kernel">Enable Adiantum in your kernel</h3> + +<p> +After integrating the kernel changes, change your kernel config by adding the +lines: +</p> + +<pre class="devsite-click-to-copy">CONFIG_CRYPTO_ADIANTUM=y +CONFIG_DM_CRYPT=y +</pre> + +<p> +If your device uses a 4.4 kernel, also add: +</p> + + +<pre class="devsite-click-to-copy">CONFIG_CRYPTO_SEQIV=y +</pre> +<p> +If your device uses file-based encryption (FBE), also add: +</p> + + +<pre class="devsite-click-to-copy">CONFIG_F2FS_FS_ENCRYPTION=y +</pre> +<p> +To ensure good performance on a 32-bit ARM kernel, enable NEON instructions for +the kernel: +</p> + + +<pre +class="devsite-click-to-copy">CONFIG_CRYPTO_AES_ARM=y +CONFIG_CRYPTO_CHACHA20_NEON=y +CONFIG_CRYPTO_NHPOLY1305_NEON=y +CONFIG_KERNEL_MODE_NEON=y +</pre> + +<h2 id="userspace-changes">Userspace changes</h2> +<p> + For devices running Android 9, cherry-pick the + <a href="https://android-review.googlesource.com/q/topic:%22userspace_adiantum_support_pie%22+(status:open%20OR%20status:merged)" + class="external">Adiantum userspace changes</a> in the + <code>userspace_adiantum_support_pie</code> topic on the + <code>pie-platform-release</code> branch in AOSP. +</p> +<p> +These changes are also in the + <a href="https://android-review.googlesource.com/q/topic:%22userspace_adiantum_support%22+(status:open%20OR%20status:merged)" + class="external">master branch of AOSP</a>. +</p> + +<h2 id="enable-adiantum-device">Enable Adiantum in your device</h2> +<p> +These settings are for the userdata on the device, and also for adoptable +storage. +</p> + +<h3 id="fbe-devices">Devices with file-based encryption</h3> +<p> +To enable Adiantum and improve its performance, set these properties in +<code>PRODUCT_PROPERTY_OVERRIDES</code>: +</p> + + +<pre +class="devsite-click-to-copy">ro.crypto.fde_algorithm=adiantum +ro.crypto.fde_sector_size=4096 +ro.crypto.volume.contents_mode=adiantum +ro.crypto.volume.filenames_mode=adiantum +</pre> + +<aside class="caution"><strong>Important</strong>: +This setting references FDE but is needed also on FBE devices; it +affects adoptable storage. +</aside> + +<p> +Setting <code>fde_sector_size</code> to 4096 improves performance, but is not +required for Adiantum to work. Setting the sector size requires that the offset +and alignment of the userdata partition and adoptable storage is 4096-byte +aligned. +</p> +<p> + In the <code>fstab</code>, for userdata use the option: +</p> + + +<pre class="devsite-click-to-copy">fileencryption=adiantum +</pre> +<p> +To verify that your implementation worked, take a bug report or run: +</p> + + +<pre class="devsite-click-to-copy"> +<code class="devsite-terminal">adb root</code> +<code class="devsite-terminal">adb shell dmesg</code> +</pre> +<p> +If Adiantum is enabled correctly, you should see this in the kernel log: +</p> + + +<pre +class="devsite-click-to-copy">fscrypt: Adiantum using implementation "adiantum(xchacha12-neon,aes-arm,nhpoly1305-neon)" +</pre> + +<aside class="note"> +<strong>Note</strong>: For ARM-based devices, the implementation name should +match exactly. If you don't see references to <code>neon</code>, your device +won't perform as well. See the <em><a href="#enable-adiantum-kernel">Enable +Adiantum in your kernel</a></em> section for details on enabling NEON +instructions. +</aside> + +<h3 id="fde-devices">Devices with full-disk encryption</h3> +<p> +To enable Adiantum and improve its performance, set these properties in +<code>PRODUCT_PROPERTY_OVERRIDES</code>: +</p> + + +<pre +class="devsite-click-to-copy">ro.crypto.fde_algorithm=adiantum +ro.crypto.fde_sector_size=4096 +</pre> +<p> +Setting <code>fde_sector_size</code> to 4096 improves performance, but is not +required for Adiantum to work. Setting the sector size requires that the offset +and alignment of the userdata partition and adoptable storage is 4096-byte +aligned. +</p> +<p> +In the <code>fstab</code>, for userdata set: +</p> + + +<pre class="devsite-click-to-copy">forceencrypt +</pre> +<p> +To verify that your implementation worked, take a bug report or run: +</p> + +<pre class="devsite-click-to-copy"> +<code class="devsite-terminal">adb root</code> +<code class="devsite-terminal">adb shell dmesg</code> +</pre> + +<p> +If Adiantum is enabled correctly, you should see this in the kernel log: +</p> + + +<pre +class="devsite-click-to-copy">device-mapper: crypt: adiantum(xchacha12,aes) using implementation "adiantum(xchacha12-neon,aes-arm,nhpoly1305-neon)" +</pre> +<aside class="note"> +<strong>Note</strong>: For ARM-based devices, the implementation name should +match exactly. If you don't see references to <code>neon</code>, your device +won't perform as well. See the <em><a href="#enable-adiantum-kernel">Enable +Adiantum in your kernel</a></em> section for details on enabling NEON +instructions. +</aside> + </body> +</html> diff --git a/en/security/images/trustyApps_900w.png b/en/security/images/trustyApps_900w.png Binary files differnew file mode 100644 index 00000000..3bf93634 --- /dev/null +++ b/en/security/images/trustyApps_900w.png diff --git a/en/security/images/trustyOverview_900w.png b/en/security/images/trustyOverview_900w.png Binary files differnew file mode 100644 index 00000000..e80fdc4f --- /dev/null +++ b/en/security/images/trustyOverview_900w.png diff --git a/en/security/overview/acknowledgements.html b/en/security/overview/acknowledgements.html index b6f7074e..52cb91da 100644 --- a/en/security/overview/acknowledgements.html +++ b/en/security/overview/acknowledgements.html @@ -33,6 +33,79 @@ impact on Android security, including code that qualifies for the <a href="https://www.google.com/about/appsecurity/patch-rewards/">Patch Rewards</a> program.</p> +<h2 id="2019">2019</h2> +<p>Starting in 2018 and continuing in 2019, the security acknowledgements are listed by month. + In prior years, acknowledgements were listed together. +</p> + +<h4 id="jan-2019">January</h4> + +<table> + <col width="85%"> + <col width="15%"> + <tr> + <th>Researchers</th> + <th>CVEs</th> + </tr> + <tr> + <td>Chong Wang (<a + href="https://www.weibo.com/csddl" class="external">weibo.com/csddl</a>) + of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. + </td> + <td>CVE-2018-9589</td> + </tr> + <tr> + <td>D2.Y.P of NON Team</td> + <td>CVE-2018-9594</td> + </tr> + <tr> + <td><a + href="https://www.linkedin.com/in/dzima" + class="external">Dzmitry Lukyanenka</a></td> + <td>CVE-2018-9587</td> + </tr> + <tr> + <td><a href="mailto:arnow117@gmail.com" class="external">Hanxiang Wen</a> + and Mingjian Zhou (周明建) (<a href="https://twitter.com/Mingjian_Zhou" + class="external">@Mingjian_Zhou</a>) + of <a href="http://c0reteam.org/" class="external">C0RE Team</a></td> + <td>CVE-2018-6241</td> + </tr> + <tr> + <td>Jann Horn of Google Project Zero</td> + <td>CVE-2018-17182, CVE-2018-18281</td> + </tr> + <tr> + <td>Maddie Stone of Google</td> + <td>CVE-2018-9586</td> + </tr> + <tr> + <td>Niky1235 (<a href="https://twitter.com/jiych_guru" + class="external">@jiych_guru</a>) + </td> + <td>CVE-2018-9584</td> + </tr> + <tr> + <td>Ricky Wai of Google</td> + <td>CVE-2018-9582</td> + </tr> + <tr> + <td>Yongke Wang (王永科) + (<a href="https://twitter.com/rudykewang" class="external">@Rudykewang</a>) + and Xiangqian Zhang (张向前) + (<a href="https://twitter.com/h3rb0x" class="external">@h3rb0x</a>) of + <a href="https://xlab.tencent.com/en/" class="external">Tencent Security + Xuanwu Lab</a></td> + <td>CVE-2018-9585, CVE-2018-9588</td> + </tr> + <tr> + <td>Zinuo Han (<a href="http://weibo.com/ele7enxxh" + class="external">weibo.com/ele7enxxh</a>) + of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.</td> + <td>CVE-2018-9583, CVE-2018-9590, CVE-2018-9591, CVE-2018-9592, CVE-2018-9593</td> + </tr> +</table> + <h2 id="2018">2018</h2> <p>In 2018, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.