diff options
Diffstat (limited to 'en')
48 files changed, 4593 insertions, 264 deletions
diff --git a/en/_index.yaml b/en/_index.yaml index fd444ebc..abd82d1b 100644 --- a/en/_index.yaml +++ b/en/_index.yaml @@ -72,6 +72,13 @@ landing_page: image_path: /images/android_stack.png - heading: News items: + - heading: January Security Bulletins + description: > + The January 2018 Android and Pixel/Nexus Security Bulletins have been + published to support the January security release. + buttons: + - label: January 2nd, 2018 + path: /security/bulletin/2018-01-01 - heading: Android 8.1 Instructions description: > The Android 8.1 release is now available and offers many new features @@ -86,13 +93,6 @@ landing_page: buttons: - label: December 5th. 2017 path: /reference/hidl/ - - heading: December Security Bulletins - description: > - The December 2017 Android and Pixel/Nexus Security Bulletins have been - published to support the December security release. - buttons: - - label: December 4th, 2017 - path: /security/bulletin/2017-12-01 - classname: devsite-landing-row-100 tf-row-centered items: - buttons: diff --git a/en/compatibility/_translation.yaml b/en/compatibility/_translation.yaml index 08b9cc29..a099d81b 100644 --- a/en/compatibility/_translation.yaml +++ b/en/compatibility/_translation.yaml @@ -16,6 +16,7 @@ ignore_paths: - /compatibility/8.0/... - /compatibility/8.1/... - /compatibility/images/... +- /compatibility/source/... enable_continuous_translation: True title: Android Open Source Project Compatibility tab description: Translations for SAC compatibility tab diff --git a/en/compatibility/source/android-cdd-cover.css b/en/compatibility/source/android-cdd-cover.css new file mode 100644 index 00000000..7364deb0 --- /dev/null +++ b/en/compatibility/source/android-cdd-cover.css @@ -0,0 +1,86 @@ +/** +* Link Styles +*/ + + +a:link { + color: #09C; + text-decoration: none; +} + +a:visited { + color: #639; +} + +a:hover, +a:focus, +a:active { + color: #09C; +} + +/** +* Cover Styles +*/ + + +table { + border: none; + margin: 0px; + padding: 0px; + width: 100%; + height: 100%; + background-color: black; +} + +td { + border: none; + color: white; + font: 12pt/16pt Roboto, Arial, Helvetica, sans-serif; + background-color: black; +} + +.title { + color: white; + font: 62px/72px Roboto, Arial, Helvetica, sans-serif; + padding: 40px 20px 50px 60px; + text-align: left; +} + +.subtitle { + color: white; + font: 60px/70px Roboto, Arial, Helvetica, sans-serif; + padding: 50px 0px 40px 60px; + text-align: left; +} + +.padding { + padding: 40px 20px 40px 60px; +} + +.padding-bottom { + padding: 40px 20px 194px 60px; +} + +.cover-text { + font: 20px/25px Roboto, Arial, Helvetica, sans-serif; + color: white; + padding: 5px 5px 5px 60px; + text-align: left; +} + + +/** +* Body Styles +*/ + +body { + color: #333; + font: 12pt/16pt Roboto, Arial, Helvetica, sans-serif; + margin: 0px; + padding: 0px; +} + +p { + margin: 0px; + padding: 0px; +}
\ No newline at end of file diff --git a/en/compatibility/source/android-cdd-cover.html b/en/compatibility/source/android-cdd-cover.html new file mode 100644 index 00000000..fbc7256f --- /dev/null +++ b/en/compatibility/source/android-cdd-cover.html @@ -0,0 +1,43 @@ +<!DOCTYPE html> +<head> +<title>Android 7.0 Compatibility Definition</title> +<link rel="stylesheet" type="text/css" href="android-cdd-cover.css"/> +</head> + +<body> + +<table> + +<tr> +<td> +<p><img src="images/android-logo.png" alt="Android logo" class="padding"/></p> +<p class="title">Compatibility Definition</p> +</td> +</tr> + +<tr> +<td> +<img src="images/android-oreo-blue.png" alt="Oreo cover images" +style="border-top: 5px solid orange; border-bottom: 5px solid orange"/> +</td> +</tr> + +<tr> +<td> +<p class="subtitle">Android 8.0</p> +<p class="cover-text">Last updated: September 1, 2017</p> +<p class="cover-text">Copyright © 2017, Google Inc. All rights reserved.</p> +<p class="cover-text"><a href="mailto:compatibility@android.com">compatibility@android.com</a></p> +</td> +</tr> + +<tr> +<td> +<p class="padding-bottom"></p> +</td> +</tr> + +</table> + +</body> +</html> diff --git a/en/compatibility/source/android-cdd-footer.html b/en/compatibility/source/android-cdd-footer.html new file mode 100644 index 00000000..d7db16af --- /dev/null +++ b/en/compatibility/source/android-cdd-footer.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<html> +<head> +<title>Android Compatibility Definition Footer</title> +<link rel="stylesheet" type="text/css" href="android-cdd.css"/> + +<script> + function subst() { + var vars={}; + var x=window.location.search.substring(1).split('&'); + for (var i in x) {var z=x[i].split('=',2);vars[z[0]] = unescape(z[1]);} + var x=['frompage','topage','page','webpage','section','subsection','subsubsection']; + for (var i in x) { + var y = document.getElementsByClassName(x[i]); + for (var j=0; j<y.length; ++j) y[j].textContent = vars[x[i]]; + } + } +</script> + +</head> + +<body style="border:0; margin: 0;" onload="subst()"> +<div class="footer"> + +<table class="noborder" style="border-top: 1px solid silver; width: 100%"> + <tr> + <td class="noborder"><img src="images/android-logo.png" alt="Android logo"/></td> + <td class="noborder" style="text-align:right"> + Page <span class="page"></span> of <span class="topage"></span> + </td> + </tr> +</table> + +</div> + +</body> +</html> diff --git a/en/compatibility/source/android-cdd.css b/en/compatibility/source/android-cdd.css new file mode 100644 index 00000000..c64364af --- /dev/null +++ b/en/compatibility/source/android-cdd.css @@ -0,0 +1,374 @@ +/** +* Link Styles +*/ + + +a:link { + color: #09C; + text-decoration: underline; +} + +a:visited { + color: #639; +} + +a:hover, +a:focus, +a:active { + color: #09C; +} + +/** +* Cover Styles +*/ + + +#cover { + width: 10.5in; + height: 13.25in; + background-color: orange; +} + +#cover-top { + background-color: black; + width: 100%; + height: 3in; + padding-top: 70px; + margin-bottom: 10px; +} + +#cover-image { + background-color: black; + width: 100%; + height: 5in; + padding: 0px; + margin: 20px 0px 8px 0px; +} + +#cover-bottom { + background-color: black; + width: 100%; + height: 3.7in; + padding: 40px 0px 40px 0px; + margin-top: 8px; +} + +#cover a:link, +#cover a:visited, +#cover a:hover { + text-decoration: none; +} + +#main { + width: 950px; + overflow: visible; + page-break-before: always; +} + +#footer { + width: 8.5in; + height: .75in; + margin-top: .25in; + color: #333; + font: 10pt/14pt Roboto, Arial, Helvetica, sans-serif; +} + + +.title { + color: white; + font: 84px/90px Roboto, Arial, Helvetica, sans-serif; + padding: 40pt 20pt 15pt 50pt; + text-align: left; +} + +.subtitle { + color: white; + font: 60px/70px Roboto, Arial, Helvetica, sans-serif; + padding: 40pt 5pt 40pt 60pt; + text-align: left; +} + +.right { + text-align: right; +} + +.white { + color: white; +} + +.padding { + padding: 20pt 20pt 0pt 60pt; +} + +.cover-text { + font: 20px/25px Roboto, Arial, Helvetica, sans-serif; + color: white; + padding: 5pt 5pt 5pt 60pt; + text-align: left; +} + +.small { + font-size: 65%; + font-weight: 700; +} + +/** +* Heading Styles +*/ + +h1 { + color: #333; + font: 22pt/24pt Roboto, Arial, Helvetica, sans-serif; + padding: 10pt 0pt 0pt 0pt; + text-align: left; +} + +h2 { + color: #693; + font: 20pt/22pt Roboto, Arial, Helvetica, sans-serif; + padding: 8pt 0pt 0pt 0pt; + text-align: left; + page-break-after: avoid; +} + +h3 { + color: #333; + font: bold 18pt/20pt Roboto, Arial, Helvetica, sans-serif; + padding: 4pt 0pt 0pt 0pt; + text-align: left; + page-break-after: avoid; +} + +h4 { + color: #607D8B; + font: bold 16pt/18pt Roboto, Arial, Helvetica, sans-serif; + padding: 4pt 0pt 0pt 0pt; + text-align: left; + page-break-after: avoid; +} + + +h5 { + color: #333; + font: italic 16pt/18pt Roboto, Arial, Helvetica, sans-serif; + padding: 0pt 0pt 0pt 0pt; + text-align: left; + page-break-after: avoid; +} + + +/** +* Use h6 ONLY for table of contents +*/ + +h6 { + color: #333; + font: bold 16pt/18pt Roboto, Arial, Helvetica, sans-serif; + padding: 10pt 0pt 0pt 0pt; + text-align: left; + page-break-before: always; +} + +/** +* Body Styles +*/ + +body { + color: #333; + font: 16pt/20pt Roboto, Arial, Helvetica, sans-serif; + margin: 0; + padding: 5pt 5pt 5pt 10pt; +} + +p { + color: #333; + font: 16pt/20pt Roboto, Arial, Helvetica, sans-serif; + margin: 0; + padding: 5pt 0pt 1pt 0pt; +} + +li { + color: #333; + font: 16pt/20pt Roboto, Arial, Helvetica, sans-serif; + margin: 0; + padding: 2pt 50pt 2pt 0pt; +} + +sup { + font-weight: 800; + font-size: 10pt; +} + +code { + font-family: "Lucida Console"; + } + +/** +* Table Styles +*/ + + +table { + border: 1px solid gray; + border-collapse: collapse; + margin: 10px 0px 10px 0px; + width: 100%; + overflow: visible; +} + +td { + border: 1px solid gray; + color: #333; + font: 16pt/20pt Roboto, Arial, Helvetica, sans-serif; + padding: 5pt; + overflow: visible; +} + +th { + background-color: #CCC; + border: 1px solid gray; + color: #333; + font: bold 16pt/20pt Roboto, Arial, Helvetica, sans-serif; + padding: 5pt; + overflow: visible; +} + +p.table_footnote { + color: #333; + font: 14pt/16pt Roboto, Arial, Helvetica, sans-serif; + margin: 0; + padding: 5pt 5pt 5pt 5pt; +} + +li.table_list { + color: #333; + font: 16pt/20t Roboto, Arial, Helvetica, sans-serif; + margin-left: -10pt; + padding: 2pt 0pt 2pt 0pt; +} + + +/** +* Used in the footer +*/ + +table.noborder { + border: 0px; + margin: 10px 0px 10px 0px; + width: 100%; +} + +td.noborder { + border: 0px; + color: #333; + font: 10pt/12pt Roboto, Arial, Helvetica, sans-serif; + padding: 10px 0px 5px 0px; +} + + + +/** +* TOC Styles +*/ + +#toc a:link, +#toc a:visited, +#toc a:hover { + color: black; + text-decoration: none; +} + +#toc p.toc_h1 a:link, +#toc p.toc_h1 a:visited, +#toc p.toc_h1 a:hover { + color: #99CC00; +} + +#toc { + width: 950px; +} + +#toc_left { + float: left; + padding-top:15px; + padding-bottom:15px; + width: 470px; +} + +#toc_right { + float: right; + padding-top:15px; + padding-bottom:15px; + width: 470px; +} + +p.toc_h1 { + color: #99CC00; + font: 20pt/22pt Roboto, Arial, Helvetica, sans-serif; + padding: 15px 0px 0px 0px; +} + +p.toc_h2 { + color: black; + font: 18pt/20pt Roboto, Arial, Helvetica, sans-serif; + margin-left: 20px; + padding: 15px 0px 0px 0px; +} + +p.toc_h3 { + color: black; + font: 16pt/18pt Roboto, Arial, Helvetica, sans-serif; + margin-left: 45px; + padding: 10px 0px 0px 0px; +} + +p.toc_h4 { + color: black; + font: 14pt/16pt Roboto, Arial, Helvetica, sans-serif; + margin-left: 85px; + padding: 10px 0px 0px 0px; +} + +p.toc_h5 { + color: black; + font: 14pt/16pt Roboto, Arial, Helvetica, sans-serif; + margin-left: 105px; +} + +/** +* Note Styles +*/ + + +div.note + { + border-left: 20px solid #0099cc; + padding-left: 10px; + margin: 5px 40px 5px 5px; + } + +div.tip + { + border-left: 4px solid #93c47d; + padding-left: 10px; + margin: 5px 40px 5px 5px; + } + +div.warning + { + border-left: 4px solid red; + padding-left: 10px; + margin: 5px 40px 5px 5px; + } + +/** +* Media Styles +*/ + +@media print { + + @page { + margin: 1in; + } + + } diff --git a/en/compatibility/source/devsite_template.html b/en/compatibility/source/devsite_template.html new file mode 100644 index 00000000..e2b1ca01 --- /dev/null +++ b/en/compatibility/source/devsite_template.html @@ -0,0 +1,27 @@ +<html devsite> + <head> + <title>{{title}}</title> + <meta name="project_path" value="{{project_path}}" /> + <meta name="book_path" value="{{book_path}}" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +{{body_html}} + </body> +</html> + diff --git a/en/compatibility/source/images/android-logo.png b/en/compatibility/source/images/android-logo.png Binary files differnew file mode 100644 index 00000000..4ad113c4 --- /dev/null +++ b/en/compatibility/source/images/android-logo.png diff --git a/en/compatibility/source/images/android-lollipop-mr1.jpg b/en/compatibility/source/images/android-lollipop-mr1.jpg Binary files differnew file mode 100644 index 00000000..c9b757de --- /dev/null +++ b/en/compatibility/source/images/android-lollipop-mr1.jpg diff --git a/en/compatibility/source/images/android-lollipop.jpg b/en/compatibility/source/images/android-lollipop.jpg Binary files differnew file mode 100644 index 00000000..7e2dcdc1 --- /dev/null +++ b/en/compatibility/source/images/android-lollipop.jpg diff --git a/en/compatibility/source/images/android-marshmallow-1.png b/en/compatibility/source/images/android-marshmallow-1.png Binary files differnew file mode 100644 index 00000000..4d51b87d --- /dev/null +++ b/en/compatibility/source/images/android-marshmallow-1.png diff --git a/en/compatibility/source/images/android-marshmallow.png b/en/compatibility/source/images/android-marshmallow.png Binary files differnew file mode 100644 index 00000000..60381fae --- /dev/null +++ b/en/compatibility/source/images/android-marshmallow.png diff --git a/en/compatibility/source/images/android-nougat-dark.png b/en/compatibility/source/images/android-nougat-dark.png Binary files differnew file mode 100644 index 00000000..31a76edb --- /dev/null +++ b/en/compatibility/source/images/android-nougat-dark.png diff --git a/en/compatibility/source/images/android-nougat-light.png b/en/compatibility/source/images/android-nougat-light.png Binary files differnew file mode 100644 index 00000000..8cb7e430 --- /dev/null +++ b/en/compatibility/source/images/android-nougat-light.png diff --git a/en/compatibility/source/images/android-oreo-blue.png b/en/compatibility/source/images/android-oreo-blue.png Binary files differnew file mode 100644 index 00000000..f0805ba2 --- /dev/null +++ b/en/compatibility/source/images/android-oreo-blue.png diff --git a/en/devices/_toc-interfaces.yaml b/en/devices/_toc-interfaces.yaml index 0a5ce26f..74313cbe 100644 --- a/en/devices/_toc-interfaces.yaml +++ b/en/devices/_toc-interfaces.yaml @@ -113,6 +113,10 @@ toc: section: - title: Overview path: /devices/architecture/vndk/ + - title: Enabling the VNDK + path: /devices/architecture/vndk/enabling + - title: VNDK Build System Support + path: /devices/architecture/vndk/build-system - title: VNDK Extensions path: /devices/architecture/vndk/extensions - title: VNDK Definition Tool diff --git a/en/devices/_toc-tech.yaml b/en/devices/_toc-tech.yaml index 9daad091..43897c47 100644 --- a/en/devices/_toc-tech.yaml +++ b/en/devices/_toc-tech.yaml @@ -103,12 +103,18 @@ toc: path: /devices/tech/debug/jank_capacity - title: Identifying Jitter Jank path: /devices/tech/debug/jank_jitter - - title: AddressSanitizer - path: /devices/tech/debug/asan - - title: LLVM Sanitizers - path: /devices/tech/debug/sanitizers - - title: Build kernel with KASAN+KCOV - path: /devices/tech/debug/kasan-kcov + - title: Fuzzing and Sanitizing + section: + - title: Overview + path: /devices/tech/debug/fuzz-sanitize + - title: AddressSanitizer + path: /devices/tech/debug/asan + - title: LLVM Sanitizers + path: /devices/tech/debug/sanitizers + - title: Build kernel with KASAN+KCOV + path: /devices/tech/debug/kasan-kcov + - title: Fuzzing with libFuzzer + path: /devices/tech/debug/libfuzzer - title: Using GDB path: /devices/tech/debug/gdb - title: Native Memory Use diff --git a/en/devices/architecture/images/treble_vndk_androidbp.png b/en/devices/architecture/images/treble_vndk_androidbp.png Binary files differnew file mode 100644 index 00000000..2cb92409 --- /dev/null +++ b/en/devices/architecture/images/treble_vndk_androidbp.png diff --git a/en/devices/architecture/images/treble_vndk_build_system_libraries.png b/en/devices/architecture/images/treble_vndk_build_system_libraries.png Binary files differnew file mode 100644 index 00000000..a5e48e6f --- /dev/null +++ b/en/devices/architecture/images/treble_vndk_build_system_libraries.png diff --git a/en/devices/architecture/images/treble_vndk_design.png b/en/devices/architecture/images/treble_vndk_design.png Binary files differindex 3e832dc1..f41bded8 100644 --- a/en/devices/architecture/images/treble_vndk_design.png +++ b/en/devices/architecture/images/treble_vndk_design.png diff --git a/en/devices/architecture/images/treble_vndk_linker_namespace1.png b/en/devices/architecture/images/treble_vndk_linker_namespace1.png Binary files differnew file mode 100644 index 00000000..533fab17 --- /dev/null +++ b/en/devices/architecture/images/treble_vndk_linker_namespace1.png diff --git a/en/devices/architecture/images/treble_vndk_linker_namespace2.png b/en/devices/architecture/images/treble_vndk_linker_namespace2.png Binary files differnew file mode 100644 index 00000000..520ceb8f --- /dev/null +++ b/en/devices/architecture/images/treble_vndk_linker_namespace2.png diff --git a/en/devices/architecture/vndk/build-system.html b/en/devices/architecture/vndk/build-system.html new file mode 100644 index 00000000..df019e6b --- /dev/null +++ b/en/devices/architecture/vndk/build-system.html @@ -0,0 +1,424 @@ +<html devsite> + <head> + <title>VNDK Build System Support</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + +<p>The build system comes with built-in VNDK support in Android 8.1. If the +VNDK support is enabled, the build system checks the dependencies between +modules, builds a vendor-specific variant for vendor modules, and automatically +installs those modules into designated directories.