diff options
Diffstat (limited to 'en')
-rw-r--r-- | en/_index.yaml | 2 | ||||
-rw-r--r-- | en/compatibility/cts/secure-element.md | 22 | ||||
-rw-r--r-- | en/devices/_toc-performance.yaml | 2 | ||||
-rw-r--r-- | en/devices/architecture/hidl/services.html | 17 | ||||
-rw-r--r-- | en/devices/tech/connect/carrier-wifi.md | 53 | ||||
-rw-r--r-- | en/devices/tech/perf/lmkd.md | 197 | ||||
-rw-r--r-- | en/images/android_stack.png | bin | 91863 -> 81301 bytes | |||
-rw-r--r-- | en/security/bulletin/2018.html | 4 | ||||
-rw-r--r-- | en/security/bulletin/index.html | 4 | ||||
-rw-r--r-- | en/security/bulletin/pixel/2018.html | 4 | ||||
-rw-r--r-- | en/security/bulletin/pixel/index.html | 4 | ||||
-rw-r--r-- | en/setup/start/p-release-notes.md | 60 |
12 files changed, 329 insertions, 40 deletions
diff --git a/en/_index.yaml b/en/_index.yaml index a359a2f3..2d69f437 100644 --- a/en/_index.yaml +++ b/en/_index.yaml @@ -80,7 +80,7 @@ landing_page: - heading: Site Updates description: > This site has been overhauled to make it easier for you to navigate, - search, and read its ever-growing set of information. Check out our + search, and read its ever-growing set of information. Check out the reorganized sections and new navigation. buttons: - label: August 6th, 2018 diff --git a/en/compatibility/cts/secure-element.md b/en/compatibility/cts/secure-element.md index 0c3933b6..d7d04264 100644 --- a/en/compatibility/cts/secure-element.md +++ b/en/compatibility/cts/secure-element.md @@ -44,9 +44,7 @@ specification. These test cases require installation of a special applet, a Java Card application on Secure Element, that is used by the CTS application for communication. For installation, use the sample applet found in -[`CtsAndroidOmapiTestApplet.java`](https://android.googlesource.com/platform/cts/+/master/tests/tests/secure_element/sample_applet/src/com/android/cts/omapi/test/CtsAndroidOmapiTestApplet.java){: .external} -and -[`test.cap`](https://android.googlesource.com/platform/cts/+/master/tests/tests/secure_element/sample_applet/test.cap){: .external}. +[`google-cardlet.cap`](https://android.googlesource.com/platform/cts/+/master/tests/tests/secure_element/sample_applet/uicc){: .external}. To pass OMAPI test cases, the underlying Secure Element Service and the SE should be capable of the following: @@ -696,23 +694,27 @@ Create an instance of the applet under these AIDs: **File name:** `google-cardlet.cap` **Package AID:** 6F 6D 61 70 69 63 61 72 64 6C 65 74 -**Version:** 1.0 -**SHA1:** 5F72E0A073BA9E61A7358F2FE3F031 -**SHA256:** ECC1217AA0BC687DD89D5BB233F743 +**Version:** 1.63 +**Hash:** 5F72E0A073BA9E61A7358F2FE3F031A99F3F81E9 -**Module AIDs:** +**Applets:** 6F 6D 61 70 69 4A 53 52 31 37 37 = SelectResponse module 6F 6D 61 70 69 43 61 63 68 69 6E 67 = XXLResponse module **Imports:** javacard.framework v1.3 - A0000000620101 -java.lang v1.0 - A0000000620001 +java.lang v1.0 - A0000000620001 +uicc.hci.framework v1.0 - A0000000090005FFFFFFFF8916010000 +uicc.hci.services.cardemulation v1.0 - A0000000090005FFFFFFFF8916020100 +uicc.hci.services.connectivity v1.0 - A0000000090005FFFFFFFF8916020200 -**Size on card:** 4463 +**Size on card:** 39597 #### 2. Installation steps -Load the `google-cardlet.cap` file to the SIM card using the appropriate +Load the +[`google-cardlet.cap`](https://android.googlesource.com/platform/cts/+/master/tests/tests/secure_element/sample_applet/uicc){: .external} +file to the SIM card using the appropriate procedure (check with your SE manufacturers). Run installation command for each applet. diff --git a/en/devices/_toc-performance.yaml b/en/devices/_toc-performance.yaml index 83f31408..174534dd 100644 --- a/en/devices/_toc-performance.yaml +++ b/en/devices/_toc-performance.yaml @@ -11,6 +11,8 @@ toc: path: /devices/tech/perf/apk-caching - title: Boot Times path: /devices/tech/perf/boot-times +- title: LMKD in Userspace + path: /devices/tech/perf/lmkd - title: Low RAM path: /devices/tech/perf/low-ram - title: Profile Guided Optimization (PGO) diff --git a/en/devices/architecture/hidl/services.html b/en/devices/architecture/hidl/services.html index c7ddd8f6..f441c8e2 100644 --- a/en/devices/architecture/hidl/services.html +++ b/en/devices/architecture/hidl/services.html @@ -168,14 +168,15 @@ or <code>oneway</code>. For an example, see "Asynchronous callbacks" in <code>inout</code> parameters.