</p> @@ -116,6 +189,10 @@ acknowledgements were listed together.</p> <td>CVE-2018-9457</td> </tr> <tr> + <td>Joshua Laney of Deja vu Security</td> + <td>CVE-2018-9542</td> + </tr> + <tr> <td><a href="https://github.com/michalbednarski" class="external">Michał Bednarski</a></td> <td>CVE-2018-9522, CVE-2018-9523</td> diff --git a/en/security/overview/app-security.html b/en/security/overview/app-security.html index 317b57b6..1ebbef16 100644 --- a/en/security/overview/app-security.html +++ b/en/security/overview/app-security.html @@ -94,15 +94,14 @@ href="/security/app-sandbox">Application Sandbox</a>. <li>SMS/MMS functions</li> <li>Network/data connections</li> </ul> -<p>These resources are only accessible through the operating system. To make use +<p>These resources are only accessible through the operating system. To make use of the protected APIs on the device, an application must define the - capabilities it needs in its manifest. When preparing to install an - application, the system displays a dialog to the user that indicates the - permissions requested and asks whether to continue the installation. If the - user continues with the installation, the system accepts that the user has - granted all of the requested permissions. The user can not grant or deny - individual permissions -- the user must grant or deny all of the requested - permissions as a block.</p> + capabilities it needs in its manifest. All Android versions 6.0 and higher use + a <a href="/devices/tech/config/runtime_perms">runtime permissions</a> model. + If a user requests a feature from an app that requires a protected API the + system displays a dialog, prompting the user to <strong>deny</strong> + or <strong>allow</strong> the permission.</p> +</p> <p>Once granted, the permissions are applied to the application as long as it is installed. To avoid user confusion, the system does not notify the user again of the permissions granted to the application, and applications that are diff --git a/en/security/trusty/download-and-build.html b/en/security/trusty/download-and-build.html new file mode 100644 index 00000000..bd1c2697 --- /dev/null +++ b/en/security/trusty/download-and-build.html @@ -0,0 +1,70 @@ +<html devsite> + <head> + <title>Download and Build</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p>The <a href="https://android-review.googlesource.com/admin/repos/q/filter:trusty" + class="external">Trusty repositories</a> are available in the Android Open +Source Project (AOSP).</p> + +<p>Use these links to find the appropriate Trusty kernel branches in AOSP:</p> + +<ul> + <li><a class="external" + href="https://android.googlesource.com/kernel/common/+/android-trusty-4.4">4.4</a></li> + <li><a class="external" + href="https://android.googlesource.com/kernel/common/+/android-trusty-4.9">4.9</a></li> + <li><a class="external" + href="https://android.googlesource.com/kernel/common/+/android-trusty-4.14">4.14</a></li> +</ul> + + <h2 id="installing_repo">Installing Repo</h2> +<p>To download Trusty, first <a +href="/setup/build/downloading#installing-repo">download and install Repo</a>.</p> + +<p>After Repo has been successfully installed you can clone the Android Trusty repository.</p> +<pre class="prettyprint"> +<code class="devsite-terminal">mkdir trusty</code> +<code class="devsite-terminal">cd trusty</code> +<code class="devsite-terminal">repo init -u https://android.googlesource.com/trusty/manifest -b master</code> +<code class="devsite-terminal">repo sync -j32</code> +</pre> + +<h3 id="build">Build</h3> +<p>Use the following to build the generic arm64 image for Trusty. + +<pre class="devsite-terminal devsite-click-to-copy"> +./trusty/vendor/google/aosp/scripts/build.py generic-arm64 +</pre> + +<p>Build results will be under <code>build-root/build-generic-arm64/.</code> + Look for lk.bin which is a TEE image with all apps compiled in: +</p> + +<pre class="devsite-terminal devsite-click-to-copy"> +ls build-root/build-generic-arm64/lk.bin +</pre> + +<h3 id="install">Install</h3> + <p>You can assemble lk.bin into a firmware image and flash it to the device. +Generating firmware images varies depending on the board being used. + Contact your board manufacturer for instructions.</p> + </body> +</html> diff --git a/en/security/trusty/index.html b/en/security/trusty/index.html index c5bacdad..3640a226 100644 --- a/en/security/trusty/index.html +++ b/en/security/trusty/index.html @@ -20,140 +20,142 @@ See the License for the specific language governing permissions and limitations under the License. --> - - - -<p>Trusty is a set of software components supporting a Trusted Execution -Environment (TEE) on mobile devices.</p> +<p>Trusty is a secure Operating System (OS) that provides a Trusted Execution + Environment (TEE) for Android. The Trusty OS runs on the same processor + as the Android OS, but Trusty is isolated from the rest of the system + by both hardware and software. Trusty and Android run parallel + to each other. Trusty has access to the full power of a device’s main + processor and memory but is completely isolated. Trusty's isolation + protects it from malicious apps installed by the user and potential + vulnerabilities that may be discovered in Android. +</p> + + <p>Trusty is compatible with ARM and Intel processors. On ARM systems, + Trusty uses ARM’s Trustzone™ to virtualize the main processor and create + a secure trusted execution environment. Similar support is also available + on Intel x86 platforms using Intel’s Virtualization Technology. +</p> + +<img style="display: block;margin-left: auto;margin-right: auto;" + src="/security/images/trustyOverview_900w.png" /> +<p class="img-caption"> +<strong>Figure 1</strong>. Trusty overview diagram. +</p> <p>Trusty consists of:</p> - <ul> - <li>An operating system (the Trusty OS) that runs on a processor intended to -provide a TEE - <li>Drivers for the Android kernel (Linux) to facilitate communication with -applications running under the Trusty OS - <li>A set of libraries for Android systems software to facilitate communication -with trusted applications executed within the Trusty OS using the kernel -drivers + <li>A small OS kernel derived from <a + href="https://github.com/littlekernel/lk" class="external"> + Little Kernel</a></li> + <li>A Linux kernel driver to transfer data between the secure environment + and Android</li> + <li>An Android <a + href="https://android.googlesource.com/trusty/lib/" class="external"> + userspace library</a> to communicate with trusted applications + (that is, secure tasks/services) via the kernel driver</li> </ul> -<p><strong>Important</strong>: Trusty and the Trusty API are subject -to change.</p> -<p>For information about the Trusty API, see the <a +<p class="note"><strong>Note:</strong> Trusty and the Trusty API are subject +to change. For information about the Trusty API, see the <a href="/security/trusty/trusty-ref">API Reference</a>.</p> -<h2 id=uses_examples>Uses and examples</h2> - -<p>Any TEE OS (not just Trusty) can be used for TEE implementations.</p> - -<p>A TEE processor is typically a separate microprocessor in the system or a -virtualized instance of the main processor. The TEE processor is isolated from -the rest of the system using memory and I/O protection mechanisms supported by -the hardware.</p> - -<p>TEE processors have become a mainstay in today's mobile devices. The main -processor on these devices is considered "untrusted" and cannot access certain -areas of RAM, hardware registers and fuses where secret data (such as -device-specific cryptographic keys) is stored by the manufacturer. Software -running on the main processor delegates any operations that require use of -secret data to the TEE processor.