</p> + +<p>The following example illustrates the basic concepts:</p> + +<p><img src="../images/treble_vndk_androidbp.png" alt="libexample with vendor_available:true and vndk.enabled:true" /></p> +<figcaption><strong>Figure 1.</strong> VNDK support enable.</figcaption> + +<p>The <code>Android.bp</code> module definition defines a +library named <code>libexample</code>. The <code>vendor_available</code> +property means that both framework modules and vendor modules may depend on +<code>libexample</code>. In this example, both the framework executable +<code>/system/bin/foo</code> and the vendor executable +<code>/vendor/bin/bar</code> depend on <code>libexample</code> and have +<code>libexample</code> in their <code>shared_libs</code> properties.</p> + +<p>If <code>libexample</code> is used by both framework modules and vendor +modules, two variants of <code>libexample</code> are built. The core +variant (named after <code>libexample</code>) is used by framework modules +and the vendor variant (named after <code>libexample.vendor</code>) is +used by vendor modules.</p> + +<p>Two variants are installed into different directories. The core variant +is installed into <code>/system/lib[64]/libexample.so</code>. The vendor +variant is installed into <code>/system/lib[64]/vndk/libexample.so</code> +because <code>vndk.enabled</code> is <code>true</code>.</p> + +<p>For more details, see +<a href="#module-definition">Module definition</a>.</p> + + +<h2 id="configuration">Configuration</h2> + +<p>To enable full build system support for a product device, add +<code>BOARD_VNDK_VERSION</code> to <code>BoardConfig.mk</code>:</p> + +<pre class="prettyprint">BOARD_VNDK_VERSION := current</pre> + +<h3 id="migration-notes">Migration notes</h3> + +<p>Adding <code>BOARD_VNDK_VERSION</code> to <code>BoardConfig.mk</code> has a +global effect. When defined in <code>BoardConfig.mk</code>, all +modules are checked. There is no mechanism to blacklist or whitelist an +offending module. The practice is to add <code>BOARD_VNDK_VERSION</code> after +cleaning all unnecessary dependencies.</p> + +<p>During a migration process, you can test and compile a module by setting +<code>BOARD_VNDK_VERSION</code> in your environment variables:</p> + +<pre class="prettyprint">$ BOARD_VNDK_VERSION=current m module_name.vendor</pre> + +<p>Yet another side effect is the removal of <em>default global header search +paths</em>. If <code>BOARD_VNDK_VERSION</code> is enabled, the following +default header search paths are not added by default:</p> + +<ul> + <li>frameworks/av/include</li> + <li>frameworks/native/include</li> + <li>frameworks/native/opengl/include</li> + <li>hardware/libhardware/include</li> + <li>hardware/libhardware_legacy/include</li> + <li>hardware/ril/include</li> + <li>libnativehelper/include</li> + <li>libnativehelper/include_deprecated</li> + <li>system/core/include</li> + <li>system/media/audio/include</li> +</ul> + +<p>If a module depends on the headers from these directories, its author must +explicitly specify the dependencies with <code>header_libs</code>, +<code>static_libs</code>, and/or <code>shared_libs</code>.</p> + + +<h2 id="module-definition">Module definition</h2> + +<p>To build Android with <code>BOARD_VNDK_VERSION</code>, developers must +revise their module definition in either <code>Android.mk</code> or +<code>Android.bp</code>. This subsection describes different kinds of module +definitions, several VNDK-related module properties, and the dependency checks +implemented in the build system.</p> + + +<h3 id="vendor-modules">Vendor modules</h3> + +<p>Vendor modules are vendor-specific executables or shared libraries that +must be installed into a vendor partition. In <code>Android.bp</code> files, +vendor modules must set vendor or proprietary property to <code>true</code>. In +<code>Android.mk</code> files, vendor modules must set +<code>LOCAL_VENDOR_MODULE</code> or <code>LOCAL_PROPRIETARY_MODULE</code> to +<code>true</code>.</p> + +<p>If <code>BOARD_VNDK_VERSION</code> is defined, the build system +disallows the dependencies between vendor modules and framework modules. The +build system emits errors if:</p> + +<ul> + <li>a module without <code>vendor:true</code> depends on a module with + <code>vendor:true</code>, or</li> + + <li>a module with <code>vendor:true</code> depends on a + non-<code>llndk_library</code> module that has neither + <code>vendor:true</code> nor <code>vendor_available:true</code>.</li> +</ul> + +<p>The aforementioned dependency check applies to <code>header_libs</code>, +<code>static_libs</code>, and <code>shared_libs</code> in +<code>Android.bp</code>. It also applies to +<code>LOCAL_HEADER_LIBRARIES</code>, <code>LOCAL_STATIC_LIBRARIES</code> and +<code>LOCAL_SHARED_LIBRARIES</code> in <code>Android.mk</code>.</p> + + +<h3 id="ll-ndk">LL-NDK</h3> + +<p>LL-NDK shared libraries are shared libraries with stable ABIs. Both +framework and vendor modules share the same and the latest implementation. For +each LL-NDK shared library, there is an <code>llndk_library</code> module definition in +an <code>Android.bp</code> file:</p> + +<pre class="prettyprint">llndk_library { + name: "libvndksupport", + symbol_file: "libvndksupport.map.txt", +}</pre> + +<p>This module definition specifies a module name and a symbol file, which +describes the symbols that should be visible to vendor modules. For +example:</p> + +<pre class="prettyprint">LIBVNDKSUPPORT { + global: + android_load_sphal_library; # vndk + android_unload_sphal_library; # vndk + local: + *; +};</pre> + +<p>Based on the symbol file, the build system generates a stub shared +library for vendor modules. Vendor modules link with these stub +shared libraries if <code>BOARD_VNDK_VERSION</code> is enabled.</p> + +<p>A symbol is included in the stub shared library only if:</p> + +<ul> + <li>it is not defined in the section end with <code>_PRIVATE</code> or + <code>_PLATFORM</code>,</li> + + <li>it does not have <code>#platform-only</code> tag, and</li> + + <li>it does not have <code>#introduce*</code> tags or the tag matches with the + target.</li> +</ul> + +<aside class="note"><strong>Note</strong>: Vendors must not define their own LL-NDK +shared libraries because vendor modules won't be able to find them in +<em>Generic System Image (GSI)</em>.</aside> + +<h3 id="vndk">VNDK</h3> + +<p>In <code>Android.bp</code> files, <code>cc_library</code>, +<code>cc_library_static</code>, <code>cc_library_shared</code>, and +<code>cc_library_headers</code> module definitions support three VNDK-related +properties: <code>vendor_available</code>, <code>vndk.enabled</code>, and +<code>vndk.support_system_process</code>.</p> + +<p>If <code>vendor_available</code> or <code>vndk.enabled</code> is +<code>true</code>, two variants (<em>core</em> and <em>vendor</em>) may be +built. The core variant should be treated as a framework module and the vendor +variant should be treated as a vendor module. If some framework modules depend +on this module, the core variant is built. If some vendor modules +depend on this module, the vendor variant is built.</p> + +<p>The build system enforces these dependency checks:</p> + +<ul> + <li>The core variant is always framework-only and inaccessible to vendor + modules.</li> + + <li>The vendor variant is always inaccessible to framework modules.</li> + + <li>All dependencies of the vendor variant, which are specified in + <code>header_libs</code>, <code>static_libs</code>, and/or + <code>shared_libs</code>, must be either an <code>llndk_library</code> or a + module with <code>vendor_available</code> or <code>vndk.enabled</code>.</li> + + <li>If <code>vendor_available</code> is <code>true</code> (the only valid + value for Android 8.1), the vendor variant is accessible to all + vendor modules.</li> + + <li>In AOSP master, if <code>vendor_available</code> is + <code>false</code>, the vendor variant is accessible only to other + VNDK or VNDK-SP modules (i.e., modules with <code>vendor:true</code> + cannot link <code>vendor_available:false</code> modules).</li> +</ul> + +<p>The default installation path for <code>cc_library</code> or +<code>cc_library_shared</code> is determined by the following rules:</p> + +<ul> + <li> + The core variant is installed to <code>/system/lib[64]</code>. + </li> + + <li> + The vendor variant installation path may vary: + + <ul> + <li> + If <code>vndk.enabled</code> is <code>false</code>, the vendor + variant is installed into <code>/vendor/lib[64]</code>. + </li> + + <li> + If <code>vndk.enabled</code> is <code>true</code>, + <code>vndk.support_system_process</code> can be either <code>true</code> or + <code>false</code>. + + <ul> + <li> + If <code>vndk.support_system_process</code> is <code>false</code>, + the vendor variant is installed into <code>/system/lib[64]/vndk</code>. + </li> + + <li> + Conversely, the vendor variant is installed to + <code>/system/lib[64]/vndk-sp</code>. + </li> + </ul> + </li> + </ul> + </li> +</ul> + +<p>The table below summarizes how the build system handles the vendor +variants:</p> + + +<table> + <tr> + <th rowspan="2"><p><code>vendor_available</code></p></th> + <th colspan="2"><p><code>vndk</code></p></th> + <th rowspan="2"><p><code>Vendor variant descriptions</code></p></th> + </tr> + + <tr> + <th><p><code>enabled</code></p></th> + <th><p><code>support_same_process</code></p></th> + </tr> + + <tr> + <td rowspan="4"><p><code>true</code></p></td> + <td rowspan="2"><p><code>false</code></p></td> + <td><p><code>false</code></p></td> + <td> + <p>The vendor variants are <em>VND-ONLY</em></p> + <p>Shared libraries are installed into <code>/vendor/lib[64]</code>.</p> + </td> + </tr> + + <tr> + <td><p><code>true</code></p></td> + <td><p><em>Invalid</em> (Build error)</p></td> + </tr> + + <tr> + <td rowspan="2"><p><code>true</code></p></td> + <td><p><code>false</code></p></td> + <td> + <p>The vendor variants are <em>VNDK</em>.</p> + <p>Shared libraries are installed to + <code>/system/lib[64]/vndk</code>.</p> + </td> + </tr> + + <tr> + <td><p><code>true</code></p></td> + <td> + <p>The vendor variants are <em>VNDK-SP</em>.</p> + <p>Shared libraries are installed to + <code>/system/lib[64]/vndk-sp</code>.</p> + </td> + </tr> + + <tr> + <td rowspan="4"><p><code>false</code></p></td> + <td rowspan="2"><p><code>false</code></p></td> + <td><p><code>false</code></p></td> + <td><p>No vendor variants. This module is <em>FWK-ONLY</em>.</p></td> + </tr> + + <tr> + <td><p><code>true</code></p></td> + <td><p><em>Invalid</em> (Build error)</p></td> + </tr> + + <tr> + <td rowspan="2"><p><code>true</code></p></td> + <td><p><code>false</code></p></td> + <td> + <p>The vendor variants are <em>VNDK-Indirect</em>.</p> + <p>Shared libraries are installed to <code>/system/lib[64]/vndk</code>.</p> + <p>These must not be directly used by vendor modules.</p> + <p>New in AOSP master (not in Android 8.1).</p> + </td> + </tr> + + <tr> + <td><p><code>true</code></p></td> + <td> + <p>The vendor variants are <em>VNDK-SP-Indirect-Private</em>.</p> + <p>Shared libraries are installed to + <code>/system/lib[64]/vndk-sp</code>.</p> + <p>These must not be directly used by vendor modules.</p> + <p>New in AOSP master (not in Android 8.1).</p> + </td> + </tr> +</table> + +<aside class="note"><strong>Note</strong>: Vendors may set +<code>vendor_available</code> to their modules. However, vendors must not set +<code>vndk.enabled</code> nor <code>vndk.support_system_process</code> because +vendor modules won't be able to find them in GSI.</aside> + + +<h3 id="conditional-compilation">Conditional compilation</h3> + +<p>If there are some subtle differences between the core variant and the vendor +variant, you can use <code>target.vendor</code> to specify different +options for conditional compilation. For example:</p> + +<pre class="prettyprint">cc_library { + name: "libconditional_example", + srcs: ["fwk.c", "both.c"], + shared_libs: ["libfwk_only", "libboth"], + target: { + vendor: { + exclude_srcs: ["fwk.c"], + exclude_shared_libs: ["libfwk_only"], + cflags: ["-DVENDOR_VARIANT=1"], + cppflags: ["-DVENDOR_VARIANT=1"], + }, + }, +}</pre> + +<p>In this example, the core variant of <code>libconditional_example</code> +includes the code from <code>fwk.c</code> and <code>both.c</code> and +depends on the shared libraries <code>libfwk_only</code> and +<code>libboth</code>.</p> + +<p>On the other hand, the vendor variant of <code>libconditional_example</code> +includes only the code from <code>both.c</code> because <code>fwk.c</code> +is excluded by the <code>exclude_srcs</code> property. Similarly, +<code>libconditional_example</code> depends only on the shared library +<code>libboth</code> because <code>libfwk_only</code> is excluded by the +<code>exclude_shared_libs</code> property. <code>cflags</code> and +<code>cppflags</code> may specified vendor-specific options as well.</p> + + +<h3 id="product-packages">Product packages</h3> + +<p>In the Android build system, the variable <code>PRODUCT_PACKAGES</code> +specifies the executables, shared libraries, or packages that should be +installed into the device. The transitive dependencies of the specified modules +are implicitly installed into the device as well.