</p> <h3 id=limits>Per-transaction limits</h3> -<p>Per-transaction limits may be imposed on the amount of data sent in HIDL -methods and callbacks. The limits are yet to be determined but may be as small -as 4K. Calls exceeding these limits return failure immediately. Another -limitation is the resources available to the HIDL infrastructure to handle -multiple simultaneous transactions. Multiple transactions can be in-flight -simultaneously due to multiple threads or processes sending calls to a process -or multiple <code>oneway</code> calls that are not handled quickly by the -receiving process.</p> +<p>Per-transaction limits are not imposed on the amount of data sent in HIDL +methods and callbacks. However, calls exceeding 4KB per transaction are +considered excessive. If this is seen, re-architecting the given HIDL interface +is recommended. Another limitation is the resources available to the HIDL +infrastructure to handle multiple simultaneous transactions. Multiple +transactions can be in-flight simultaneously due to multiple threads or +processes sending calls to a process or multiple <code>oneway</code> calls that +are not handled quickly by the receiving process. The maximum total space +available for all concurrent transactions is 1MB by default.</p> <p>In a well-designed interface, exceeding these resource limitations should not happen; if it does, the call which exceeded them may either block until diff --git a/en/devices/tech/connect/carrier-wifi.md b/en/devices/tech/connect/carrier-wifi.md index be25f4b9..9e96c391 100644 --- a/en/devices/tech/connect/carrier-wifi.md +++ b/en/devices/tech/connect/carrier-wifi.md @@ -34,15 +34,50 @@ Wi-Fi. ### Manufacturers -In the carrier config manager, configure the following parameters, located in -[`CarrierConfigManager.java`](https://android.googlesource.com/platform/frameworks/base/+/master/telephony/java/android/telephony/CarrierConfigManager.java){: .external}, -for each carrier: - -+ `KEY_CARRIER_WIFI_STRING_ARRAY`: Base64-encoded Wi-Fi SSID. -+ `IMSI_KEY_AVAILABILITY_INT`: Identifies whether the key used for IMSI - encryption is available for WLAN or EPDG, or both. -+ `IMSI_KEY_DOWNLOAD_URL_STRING`: URL from which the proto containing the - public key of the carrier used for IMSI encryption is downloaded. +In the carrier config manager, configure the following parameters for each +carrier: + ++ [`KEY_CARRIER_WIFI_STRING_ARRAY`](https://android.googlesource.com/platform/frameworks/base/+/master/telephony/java/android/telephony/CarrierConfigManager.java#1606){: .external}: + A string array where each string entry is a Base64-encoded Wi-Fi SSID and + an EAP type separated by a comma, where the EAP type is an integer (refer to + [https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml](https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml){: .external}). + For example, the following configuration is for *SOME_SSID_NAME* using + **EAP-AKA** and *Some_Other_SSID* using **EAP-SIM**: + + ``` + config { + key: "carrier_wifi_string_array" + text_array { + item: "U09NRV9TU0lEX05BTUUK,23" + item: "U29tZV9PdGhlcl9TU0lECg==,18" + } + } + ``` + ++ [`IMSI_KEY_AVAILABILITY_INT`](https://android.googlesource.com/platform/frameworks/base/+/master/telephony/java/android/telephony/CarrierConfigManager.java#1837){: .external}: + Identifies whether the key used for IMSI encryption is available for WLAN + (bit 1 is set), EPDG (bit 0 is set), or both (both bit 0 and bit 1 are + set). For example, the following configuration indicates that IMSI + encryption is available for WLAN but not for EPDG: + + ``` + config { + key: "imsi_key_availability_int" + int_value: 2 + } + ``` + ++ [`IMSI_KEY_DOWNLOAD_URL_STRING`](https://android.googlesource.com/platform/frameworks/base/+/master/telephony/java/android/telephony/CarrierConfigManager.java#1830){: .external}: + URL from which the proto containing the public key of the carrier used for + IMSI encryption is downloaded. For example, the following configuration + provides a specific URL: + + ``` + config { + key: "imsi_key_download_url_string" + text_value: "https://www.some_company_name.com:5555/some_directory_name/" + } + ``` ### Carriers diff --git a/en/devices/tech/perf/lmkd.md b/en/devices/tech/perf/lmkd.md new file mode 100644 index 00000000..72ff452b --- /dev/null +++ b/en/devices/tech/perf/lmkd.md @@ -0,0 +1,197 @@ +Project: /_project.yaml +Book: /_book.yaml + +{% include "_versions.html" %} + +<!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +# LMKD in Userspace + +This document describes the userspace lowmemorykiller daemon (`lmkd`) features +added in Android {{ androidPVersionNumber }} and how to configure them. + +Historically, Android used in-kernel lowmemorykiller driver to handle memory +pressure situations by killing non-essential processes. This mechanism is rigid +and depends on hard-coded values. In addition, starting with kernel 4.12, the +lowmemorykiller driver is excluded from the upstream kernel. + +The userspace `lmkd` process implements the same functionality but with already +existing kernel mechanisms to detect and estimate memory pressure. It uses +vmpressure events generated by the kernel to get notifications about memory +pressure levels. It also can use memory cgroup features to limit memory resources +allocated to each process based on its importance. + + +# How to switch to userspace lmkd + +Starting in Android {{ androidPVersionNumber }}, userspace `lmkd` activates if an +in-kernel lowmemorykiller driver is not detected. Note that userspace `lmkd` +requires kernel support for memory cgroups. Therefore, to switch to userspace +`lmkd` the kernel should be compiled with the following configuration settings: + +``` +CONFIG_ANDROID_LOW_MEMORY_KILLER=n +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +``` + +# lmkd kill strategies + +`lmkd` supports new kill strategies based on vmpressure events, their severity, +and other hints like swap utilization, as well as legacy mode in which `lmkd` +makes kill decisions just as the kernel lowmemorykiller driver did. + +New kill strategies differ for low-memory vs high-performance devices. In cases +of low-memory devices, the system should tolerate higher memory pressure as a +normal mode of operation; on high-performance devices, memory pressure should be +viewed as an abnormal situation that should be fixed before it affects overall +performance. The `ro.config.low_ram` property allows for choosing one mode over +the other. See [Low RAM Configuration](/devices/tech/perf/low-ram) for +instructions on setting this property. + +In legacy mode, `lmkd` kill decisions are made based on free memory and file cache +thresholds. This mode is enabled by setting the `ro.lmk.use_minfree_levels` +property to `true`. + + +# Configuring lmkd for specific device + +Configure `lmkd` with the following properties: + +<table> + <tr> + <th>Property</th> + <th>Use</th> + <th>Default Value</th> + </tr> + <tr> + <td><code>ro.config.low_ram</code> + </td> + <td>Choose between low-memory vs. high-performance device. + </td> + <td><code>false</code> + </td> + </tr> + <tr> + <td><code>ro.lmk.use_minfree_levels</code> + </td> + <td>Use free memory and file cache thresholds for making decisions when to + kill. This mode works the same way kernel lowmemorykiller driver used to + work. + </td> + <td><code>false</code> + </td> + </tr> + <tr> + <td><code>ro.lmk.low</code> + </td> + <td>The minimum oom_adj score for processes eligible to be killed at low + vmpressure level. + </td> + <td><code>1001</code><br> +(disabled) + </td> + </tr> + <tr> + <td><code>ro.lmk.medium</code> + </td> + <td>The minimum oom_adj score for processes eligible to be killed at medium + vmpressure level. + </td> + <td><code>800</code><br> +(cached or non-essential services) + </td> + </tr> + <tr> + <td><code>ro.lmk.critical</code> + </td> + <td>The minimum oom_adj score for processes eligible to be killed at