</p> - -<p>The most widely known example of this in the Android ecosystem -is the <a href="/devices/drm.html">DRM framework</a> for -protected content. Software running on the TEE processor can access -device-specific keys required to decrypt protected content. The main processor -sees only the encrypted content, providing a high level of security and -protection against software-based attacks.</p> +<h2 id="whyTrusty">Why Trusty?</h2> + +<p>Other TEE operating systems are traditionally supplied as binary + blobs by third-party vendors or developed internally. + Developing internal TEE systems or licensing a TEE from a third-party + can be costly to System-on-Chip (SoC) vendors and OEMs. + The monetary cost combined with unreliable third-party systems creates an + unstable ecosystem for Android. Trusty is being provided to its partners + as a reliable and free open source alternative for their Trusted Execution + Environment. Trusty offers a level of transparency that is just not possible + with closed source systems. +</p> + + <p>Android supports various TEE implementations so you are not restricted + to using Trusty. Each TEE OS has its own unique way of deploying trusted + applications. This fragmentation can be a problem for trusted application + developers trying to ensure their apps work on every Android device. + Using Trusty as a standard helps application developers to easily + create and deploy applications without accounting + for the fragmentation of multiple TEE systems. Trusty TEE provides developers + and partners with transparency, collaboration, inspectability of code, and + ease of debugging. Trusted application developers can converge around common + tools and APIs to reduce the risk of introducing security vulnerabilities. + These developers will have the confidence that they can develop an application + and have it reused across multiple devices without further development. +</p> + +<h2 id="application_services">Applications and services</h3> + +<p>A Trusty application is defined as a collection of binary files + (executables and resource files), a binary manifest, and a + cryptographic signature. + At runtime, Trusty applications run as isolated processes in + unprivileged mode under the Trusty kernel. Each process runs + in its own virtual memory sandbox utilizing the memory management + unit capabilities of the TEE processor. The build of the hardware + changes the exact process that Trusty follows, but for example, + the kernel schedules these processes using a priority-based, + round-robin scheduler driven by a secure timer tick. + All Trusty applications share the same priority. +</p> + +<img style="display: block;margin-left: auto;margin-right: auto;" + src="/security/images/trustyApps_900w.png" /> +<p class="img-caption"> +<strong>Figure 2</strong>. Trusty application overview.</p> + +<h2 id="third-party_trusty_applications">Third-party Trusty applications</h2> + +<p>Currently all Trusty applications are developed by a single + party and packaged with the Trusty kernel image. + The entire image is signed and verified by the bootloader during boot. + Third-party application development is not supported in Trusty at + this time. Although Trusty enables the development of new + applications, doing so must be exercised with extreme care; each + new application increases the area of the trusted computing base + (TCB) of the system. + Trusted applications can access device secrets and can perform + computations or data transformations using them. The ability to + develop new applications that run in the TEE opens up many + possibilities for innovation. However, due to the very definition + of a TEE, these applications cannot be distributed without some + form of trust attached. Typically this comes in the form of a + digital signature by an entity trusted by the user of the + product on which the application runs. +</p> + +<h2 id="uses_examples">Uses and examples</h2> + +<p>Trusted execution environments are fast becoming a standard in + mobile devices. Users are relying more and more on their mobile + devices for their everyday lives and the need for security is always + growing. + Mobile devices with a TEE are more secure than devices without a TEE. +</p> + +<p>On devices with a TEE implementation, the main processor is often + referred to as “untrusted”, meaning it cannot access certain areas + of RAM, hardware registers, and write-once fuses where secret data + (such as, device-specific cryptographic keys) are stored by the manufacturer. + Software running on the main processor delegates any operations that + require use of secret data to the TEE processor. +</p> + +<p>The most widely known example of this in the Android ecosystem is the <a + href="/devices/drm.html">DRM framework</a> + for protected content. Software running on the TEE processor can + access device-specific keys required to decrypt protected content. + The main processor sees only the encrypted content, providing + a high level of security and protection against software-based attacks. +</p> <p>There are many other uses for a TEE such as mobile payments, secure banking, -full-disk encryption, multi-factor authentication, device reset protection, -replay-protected persistent storage, wireless display ("cast") of protected -content, secure PIN and fingerprint processing, and even malware detection.</p> - -<p>Trusty provides APIs for developing two classes of applications:</p> - -<ul> - <li>Trusted applications or services that run on the TEE processor - <li>Normal/untrusted applications that run on the main processor and use services -provided by Trusted applications -</ul> - -<p>Software running on the main processor can use Trusty APIs to connect to -trusted applications and exchange arbitrary messages with them, just like a -network service over IP. It is up to the application to determine the data -format and semantics of these messages using an app-level protocol. Reliable -delivery of messages is guaranteed by the underlying Trusty infrastructure (in -the form of drivers running on the main processor), and the communication is -completely asynchronous.</p> - -<h2 id=trusted_applications_and_services>Trusted applications and services</h2> - -<p>Trusted applications run as isolated processes under the Trusty OS kernel. Each -process runs in its own virtual memory sandbox utilizing the MMU capabilities -of the TEE processor. The kernel schedules these processes using a -priority-based, round-robin scheduler driven by a secure timer tick. In the -current version of Trusty, all Trusty applications share the same priority.</p> - -<p>Applications for the Trusty OS can be written in C/C++ (C++ support is -limited), and they have access to a small C library. The <code>main()</code> -function currently does not take any arguments. System call stubs are provided -in native assembly code as part of this library, so system calls can be -accessed by name.</p> - -<h3 id=language_threading>Language and threading support</h3> - -<p>All Trusty applications are single-threaded; multithreading in Trusty userspace -currently is unsupported.</p> - -<h3 id=application_structure>Application structure</h3> - -<p>Trusty applications initialize once during load and reside in memory until the -TEE processor is reset. Trusty currently does not support dynamic loading and -unloading of applications.</p> - -<p>Trusted applications are written as <strong>event-driven servers</strong> -waiting for commands from other applications or from applications running on -the main processor. Trusted applications can also be clients of other trusted -server applications. Events described in the following API sections will be -delivered to trusted applications by the Trusty kernel.