</p> + +<p>If <code>BOARD_VNDK_VERSION</code> is enabled, modules with +<code>vendor_available</code> or <code>vndk.enabled</code> get special +treatments. If a framework module depends on a module with +<code>vendor_available</code> or <code>vndk.enabled</code>, the core +variant is included in the transitive installation set. Similarly, if a +vendor module depends on a module with <code>vendor_available</code> or +<code>vndk.enabled</code>, the vendor variant is included in the +transitive installation set.</p> + +<p>When the dependencies are invisible to the build system (e.g. shared +libraries that may be opened with <code>dlopen()</code> in runtime), you +should specify the module names in <code>PRODUCT_PACKAGES</code> to install +those modules explicitly.</p> + +<p>If a module has <code>vendor_available</code> or <code>vndk.enabled</code>, +the module name stands for its core variant. To explicitly specify the +vendor variant in <code>PRODUCT_PACKAGES</code>, append a <code>.vendor</code> +suffix to the module name. For example:</p> + +<pre class="prettyprint">cc_library { + name: "libexample", + srcs: ["example.c"], + vendor_available: true, +}</pre> + +<p>In this example, <code>libexample</code> stands for +<code>/system/lib[64]/libexample.so</code> and <code>libexample.vendor</code> +stands for <code>/vendor/lib[64]/libexample.so</code>. To install +<code>/vendor/lib[64]/libexample.so</code>, add <code>libexample.vendor</code> +to <code>PRODUCT_PACKAGES</code>:</p> + +<pre class="prettyprint">PRODUCT_PACKAGES += libexample.vendor</pre> + + </body> +</html> diff --git a/en/devices/architecture/vndk/deftool.html b/en/devices/architecture/vndk/deftool.html index bfed22c4..fb5e69ed 100644 --- a/en/devices/architecture/vndk/deftool.html +++ b/en/devices/architecture/vndk/deftool.html @@ -23,20 +23,21 @@ <p> -The VNDK definition tool helps vendors migrate their source tree to an Android O -environment. This tool scans binary files in the system and vendor images then -resolves dependencies. Based on the module dependency graph, the tool can also -detect violations to VNDK concepts and provide insight/suggestions for moving -modules between partitions. If an AOSP system image is specified, the VNDK -definition tool can compare your system image with the AOSP system image and -determine the extended libraries. +The VNDK definition tool helps vendors migrate their source tree to an Android +8.0 environment. This tool scans binary files in the system and vendor images +then resolves dependencies. Based on the module dependency graph, the tool can +also detect violations to VNDK concepts and provide insight/suggestions for +moving modules between partitions. If an Generic System Image (GSI) is +specified, the VNDK definition tool can compare your system image with the +GSI and determine the extended libraries. </p> <p> This section covers three frequently used commands for the VNDK definition tool: </p> <ul> <li><code>vndk</code>. Compute VNDK_SP_LIBRARIES, VNDK_SP_EXT_LIBRARIES, and -EXTRA_VENDOR_LIBRARIES for build system workaround in Android O.</li> +EXTRA_VENDOR_LIBRARIES for build system workaround in Android 8.0 and higher. +</li> <li><code>check-dep</code>. Check the violating module dependencies from vendor modules to non-eligible framework shared libraries.</li> <li><code>deps</code>. Print the dependencies between the shared libraries and @@ -76,8 +77,8 @@ partition. <tr> <td><code>--aosp-system</code> </td> - <td>Point to a directory containing the files that will reside in the AOSP -system image. + <td>Point to a directory containing the files that will reside in the Generic +System Image (GSI). </td> </tr> <tr> @@ -278,8 +279,8 @@ can be used by vendor modules:</p> </tr> <tr> <td>LL-NDK</td> - <td>Low-level NDK libraries that can be used by both framework and vendor -modules.</td> + <td>Shared libraries with stable ABIs/APIs that can be used by both +framework and vendor modules.</td> </tr> <tr> <td>LL-NDK-Indirect</td> @@ -287,16 +288,6 @@ modules.</td> these libraries directly.</td> </tr> <tr> - <td>SP-NDK</td> - <td>Same-process NDK libraries that can be used by both framework and vendor -modules.</td> - </tr> - <tr> - <td>SP-NDK-Indirect</td> - <td>Private dependencies of SP-NDK libraries. Vendor modules must not access -these libraries directly.</td> - </tr> - <tr> <td>VNDK-SP</td> <td>SP-HAL framework shared libraries dependencies.</td> </tr> @@ -341,7 +332,7 @@ modules (except for RS usages).</td> <tr> <td>SP-HAL-Dep</td> <td>SP-HAL vendor shared libraries dependencies (a.k.a. SP-HAL dependencies -excluding LL-NDK, SP-NDK, and VNDK-SP)</td> +excluding LL-NDK and VNDK-SP).</td> </tr> <tr> <td>VND-ONLY</td> diff --git a/en/devices/architecture/vndk/dir-rules-sepolicy.html b/en/devices/architecture/vndk/dir-rules-sepolicy.html index 0cc2ceae..634d9d98 100644 --- a/en/devices/architecture/vndk/dir-rules-sepolicy.html +++ b/en/devices/architecture/vndk/dir-rules-sepolicy.html @@ -21,16 +21,16 @@ limitations under the License. --> -<p>This page describes the directory layout for devices running Android O, VNDK -rules, and associated sepolicy.</p> +<p>This page describes the directory layout for devices running Android 8.0 and +higher, VNDK rules, and associated sepolicy.</p> <h2 id="directory">Directory layout</h2> <p>The <em>Degenerated Directory Layout</em> consists of the following directories:</p> <ul> <li><code>/system/lib[64]</code> contains all framework shared libraries, -including LL-NDK, SP-NDK, VNDK, and framework-only libraries (including -LL-NDK-Indirect, SP-NDK-Indirect, and some libraries with the same names as the +including LL-NDK, VNDK, and framework-only libraries (including +LL-NDK-Indirect and some libraries with the same names as the ones in VNDK-SP).</li> <li><code>/system/lib[64]/vndk-sp</code> contains VNDK-SP libraries for same-process HALs.</li> @@ -50,31 +50,31 @@ used by VNDK-SP libraries.</li> <li>Framework processes must not load non-SP-HAL shared libraries from vendor partitions (not strictly enforced in Android O but will be in a future release). </li> -<li>Vendor processes must not load non-LL-NDK, non-SP-NDK, non-VNDK-SP, and +<li>Vendor processes must not load non-LL-NDK, non-VNDK-SP, and non-VNDK libraries from the system partition. (not strictly enforced in Android O but will be in a future release).</li> -<p class="note"><strong>NOTE</strong>: To benefit from the framework-only OTA -beyond Android O, this rule must not be violated in devices launched with -Android O.</p> +<aside class="note"><strong>Note</strong>: To benefit from the framework-only +OTA beyond Android 8.0, this rule must not be violated in devices launched with +Android 8.0.</aside> <li>Installed VNDK libraries must be a subset of Google-defined eligible VNDK libraries.</li> <li>The outer dependencies of SP-HAL and SP-HAL-Dep must be restricted to -LL-NDK, SP-NDK, or Google-defined VNDK-SP libraries. +LL-NDK or Google-defined VNDK-SP libraries. <ul> <li>The dependencies of an SP-HAL shared library must be restricted to LL-NDK - libraries, SP-NDK libraries, SP-NDK libraries, Google-defined VNDK-SP - libraries, other SP-HAL libraries, and/or other vendor shared libraries that - can be labeled as SP-HAL-Dep libraries.</li> + libraries, Google-defined VNDK-SP libraries, other SP-HAL libraries, and/or + other vendor shared libraries that can be labeled as SP-HAL-Dep + libraries.</li> <li>A vendor shared library can be labeled as a SP-HAL-Dep library only if it is not an AOSP library and its dependencies are restricted to LL-NDK libraries, - SP-NDK libraries, Google-defined VNDK-SP libraries, SP-HAL libraries, and/or - other SP-HAL-Dep libraries.</li> + Google-defined VNDK-SP libraries, SP-HAL libraries, and/or other SP-HAL-Dep + libraries.</li> </ul> </li> <li>VNDK-SP must be self-contained. <code>libRS_internal.so</code> gets special -treatment in Android O, but will be revisited in a future release.</li> +treatment in Android 8.0, but will be revisited in a future release.</li> <li>No framework-vendor communication through non-HIDL interfaces, including (but not limited to) binder, sockets, shared memories, files, etc.</li> <li>The size of the system partition must be large enough to contain two copies @@ -113,18 +113,6 @@ libraries of different categories:</p> <td>Y</td> </tr> <tr> - <td>SP-NDK</td> - <td>System</td> - <td>Y</td> - <td>Y</td> - </tr> - <tr> - <td>SP-NDK-Indirect</td> - <td>System</td> - <td>Y</td> - <td>Y</td> - </tr> - <tr> <td>VNDK-SP/VNDK-SP-Indirect/VNDK-SP-Indirect-Private</td> <td>System</td> <td>Y</td> @@ -180,10 +168,10 @@ libraries of different categories:</p> </tr> </table> -<p>LL-NDK-Indirect, SP-NDK-Indirect, VNDK-SP-Indirect, and -VNDK-SP-Indirect-Private must be accessible from both domains because -non-<code>coredomain</code> will indirectly access them. Similarly, SP-HAL-Dep -must be accessible from <code>coredomain</code> because SP-HAL relies on it.</p> +<p>LL-NDK-Indirect, VNDK-SP-Indirect, and VNDK-SP-Indirect-Private must be +accessible from both domains because non-<code>coredomain</code> will +indirectly access them. Similarly, SP-HAL-Dep must be accessible from +<code>coredomain</code> because SP-HAL relies on it.</p> </body> </html> diff --git a/en/devices/architecture/vndk/enabling.html b/en/devices/architecture/vndk/enabling.html new file mode 100644 index 00000000..a034135e --- /dev/null +++ b/en/devices/architecture/vndk/enabling.html @@ -0,0 +1,189 @@ +<html devsite> + <head> + <title>Enabling the VNDK</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p>The VNDK requires several changes to a codebase to separate concerns between +vendor and system. Use the following guide to enable VNDK in a vendor/OEM +codebase.</p> + +<h2 id=build-system-libraries>Build system libraries</h2> +<p>The build system contains several types of objects including libraries +(shared, static, or header) and binaries:</p> + +<img src="../images/treble_vndk_build_system_libraries.png"> +<figcaption><strong>Figure 1.</strong> Build system libraries.</figcaption> + +<ul> +<li><strong>core</strong>. Used by the system image, on the system image. These +libraries cannot be used by <code>vendor</code>, <code>vendor_available</code>, +<code>vndk</code>, or <code>vndk-sp</code> libraries. +<pre class="prettyprint"> +cc_library { + name: "libThatIsCore", + ... +} +</pre> +</li> + +<li><strong>vendor-only</strong> (or <code>proprietary</code>). Used by the +vendor image, on the vendor image. +<pre class="prettyprint"> +cc_library { + name: "libThatIsVendorOnly", + proprietary: true, + # or: vendor: true, # (for things in AOSP) + ... +} +</dpre> +</li> + +<li><strong>vendor_available</strong>. Used by the vendor image, on the vendor +image (may contain duplicates of <code>core</code>). +<pre class="prettyprint"> +cc_library { + name: "libThatIsVendorAvailable", + vendor_available: true, + ... +} +</pre> +</li> + +<li><strong>vndk</strong>. Used by the vendor image, on the system image (a +subset of <code>vendor_available</code>). +<pre class="prettyprint"> +cc_library { + name: "libThatIsVndk", + vendor_available: true, + vndk: { + enabled: true, + } + ... +} +</pre> +</li> + +<li><strong>vndk-sp</strong>. Used by the system image indirectly, on the +system image (subset of <code>core</code>). +<pre class="prettyprint"> +cc_library { + name: "libThatIsVndkSp", + vendor_available: true, + vndk: { + enabled: true, + support_system_process: true, + } + ... +} +</pre> +</li> + +<li><strong>llndk</strong>. Used by both the system and vendor images. +<pre class="prettyprint"> +llndk_library { + name: "libThasIsLlndk", +} +</pre> +</li> +</ul> + +<p>When a lib is marked as <code>vendor_available:true</code>, it is built +twice:</p> +<ul> +<li>Once for platform (and thus installed to <code>/system/lib</code>).</li> +<li>Once for vendor (and thus installed to <code>/vendor/lib</code>, +<code>/system/lib/vndk</code>, or <code>/system/lib/vndk-sp</code>).</li> +</ul> + +<p>The vendor versions of libs are built with <code>-D__ANDROID_VNDK__</code>. +Private system components that may change significantly in future versions of +Android are disabled with this flag. In addition, different libraries export a +different set of headers (such as <code>liblog</code>). Options specific to a +vendor variant of a target can be specified in an <code>Android.bp</code> file +in:</p> +<pre class="prettyprint">target: { vendor: { … } }</pre> + +<h2 id=enabling>Enabling VNDK for a codebase</h2> +<p>To enable the VNDK for a codebase:</p> +<ol> +<li>Determine eligibility by calculating the required sizes of +<code>vendor.img</code> and <code>system.img</code> partitions.</li> +<li>Enable <code>BOARD_VNDK_VERSION=current</code>. You can add to +<code>BoardConfig.mk</code> or build components with it directly (i.e. +<code>m -j BOARD_VNDK_VERSION=current <var>MY-LIB</var></code>).</li> +</ol> +<p>After enabling <code>BOARD_VNDK_VERSION=current</code>, the build system +enforces the following dependency and header requirements.</p> + +<h3 id=managing-dependencies>Managing dependencies</h3> +<p>A <code>vendor</code> object that depends on a <code>core</code> component +that doesn't exist in the <code>vndk</code> or as a <code>vendor</code> object +must be resolved using one of the following options:</p> +<ul> +<li>The dependency can be removed.</li> +<li>If the <code>core</code> component is owned by <code>vendor</code>, it can +be marked as <code>vendor_available</code> or <code>vendor</code>.</li> +<li>A change making the core object part of the <code>vndk</code> may be +upstreamed to Google.</li> +</ul> +<p>In addition, if a <code>core</code> component has dependencies on a +<code>vendor</code> component, the <code>vendor</code> component must be made +into a <code>core</code> component <strong>or</strong> the dependency must be +removed in another way (for example, by removing the dependency or by moving the +dependency into a <code>vendor</code> component).</p> + +<h3 id=managing-headers>Managing headers</h3> +<p>Global header dependencies must be removed to enable the build system to know +whether to build the headers with or without <code>-D__ANDROID_VNDK__</code>. +For example, libutils headers such as <code>utils/StrongPointer.h</code> can +still be accessed using the header library +<a href="https://android.googlesource.com/platform/system/core/+/master/libutils/include/utils" class="external"><code>libutils_headers</code></a>. +</p> + +<p>Some headers (such as <code>unistd.h</code>) can no longer be transitively +included but can be included locally.</p> + +<p>Finally, the public part of <code>private/android_filesystem_config.h</code> +has been moved to <code>cutils/android_filesystem_config.h</code>. To manage +these headers, do one of the following:</p> + +<ul> +<li>Remove the dependency to +<code>private/android_filesystem_config.h</code> by replacing all +<code>AID_*</code> macros with +<code><a href="http://man7.org/linux/man-pages/man3/getgrnam.3.html" class="external">getgrnam</code></a>/<code><a href="http://man7.org/linux/man-pages/man3/getpwnam.3.html" class="external">getpwnam</code></a> +calls if possible. For example: + +<ul> +<li><code>(uid_t)AID_WIFI</code> becomes +<code>getpwnam("wifi")->pw_uid</code>.</li> +<li><code>(gid_t)AID_SDCARD_R</code> becomes +<code>getgrnam("sdcard_r")->gr_gid</code>.