critical + vmpressure level. + </td> + <td><code>0</code><br> +(any process) + </td> + </tr> + <tr> + <td><code>ro.lmk.critical_upgrade</code> + </td> + <td>Enables upgrade to critical level. + </td> + <td><code>false</code> + </td> + </tr> + <tr> + <td><code>ro.lmk.upgrade_pressure</code> + </td> + <td>The maximum mem_pressure at which level will be upgraded because system + is swapping too much. + </td> + <td><code>100</code><br> +(disabled) + </td> + </tr> + <tr> + <td><code>ro.lmk.downgrade_pressure</code> + </td> + <td>The minimum mem_pressure* at which vmpressure event will be ignored + because enough free memory is still available. + </td> + <td><code>100</code><br> +(disabled) + </td> + </tr> + <tr> + <td><code>ro.lmk.kill_heaviest_task</code> + </td> + <td>Kill heaviest eligible task (best decision) vs. any eligible task (fast + decision).</td> + <td><code>true</code> + </td> + </tr> + <tr> + <td><code>ro.lmk.kill_timeout_ms</code> + </td> + <td>Duration in ms after a kill when no additional kill will be done. + </td> + <td><code>0</code><br> +(disabled) + </td> + </tr> + <tr> + <td><code>ro.lmk.debug</code> + </td> + <td>Enable <code>lmkd</code> debug logs. + </td> + <td><code>false</code> + </td> + </tr> +</table> + +*Note: *mem_pressure = RAM usage / RAM_and_swap usage in % + +Here is a device configuration example: + +``` +PRODUCT_PROPERTY_OVERRIDES += \ + ro.lmk.low=1001 \ + ro.lmk.medium=800 \ + ro.lmk.critical=0 \ + ro.lmk.critical_upgrade=false \ + ro.lmk.upgrade_pressure=100 \ + ro.lmk.downgrade_pressure=100 \ + ro.lmk.kill_heaviest_task=true +``` diff --git a/en/images/android_stack.png b/en/images/android_stack.png Binary files differindex 16b792c5..9817a210 100644 --- a/en/images/android_stack.png +++ b/en/images/android_stack.png diff --git a/en/security/bulletin/2018.html b/en/security/bulletin/2018.html index 6b1d0b7a..ef673310 100644 --- a/en/security/bulletin/2018.html +++ b/en/security/bulletin/2018.html @@ -38,15 +38,13 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi </tr> <tr> <td><a href="/security/bulletin/2018-08-01.html">August 2018</a></td> - <td>Coming soon - <!-- + <td> <a href="/security/bulletin/2018-08-01.html">English</a> / <a href="/security/bulletin/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-08-01.html?hl=ru">ру́сский</a> / <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> - --> </td> <td>August 6, 2018</td> <td>2018-08-01<br> diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html index ba3b35e7..40f49e56 100644 --- a/en/security/bulletin/index.html +++ b/en/security/bulletin/index.html @@ -70,15 +70,13 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi </tr> <tr> <td><a href="/security/bulletin/2018-08-01.html">August 2018</a></td> - <td>Coming soon - <!-- + <td> <a href="/security/bulletin/2018-08-01.html">English</a> / <a href="/security/bulletin/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-08-01.html?hl=ru">ру́сский</a> / <a href="/security/bulletin/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/bulletin/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> - --> </td> <td>August 6, 2018</td> <td>2018-08-01<br> diff --git a/en/security/bulletin/pixel/2018.html b/en/security/bulletin/pixel/2018.html index 665c7d0d..216c4f68 100644 --- a/en/security/bulletin/pixel/2018.html +++ b/en/security/bulletin/pixel/2018.html @@ -40,15 +40,13 @@ Bulletins</a> homepage.</p> </tr> <tr> <td><a href="/security/bulletin/pixel/2018-08-01.html">August 2018</a></td> - <td>Coming soon - <!-- + <td> <a href="/security/bulletin/pixel/2018-08-01.html">English</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ru">ру́сский</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> - --> </td> <td>August 6, 2018</td> <td>2018-08-05</td> diff --git a/en/security/bulletin/pixel/index.html b/en/security/bulletin/pixel/index.html index 0732810b..03a6d4ac 100644 --- a/en/security/bulletin/pixel/index.html +++ b/en/security/bulletin/pixel/index.html @@ -60,15 +60,13 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release </tr> <tr> <td><a href="/security/bulletin/pixel/2018-08-01.html">August 2018</a></td> - <td>Coming soon - <!