</p> - -<h2 id=third-party_trusty_applications>Third-party Trusty applications</h2> - -<p>Currently all Trusty applications are developed by a single party and packaged -with the Trusty kernel image. The entire image is signed and verified by the -bootloader during boot. Third-party application development is not supported in -this version of Trusty.</p> - -<p>Although the Trusty OS enables the development of new applications, doing so -must be exercised with extreme care; each new application increases the area of -the trusted computing base (TCB) of the system. Trusted applications can access -device secrets and can perform computations or data transformations using them.</p> - -<p>The ability to develop new applications that run in the TEE opens up many -possibilities for innovation. However, due to the very definition of TEE, these -applications cannot be distributed without some form of <strong>trust</strong> attached. -Typically this comes in the form of a digital signature by an entity -trusted by the user of the product on which the application runs.</p> - -<h2 id=downloading_building>Downloading and building Trusty</h2> - -<p>You can find the Trusty implementation in the Android Open Source Project (AOSP) here:<br/> -<a href="https://android-review.googlesource.com/#/admin/projects/?filter=trusty">https://android-review.googlesource.com/#/admin/projects/?filter=trusty</a></p> - -<p>The Trusty kernel branches on AOSP are here:<br/> -<a href="https://android.googlesource.com/kernel/common/+/android-trusty-3.10">https://android.googlesource.com/kernel/common/+/android-trusty-3.10</a><br/> -<a href="https://android.googlesource.com/kernel/common/+/android-trusty-3.18">https://android.googlesource.com/kernel/common/+/android-trusty-3.18</a></p> - -<p>To make Trusty, run the following commands (assuming the Android toolchain is already in the path):</p> -<pre class="devsite-click-to-copy"> -<code class="devsite-terminal">repo init -u https://android.googlesource.com/trusty/manifest</code> -<code class="devsite-terminal">repo sync</code> -<code class="devsite-terminal">make -j24 generic-arm64</code> -</pre> - -<p>You may select another supported build target from: <code>device/*/*/project/*</code></p> - + multi-factor authentication, device reset protection, + replay-protected persistent storage, secure PIN and fingerprint processing, + and even malware detection. +</p> </body> </html> diff --git a/en/security/trusty/trusty-ref.html b/en/security/trusty/trusty-ref.html index 9f0cb2d1..b13e6307 100644 --- a/en/security/trusty/trusty-ref.html +++ b/en/security/trusty/trusty-ref.html @@ -21,39 +21,53 @@ limitations under the License. --> - - -<p>The <a href="index.html">Trusty</a> API generally describes the -Trusty inter-process communication (IPC) -system, including communications with the non-secure world. This page defines the -relevant terms and provides a reference for the API -calls.</p> - -<h2 id=ports_and_channels>Ports and channels</h2> +<p>Trusty provides APIs for developing two classes of applications/services:</p> + <ul> + <li>Trusted applications or services that run on the TEE processor</li> + <li>Normal/untrusted applications that run on the main processor and use the services provided + by trusted applications</li> + </ul> +<p>The <a + href="/security/index.html">Trusty</a> + API generally describes the Trusty inter-process communication (IPC) system, + including communications with the non-secure world. Software running on the + main processor can use Trusty APIs to connect to trusted applications/services + and exchange arbitrary messages with them just like a network service over IP. + It is up to the application to determine the data format and semantics of these + messages using an app-level protocol. Reliable delivery of messages is + guaranteed by the underlying Trusty infrastructure (in the form of drivers + running on the main processor), and the communication is completely asynchronous. +</p> + +<h2 id="ports_and_channels">Ports and channels</h2> <p>Ports are used by Trusty applications to expose service end-points in the form -of a named path to which clients connect. This gives a simple, string-based -service ID for clients to use. The naming convention is reverse-DNS-style -naming, e.g. <code>com.google.servicename</code>.</p> + of a named path to which clients connect. This gives a simple, string-based + service ID for clients to use. The naming convention is reverse-DNS-style + naming, e.g. <code>com.google.servicename</code>. +</p> <p>When a client connects to a port, the client receives a channel for interacting -with a service. The service must accept an incoming connection, and when it -does, it too receives a channel. In essence, ports are used to look up services -and then communication occurs over a pair of connected channels (i.e., -connection instances on a port). When a client connects to a port, a symmetric, -bi-directional connection is established. Using this full-duplex path, clients -and servers can exchange arbitrary messages until either side decides to tear -down the connection.</p> + with a service. The service must accept an incoming connection, and when it + does, it too receives a channel. In essence, ports are used to look up services + and then communication occurs over a pair of connected channels (i.e., + connection instances on a port). When a client connects to a port, a symmetric, + bi-directional connection is established. Using this full-duplex path, clients + and servers can exchange arbitrary messages until either side decides to tear + down the connection. +</p> <p>Only secure-side trusted applications or Trusty kernel modules can create -ports. Applications running on the non-secure side (in the normal world) can -only connect to services published by the secure side.</p> + ports. Applications running on the non-secure side (in the normal world) can + only connect to services published by the secure side. +</p> <p>Depending on requirements, a trusted application can be both a client and a -server at the same time. A trusted application that publishes a service (as a -server) might need to connect to other services (as a client).</p> + server at the same time. A trusted application that publishes a service (as a + server) might need to connect to other services (as a client). +</p> -<h2 id=handle_api>Handle API</h2> +<h2 id="handle_api">Handle API</h2> <p>Handles are unsigned integers representing resources such as ports and channels, similar to file descriptors in UNIX. After handles are created, they @@ -63,7 +77,7 @@ later.</p> <p>A caller can associate private data with a handle by using the <code>set_cookie()</code> method.</p> -<h3 id=methods_handle_api>Methods in the Handle API</h3> +<h3 id="methods_handle_api">Methods in the Handle API</h3> <p>Handles are only valid in the context of an application. An application should not pass the value of a handle to other applications unless explicitly @@ -71,7 +85,7 @@ specified. A handle value only should be interpreted by comparing it with the <code>INVALID_IPC_HANDLE #define,</code> which an application can use as an indication that a handle is invalid or unset.</p> -<h4 id=set_cookie>set_cookie()</h4> +<h4 id="set_cookie">set_cookie()</h4> <p>Associates the caller-provided private data with a specified handle.</p> @@ -89,10 +103,9 @@ long set_cookie(uint32_t handle, void *cookie) the handle has been created. The event-handling mechanism supplies the handle and its cookie back to the event handler.</p> -<p>Handles can be waited upon for events by using the <code>wait()</code> -or <code>wait_any()</code> calls.</p> +<p>Handles can be waited upon for events by using the <code>wait()</code> call.</p> -<h4 id=wait>wait()</h4> +<h4 id="wait">wait()</h4> <p>Waits for an event to occur on a given handle for specified period of time.