</li> +</ul> +For details, refer to +<code><a href="https://android.googlesource.com/platform/system/core/+/master/libcutils/include/private/android_filesystem_config.h" class="external">private/android_filesystem_config.h</code></a>. +</li> +<li>For hard-coded AIS, include +<code>cutils/android_filesystem_config.h</code>.</li> +</ul> + + </body> + </html> diff --git a/en/devices/architecture/vndk/extensions.html b/en/devices/architecture/vndk/extensions.html index 2cc895c7..a4d45bf2 100644 --- a/en/devices/architecture/vndk/extensions.html +++ b/en/devices/architecture/vndk/extensions.html @@ -124,26 +124,26 @@ functionalities in their implementations. <h2 id="vndk-extension-mechanism">VNDK extension mechanism</h2> <p> -Vendor modules that rely on extended functionalities won't work because the AOSP -library with the same name does not have the extended functionality. If vendor -modules directly or indirectly depend on extended functionalities, vendors -should copy DAUX, DXUA, and DXUX shared libraries to the vendor partition -(vendor processes always look for shared libraries in the vendor partition -first). However, LL-NDK and SP-NDK libraries must not be copied, so vendor +Vendor modules that rely on extended functionalities won't work because the +AOSP library with the same name does not have the extended functionality. If +vendor modules directly or indirectly depend on extended functionalities, +vendors should copy DAUX, DXUA, and DXUX shared libraries to the vendor +partition (vendor processes always look for shared libraries in the vendor +partition first). However, LL-NDK libraries must not be copied, so vendor modules must not rely on the extended functionalities defined by the modified -LL-NDK and SP-NDK libraries. +LL-NDK libraries. </p> <p> DAUA shared libraries can remain on the system partition if the corresponding AOSP library can provide the same functionality and vendor modules continue to -work when the system partition is overwritten by an AOSP system image. +work when the system partition is overwritten by an Generic System Image (GSI). </p> <p> Drop-in replacement is important because the unmodified VNDK libraries in the -AOSP system image will link with the modified shared libraries on name -collision. If the AOSP libraries are modified in an API/ABI incompatible manner, -the AOSP libraries in the AOSP system image might fail to link or result in -undefined behaviors. +GSI will link with the modified shared libraries on name +collision. If the AOSP libraries are modified in an API/ABI incompatible +manner, the AOSP libraries in the GSI might fail to link +or result in undefined behaviors. </p> </body> diff --git a/en/devices/architecture/vndk/index.html b/en/devices/architecture/vndk/index.html index a0d4af59..20709276 100644 --- a/en/devices/architecture/vndk/index.html +++ b/en/devices/architecture/vndk/index.html @@ -26,29 +26,30 @@ exclusively for vendors to implement their HALs. The VNDK ships in <code>system.img</code> and is dynamically linked to vendor code at runtime.</p> <h2 id=why-vndk>Why VNDK?</h2> -<p>Android O enables framework-only updates in which the system partition can be -upgraded to the latest version while vendor partitions are left unchanged. This -implies that binaries built at different times must be able to work with each -other; VNDK covers API/ABI changes across Android releases.</p> +<p>Android 8.0 and higher enables framework-only updates in which the system +partition can be upgraded to the latest version while vendor partitions are left +unchanged. This implies that binaries built at different times must be able to +work with each other; VNDK covers API/ABI changes across Android releases.</p> <p>Framework-only updates include the following challenges:</p> <ul> <li><strong>Dependency between framework modules and vendor modules</strong>. -Before Android O, modules from both sides could link with modules from the other -side. However, dependencies from vendor modules imposed undesired restrictions -to framework modules development.</li> -<li><strong>Extensions to AOSP libraries</strong>. Android O requires all -Android devices to pass CTS when the system partition is replaced with a -standard AOSP system image. However, as vendors extend AOSP libraries to boost -performance or to add extra functionalities for their HIDL implementations, -flashing the system partition with a standard AOSP system image might break a -vendor's HIDL implementation. (For guidelines on preventing such breakages, see +Before Android 8.0, modules from both sides could link with modules from the +other side. However, dependencies from vendor modules imposed undesired +restrictions to framework modules development.</li> +<li><strong>Extensions to AOSP libraries</strong>. Android 8.0 and higher +requires all Android devices to pass CTS when the system partition is replaced +with a standard Generic System Image (GSI). However, as vendors extend AOSP +libraries to boost performance or to add extra functionalities for their HIDL +implementations, flashing the system partition with a standard GSI +might break a vendor's HIDL implementation. (For guidelines on +preventing such breakages, see <a href="/devices/architecture/vndk/extensions.html">VNDK extensions</a>.)</li> </ul> -<p>To address these challenges, Android O introduces several techniques such as -VNDK (described in this section), +<p>To address these challenges, Android 8.0 introduces several techniques such +as VNDK (described in this section), <a href="/devices/architecture/hidl/index.html">HIDL</a>, hwbinder, <a href="/devices/architecture/dto/index.html">device tree overlay</a>, and sepolicy overlay.</p> @@ -64,24 +65,28 @@ extensions</a></em> classifies vendor-specific changes into categories. For example, libraries with extended functionalities on which vendor modules rely must be copied into the vendor partition, but ABI-incompatible changes are prohibited.</li> +<li><em><a href="/devices/architecture/vndk/build-system.html">VNDK Build +System Support</a></em> describes the build system configurations and module +definition syntaxes that are related to VNDK.</li> <li>The <em><a href="/devices/architecture/vndk/deftool.html">VNDK Definition -Tool</a></em> helps migrate your source tree to Android O.</li> -<li>The <em><a href="/devices/architecture/vndk/linker-namespace.html">Linker +Tool</a></em> helps migrate your source tree to Android 8.0 and higher.</li> +<li><em><a href="/devices/architecture/vndk/linker-namespace.html">Linker Namespace</a></em> provides fine-grained control over shared library linkages. </li> <li><em><a href="/devices/architecture/vndk/dir-rules-sepolicy.html">Directories, Rules, and sepolicy</a></em> defines the directory structure for devices running -Android O, VNDK rules, and associated sepolicy.</li> +Android 8.0 and higher, VNDK rules, and associated sepolicy.</li> <li>The <em><a href="../images/vndk_design_android_o.pdf">VNDK Design in Android O</a></em> presentation illustrates fundamental VDNK concepts used in Android O.</li> </ul> <h2 id="concepts">VNDK concepts</h2> -<p>In an ideal Android O world, framework processes do not load vendor shared -libraries, all vendor processes load only vendor shared libraries (and a portion -of framework shared libraries), and communications between framework processes -and vendor processes are governed by HIDL and hardware binder.</p> +<p>In an ideal Android 8.0 and higher world, framework processes do not load +vendor shared libraries, all vendor processes load only vendor shared libraries +(and a portion of framework shared libraries), and communications between +framework processes and vendor processes are governed by HIDL and hardware +binder.</p> <p>Such a world includes the possibility that stable, public APIs from framework shared libraries might not be sufficient for vendor module developers @@ -121,18 +126,17 @@ libraries. As a result, framework shared libraries are classified into three sub-categories:</p> <ul> -<li><em>LL-NDK</em> and <em>SP-NDK</em> are <em>Framework Shared Libraries</em> +<li><em>LL-NDK Libraries</em> are <em>Framework Shared Libraries</em> that are known to be stable. Their developers are committed to maintain their API/ABI stabilities. <ul> - <li>LL-NDK includes the following libraries: <code>libandroid_net.so</code>, - <code>libc.so</code>, <code>libstdc++.so</code>, <code>libdl.so</code>, - <code>liblog.so</code>, <code>libm.so</code>, <code>libz.so</code>, and - <code>libvndksupport.so</code>.</li> - <li>SP-NDK includes the following libraries: <code>libEGL.so</code>, - <code>libGLESv1_CM.so</code>, <code>libGLESv2.so</code>, - <code>libGLESv3.so</code>, <code>libvulkan.so</code>, - <code>libnativewindow.so</code>, and <code>libsync.so</code>.</li> + <li>LL-NDK includes the following libraries: +<code>libEGL.so</code>, <code>libGLESv1_CM.so</code>, +<code>libGLESv2.so</code>, <code>libGLESv3.so</code>, +<code>libandroid_net.so</code>, <code>libc.so</code>, <code>libdl.so</code>, +<code>liblog.so</code>, <code>libm.so</code>, <code>libnativewindow.so</code>, +<code>libsync.so</code>, and <code>libvndksupport.so</code>, +</li> </ul> </li> <li><em>Eligible VNDK Libraries (VNDK)</em> are <em>Framework Shared @@ -166,7 +170,7 @@ libraries: implemented as <em>Vendor Shared Libraries</em> and loaded into <em>Framework Processes</em>. SP-HALs are isolated by a linker namespace (controls the libraries and symbols that are visible to the shared libraries). SP-HALs must -depend only on <em>LL-NDK</em>, <em>SP-NDK</em>, and <em>VNDK-SP</em>.</p> +depend only on <em>LL-NDK</em> and <em>VNDK-SP</em>.</p> <p>VNDK-SP is a predefined subset of eligible VNDK libraries. VNDK-SP libraries are carefully reviewed to ensure double-loading VNDK-SP libraries into framework @@ -176,8 +180,9 @@ Google.</p> <p>The following libraries are approved SP-HALs:</p> <ul> -<li><code>libGLESv2_${driver}.so</code></li> <li><code>libGLESv1_CM_${driver}.so</code></li> +<li><code>libGLESv2_${driver}.so</code></li> +<li><code>libGLESv3_${driver}.so</code></li> <li><code>libEGL_${driver}.so</code></li> <li><code>vulkan.${driver}.so</code></li> <li><code>android.hardware.renderscript@1.0-impl.so</code></li> @@ -200,7 +205,9 @@ Google.</p> <li><code>libhidlbase.so</code></li> <li><code>libhidltransport.so</code></li> <li><code>libhwbinder.so</code></li> +<li><code>libion.so</code></li> <li><code>libutils.so</code></li> +<li><code>libz.so</code></li> </ul> <p> @@ -263,5 +270,38 @@ Executables</em> (e.g.</li> <code>/vendor/bin/android.hardware.camera.provider@2.4-service</code>).</li> </ul> +<aside class="note"><strong>Note</strong>: <em>Generic System Image (GSI)</em> +stands for the standard Android system image that is built from corresponding +branches (similar to the release branch but with some bug fixes or some +generalizations) and released by Google.</aside> + + +<h2 id="document-history">Document history</h2> + +<p>This section tracks changes to VNDK documentation.</p> + +<h3 id="changes-81">Android 8.1 changes</h3> + +<ul> + <li>SP-NDK libraries have been merged into LL-NDK libraries.</li> + + <li>Replace <code>libui.so</code> with <code>libft2.so</code> in RS namespace + section. It was an error to include <code>libui.so</code>.</li> + + <li>Add <code>libGLESv3.so</code> and <code>libandroid_net.so</code> to LL-NDK + libraries.</li> + + <li>Add <code>libion.so</code> to VNDK-SP libraries.</li> + + <li>Remove <code>libstdc++.so</code> from LL-NDK libraries. Use + <code>libc++.so</code> instead. Some versions of standalone toolchains may add + <code>-lstdc++</code> to the default linker flags. To disable the defaults, add + <code>-nodefaultlibs -lc -lm -ldl</code> to <code>LDFLAGS</code>.</li> + + <li>Move <code>libz.so</code> from LL-NDK to VNDK-SP libraries. In some + configurations, <code>libz.so</code> may continue being LL-NDK. However, + there should be no observable differences.</li> +</ul> + </body> </html> diff --git a/en/devices/architecture/vndk/linker-namespace.html b/en/devices/architecture/vndk/linker-namespace.html index d0ef3421..e0176769 100644 --- a/en/devices/architecture/vndk/linker-namespace.html +++ b/en/devices/architecture/vndk/linker-namespace.html @@ -21,134 +21,835 @@ limitations under the License. --> -<p>Linker namespace is a mechanism to control the shared library search path and -the permission to open the libraries in a directory.</p> - -<h2 id="framework-processes">Framework processes</h2> -<h3 id="default-namespace">Default namespace</h3> -<p>Search paths and permitted paths:</p> -<ol> -<li><code>/system/lib[64]</code></li> -<li><code>/vendor/lib[64]</code> # Deprecated in Android O (for legacy modules -only)</li> -</ol> - -<h3 id="sp-hal-namespace">SP-HAL namespace</h3> -<p>Search paths and permitted paths:</p> -<ol> -<li><code>/vendor/lib[64]/egl</code></li> -<li><code>/vendor/lib[64]/hw</code></li> -<li><code>/vendor/lib[64]</code></li> -</ol> - -<p>Shared libraries imported from other namespaces:</p> +<p>The dynamic linker tackles two challenges in Treble VNDK design:</p> + <ul> -<li>Exported by <strong>default</strong> namespace: - <ul> - <li>LL-NDK: <code>libc.so</code>, <code>libm.so</code>, <code>libdl.so</code>, - <code>libstdc++.so</code>, <code>liblog.so, libz.so</code></li> - <li>SP-NDK: <code>libEGL.so</code>, <code>libGLESv1_CM.so</code>, - <code>libGLESv2.so</code>, <code>libnativewindow.so</code>, - <code>libsync.so</code>, <code>libvndksupport.so</code></li> - </ul> -</li> -<li>Exported by <strong>vndk</strong> namespace: -<code>android.hardware.renderscript@1.0.so</code>, -<code>android.hardware.graphics.allocator@2.0.so</code>, -<code>android.hardware.graphics.mapper@2.0.so</code>, -<code>android.hardware.graphics.common@1.0.so</code>, -<code>libhwbinder.so</code>, <code>libbase.so</code>, <code>libcutils.so</code>, -<code>libhardware.so</code>, <code>libhidlbase.so</code>, -<code>libhidltransport.so</code>, <code>libutils.so</code>, -<code>libc++.so</code> -</li> -<li>Exported by <strong>rs</strong> namespace: <code>libRS_internal.so</code> -</li> + <li>SP-HAL shared libraries and their dependencies, including VNDK-SP +libraries, are loaded into framework processes. There should be some mechanisms +to prevent symbol conflicts.</li> + + <li><code>dlopen()</code> and <code>android_dlopen_ext()</code> may introduce +some run-time dependencies that are not visible at build-time and can be +difficult to detect using static analysis.</li> </ul> -<h3 id="vndk-vndk-sp-namespace">VNDK (VNDK-SP) namespace</h3> -<p>Search paths:</p> -<ol> -<li><code>/vendor/lib[64]/vndk-sp</code></li> -<li><code>/system/lib[64]/vndk-sp</code></li> -<li><code>/vendor/lib[64]</code></li> -</ol> +<p>These two challenges can be resolved by the <em>linker namespace</em> +mechanism. The linker namespace mechanism is provided by the dynamic linker. It +can isolate the shared libraries in different linker namespaces so that +libraries with same library name but with different symbols won't conflict.</p> -<p>Permitted paths:</p> -<ul> -<li><code>/vendor/lib[64]/vndk-sp</code></li> -<li><code>/system/lib[64]/vndk-sp</code></li> -<li><code>/vendor/lib[64]</code></li> -<li><code>/vendor/lib[64]/hw</code></li> -<li><code>/vendor/lib[64]/egl</code></li> -</ul> +<p>On the other hand, the linker namespace mechanism provides the flexibility +so that some shared libraries may be exported by a linker namespace and used by +another linker namespace. These exported shared libraries may become the +application programming interfaces that are public to other programs while +hiding their implementation details within their linker namespaces.