-- + <td> <a href="/security/bulletin/pixel/2018-08-01.html">English</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=ru">ру́сский</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/bulletin/pixel/2018-08-01.html?hl=zh-tw">中文 (台灣)</a> - --> </td> <td>August 6, 2018</td> <td>2018-08-05</td> diff --git a/en/setup/start/p-release-notes.md b/en/setup/start/p-release-notes.md index cc5b6fce..70cd72c9 100644 --- a/en/setup/start/p-release-notes.md +++ b/en/setup/start/p-release-notes.md @@ -226,6 +226,23 @@ features and changes to requirements for previously released functionality. ## Settings +### Better App Widgets + +The Android app widget framework now offers increased visibility into user +interactions, specifically when a user deletes or manually adds widgets. This +functionality comes by default with Launcher3. + +Manufacturers need to update their Launcher apps (which are shipped with devices) +to support this feature if not based upon Launcher3. OEMs need to support the new +[widgetFeatures API](https://developer.android.com/reference/android/appwidget/AppWidgetProviderInfo#widgetFeatures){: .external} +in their default Launcher. + +The API in itself does not guarantee that it will work end to end unless the +launchers implement it as expected. AOSP includes a sample implementation. See +the AOSP Change-Id Iccd6f965fa3d61992244a365efc242122292c0ca for the sample code +provided. + + ### Device State Change Notifications to Package Installers A protected system broadcast can now be sent to apps that hold the @@ -801,6 +818,49 @@ usage on the device since the last device boot. It provides additional functionality such as socket tagging, separating foreground/background traffic and per-UID firewall to block apps from network access depending on device state. +### Restore to lower APIs + +Devices can now restore from future versions of the operating system. This is +especially useful when users have upgraded their phones but then lost or broken +them. + +If an OEM modifies the backup agents for any of the system packages (android, +system, settings), those agents should handle restoring backups sets that were +made on later versions of the platform without crashing and with restoring at +least some data. + +Consider using a validator to check for invalid values of a given piece of +backup data and only restore valid data, as done in +`core/java/android/provider/SettingsValidators.java`. + +The feature is on by default. SettingsBackupAgent support for restoring from +future versions can be turned off via +`Settings.Global.OVERRIDE_SETTINGS_PROVIDER_RESTORE_ANY_VERSION`. No additional +implementation is required unless the device manufacturer extends one of backup +agents included in the ROM (or adds a custom one). + +This feature allows system restores from future versions of the platform; +however, it’s reasonable to expect that the restored data won’t be complete. The +following instructions apply to the following backup agents: + +- **PackageManagerBackupAgent**: Supports future versions of the backup data + via format versioning; extensions here MUST be compatible with current + restore code or follow instructions in the class, which include bumping the + proper constants. + +- **SystemBackupAgent**: `restoreAnyVersion = false` in Android this release + and higher. Doesn’t support restore from higher versions of the API. + +- **SettingsBackupAgent**: `restoreAnyVersion = true` starting in this release. + Partial support exists via validators. A setting can be restored from a + higher API version if a validator for it exists in the target OS. Adding any + setting should be accompanied by its validator. Check class for details. + +- Any **custom backup agent** included in the ROM should increase its version + code any time an incompatible change is made to the backup data format and + ensure `restoreAnyVersion = false` (the default) if their agent is not + prepared to deal with backup data from a future version of their code. + ## Enterprise ### Managed Profile Improvements |