</p> @@ -112,28 +125,8 @@ value of -1 is an infinite timeout</p> specified timeout interval; <code>ERR_TIMED_OUT</code> if a specified timeout elapsed but no event has occurred; <code>< 0</code> for other errors</p> -<h4 id=wait_any>wait_any()</h4> - -<p>Waits for any event to occur on any handle in the application handle table for -the specified period of time.</p> - -<pre class="prettyprint"> -long wait_any(uevent_t *event, unsigned long timeout_msecs); -</pre> - -<p>[out] <code>event</code>: A pointer to the structure representing an -event that occurred on this handle</p> - -<p>[in] <code>timeout_msecs</code>: A timeout value in milliseconds. -A value of -1 is an infinite timeout</p> - -<p>[retval]: <code>NO_ERROR</code> if a valid event occurred within a -specified timeout interval; <code>ERR_TIMED_OUT</code> if a specified timeout elapsed but no -event has occurred; <code>< 0</code> for other errors</p> - -<p>Upon success (<code>retval == NO_ERROR</code>), the <code>wait()</code> -and <code>wait_any()</code> calls -fill a specified <code>uevent_t</code> structure with information about +<p>Upon success (<code>retval == NO_ERROR</code>), the <code>wait()</code> call +fills a specified <code>uevent_t</code> structure with information about the event that occurred.</p> <pre class="prettyprint"> @@ -195,7 +188,7 @@ handle it.</p> <p>Handles can be destroyed by calling the <code>close()</code> method.</p> -<h4 id=close>close()</h4> +<h4 id="close">close()</h4> <p>Destroys the resource associated with the specified handle and removes it from the handle table.</p> @@ -208,14 +201,14 @@ long close(uint32_t handle_id); <p>[retval]: 0 if success; a negative error otherwise</p> -<h2 id=server_api>Server API</h2> +<h2 id="server_api">Server API</h2> <p>A server begins by creating one or more <strong>named ports</strong> representing its service end-points. Each port is represented by a handle.</p> -<h3 id=methods_server_api>Methods in the Server API</h3> +<h3 id="methods_server_api">Methods in the Server API</h3> -<h4 id=port_create>port_create()</h4> +<h4 id="port_create">port_create()</h4> <p>Creates a named service port.</p> @@ -256,14 +249,14 @@ with peer</p> negative</p> <p>The server then polls the list of port handles for incoming connections -using <code>wait()</code> or <code>wait_any()</code> calls. Upon receiving a connection +using <code>wait()</code> call. Upon receiving a connection request indicated by the <code>IPC_HANDLE_POLL_READY</code> bit set in the <code>event</code> field of the <code>uevent_t</code> structure, the server should call <code>accept()</code> to finish establishing a connection and create a channel (represented by another handle) that can then be polled for incoming messages.</p> -<h4 id=accept>accept()</h4> +<h4 id="accept">accept()</h4> <p>Accepts an incoming connection and gets a handle to a channel.</p> @@ -280,13 +273,13 @@ will be set to all zeros if the connection originated from the non-secure world< <p>[retval]: Handle to a channel (if non-negative) on which the server can exchange messages with the client (or an error code otherwise)</p> -<h2 id=client_api>Client API</h2> +<h2 id="client_api">Client API</h2> <p>This section contains the methods in the Client API.</p> -<h3 id=methods_client_api>Methods in the Client API</h3> +<h3 id="methods_client_api">Methods in the Client API</h3> -<h4 id=connect>connect()</h4> +<h4 id="connect">connect()</h4> <p>Initiates a connection to a port specified by name.</p> @@ -323,12 +316,12 @@ instead of failing immediately.</p> <p><code>IPC_CONNECT_ASYNC</code> - if set, initiates an asynchronous connection. An application has to poll for -the returned handle (by calling <code>wait()</code> or <code>wait_any()</code>) for +the returned handle (by calling <code>wait()</code> for a connection completion event indicated by the <code>IPC_HANDLE_POLL_READY</code> bit set in the event field of the <code>uevent_t</code> structure before starting normal operation.</p> -<h2 id=messaging_api>Messaging API</h2> +<h2 id="messaging_api">Messaging API</h2> <p>The Messaging API calls enable the sending and reading of messages over a previously established connection (channel). The Messaging API calls are the @@ -338,7 +331,7 @@ same for servers and clients.</p> call, and a server gets a channel handle from an <code>accept()</code> call, described above.</p> -<h4 id=structure_of_a_trusty_message>Structure of a Trusty message</h4> +<h4 id="structure_of_a_trusty_message">Structure of a Trusty message</h4> <p>As shown in the following, messages exchanged by the Trusty API have a minimal structure, leaving it to the server and client to agree on the semantics of the @@ -368,9 +361,9 @@ reads and writes to these blocks using the <code>iov</code> array. The content of buffers that can be described by the <code>iov</code> array is completely arbitrary.</p> -<h3 id=methods_messaging_api>Methods in the Messaging API</h3> +<h3 id="methods_messaging_api">Methods in the Messaging API</h3> -<h4 id=send_msg>send_msg()</h4> +<h4 id="send_msg">send_msg()</h4> <p>Sends a message over a specified channel.</p> @@ -393,9 +386,9 @@ In such a case the caller must wait until the peer frees some space in its receive queue by retrieving the handling and retiring messages, indicated by the <code>IPC_HANDLE_POLL_SEND_UNBLOCKED</code> bit set in the <code>event</code> field of the <code>uevent_t</code> structure -returned by the <code>wait()</code> or <code>wait_any()</code> call.</p> +returned by the <code>wait()</code> call.</p> -<h4 id=get_msg>get_msg()</h4> +<h4 id="get_msg">get_msg()</h4> <p>Gets meta-information about the next message in an incoming message queue</p> @@ -423,7 +416,7 @@ particular channel.</p> <p>[retval]: <code>NO_ERROR</code> on success; a negative error otherwise</p> -<h4 id=read_msg>read_msg()</h4> +<h4 id="read_msg">read_msg()</h4> <p>Reads the content of the message with the specified ID starting from the specified offset.</p> @@ -450,7 +443,7 @@ success; a negative error otherwise</p> a different (not necessarily sequential) offset as needed.</p> -<h4 id=put_msg>put_msg()</h4> +<h4 id="put_msg">put_msg()</h4> <p>Retires a message with a specified ID.</p> @@ -467,7 +460,7 @@ long put_msg(uint32_t handle, uint32_t msg_id); <p>Message content cannot be accessed after a message has been retired and the buffer it occupied has been freed.</p> -<h2 id=file_descriptor_api>File Descriptor API</h2> +<h2 id="file_descriptor_api">File Descriptor API</h2> <p>The File Descriptor API includes <code>read()</code>, <code>write()</code>, and <code>ioctl()</code> calls. All of these calls can operate on a predefined (static) set of file @@ -500,9 +493,9 @@ error, as this stream is very likely to be unthrottled. The <code>read()</code> to be exercised with caution. Extending file descriptors is prone to create conflicts and is not generally recommended.</p> -<h3 id=methods_file_descriptor_api>Methods in the File Descriptor API</h3> +<h3 id="methods_file_descriptor_api">Methods in the File Descriptor API</h3> -<h4 id=read>read()</h4> +<h4 id="read">read()</h4> <p>Attempts to read up to <code>count</code> bytes of data from a specified file descriptor.</p> @@ -518,7 +511,7 @@ long read(uint32_t fd, void *buf, uint32_t count); <p>[retval]: Returned number of bytes read; a negative error otherwise</p> -<h4 id=write>write()</h4> +<h4 id="write">write()</h4> <p>Writes up to <code>count</code> bytes of data to specified file descriptor.</p> @@ -534,7 +527,7 @@ long write(uint32_t fd, void *buf, uint32_t count); <p>[retval]: Returned number of bytes written; a negative error otherwise</p> -<h4 id=ioctl>ioctl()</h4> +<h4 id="ioctl">ioctl()</h4> <p>Invokes a specified <code>ioctl</code> command for a given file descriptor.