</p> + +<p>For example, <code>/system/lib[64]/libcutils.so</code> and +<code>/system/lib[64]/vndk-sp/libutils.so</code> are two shared libraries. +These two libraries may have different symbols. They will be loaded into +different linker namespaces so that framework modules can depend on +<code>/system/lib[64]/libcutils.so</code> and SP-HAL shared libraries can +depend on <code>/system/lib[64]/vndk-sp/libcutils.so</code>.</p> + +<p>On the other hand, <code>/system/lib[64]/libc.so</code> is an example of +public libraries that is exported by a linker namespace and imported into +many linker namespaces. The dependencies of +<code>/system/lib[64]/libc.so</code>, such as <code>libnetd_client.so</code>, +will be loaded into the namespace in which <code>/system/lib[64]/libc.so</code> +resides. Other namespaces won't have accesses to those dependencies. This +mechanism encapsulates the implementation details while providing the public +interfaces.</p> + +<h2 id="how-does-it-work">How does it work?</h2> + +<p>The dynamic linker is responsible for loading the shared libraries specified +in <code>DT_NEEDED</code> entries or the shared libraries specified by the +argument of <code>dlopen()</code> or <code>android_dlopen_ext()</code>. In both +cases, the dynamic linker will find out the linker namespace in which the +caller resides in and try to load the dependencies into the same linker +namespace. If the dynamic linker cannot load the shared library into the +specified linker namespace, it will ask the linked linker namespace for +exported shared libraries.</p> + +<h2 id="configuration-file-format">Configuration file format</h2> + +<p>The configuration file format is based on the INI file format. A typical +configuration file looks like:</p> + +<pre class="prettyprint"> +dir.system = /system/bin +dir.vendor = /vendor/bin + +[system] +additional.namespaces = sphal + +namespace.default.isolated = true +namespace.default.search.paths = /system/${LIB}:/vendor/${LIB} +namespace.default.permitted.paths = /system/${LIB}:/vendor/${LIB} + +namespace.sphal.isolated = true +namespace.sphal.visible = true +namespace.sphal.search.paths = /vendor/${LIB} +namespace.sphal.permitted.paths = /vendor/${LIB} +namespace.sphal.links = default +namespace.sphal.link.default.shared_libs = libc.so:libm.so + +[vendor] +namespace.default.isolated = false +namespace.default.search.paths = /vendor/${LIB}:/system/${LIB} +namespace.default.permitted.paths = /vendor/${LIB}:/system/${LIB} +</pre> + +<p>First, there are several <code>dir.${section}</code> properties in the +beginning of <code>ld.config.txt</code>:</p> + +<pre class="prettyprint"> +dir.${section} = /path/to/bin/directory +</pre> + +<p>These properties decide which set of rules will be applied to the process. +For example, If the <em>main executable</em> is in <code>/system/bin</code>, +the rules in the <code>[system]</code> are applied. Similarly, if the +<em>main executable</em> is in <code>/vendor/bin</code>, the rules in +<code>[vendor]</code> are applied.</p> + +<p>Second, for each section, in addition to the <code>default</code> linker +namespace, <code>addition.namespaces</code> specifies the extra linker +namespaces (separated by comma) that will be created by the dynamic +linker:</p> + +<pre class="prettyprint"> +additional.namespaces = namespace1,namespace2,namespace3 +</pre> + +<p>In the example above, the dynamic linker creates two linker namespaces +(<code>default</code> and <code>sphal</code>) for the executables in +<code>/system/bin</code>.</p> + +<p>Third, for each linker namespace, following properties can be configured:</p> + +<pre class="prettyprint"> +namespace.${name}.search.paths = /path1/${LIB}:/path2/${LIB} +namespace.${name}.permitted.paths = /path1:/path2 +namespace.${name}.isolated = true|false +namespace.${name}.links = namespace1,namespace2 +namespace.${name}.link.${other}.shared_libs = lib1.so:lib2.so +namespace.${name}.visible = true|false +</pre> + +<p><code>namespace.${name}.search.paths</code> denotes the directories that +will be prepended to the library name. Directories are separated by colons. +<code>${LIB}</code> is a special placeholder. If the process is running a +32-bit executable, <code>${LIB}</code> is substituted by +<code>lib</code>. Similarly, if the process is running a 64-bit executable, +<code>${LIB}</code> is substituted by <code>lib64</code>.</p> + +<p>In the example above, if a 64-bit executable in <code>/system/bin</code> +links with <code>libexample.so</code>, the dynamic linker searches for +<code>/system/lib64/libexample.so</code> first. If +<code>/system/lib64/libexample.so</code> is not available, the dynamic +linker searches for <code>/vendor/lib64/libexample.so</code>.</p> + +<p>If <code>namespace.${name}.isolated</code> is <code>true</code>, the +dynamic linker loads only the shared libraries in the directories specified +in <code>namespace.${name}.search.paths</code> or the shared libraries under +the directories specified in +<code>namespace.${name}.permitted.paths</code>.</p> + +<p>In the example above, a shared library that is loaded in the +<code>sphal</code> linker namespace won't be able to link to shared libraries +in <code>/system/lib[64]</code> because <code>namespace.sphal.isolated</code> +is <code>true</code> and <code>/system/lib[64]</code> is in neither +<code>namespace.sphal.permitted.paths</code> nor +<code>namespace.sphal.search.paths</code>.</p> + +<p><code>namespace.${name}.links</code> specifies a comma-separated list of +linker namespaces that the <code>${name}</code> linker namespace links to.</p> + +<p>In the example above, <code>namespace.sphal.links</code> specifies that the +<code>sphal</code> linker namespace links to the <code>default</code> linker +namespace.</p> + +<p><code>namespace.${name}.link.${other}.shared_libs</code> links two linker +namespaces and specifies the shared library names (separated by colons) that +may utilize the fallback link. If a shared library can't be loaded into the +<code>${name}</code> linker namespace and its name is in +<code>namespace.${name}.link.${other}.shared_libs</code>, the dynamic +linker will try to import the library from the <code>${other}</code> linker +namespace.</p> + +<p>In the example above, <code>namespace.sphal.link.default.shared_libs</code> +specifies that <code>libc.so</code> and <code>libm.so</code> may be exported by +the <code>default</code> linker namespace. If a shared library loaded in the +<code>sphal</code> linker namespace links to <code>libc.so</code> and the +dynamic linker cannot find <code>libc.so</code> in +<code>/vendor/lib[64]</code>, the dynamic linker will walk through the +fallback link and find the <code>libc.so</code> exported by the +<code>default</code> linker namespace.</p> + +<p>If <code>namespace.${name}.visible</code> is <code>true</code>, the +program will be able to obtain a linker namespace handle, which can be passed +to <code>android_dlopen_ext()</code> later.</p> + +<p>In the example above, the <code>namespace.sphal.visible</code> is +<code>true</code> so that <code>android_load_sphal_library()</code> can +explicitly ask the dynamic linker to load a shared library in the +<code>sphal</code> linker namespace.</p> + +<h2 id="linker-namespace-isolation">Linker namespace isolation</h2> + +<p>There are three configurations in +<code>android-src/system/core/rootdir/etc</code>. Depending on the value of +<code>PRODUCT_FULL_TREBLE</code>, <code>BOARD_VNDK_VERSION</code>, and +<code>BOARD_VNDK_RUNTIME_DISABLE</code> in <code>BoardConfig.mk</code>, +different configurations will be selected:</p> + +<table> + <tr> + <th><code>PRODUCT_FULL_TREBLE</code></th> + <th><code>BOARD_VNDK_VERSION</code> / <code>BOARD_VNDK_RUNTIME_DISABLE</code></th> + <th>Selected configuration</th> + </tr> + + <tr> + <td><code>false</code></td> + <td><em>any</em></td> + <td><code>ld.config.legacy.txt</code></td> + </tr> + + <tr> + <td rowspan="2"><code>true</code></td> + <td><code>current</code> and <em>empty</em></td> + <td><code>ld.config.txt.in</code></td> + </tr> + + <tr> + <td><em>empty</em> or <code>true</code></td> + <td><code>ld.config.txt</code></td> + </tr> +</table> + +<p><code>android-src/system/core/rootdir/etc/ld.config.txt</code> isolates +SP-HAL and VNDK-SP shared libraries. In Android 8.0 and higher, this must be the +dynamic linker configuration when <code>PRODUCT_FULL_TREBLE</code> is +<code>true</code>.</p> + +<p><code>android-src/system/core/rootdir/etc/ld.config.txt.in</code> isolates +SP-HAL and VNDK-SP shared libraries as well. In addition, +<code>ld.config.txt.in</code> also provides the full dynamic linker isolation. +It makes sure that modules in the system partition won't depend on the shared +libraries in the vendor partitions and vice versa.</p> + +<p>In Android 8.1, <code>ld.config.txt.in</code> is the default configuration +and it is highly recommended to enable full dynamic linker isolation. However, +if there are too many dependencies to be cleaned up in Android 8.1, you may add +<code>BOARD_VNDK_RUNTIME_DISABLE</code> to <code>BoardConfig.mk</code>:</p> + +<pre class="prettyprint"> +BOARD_VNDK_RUNTIME_DISABLE := true +</pre> + +<p>If <code>BOARD_VNDK_RUNTIME_DISABLE</code> is <code>true</code>, +<code>android-src/system/core/rootdir/etc/ld.config.txt</code> will be +installed.</p> + + +<h3 id="ld.config.txt">ld.config.txt</h3> + +<p>As of Android 8.0, the dynamic linker is configured to isolate SP-HAL and +VNDK-SP shared libraries such that their symbols do not conflict with other +framework shared libraries. The relationship between the linker namespaces is +shown below:</p> + +<img src="../images/treble_vndk_linker_namespace1.png" alt="Linker namespace +graph described in ld.config.txt" /> + <figcaption><strong>Figure 2.</strong> Linker namespace isolation + (<code>ld.config.txt</code>).</figcaption> + +<p><em>LL-NDK</em> and <em>VNDK-SP</em> stand for following shared libraries: +</p> -<p>Shared libraries imported from other namespaces:</p> <ul> -<li>Exported by <strong>default</strong> namespace: - <ul> - <li>LL-NDK: <code>libc.so</code>, <code>libm.so</code>, <code>libdl.so</code>, - <code>libstdc++.so</code>, <code>liblog.so</code>,<code> libz.so</code> - <li>SP-NDK: <code>libEGL.so</code>, <code>libnativewindow.so</code>, - <code>libsync.so</code>, <code>libvndksupport.so</code> - </li> + <li> + <em>LL-NDK</em> + + <ul> + <li><code>libEGL.so</code></li> + <li><code>libGLESv1_CM.so</code></li> + <li><code>libGLESv2.so</code></li> + <li><code>libc.so</code></li> + <li><code>libdl.so</code></li> + <li><code>liblog.so</code></li> + <li><code>libm.so</code></li> + <li><code>libnativewindow.so</code></li> + <li><code>libstdc++.so</code> (Not in <code>ld.config.txt.in</code>)</li> + <li><code>libsync.so</code></li> + <li><code>libvndksupport.so</code></li> + <li><code>libz.so</code> (Moved to <em>VNDK-SP</em> in + <code>ld.config.txt.in</code>)</li> + </ul> + </li> + + <li> + <em>VNDK-SP</em> + + <ul> + <li><code>android.hardware.graphics.common@1.0.so</code></li> + <li><code>android.hardware.graphics.allocator@2.0.so</code></li> + <li><code>android.hardware.graphics.mapper@2.0.so</code></li> + <li><code>android.hardware.renderscript@1.0.so</code></li> + <li><code>android.hidl.memory@1.0.so</code></li> + <li><code>libbase.so</code></li> + <li><code>libc++.so</code></li> + <li><code>libcutils.so</code></li> + <li><code>libhardware.so</code></li> + <li><code>libhidlbase.so</code></li> + <li><code>libhidlmemory.so</code></li> + <li><code>libhidltransport.so</code></li> + <li><code>libhwbinder.so</code></li> + <li><code>libion.so</code></li> + <li><code>libutils.so</code></li> </ul> -</li> + </li> </ul> -<h3 id="rs-namespace">RS namespace</h3> -<p>This special namespace allows <code>libRS_internal.so</code> to use -<code>libmediandk.so</code>, which is not accessible from either SP-HAL -namespace or VNDK-SP namespace (this is a relaxation in Android O).</p> +<p>The table below presents the namespaces configuration for framework +processes, which is excerpted from the <code>[system]</code> section in +<code>ld.config.txt</code>:</p> + +<table> + <tr> + <th>Namespace</th> + <th>Property</th> + <th>Value</th> + </tr> + + <tr> + <td rowspan="3"><code>default</code></td> + <td><code>search.paths</code></td> + <td> + <code>/system/${LIB}</code><br/> + <code>/vendor/${LIB}</code> + </td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td> + <code>/system/${LIB}</code><br/> + <code>/vendor/${LIB}</code> + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>false</code></td> + </tr> + + <tr> + <td rowspan="8"><code>sphal</code></td> + <td><code>search.paths</code></td> + <td> + <code>/vendor/${LIB}/egl</code><br/> + <code>/vendor/${LIB}/hw</code><br/> + <code>/vendor/${LIB}</code> + </td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td> + <code>/vendor/${LIB}</code><br/> + <code>/system/${LIB}/vndk-sp/hw</code> (Android 8.1) + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>visible</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>links</code></td> + <td><code>default,vndk,rs</code></td> + </tr> + <tr> + <td><code>link.default.shared_libs</code></td> + <td><em>LL-NDK</em></td> + </tr> + <tr> + <td><code>link.vndk.shared_libs</code></td> + <td><em>VNDK-SP</em></td> + </tr> + <tr> + <td><code>link.rs.shared_libs</code></td> + <td><code>libRS_internal.so</code></td> + </tr> + + <tr> + <td rowspan="6"><code>vndk</code> (For VNDK-SP)</td> + <td><code>search.paths</code></td> + <td> + <code>/vendor/${LIB}/vndk-sp</code><br/> + <code>/system/${LIB}/vndk-sp</code><br/> + <code>/vendor/${LIB}</code> + </td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td> + <code>/vendor/${LIB}/egl</code><br/> + <code>/vendor/${LIB}/hw</code> + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>visible</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>links</code></td> + <td><code>default</code></td> + </tr> + + <tr> + <td><code>link.default.shared_libs</code></td> + <td><em>LL-NDK</em></td> + </tr> -<p>Search paths:</p> -<ol> -<li><code>/vendor/lib[64]/vndk-sp</code></li> -<li><code>/system/lib[64]/vndk-sp</code></li> -<li><code>/vendor/lib[64]</code></li> -</ol> + <tr> + <td rowspan="7"><code>rs</code> (For Renderscript)</td> + <td><code>search.paths</code></td> + <td> + <code>/vendor/${LIB}/vndk-sp</code><br/> + <code>/system/${LIB}/vndk-sp</code><br/> + <code>/vendor/${LIB}</code> + </td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td> + <code>/vendor/${LIB}</code><br/> + <code>/data</code> (For compiled RS kernel) + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>visible</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>links</code></td> + <td><code>default,vndk</code></td> + </tr> + + <tr> + <td><code>link.default.shared_libs</code></td> + <td> + <em>LL-NDK</em><br/> + <code>libmediandk.so</code><br/> + <code>libft2.so</code> + </td> + </tr> + + <tr> + <td><code>link.vndk.shared_libs</code></td> + <td><em>VNDK-SP</em></td> + </tr> +</table> + +<p>The table below presents the namespaces configuration for vendor processes, +which is excerpted from the <code>[vendor]</code> section in +<code>ld.config.txt</code>:</p> + +<table> + <tr> + <th>Namespace</th> + <th>Property</th> + <th>Value</th> + </tr> + + <tr> + <td rowspan="2"><code>default</code></td> + <td><code>search.paths</code></td> + <td> + <code>/vendor/${LIB}</code><br/> + <code>/vendor/${LIB}/vndk-sp</code><br/> + <code>/system/${LIB}/vndk-sp</code><br/> + <code>/system/${LIB}</code> (Deprecated) + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>false</code></td> + </tr> +</table> + +<p>More details can be found in +<code>android-src/system/core/rootdir/etc/ld.config.txt</code>.</p> + + +<h3 id="ld.config.txt.in">ld.config.txt.in</h3> + +<p><code>ld.config.txt.in</code> isolates the shared library dependencies +between the system partition and vendor partitions. Compared to +<code>ld.config.txt</code> mentioned in previous subsection, the differences +are outlined as following items:</p> -<p>Permitted paths:</p> <ul> -<li><code>/vendor/lib[64]/vndk-sp</code></li> -<li><code>/system/lib[64]/vndk-sp</code></li> -<li><code>/vendor/lib[64]</code></li> -<li><code>/data</code> # Shared libraries JIT-compiled by RS CPU reference -implementation</li> + <li> + Framework Processes + + <ul> + <li>The <code>default</code> namespace is isolated. A shared library can be + loaded into the <code>default</code> namespace only if it is in a directory + specified in the search paths or under a directory specified in the + permitted paths.</li> + + <li>The permitted paths of the <code>default</code> namespace have been + changed to a limited set (<code>/vendor/lib[64]</code>, + <code>/system/lib[64]/vndk</code>, and <code>/system/lib[64]/vndk-sp</code> + have been excluded).</li> + </ul> + </li> + + <li> + Vendor Processes + + <ul> + <li>Two namespaces (<code>default</code> and <code>system</code>) are + created.</li> + + <li>The <code>default</code> namespace is isolated. A shared library can be + loaded into the default namespace only if it is in a directory specified in + the search paths or under a directory specified in the permitted + paths.</li> + + <li>The permitted paths of the <code>default</code> namespace are + <code>/vendor</code>, <code>/system/lib[64]/vndk</code>, and + <code>/system/lib[64]/vndk-sp</code>.</li> + + <li>The <code>default</code> namespace and <code>system</code> namespace are + linked. The <code>default</code> namespace may link to LL-NDK libraries + loaded in the <code>system</code> namespace.</li> + </ul> + </li> </ul> -<p>Shared libraries imported from other namespaces:</p> +<p>The relationship between the linker namespaces is depicted in the figure +below:</p> + +<img src="../images/treble_vndk_linker_namespace2.png" alt="Linker namespace graph described in ld.config.txt.in" /> + <figcaption><strong>Figure 2.</strong> Linker namespace isolation + (<code>ld.config.txt.in</code>).</figcaption> + + +<p>In the graph above, <em>LL-NDK</em> and <em>VNDK-SP</em> stand for following +shared libraries:</p> + <ul> -<li>Exported by <strong>default</strong> namespace - <ul> - <li>LL-NDK: <code>libc.so</code>, <code>libm.so</code>, <code>libdl.so</code>, - <code>libstdc++.so</code>, <code>liblog.so</code></li> - <li>SP-NDK: <code>libEGL.so</code>, <code>libGLESv1_CM.so</code>, - <code>libGLESv2.so</code>, <code>libnativewindow.so</code>, - <code>libsync.so</code>, <code>libvndksupport.so</code></li> - <li>Other Lib: <code>libmediandk.so</code>, <code>libui.so</code></li> - </ul> -</li> -<li>Exported by <strong>vndk</strong> namespace: -<code>android.hardware.renderscript@1.0.so</code>, -<code>android.hardware.graphics.allocator@2.0.so</code>, -<code>android.hardware.graphics.mapper@2.0.so</code>, -<code>android.hardware.graphics.common@1.0.so</code>, -<code>libhwbinder.so</code>, <code>libbase.so</code>, <code>libcutils.so</code>, -<code>libhardware.so</code>, <code>libhidlbase.so</code>, -<code>libhidltransport.so</code>, <code>libutils.so</code>, -<code>libc++.so</code></li> + <li> + <em>LL-NDK</em> + + <ul> + <li><code>libEGL.so</code></li> + <li><code>libGLESv1_CM.so</code></li> + <li><code>libGLESv2.so</code></li> + <li><code>libGLESv3.so</code></li> + <li><code>libandroid_net.so</code></li> + <li><code>libc.so</code></li> + <li><code>libdl.so</code></li> + <li><code>liblog.so</code></li> + <li><code>libm.so</code></li> + <li><code>libnativewindow.so</code></li> + <li><code>libsync.so</code></li> + <li><code>libvndksupport.so</code></li> + </ul> + </li> + + <li> + <em>VNDK-SP</em> + + <ul> + <li><code>android.hardware.graphics.common@1.0.so</code></li> + <li><code>android.hardware.graphics.allocator@2.0.so</code></li> + <li><code>android.hardware.graphics.mapper@2.0.so</code></li> + <li><code>android.hardware.renderscript@1.0.so</code></li> + <li><code>android.hidl.memory@1.0.so</code></li> + <li><code>libRSCpuRef.so</code></li> + <li><code>libRSDriver.so</code></li> + <li><code>libRS_internal.so</code></li> + <li><code>libbase.so</code></li> + <li><code>libbcinfo.so</code></li> + <li><code>libc++.so</code></li> + <li><code>libcutils.so</code></li> + <li><code>libhardware.so</code></li> + <li><code>libhidlbase.so</code></li> + <li><code>libhidlmemory.so</code></li> + <li><code>libhidltransport.so</code></li> + <li><code>libhwbinder.so</code></li> + <li><code>libion.so</code></li> + <li><code>libutils.so</code></li> + <li><code>libz.so</code></li> + </ul> + </li> </ul> -<h2 id="vendor-processes">Vendor processes</h2> -<h3 id="default-linker-namespace">Default linker namespace</h3> -<p>Search paths and permitted paths:</p> -<ol> -<li><code>/vendor/lib[64]</code></li> -<li><code>/vendor/lib[64]/vndk-sp</code></li> -<li><code>/system/lib[64]/vndk-sp</code></li> -<li><code>/system/lib[64]</code> # For degenerated VNDK libraries</li> -</ol> +<p>The table below presents the namespaces configuration for framework +processes, which is excerpted from the <code>[system]</code> section in +<code>ld.config.txt.in</code>:</p> + +<table> + <tr> + <th>Namespace</th> + <th>Property</th> + <th>Value</th> + </tr> + + <tr> + <td rowspan="3"><code>default</code></td> + <td><code>search.paths</code></td> + <td><code>/system/${LIB}</code></td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td> + <code>/system/${LIB}/drm</code><br/> + <code>/system/${LIB}/hw</code><br/> + <code>/system/framework</code><br/> + <code>/system/app</code><br/> + <code>/system/priv-app</code><br/> + <code>/vendor/app</code><br/> + <code>/vendor/framework</code><br/> + <code>/oem/app</code><br/> + <code>/data</code><br/> + <code>/mnt/expand + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td rowspan="8"><code>sphal</code></td> + <td><code>search.paths</code></td> + <td> + <code>/vendor/${LIB}/egl</code><br/> + <code>/vendor/${LIB}/hw</code><br/> + <code>/vendor/${LIB}</code> + </td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td> + <code>/vendor/${LIB}</code><br/> + <code>/system/${LIB}/vndk-sp/hw</code> + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>visible</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>links</code></td> + <td><code>default,vndk,rs</code></td> + </tr> + + <tr> + <td><code>link.default.shared_libs</code></td> + <td><em>LL-NDK</em></td> + </tr> + + <tr> + <td><code>link.vndk.shared_libs</code></td> + <td><em>VNDK-SP</em></td> + </tr> + + <tr> + <td><code>link.rs.shared_libs</code></td> + <td><code>libRS_internal.so</code></td> + </tr> + + <tr> + <td rowspan="6"><code>vndk</code> (For VNDK-SP)</td> + <td><code>search.paths</code></td> + <td> + <code>/vendor/${LIB}/vndk-sp</code><br/> + <code>/system/${LIB}/vndk-sp</code> + </td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td> + <code>/vendor/${LIB}/egl</code><br/> + <code>/vendor/${LIB}/hw</code> + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>visible</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>links</code></td> + <td><code>default</code></td> + </tr> + + <tr> + <td><code>link.default.shared_libs</code></td> + <td><em>LL-NDK</em></td> + </tr> + + <tr> + <td rowspan="7"><code>rs</code> (For Renderscript)</td> + <td><code>search.paths</code></td> + <td> + <code>/vendor/${LIB}/vndk-sp</code><br/> + <code>/system/${LIB}/vndk-sp</code><br/> + <code>/vendor/${LIB}</code> + </td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td> + <code>/vendor/${LIB}</code><br/> + <code>/data</code> (For compiled RS kernel) + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>visible</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>links</code></td> + <td><code>default,vndk</code></td> + </tr> + + <tr> + <td><code>link.default.shared_libs</code></td> + <td> + <em>LL-NDK</em><br/> + <code>libmediandk.so</code><br/> + <code>libft2.so</code> + </td> + </tr> + + <tr> + <td><code>link.vndk.shared_libs</code></td> + <td><em>VNDK-SP</em></td> + </tr> +</table> + +<p>The table below presents the namespaces configuration for vendor processes, +which is excerpted from the <code>[vendor]</code> section in +<code>ld.config.txt.in</code>:</p> + +<table> + <tr> + <th>Namespace</th> + <th>Property</th> + <th>Value</th> + </tr> + + <tr> + <td rowspan="5"><code>default</code></td> + <td><code>search.paths</code></td> + <td> + <code>/vendor/${LIB}/hw</code><br/> + <code>/vendor/${LIB}/egl</code><br/> + <code>/vendor/${LIB}</code><br/> + <code>/vendor/${LIB}/vndk</code><br/> + <code>/system/${LIB}/vndk</code><br/> + <code>/vendor/${LIB}/vndk-sp</code><br/> + <code>/system/${LIB}/vndk-sp</code> + </td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td> + <code>/vendor</code><br/> + <code>/system/${LIB}/vndk</code><br/> + <code>/system/${LIB}/vndk-sp</code> + </td> + </tr> + + <tr> + <td><code>isolated</code></td> + <td><code>true</code></td> + </tr> + + <tr> + <td><code>links</code></td> + <td><code>system</code></td> + </tr> + + <tr> + <td><code>link.system.shared_libs</code></td> + <td><em>LL-NDK</em></td> + </tr> + + <tr> + <td rowspan="2"><code>system</code></td> + <td><code>search.paths</code></td> + <td><code>/system/${LIB}</code></td> + </tr> + + <tr> + <td><code>permitted.paths</code></td> + <td><code>/system/${LIB}</code></td> + </tr> +</table> + + +<p>More details can be found in +<code>android-src/system/core/rootdir/etc/ld.config.txt.in</code>.</p> </body> </html> diff --git a/en/devices/audio/aaudio.html b/en/devices/audio/aaudio.html index fb62ab87..7ee2f6e1 100644 --- a/en/devices/audio/aaudio.html +++ b/en/devices/audio/aaudio.html @@ -327,8 +327,9 @@ PRODUCT_PROPERTY_OVERRIDES += aaudio.mmap_exclusive_policy=2 </pre> <p> -You can also override these values after the device has booted. For example, to -enable AUTO mode for MMAP: +You can also override these values after the device has booted. +You will need to restart the audioserver for the change to take effect. +For example, to enable AUTO mode for MMAP: </p> <pre class="devsite-terminal devsite-click-to-copy"> @@ -337,6 +338,9 @@ adb root <pre class="devsite-terminal devsite-click-to-copy"> adb shell setprop aaudio.mmap_policy 2 </pre> +<pre class="devsite-terminal devsite-click-to-copy"> +adb shell killall audioserver +</pre> <p> There are functions provided in diff --git a/en/devices/tech/debug/fuzz-sanitize.html b/en/devices/tech/debug/fuzz-sanitize.html new file mode 100644 index 00000000..d1076e71 --- /dev/null +++ b/en/devices/tech/debug/fuzz-sanitize.html @@ -0,0 +1,43 @@ +<html devsite> + <head> + <title>Fuzzing and sanitizers</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p> +Fuzzing, which is simply providing potentially invalid, unexpected, or random +data as an input to a program, is an extremely effective way of finding bugs in +large software systems, and is an important part of the software development +lifecycle. +</p> +<p> +LLVM, the compiler infrastructure used to build Android, contains multiple +components that perform static and dynamic analysis. Of these components, the +sanitizers can be used to push out bugs and make Android better. +</p> +<p> +While Android has supported fuzzing tools for many releases, Android 8.0 +includes more fuzzing support, tighter fuzzing tool integration in the Android +build system, and greater dynamic analysis support on the Android kernels. +</p> +<p> +This section includes information on how to set up and use various fuzzing and +sanitizing tools. +</p> +</body></html> diff --git a/en/devices/tech/debug/libfuzzer.html b/en/devices/tech/debug/libfuzzer.html new file mode 100644 index 00000000..2f30315b --- /dev/null +++ b/en/devices/tech/debug/libfuzzer.html @@ -0,0 +1,307 @@ +<html devsite> + <head> + <title>Fuzzing with libFuzzer</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p> +Fuzzing, which is simply providing potentially invalid, unexpected, or random +data as an input to a program, is an extremely effective way of finding bugs in +large software systems, and is an important part of the software development +life cycle. +</p> +<p> +Android's build system supports fuzzing through the inclusion of the <a +href="http://llvm.org/docs/LibFuzzer.html">libFuzzer project</a> from the LLVM +compiler infrastructure project. LibFuzzer is linked with the function under +test and handles all input selection, mutation, and crash reporting that occurs +during a fuzzing session. LLVM's sanitizers are used to aid in memory corruption +detection and code coverage metrics. +</p> +<p> +This article provides an introduction to libFuzzer on Android and how to perform +an instrumented build. It also includes instructions to write, run, and +customize fuzzers. +</p> +<h3 id="setup-and-build">Setup and build</h3> +<p> +To ensure you have a working image running on a device, follow the setup and +build examples below. +</p> +<aside class="note"><strong>Tip</strong>: +For more detailed setup information, see the +<a href="/setup/requirements">Downloading and building</a> section. +Follow the instructions to <a href="/setup/initializing">set up</a> your build +environment, <a href="/setup/downloading">download</a> the source, and +build Android (up to the +<a href="/setup/building.html#build-the-code">make command</a>).</aside> + +<p>After you flash your device with a standard Android build, follow the +instructions to flash an +<a href="/devices/tech/debug/asan.html#sanitize_target">AddressSanitizer +build</a>, and turn on coverage by using <code>SANITIZE_TARGET='address +coverage'</code> instead of <code>SANITIZE_TARGET='address'</code>. +</p> +<h4 id="setup-example">Setup example</h4> +<p> +This example assumes the target device is Pixel (<code>sailfish</code>) and is +already prepared for USB debugging (<code>aosp_sailfish-userdebug</code>). +</p> + + +<pre +class="prettyprint"><code class="devsite-terminal">mkdir ~/bin</code> +<code class="devsite-terminal">export PATH=~/bin:$PATH</code> +<code class="devsite-terminal">curl https://storage.googleapis.com/git-repo-downloads/repo > ~/bin/repo</code> +<code class="devsite-terminal">chmod a+x ~/bin/repo</code> +<code class="devsite-terminal">repo init -u https://android.googlesource.com/platform/manifest -b master</code> +<code class="devsite-terminal">repo sync -c -j8</code> +<code class="devsite-terminal">wget https://dl.google.com/dl/android/aosp/google_devices-sailfish-nde63p-c36cb625.tgz</code> +<code class="devsite-terminal">tar xvf google_devices-sailfish-nde63p-c36cb625.tgz</code> +<code class="devsite-terminal">extract-google_devices-sailfish.sh</code> +<code class="devsite-terminal">wget https://dl.google.com/dl/android/aosp/qcom-sailfish-nde63p-50a5f1e0.tgz</code> +<code class="devsite-terminal">tar xvf qcom-sailfish-nde63p-50a5f1e0.tgz</code> +<code class="devsite-terminal">extract-qcom-sailfish.sh</code> +<code class="devsite-terminal">. build/envsetup.sh</code> +<code class="devsite-terminal">lunch aosp_sailfish-userdebug</code> +</pre> + +<h4 id="build-example">Build example</h4> +<p> +There is a two-step build process to create an instrumented system image that +allows for reproducible fuzzing sessions. +</p> +<p> +First perform a full build of Android and flash it to the device. Next, build +the instrumented version of Android using the existing build as a starting +point. The build system is sophisticated enough to build only the required +binaries and put them in the correct location. +</p> + +<ol> +<li>Perform the initial build by issuing: +<pre class="devsite-terminal devsite-click-to-copy">make -j$(nproc)</pre></li> +<li>To allow you to flash your device, boot your device into fastboot mode using +the <a href="/source/running.html#booting-into-fastboot-mode">appropriate +key combination</a>.