</p> @@ -548,11 +541,11 @@ long ioctl(uint32_t fd, uint32_t cmd, void *args); <p>[in/out] <code>args</code>: Pointer to <code>ioctl()</code> arguments</p> -<h2 id=miscellaneous_api>Miscellaneous API</h2> +<h2 id="miscellaneous_api">Miscellaneous API</h2> -<h3 id=methods_misc_api>Methods in the Miscellaneous API</h3> +<h3 id="methods_misc_api">Methods in the Miscellaneous API</h3> -<h4 id=gettime>gettime()</h4> +<h4 id="gettime">gettime()</h4> <p>Returns the current system time (in nanoseconds).</p> @@ -568,7 +561,7 @@ long gettime(uint32_t clock_id, uint32_t flags, uint64_t *time); <p>[retval]: <code>NO_ERROR</code> on success; a negative error otherwise</p> -<h4 id=nanosleep>nanosleep()</h4> +<h4 id="nanosleep">nanosleep()</h4> <p>Suspends execution of the calling application for a specified period of time and resumes it after that period.</p> @@ -585,7 +578,7 @@ long nanosleep(uint32_t clock_id, uint32_t flags, uint64_t sleep_time) <p>[retval]: <code>NO_ERROR</code> on success; a negative error otherwise</p> -<h2 id=example_of_a_trusted_application_server>Example of a trusted application server</h2> +<h2 id="example_of_a_trusted_application_server">Example of a trusted application server</h2> <p>The following sample application shows the usage of the above APIs. The sample creates an "echo" service that handles multiple incoming connections and @@ -593,61 +586,57 @@ reflects back to the caller all messages it receives from clients originated from the secure or non-secure side.</p> <pre class="prettyprint"> -#include <assert.h> -#include <err.h> -#include <stddef.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <trusty_std.h> - -#include <app/echo/uuids.h> - +#include < stddef.h > +#include < stdio.h > +#include < stdlib.h > +#include < string.h > +#include < trusty_std.h > +#include < app / echo / uuids.h > #define LOG_TAG "echo_srv" +#define TLOGE(fmt, ...)\ +fprintf(stderr, "%s: %d: " + fmt, LOG_TAG, __LINE__, ##__VA_ARGS__) -#define TLOGE(fmt, ...) \ - fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ## __VA_ARGS__) +# define MAX_ECHO_MSG_SIZE 64 -#define MAX_ECHO_MSG_SIZE 64 - -static const char *srv_name = "com.android.echo.srv.echo"; +static +const char * srv_name = "com.android.echo.srv.echo"; static uint8_t msg_buf[MAX_ECHO_MSG_SIZE]; /* * Message handler */ -static int handle_msg(handle_t chan) -{ +static int handle_msg(handle_t chan) { int rc; iovec_t iov; ipc_msg_t msg; ipc_msg_info_t msg_inf; iov.base = msg_buf; - iov.len = sizeof(msg_buf); + iov.len = sizeof(msg_buf); msg.num_iov = 1; - msg.iov = &iov; + msg.iov = & iov; msg.num_handles = 0; - msg.handles = NULL; + msg.handles = NULL; /* get message info */ - rc = get_msg(chan, &msg_inf); + rc = get_msg(chan, & msg_inf); if (rc == ERR_NO_MSG) return NO_ERROR; /* no new messages */ if (rc != NO_ERROR) { TLOGE("failed (%d) to get_msg for chan (%d)\n", - rc, chan); + rc, chan); return rc; } /* read msg content */ - rc = read_msg(chan, msg_inf.id, 0, &msg); - if (rc < 0) { + rc = read_msg(chan, msg_inf.id, 0, & msg); + if (rc < 0) { TLOGE("failed (%d) to read_msg for chan (%d)\n", - rc, chan); + rc, chan); return rc; } @@ -655,18 +644,18 @@ static int handle_msg(handle_t chan) iov.len = (size_t) rc; /* send message back to the caller */ - rc = send_msg(chan, &msg); - if (rc < 0) { + rc = send_msg(chan, & msg); + if (rc < 0) { TLOGE("failed (%d) to send_msg for chan (%d)\n", - rc, chan); + rc, chan); return rc; } /* retire message */ rc = put_msg(chan, msg_inf.id); - if ( rc != NO_ERROR) { + if (rc != NO_ERROR) { TLOGE("failed (%d) to put_msg for chan (%d)\n", - rc, chan); + rc, chan); return rc; } @@ -676,23 +665,22 @@ static int handle_msg(handle_t chan) /* * Channel event handler */ -static void handle_channel_event(const uevent_t *ev) -{ +static void handle_channel_event(const uevent_t * ev) { int rc; - if (ev->event & IPC_HANDLE_POLL_MSG) { - rc = handle_msg(ev->handle); + if (ev - > event & IPC_HANDLE_POLL_MSG) { + rc = handle_msg(ev - > handle); if (rc != NO_ERROR) { /* report an error and close channel */ TLOGE("failed (%d) to handle event on channel %d\n", - rc, ev->handle); - close(ev->handle); + rc, ev - > handle); + close(ev - > handle); } return; } - if (ev->event & IPC_HANDLE_POLL_HUP) { + if (ev - > event & IPC_HANDLE_POLL_HUP) { /* closed by peer. */ - close(ev->handle); + close(ev - > handle); return; } } @@ -700,110 +688,84 @@ static void handle_channel_event(const uevent_t *ev) /* * Port event handler */ -static void handle_port_event(const uevent_t *ev) -{ - uuid_t peer_uuid; - - if ((ev->event & IPC_HANDLE_POLL_ERROR) || - (ev->event & IPC_HANDLE_POLL_HUP) || - (ev->event & IPC_HANDLE_POLL_MSG) || - (ev->event & IPC_HANDLE_POLL_SEND_UNBLOCKED)) { - /* should never happen with port handles */ - TLOGE("error event (0x%x) for port (%d)\n", - ev->event, ev->handle); - abort(); - } - if (ev->event & IPC_HANDLE_POLL_READY) { - /* incoming connection: accept it */ - int rc = accept(ev->handle, &peer_uuid); - if (rc < 0) { - TLOGE("failed (%d) to accept on port %d\n", - rc, ev->handle); - return; +static void handle_port_event(const uevent_t * ev) { + uuid_t peer_uuid; + + if ((ev - > event & IPC_HANDLE_POLL_ERROR) || + (ev - > event & IPC_HANDLE_POLL_HUP) || + (ev - > event & IPC_HANDLE_POLL_MSG) || + (ev - > event & IPC_HANDLE_POLL_SEND_UNBLOCKED)) { + /* should never happen with port handles */ + TLOGE("error event (0x%x) for port (%d)\n", + ev - > event, ev - > handle); + abort(); } - } -} - -/* - * Main application entry point - */ -int main(void) -{ - int rc; - handle_t port; - - /* Initialize service */ - rc = port_create(srv_name, 1, MAX_ECHO_MSG_SIZE, - IPC_PORT_ALLOW_NS_CONNECT | - IPC_PORT_ALLOW_TA_CONNECT ); - if (rc < 0) { - TLOGE("Failed (%d) to create port %s\n", - rc, srv_name); - abort(); - } - port = (handle_t)rc; - - /* enter main event loop */ - while (true) { - uevent_t ev; - - ev.handle = INVALID_IPC_HANDLE; - ev.event = 0; - ev.cookie = NULL; - - /* wait forever */ - rc = wait_any(&ev, -1); - if (rc == NO_ERROR) { - /* got an event */ - if (ev.handle == port) { - handle_port_event(&ev); - } else { - handle_channel_event(&ev); + if (ev - > event & IPC_HANDLE_POLL_READY) { + /* incoming connection: accept it */ + int rc = accept(ev - > handle, &peer_uuid); + if (ev - > event & IPC_HANDLE_POLL_READY) { + /* incoming connection: accept it */ + int rc = accept(ev - > handle, &peer_uuid); + if (rc < 0) { + TLOGE("failed (%d) to accept on port %d\n", + rc, ev - > handle); + return; + } + handle_t chan = rc; + while (true){ + struct uevent cev; + + rc = wait(handle, &cev, -1); + if (rc < 0) { + TLOGE("wait returned (%d)\n", rc); + abort(); + } + handle_channel_event(&cev); + if (cev.event & IPC_HANDLE_POLL_HUP) { + return; + } } - } else { - TLOGE("wait_any returned (%d)\n", rc); - abort(); } - } - return 0; -} -</pre> -<h2 id=example_of_a_trusted_application_client>Example of a trusted application client</h2> -<p>The following code snippets show the use of the Trusty messaging APIs to -implement a client of an "echo" service (shown in the code above). The <code>sync_connect()</code> -method shows an implementation of a synchronous connect with a timeout on top -of an asynchronous <code>connect()</code> call.