</li> +<li>Unlock the bootloader and flash the newly compiled image with the following +commands. (The <code>-w</code> option erases userdata, ensuring a clean initial +state.) +<pre class="prettyprint"><code class="devsite-terminal">fastboot oem unlock</code> +<code class="devsite-terminal">fastboot flashall -w</code> +</pre></li> +<li>Perform the instrumented build and flash the modified binaries to the +device: +<pre class="prettyprint"><code class="devsite-terminal">make -j$(nproc) SANITIZE_TARGET='address coverage'</code> +<code class="devsite-terminal">fastboot flash userdata</code> +<code class="devsite-terminal">fastboot flashall</code></pre> +</li> +</ol> + +<p> +The target device should now be ready for libFuzzer fuzzing. To ensure your +build is an instrumented build, check for the existence of +<code>/data/asan/lib</code> using adb as root: +</p> + +<pre class="prettyprint"><code class="devsite-terminal">adb root</code> +<code class="devsite-terminal">adb shell ls -ld /data/asan/lib* +drwxrwx--x 6 system system 8192 2016-10-05 14:52 /data/asan/lib +drwxrwx--x 6 system system 8192 2016-10-05 14:52 /data/asan/lib64</code> +</pre> +<p> +These directories do not exist on a regular, non-instrumented build. +</p> + +<h2 id="write-a-fuzzer">Write a fuzzer</h2> +<p> +To illustrate writing an end-to-end fuzzer using libFuzzer in Android, use the +following vulnerable code as a test case. This helps to test the fuzzer, ensure +everything is working correctly, and illustrate what crash data looks like. +</p> +<p> +Here is the test function. +</p> + + +<pre class="prettyprint">#include <stdint.h> +#include <stddef.h> +bool FuzzMe(const uint8_t *Data, size_t DataSize) { + return DataSize >= 3 && + Data[0] == 'F' && + Data[1] == 'U' && + Data[2] == 'Z' && + Data[3] == 'Z'; // ← Out of bounds access +} +</pre> + +<p> +To build and run this test fuzzer:</p> +<ol> +<li>Create a directory in the Android source tree, for example, +<code>tools/fuzzers/fuzz_me_fuzzer</code>. The following files will all be +created in this directory.</li> +<li>Write a fuzz target using libFuzzer. The fuzz target is a function that +takes a blob of data of a specified size and passes it to the function to be +fuzzed. Here's a basic fuzzer for the vulnerable test function: + +<pre +class="prettyprint">extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + FuzzMe(buf, len); + return 0; +} +</pre></li> +<li>Tell Android's build system to create the fuzzer binary. +To build the fuzzer, add this code to the <code>Android.mk</code> file: + +<pre +class="prettyprint">LOCAL_PATH:= $(call my-dir) + +include $(CLEAR_VARS) + +LOCAL_SRC_FILES := fuzz_me_fuzzer.cpp +LOCAL_CFLAGS += -Wno-multichar -g -O0 +LOCAL_MODULE_TAGS := optional +LOCAL_CLANG := true +LOCAL_MODULE:= fuzz_me_fuzzer + +Include $(BUILD_FUZZ_TEST) +</pre> +<p> +Most of the logic to get this working is included in the BUILD_FUZZ_TEST macro, +which is defined in <code>build/core/fuzz_test.mk.</code></p></li> + +<li>Make the fuzzer with: + +<pre class="devsite-terminal devsite-click-to-copy">make -j$(nproc) fuzz_me_fuzzer SANITIZE_TARGET="address coverage" +</pre></li> +</ol> +<p> +After following these steps, you should have a built fuzzer. The default +location for the fuzzer (for this example Pixel build) is +<code>out/target/product/sailfish/data/nativetest/fuzzers/fuzz_me_fuzzer/fuzz_me_fuzzer</code> +</p> +<h2 id="run-your-fuzzer">Run your fuzzer</h2> +<p> +After you've built your fuzzer, upload the fuzzer and the vulnerable library to +link against.</p> +<ol> +<li>To upload these files to a directory on the device, run these +commands: + + +<pre + class="prettyprint"><code class="devsite-terminal">adb root</code> +<code class="devsite-terminal">adb shell mkdir -p /data/tmp/fuzz_me_fuzzer/corpus</code> +<code class="devsite-terminal">adb push $OUT/data/asan/nativetest/fuzzers/fuzz_me_fuzzer/fuzz_me_fuzzer + /data/tmp/fuzz_me_fuzzer/</code> + </pre> +</li> +<li>Run the test fuzzer with this command: + +<pre class="devsite-terminal devsite-click-to-copy">adb shell /data/tmp/fuzz_me_fuzzer/fuzz_me_fuzzer /data/tmp/fuzz_me_fuzzer/corpus</pre> +</li></ol> +<p> +This results in output similar to the example output below. +</p> +<aside class="note"><strong>Tip</strong>: +See the <a href="http://llvm.org/docs/LibFuzzer.html">LibFuzzer docs</a> for +more information on how to read libFuzzer output. +</aside> + + +<pre class="prettyprint"> +INFO: Seed: 702890555 +INFO: Loaded 1 modules (9 guards): [0xaaac6000, 0xaaac6024), +Loading corpus dir: /data/tmp/fuzz_me_fuzzer/corpus +INFO: -max_len is not provided, using 64 +INFO: A corpus is not provided, starting from an empty corpus +#0 +READ units: 1 +#1 +INITED cov: 5 ft: 3 corp: 1/1b exec/s: 0 rss: 11Mb +#6 +NEW cov: 6 ft: 4 corp: 2/62b exec/s: 0 rss: 11Mb L: 61 MS: 1 InsertRepeatedBytes- +#3008 +NEW cov: 7 ft: 5 corp: 3/67b exec/s: 0 rss: 11Mb L: 5 MS: 1 CMP- DE: "F\x00\x00\x00"- +#7962 +NEW cov: 8 ft: 6 corp: 4/115b exec/s: 0 rss: 11Mb L: 48 MS: 1 InsertRepeatedBytes- +#35324 +NEW cov: 9 ft: 7 corp: 5/163b exec/s: 0 rss: 13Mb L: 48 MS: 1 ChangeBinInt- +================================================================= +==28219==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xe6423fb3 at pc 0xaaaae938 bp 0xffa31ab0 sp 0xffa31aa8 +READ of size 1 at 0xe6423fb3 thread T0 +#0 0xef72f6df in __sanitizer_print_stack_trace [asan_rtl] (discriminator 1) + #1 0xaaab813d in fuzzer::Fuzzer::CrashCallback() external/llvm/lib/Fuzzer/FuzzerLoop.cpp:251 + #2 0xaaab811b in fuzzer::Fuzzer::StaticCrashSignalCallback() external/llvm/lib/Fuzzer/FuzzerLoop.cpp:240 + #3 0xef5a9a2b in $a.0 /proc/self/cwd/bionic/libc/arch-arm/bionic/__restore.S:48 + #4 0xef5dba37 in tgkill /proc/self/cwd/bionic/libc/arch-arm/syscalls/tgkill.S:9 + #5 0xef5ab511 in abort bionic/libc/bionic/abort.cpp:42 (discriminator 2) + #6 0xef73b0a9 in __sanitizer::Abort() external/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cc:141 + #7 0xef73f831 in __sanitizer::Die() external/compiler-rt/lib/sanitizer_common/sanitizer_termination.cc:59 + #8 0xef72a117 in ~ScopedInErrorReport [asan_rtl] + #9 0xef72b38f in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) [asan_rtl] + #10 0xef72bd33 in __asan_report_load1 [asan_rtl] + #11 0xaaaae937 in FuzzMe(unsigned char const*, unsigned int) tools/fuzzers/fuzz_me_fuzzer/fuzz_me_fuzzer.cpp:10 + #12 0xaaaaead7 in LLVMFuzzerTestOneInput tools/fuzzers/fuzz_me_fuzzer/fuzz_me_fuzzer.cpp:15 + #13 0xaaab8d5d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) external/llvm/lib/Fuzzer/FuzzerLoop.cpp:515 + #14 0xaaab8f3b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned int) external/llvm/lib/Fuzzer/FuzzerLoop.cpp:469 + #15 0xaaab9829 in fuzzer::Fuzzer::MutateAndTestOne() external/llvm/lib/Fuzzer/FuzzerLoop.cpp:701 + #16 0xaaab9933 in fuzzer::Fuzzer::Loop() external/llvm/lib/Fuzzer/FuzzerLoop.cpp:734 + #17 0xaaab48e5 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) external/llvm/lib/Fuzzer/FuzzerDriver.cpp:524 + #18 0xaaab306f in main external/llvm/lib/Fuzzer/FuzzerMain.cpp:20 + #19 0xef5a8da1 in __libc_init bionic/libc/bionic/libc_init_dynamic.cpp:114 + +SUMMARY: AddressSanitizer: heap-buffer-overflow +... +==28219==ABORTING +MS: 1 CrossOver-; base unit: 10cc0cb80aa760479e932609f700d8cbb5d54d37 +0x46,0x55,0x5a, +FUZ +artifact_prefix='./'; Test unit written to ./crash-0eb8e4ed029b774d80f2b66408203801cb982a60 +Base64: RlVa +</pre> + +<p> +In the example output, the crash was caused by <code>fuzz_me_fuzzer.cpp</code> +at line 10:</p> +<pre +class="prettyprint"> Data[3] == 'Z'; // :( +</pre> +<p> +This is a straightforward out-of-bounds read if Data is of length 3. +</p> +<p> +After you run your fuzzer, the output often results in a crash and the offending +input is saved in the corpus and given an ID. In the example output, this is +<code>crash-0eb8e4ed029b774d80f2b66408203801cb982a60</code>. +</p> +<p> +To retrieve crash information, issue this command, specifying your crash ID:</p> +<pre class="devsite-terminal devsite-click-to-copy">adb pull +/data/tmp/fuzz_me_fuzzer/corpus/<var>CRASH_ID</var></pre> + +<p> +For more information about libFuzzer, see the <a +href="http://llvm.org/docs/LibFuzzer.html">upstream documentation</a>. Because +Android's libFuzzer is a few versions behind upstream, check <a +href="https://android.googlesource.com/platform/external/llvm/+/master/lib/Fuzzer/">external/llvm/lib/Fuzzer</a> +to make sure the interfaces support what you're trying to do. +</p> +</body></html> diff --git a/en/devices/tech/ota/ab_updates.html b/en/devices/tech/ota/ab_updates.html index 8f680c6e..53a42846 100644 --- a/en/devices/tech/ota/ab_updates.html +++ b/en/devices/tech/ota/ab_updates.html @@ -243,6 +243,8 @@ factory reset. </p> + <h4 id="update_engine_source">Update engine source</h4> + <p> The <code>update_engine</code> source is located in <code><a href="https://android.googlesource.com/platform/system/update_engine/" class="external">system/update_engine</a></code>. @@ -269,6 +271,36 @@ For a working example, refer to <code><a href="https://android.googlesource.com/device/google/marlin/+/nougat-dr1-release/device-common.mk" class="external-link">/device/google/marlin/device-common.mk</a></code>. </p> + <h4 id="update_engine_logs">Update engine logs</h4> + + <p> + For Android 8.x releases and earlier, the <code>update_engine</code> + logs can be found in <code>logcat</code> and in the bug report. To + make the <code>update_engine</code> logs available in the file system, + patch the following changes into your build: + </p> + + <ul> + <li><a + href="https://android-review.googlesource.com/c/platform/system/update_engine/+/486618"> + Change 486618</a></li> + <li><a + href="https://android-review.googlesource.com/c/platform/system/core/+/529080"> + Change 529080</a></li> + <li><a + href="https://android-review.googlesource.com/c/platform/system/update_engine/+/529081"> + Change 529081</a></li> + <li><a + href="https://android-review.googlesource.com/c/platform/system/sepolicy/+/534660"> + Change 534660</a></li> + </ul> + + <p>These changes save a copy of the most recent + <code>update_engine</code> log to + <code>/data/misc/update_engine_log/update_engine.log</code>. Users + with the <strong>log</strong> group ID will be able to access the file + system logs. + <h3 id="bootloader-interactions">Bootloader interactions</h3> <p> diff --git a/en/devices/tech/ota/nonab_updates.html b/en/devices/tech/ota/nonab_updates.html index 627fa263..4fb8daf0 100644 --- a/en/devices/tech/ota/nonab_updates.html +++ b/en/devices/tech/ota/nonab_updates.html @@ -61,7 +61,8 @@ partition requires special app permissions) and for storage of downloaded OTA update packages. Other programs use this space with the expectation that files can disappear at any time. Some OTA package - installations may result in this partition being wiped completely. + installations may result in this partition being wiped completely. The + cache also contains the update logs from an OTA update. </dd> <dt>recovery</dt> @@ -133,7 +134,8 @@ </li> </ol> - <p>The system update is complete!</p> + <p>The system update is complete! The update logs can be found in + <code>/cache/recovery/last_log.<var>#</var></code>.</p> <h2 id="migrating">Migrating from previous releases</h2> @@ -192,4 +194,4 @@ </p> </body> -</html>
\ No newline at end of file +</html> diff --git a/en/security/_toc.yaml b/en/security/_toc.yaml index 6b60e14b..db2c1df6 100644 --- a/en/security/_toc.yaml +++ b/en/security/_toc.yaml @@ -43,6 +43,12 @@ toc: path: /security/advisory/2016-03-18 - title: Android Bulletins section: + - title: 2018 Bulletins + section: + - title: January + path: /security/bulletin/2018-01-01 + - title: Index + path: /security/bulletin/2018 - title: 2017 Bulletins section: - title: December @@ -117,12 +123,22 @@ toc: section: - title: Overview path: /security/bulletin/pixel/index - - title: December 2017 - path: /security/bulletin/pixel/2017-12-01 - - title: November 2017 - path: /security/bulletin/pixel/2017-11-01 - - title: October 2017 - path: /security/bulletin/pixel/2017-10-01 + - title: 2018 Bulletins + section: + - title: January + path: /security/bulletin/pixel/2018-01-01 + - title: Index + path: /security/bulletin/pixel/2018 + - title: 2017 Bulletins + section: + - title: December + path: /security/bulletin/pixel/2017-12-01 + - title: November + path: /security/bulletin/pixel/2017-11-01 + - title: October + path: /security/bulletin/pixel/2017-10-01 + - title: Index + path: /security/bulletin/pixel/2017 - title: Application Signing section: - title: Overview diff --git a/en/security/bulletin/2017.html b/en/security/bulletin/2017.html index 0f26eeea..aa003eb5 100644 --- a/en/security/bulletin/2017.html +++ b/en/security/bulletin/2017.html @@ -38,15 +38,13 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho </tr> <tr> <td><a href="/security/bulletin/2017-12-01.html">December 2017</a></td> - <td>Coming soon - <!-- + <td> <a href="/security/bulletin/2017-12-01.html">English</a> / <a href="/security/bulletin/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-12-01.html?hl=ru">ру́сский</a> / <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> - --> </td> <td>December 4, 2017</td> <td>2017-12-01<br> diff --git a/en/security/bulletin/2018-01-01.html b/en/security/bulletin/2018-01-01.html new file mode 100644 index 00000000..ee037f11 --- /dev/null +++ b/en/security/bulletin/2018-01-01.html @@ -0,0 +1,837 @@ +<html devsite> + <head> + <title>Android Security Bulletin—January 2018</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p><em>Published January 2, 2018 | Updated January 5, 2018</em></p> + +<p> +The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Security patch levels of 2018-01-05 or later address +all of these issues. To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705">Check and update +your Android version</a>. +</p> +<p> +Android partners are notified of all issues at least a month before publication. +Source code patches for these issues have been released to the Android Open +Source Project (AOSP) repository and linked from this bulletin. This bulletin +also includes links to patches outside of AOSP.