</p> + /* + * Main application entry point + */ + int main(void) { + int rc; + handle_t port; -<pre class="prettyprint"> -/* - * Local wrapper on top of an async connect that provides a - * synchronous connect with timeout. - */ -int sync_connect(const char *path, uint timeout) -{ - int rc; - uevent_t evt; - handle_t chan; - - rc = connect(path, IPC_CONNECT_ASYNC | IPC_CONNECT_WAIT_FOR_PORT); - if (rc >= 0) { - chan = (handle_t) rc; - rc = wait(chan, &evt, timeout); - if (rc == 0) { - rc = ERR_BAD_STATE; - if (evt.handle == chan) { - if (evt.event & IPC_HANDLE_POLL_READY) - return chan; - if (evt.event & IPC_HANDLE_POLL_HUP) - rc = ERR_CHANNEL_CLOSED; + /* Initialize service */ + rc = port_create(srv_name, 1, MAX_ECHO_MSG_SIZE, + IPC_PORT_ALLOW_NS_CONNECT | + IPC_PORT_ALLOW_TA_CONNECT); + if (rc < 0) { + TLOGE("Failed (%d) to create port %s\n", + rc, srv_name); + abort(); + } + port = (handle_t) rc; + + /* enter main event loop */ + while (true) { + uevent_t ev; + + ev.handle = INVALID_IPC_HANDLE; + ev.event = 0; + ev.cookie = NULL; + + /* wait forever */ + rc = wait(port, &ev, -1) + if (rc == NO_ERROR) { + /* got an event */ + handle_port_event(&ev); + } else { + TLOGE("wait returned (%d)\n", rc); + abort(); + } } + return 0; } - close(chan); - } - return rc; -} </pre> <p>The <code>run_end_to_end_msg_test()</code> method sends 10,000 messages asynchronously @@ -906,7 +868,7 @@ abort_test: } </pre> -<h2 id=non-secure_world_apis_and_applications>Non-secure world APIs and applications</h2> +<h2 id="non-secure_world_apis_and_applications">Non-secure world APIs and applications</h2> <p>A set of Trusty services, published from the secure side and marked with the <code>IPC_PORT_ALLOW_NS_CONNECT</code> attribute, are accessible to kernel @@ -921,7 +883,7 @@ trusty-ipc kernel driver and registers a character device node that can be used by user space processes to communicate with services running on the secure side.</p> -<h3 id=user_space_trusty_ipc_client_api>User space Trusty IPC Client API</h3> +<h3 id="user_space_trusty_ipc_client_api">User space Trusty IPC Client API</h3> <p>The user space Trusty IPC Client API library is a thin layer on top of the device node <code>fd</code>.</p> @@ -967,7 +929,7 @@ messages that are delivered back to the non-secure side and placed in the appropriate channel file descriptor message queue to be retrieved by the user space application <code>read()</code> call.</p> -<h4 id=tipc_connect>tipc_connect()</h4> +<h4 id="tipc_connect">tipc_connect()</h4> <p>Opens a specified <code>tipc</code> device node and initiates a connection to a specified Trusty service.</p> @@ -982,7 +944,7 @@ int tipc_connect(const char *dev_name, const char *srv_name); <p>[retval]: Valid file descriptor on success, -1 otherwise.</p> -<h4 id=tipc_close>tipc_close()</h4> +<h4 id="tipc_close">tipc_close()</h4> <p>Closes the connection to the Trusty service specified by a file descriptor.</p> @@ -993,7 +955,7 @@ int tipc_close(int fd); <p>[in] <code>fd</code>: File descriptor previously opened by a <code>tipc_connect()</code> call</p> -<h2 id=kernel_trusty_ipc_client_api>Kernel Trusty IPC Client API</h2> +<h2 id="kernel_trusty_ipc_client_api">Kernel Trusty IPC Client API</h2> <p>The kernel Trusty IPC Client API is available for kernel drivers. The user space Trusty IPC API is implemented on top of this API.</p> @@ -1039,9 +1001,9 @@ for further processing. A detached <code>rx</code> buffer must be tracked and eventually released using a <code>tipc_chan_put_rxbuf()</code> call when it is no longer needed.</p> -<h3 id=methods_ktic_api>Methods in the Kernel Trusty IPC Client API</h3> +<h3 id="methods_ktic_api">Methods in the Kernel Trusty IPC Client API</h3> -<h4 id=tipc_create_channel>tipc_create_channel()</h4> +<h4 id="tipc_create_channel">tipc_create_channel()</h4> <p>Creates and configures an instance of a Trusty IPC channel for a particular trusty-ipc device.</p> @@ -1104,7 +1066,7 @@ received over a specified channel:</p> can be a new buffer obtained by the <code>tipc_chan_get_rxbuf()</code> call) </ul> -<h4 id=tipc_chan_connect>tipc_chan_connect()</h4> +<h4 id="tipc_chan_connect">tipc_chan_connect()</h4> <p>Initiates a connection to the specified Trusty IPC service.</p> @@ -1123,7 +1085,7 @@ service name to which to connect</p> <p>The caller is notified when a connection is established by receiving a <code>handle_event</code> callback.</p> -<h4 id=tipc_chan_shutdown>tipc_chan_shutdown()</h4> +<h4 id="tipc_chan_shutdown">tipc_chan_shutdown()</h4> <p>Terminates a connection to the Trusty IPC service previously initiated by a <code>tipc_chan_connect()</code> call.</p> @@ -1135,7 +1097,7 @@ int tipc_chan_shutdown(struct tipc_chan *chan); <p>[in] <code>chan</code>: Pointer to a channel returned by a <code>tipc_create_chan()</code> call</p> -<h4 id=tipc_chan_destroy>tipc_chan_destroy()</h4> +<h4 id="tipc_chan_destroy">tipc_chan_destroy()</h4> <p>Destroys a specified Trusty IPC channel.</p> @@ -1146,7 +1108,7 @@ void tipc_chan_destroy(struct tipc_chan *chan); <p>[in] <code>chan</code>: Pointer to a channel returned by the <code>tipc_create_chan()</code> call</p> -<h4 id=tipc_chan_get_txbuf_timeout>tipc_chan_get_txbuf_timeout()</h4> +<h4 id="tipc_chan_get_txbuf_timeout">tipc_chan_get_txbuf_timeout()</h4> <p>Obtains a message buffer that can be used to send data over a specified channel. If the buffer is not immediately available the caller may be blocked @@ -1165,7 +1127,7 @@ tipc_chan_get_txbuf_timeout(struct tipc_chan *chan, long timeout); <p>[retval]: A valid message buffer on success, <code>ERR_PTR(err)</code> on error</p> -<h4 id=tipc_chan_queue_msg>tipc_chan_queue_msg()</h4> +<h4 id="tipc_chan_queue_msg">tipc_chan_queue_msg()</h4> <p>Queues a message to be sent over the specified Trusty IPC channels.</p> @@ -1181,7 +1143,7 @@ int tipc_chan_queue_msg(struct tipc_chan *chan, struct tipc_msg_buf *mb); <p>[retval]: 0 on success, a negative error otherwise</p> -<h4 id=tipc_chan_put_txbuf>tipc_chan_put_txbuf()</h4> +<h4 id="tipc_chan_put_txbuf">tipc_chan_put_txbuf()</h4> <p>Releases the specified <code>Tx</code> message buffer previously obtained by a <code>tipc_chan_get_txbuf_timeout()</code> call.</p> @@ -1198,7 +1160,7 @@ this message buffer belongs</p> <p>[retval]: None</p> -<h4 id=tipc_chan_get_rxbuf>tipc_chan_get_rxbuf()</h4> +<h4 id="tipc_chan_get_rxbuf">tipc_chan_get_rxbuf()</h4> <p>Obtains a new message buffer that can be used to receive messages over the specified channel.</p> @@ -1211,7 +1173,7 @@ struct tipc_msg_buf *tipc_chan_get_rxbuf(struct tipc_chan *chan); <p>[retval]: A valid message buffer on success, <code>ERR_PTR(err)</code> on error</p> -<h4 id=tipc_chan_put_rxbuf>tipc_chan_put_rxbuf()</h4> +<h4 id="tipc_chan_put_rxbuf">tipc_chan_put_rxbuf()</h4> <p>Releases a specified message buffer previously obtained by a <code>tipc_chan_get_rxbuf()</code> call.</p> @@ -1229,3 +1191,4 @@ void tipc_chan_put_rxbuf(struct tipc_chan *chan, </body> </html> + diff --git a/en/setup/_translation.yaml b/en/setup/_translation.yaml deleted file mode 100644 index 88d00f99..00000000 --- a/en/setup/_translation.yaml +++ /dev/null @@ -1,10 +0,0 @@ -enable_continuous_translation: true -title: Android Open Source Project Setup tab -description: Translations for SAC Setup tab -language: -- zh-CN -cc: -- sac-doc-leads+translation@google.com -reviewer: -- daroberts -product: Android diff --git a/en/setup/build/dashboard.html b/en/setup/build/dashboard.html index 7dee5bee..71aeda5a 100644 --- a/en/setup/build/dashboard.html +++ b/en/setup/build/dashboard.html @@ -21,9 +21,10 @@ limitations under the License. --> -<p>This dashboard provides visibility into the +<p>The <a href="https://en.wikipedia.org/wiki/Continuous_integration" class="external">continuous - integration</a> system used by the Android Open Source Project (AOSP).</p> + integration</a> dashboard (<a href="https://ci.android.com/" class="external">ci.android.com</a>) + provides visibility into the system used by the Android Open Source Project (AOSP).</p> <p>Contributors to AOSP can use this dashboard to monitor when their submissions are integrated into the tree. The status color shows whether the integrated change has built successfully diff --git a/en/setup/build/gsi.html b/en/setup/build/gsi.html index c7e32c3a..5e204647 100644 --- a/en/setup/build/gsi.html +++ b/en/setup/build/gsi.html @@ -34,7 +34,7 @@ Compatibility program</a>. The system image of an Android device is replaced with a GSI then tested with the <a href="/compatibility/vts/">Vendor Test Suite (VTS)</a> and the <a href="/compatibility/cts/">Compatibility Test Suite - (CTS)</a> to ensure the device implements vendor inferfaces correctly with the + (CTS)</a> to ensure the device implements vendor interfaces correctly with the latest version of Android. </p> diff --git a/en/setup/index.html b/en/setup/index.html index 3728eb2f..33c05e1f 100644 --- a/en/setup/index.html +++ b/en/setup/index.html @@ -46,21 +46,22 @@ consumer product with source code open for customization and porting. <h2 id="governance-philosophy">Governance Philosophy</h2> <p>Android was originated by a group of companies known as the Open -Handset Alliance, led by Google. Today, many companies -- both original members -of the OHA and others -- have invested heavily in Android. These companies have +Handset Alliance, led by Google. Today, many companies—both original members +of the OHA and others—have invested heavily in Android. These companies have allocated significant engineering resources to improve Android and bring Android devices to market. </p> <p>The companies that have invested in Android have done so on its merits because we believe an open platform is necessary. Android is -intentionally and explicitly an open source -- as opposed to a free software -- +intentionally and explicitly an open source—as opposed to a free software— effort; a group of organizations with shared needs has pooled resources to collaborate on a single implementation of a shared product. The Android philosophy is pragmatic, first and foremost. The objective is a shared product that each contributor can tailor and customize.</p> <p>Uncontrolled customization can, of course, lead to incompatible -implementations. To prevent this, the Android Open Source Project also maintains the <a href="/compatibility/index.html">Android +implementations. To prevent this, the Android Open Source Project also +maintains the <a href="/compatibility/index.html">Android Compatibility Program</a>, which spells out what it means to be "Android compatible" and what is required of device builders to achieve that status. Anyone can (and will!) use the Android source code for any purpose, and we diff --git a/en/setup/start/build-numbers.html b/en/setup/start/build-numbers.html index 2b114631..509c6d03 100644 --- a/en/setup/start/build-numbers.html +++ b/en/setup/start/build-numbers.html @@ -241,28 +241,39 @@ following table. </thead> <tbody> <tr> + <td>PQ1A.190105.004</td> + <td>android-9.0.0_r30</td> + <td>Pie</td> + <td>Pixel 3 XL, Pixel 3, Pixel 2 XL, Pixel 2, Pixel XL, Pixel</td> + <td>2019-01-05</td> + </tr> + <tr> <td>PQ1A.181205.006.A1</td> <td>android-9.0.0_r22</td> <td>Pie</td> <td>Pixel 3 XL, Pixel 3</td> + <td>2018-12-05</td> </tr> <tr> <td>PQ1A.181205.006</td> <td>android-9.0.0_r21</td> <td>Pie</td> <td>Pixel 3 XL, Pixel 3</td> + <td>2018-12-05</td> </tr> <tr> <td>PQ1A.181205.002.A1</td> <td>android-9.0.0_r20</td> <td>Pie</td> <td>Pixel XL, Pixel</td> + <td>2018-12-05</td> </tr> <tr> <td>PQ1A.181205.002</td> <td>android-9.0.0_r19</td> <td>Pie</td> <td>Pixel 2 XL, Pixel 2</td> + <td>2018-12-05</td> </tr> <tr> <td>PPR2.181005.003.A1</td> @@ -363,16 +374,25 @@ following table. <td>2018-08-05</td> </tr> <tr> + <td>OPM8.190105.002</td> + <td>android-8.1.0_r60</td> + <td>Oreo</td> + <td>Pixel C</td> + <td>2019-01-05</td> + </tr> + <tr> <td>OPM8.181205.001</td> <td>android-8.1.0_r53</td> <td>Oreo</td> <td>Pixel C</td> + <td>2018-12-05</td> </tr> <tr> <td>OPM7.181205.001</td> <td>android-8.1.0_r52</td> <td>Oreo</td> <td>Nexus 5X, Nexus 6P</td> + <td>2018-12-05</td> </tr> <tr> <td>OPM8.181105.002</td> diff --git a/en/setup/start/licenses.html b/en/setup/start/licenses.html index 49865996..4c0e22f1 100644 --- a/en/setup/start/licenses.html +++ b/en/setup/start/licenses.html @@ -94,7 +94,7 @@ Since Android software is typically shipped in the form of a static system image, complying with these requirements restricts OEMs' designs. For instance, it's difficult for a user to replace a library on read-only - flash storage.) + flash storage. </li> <li> LGPL requires allowance of customer modification and reverse diff --git a/en/whitelist/_book.yaml b/en/whitelist/_book.yaml deleted file mode 100644 index 5c59d5d7..00000000 --- a/en/whitelist/_book.yaml +++ /dev/null @@ -1,129 +0,0 @@ -upper_tabs: -- name: Set up - lower_tabs: - other: - - name: Overview - contents: - - title: Overview - path: /setup/ - - name: Start - contents: - - include: /setup/_toc-start.yaml - - name: Download - contents: - - include: /setup/_toc-download.yaml - - name: Build - contents: - - include: /setup/_toc-build.yaml - - name: Create - contents: - - include: /setup/_toc-create.yaml - - name: Contribute - contents: - - include: /setup/_toc-contribute.yaml - - name: Contact - contents: - - include: /setup/_toc-contact.yaml -- name: Design - lower_tabs: - other: - - name: Overview - contents: - - include: /compatibility/_toc-purpose.yaml - - name: Architecture - contents: - - include: /compatibility/_toc-architecture.yaml - - name: Compatibility - contents: - - include: /compatibility/_toc-compatibility.yaml - - name: Display - contents: - - include: /compatibility/_toc-display.yaml - - name: Settings - contents: - - include: /compatibility/_toc-settings.yaml - - name: Tests - contents: - - include: /compatibility/_toc-tests.yaml -- name: Secure - lower_tabs: - other: - - name: Overview - contents: - - include: /security/_toc-overview.yaml - - name: Bulletins - contents: - - include: /security/_toc-bulletins.yaml - - name: Features - contents: - - include: /security/_toc-features.yaml - - name: Dynamic Analysis - contents: - - include: /security/_toc-fuzz.yaml -- name: Develop - lower_tabs: - other: - - name: Audio - contents: - - include: /devices/_toc-audio.yaml - - name: Camera - contents: - - include: /devices/_toc-camera.yaml - - name: Connectivity - contents: - - include: /devices/_toc-connectivity.yaml - - name: Graphics - contents: - - include: /devices/_toc-graphics.yaml - - name: Interaction - contents: - - include: /devices/_toc-interaction.yaml - - name: Media - contents: - - include: /devices/_toc-media.yaml - - name: Storage - contents: - - include: /devices/_toc-storage.yaml -- name: Configure - lower_tabs: - other: - - name: ART - contents: - - include: /devices/_toc-runtime.yaml - - name: Data - contents: - - include: /devices/_toc-data.yaml - - name: Enterprise - contents: - - include: /devices/_toc-enterprise.yaml - - name: Performance - contents: - - include: /devices/_toc-performance.yaml - - name: Permissions - contents: - - include: /devices/_toc-permissions.yaml - - name: Power - contents: - - include: /devices/_toc-power.yaml - - name: Updates - contents: - - include: /devices/_toc-update.yaml -- name: Reference - lower_tabs: - other: - - name: Overview - contents: - - title: Overview - path: /reference/ - - name: HIDL - contents: - - include: /reference/hidl/_toc.yaml - - name: HAL - contents: - - include: /reference/hal/_toc.yaml - - name: Trade Federation - contents: - - include: /reference/tradefed/_toc.yaml -- name: Whitelist - whitelist: /whitelist/ - path: /whitelist/ diff --git a/en/whitelist/_whitelist.yaml b/en/whitelist/_whitelist.yaml deleted file mode 100644 index 25dc0876..00000000 --- a/en/whitelist/_whitelist.yaml +++ /dev/null @@ -1,4 +0,0 @@ -whitelist: -- group: devsite-test-group@62144783.test.corp-partner.google.com -- group: kunal_test@googlegroups.com -- email: dlazin@gmail.com diff --git a/en/whitelist/index.md b/en/whitelist/index.md deleted file mode 100644 index 6c2dd500..00000000 --- a/en/whitelist/index.md +++ /dev/null @@ -1,6 +0,0 @@ -Project: /_project.yaml -Book: /whitelist/_book.yaml - -# Test page - -I am a test page. |