</p> +<p> +The most severe of these issues is a critical security vulnerability in Media +framework that could enable a remote attacker using a specially crafted file to +execute arbitrary code within the context of a privileged process. The <a +href="/security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are turned off for development purposes or if successfully bypassed. +</p> +<p> +We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the <a href="#mitigations">Android +and Google Play Protect mitigations</a> section for details on the <a +href="/security/enhancements/index.html">Android +security platform protections</a> and Google Play Protect, which improve the +security of the Android platform. +</p> +<p> +<strong>Note:</strong> Information on the latest over-the-air update (OTA) and +firmware images for Google devices is available in the January 2018 Pixel / Nexus +Security Bulletin. +</p> +<h2 id="announcements">Announcements</h2> +<aside class="note"> +<p><strong>Note:</strong> CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754, a set of +vulnerabilities related to speculative execution in processors, have been +publicly disclosed. Android is unaware of any successful reproduction of these +vulnerabilities that would allow unauthorized information disclosure on any +ARM-based Android device. +</p> +<p> +To provide additional protection, the update for CVE-2017-13218 included in this +bulletin reduces access to high-precision timers, which helps limits side +channel attacks (such as CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) +of all known variants of ARM processors. +</p> +<p>We encourage Android users to accept available security updates to their +devices. See the +<a href="https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html">Google +security blog</a> for more details.</p> +</aside> +<p> +We have launched a new <a href="/security/bulletin/pixel/">Pixel / Nexus +Security Bulletin</a>, which contains information on additional security +vulnerabilities and functional improvements that are addressed on Pixel and +Nexus devices. Android device manufacturers may choose to address these issues +on their devices. See <a href="#common-questions-and-answers">Common questions +and answers</a> for additional information. +</p> +<h2 id="mitigations">Android and Google service mitigations</h2> +<p> +This is a summary of the mitigations provided by the <a +href="/security/enhancements/index.html">Android +security platform</a> and service protections such as <a +href="https://www.android.com/play-protect">Google Play Protect</a>. These +capabilities reduce the likelihood that security vulnerabilities could be +successfully exploited on Android. +</p><ul> +<li>Exploitation for many issues on Android is made more difficult by +enhancements in newer versions of the Android platform. We encourage all users +to update to the latest version of Android where possible. +<li>The Android security team actively monitors for abuse through <a +href="https://www.android.com/play-protect">Google Play Protect</a> and warns +users about <a +href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially +Harmful Applications</a>. Google Play Protect is enabled by default on devices +with <a href="http://www.android.com/gms">Google Mobile Services</a>, and is +especially important for users who install apps from outside of Google +Play.</li></ul> +<h2 id="2018-01-01-security-patch-level—vulnerability-details">2018-01-01 +security patch level—Vulnerability details</h2> +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2018-01-01 patch level. Vulnerabilities are +grouped under the component that they affect. There is a description of the +issue and a table with the CVE, associated references, <a href="#type">type +of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +and updated AOSP versions (where applicable). When available, we link the public +change that addressed the issue to the bug ID, like the AOSP change list. When +multiple changes relate to a single bug, additional references are linked to +numbers following the bug ID. +</p> + +<h3 id="android-runtime">Android runtime</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +to bypass user interaction requirements in order to gain access to additional +permissions.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13176</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/4afa0352d6c1046f9e9b67fbf0011bcd751fcbb5"> + A-68341964</a></td> + <td>EoP</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + + +<h3 id="media-framework">Media framework</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +a privileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13177</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b686bb2df155fd1f55220d56f38cc0033afe278c"> + A-68320413</a></td> + <td>RCE</td> + <td>Critical</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13178</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/646a18fef28d19ba5beb6a2e1c00ac4c2663a10b"> + A-66969281</a></td> + <td>RCE</td> + <td>Critical</td> + <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13179</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/47d4b33b504e14e98420943f771a9aecd6d09516"> + A-66969193</a></td> + <td>RCE</td> + <td>Critical</td> + <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13180</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/cf1e36f93fc8776e3a8109149424babeee7f8382"> + A-66969349</a></td> + <td>EoP</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13181</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d64e9594d3d73c613010ca9fafc7af9782e9225d"> + A-67864232</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13182</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f1652e1b9f1d2840c79b6bf784d1befe40f4799e"> + A-67737022</a></td> + <td>EoP</td> + <td>High</td> + <td>8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13184</td> + <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16392a119661fd1da750d4d4e8e03442578bc543"> + A-65483324</a></td> + <td>EoP</td> + <td>High</td> + <td>8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-0855</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d7d6df849cec9d0a9c1fd0d9957a1b8edef361b7"> + A-64452857</a></td> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> + </tr> + <tr> + <td>CVE-2017-13191</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264"> + A-64380403</a></td> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13192</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/52ca619511acbd542d843df1f92f858ce13048a5"> + A-64380202</a></td> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13193</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b3f31e493ef6fa886989198da9787807635eaae2"> + A-65718319</a></td> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13195</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/066e3b1f9c954d95045bc9d33d2cdc9df419784f"> + A-65398821</a></td> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13196</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/f5b2fa243b4c45a4cd885e85f49ae548ab88c264"> + A-63522067</a></td> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13197</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/0a714d3a14d256c6a5675d6fbd975ca26e9bc471"> + A-64784973</a></td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13199</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/42b2e419b48a26d2ba599d87e3a2a02c4aa625f4"> + A-33846679</a></td> + <td>DoS</td> + <td>High</td> + <td>8.0, 8.1</td> + </tr> +</table> + + +<h3 id="system">System</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +a privileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13208</td> + <td><a href="https://android.googlesource.com/platform/system/core/+/b71335264a7c3629f80b7bf1f87375c75c42d868"> + A-67474440</a></td> + <td>RCE</td> + <td>Critical</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13209</td> + <td><a href="https://android.googlesource.com/platform/system/libhidl/+/a4d0252ab5b6f6cc52a221538e1536c5b55c1fa7"> + A-68217907</a> +[<a href="https://android.googlesource.com/platform/system/tools/hidl/+/8539fc8ac94d5c92ef9df33675844ab294f68d61">2</a>] +[<a href="https://android.googlesource.com/platform/system/hwservicemanager/+/e1b4a889e8b84f5c13b76333d4de90dbe102a0de">3</a>]</td> + <td>EoP</td> + <td>High</td> + <td>8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13210</td> + <td><a href="https://android.googlesource.com/platform/system/media/+/e770e378dc8e2320679272234285456ca2244a62"> + A-67782345</a></td> + <td>EoP</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13211</td> + <td><a href="https://android.googlesource.com/platform/system/bt/+/181144a50114c824cfe3cdfd695c11a074673a5e"> + A-65174158</a></td> + <td>DoS</td> + <td>High</td> + <td>8.0</td> + </tr> +</table> + +<h2 id="2018-01-05-security-patch-level—vulnerability-details">2018-01-05 +security patch level—Vulnerability details</h2> +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2018-01-05 patch level. Vulnerabilities are +grouped under the component that they affect and include details such as the +CVE, associated references, <a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +component (where applicable), and updated AOSP versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="htc-components">HTC components</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +to cause a denial of service in a critical system process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-13214</td> + <td>A-38495900<a href="#asterisk">*</a></td> + <td>DoS</td> + <td>High</td> + <td>Hardware HEVC decoder</td> + </tr> +</table> + + +<h3 id="kernel-components">Kernel components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-14497</td> + <td>A-66694921<br /> + <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edbd58be15a957f6a760c4a514cd475217eb97fd"> +Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>TCP packet processing</td> + </tr> + <tr> + <td>CVE-2017-13215</td> + <td>A-64386293<br /> + <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v3.18.78&id=36c84b22ac8aa041cbdfbe48a55ebb32e3521704"> +Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>Skcipher</td> + </tr> + <tr> + <td>CVE-2017-13216</td> + <td>A-66954097<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>High</td> + <td>Ashmem</td> + </tr> + <tr> + <td>CVE-2017-13218</td> + <td>A-68266545<a href="#asterisk">*</a></td> + <td>ID</td> + <td>High</td> + <td>High-precision timers</td> + </tr> +</table> + + +<h3 id="lg-components">LG components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-13217</td> + <td>A-68269077<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>High</td> + <td>Bootloader</td> + </tr> +</table> + + +<h3 id="media-framework">Media framework</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13183</td> + <td>A-38118127</td> + <td>EoP</td> + <td>High</td> + <td>8.1</td> + </tr> +</table> + + +<h3 id="mediatek-components">MediaTek components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-13225</td> + <td>A-38308024<a href="#asterisk">*</a><br /> + M-ALPS03495789</td> + <td>EoP</td> + <td>High</td> + <td>MTK Media</td> + </tr> +</table> + + +<h3 id="nvidia-components">NVIDIA components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0869</td> + <td>A-37776156<a href="#asterisk">*</a><br /> + N-CVE-2017-0869</td> + <td>EoP</td> + <td>High</td> + <td>Nvidia driver</td> + </tr> +</table> + + +<h3 id="qualcomm-components">Qualcomm components</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +a privileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-15849</td> + <td>A-66937641<br /> + <a href="https://source.codeaurora.org/quic/la/platform/hardware/qcom/display/commit/?id=0a59679b954c02b8996"> +QC-CR#2046572</a></td> + <td>EoP</td> + <td>High</td> + <td>Display</td> + </tr> + <tr> + <td>CVE-2017-11069</td> + <td>A-65468974<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=daf1fbae4be7bd669264a7907677250ff2a1f89b"> +QC-CR#2060780</a></td> + <td>EoP</td> + <td>High</td> + <td>Bootloader</td> + </tr> +</table> + + +<h3 id="qualcomm-closed-source-components">Qualcomm closed-source +components</h3> +<p>These vulnerabilities affect Qualcomm components and are described in +further detail in the appropriate Qualcomm AMSS security bulletin or security +alert. The severity assessment of these issues is provided directly by +Qualcomm.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-14911</td> + <td>A-62212946<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-14906</td> + <td>A-32584150<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-14912</td> + <td>A-62212739<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-14913</td> + <td>A-62212298<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-14915</td> + <td>A-62212632<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2013-4397</td> + <td>A-65944893<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-11010</td> + <td>A-66913721<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> +</table> + + +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p> +This section answers common questions that may occur after reading this +bulletin. +</p> +<p> +<strong>1. How do I determine if my device is updated to address these issues? +</strong> +</p> +<p> +To learn how to check a device's security patch level, see <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Check +& update your Android version</a>. +</p> +<ul> +<li>Security patch levels of 2018-01-01 or later address all issues associated +with the 2018-01-01 security patch level.</li> +<li>Security patch levels of 2018-01-05 or later address all issues associated +with the 2018-01-05 security patch level and all previous patch levels.</li> +</ul> +<p> +Device manufacturers that include these updates should set the patch string +level to: +</p> +<ul> +<li>[ro.build.version.security_patch]:[2018-01-01]</li> +<li>[ro.build.version.security_patch]:[2018-01-05]</li> +</ul> +<p> +<strong>2. Why does this bulletin have two security patch levels?</strong> +</p> +<p> +This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level. +</p> +<ul> +<li>Devices that use the 2018-01-01 security patch level must include all issues +associated with that security patch level, as well as fixes for all issues +reported in previous security bulletins.</li> +<li>Devices that use the security patch level of 2018-01-05 or newer must +include all applicable patches in this (and previous) security +bulletins.</li> +</ul> +<p> +Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update. +</p> +<p id="type"> +<strong>3. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>4. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>5. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Nexus devices available from the <a +href="https://developers.google.com/android/nexus/drivers">Google Developer +site</a>. +</p> +<p> +<strong>6. Why are security vulnerabilities split between this bulletin and +device/partner security bulletins, such as the Pixel / Nexus bulletin?</strong> +</p> +<p> +Security vulnerabilities that are documented in this security bulletin are +required in order to declare the latest security patch level on Android devices. +Additional security vulnerabilities that are documented in the device/partner +security bulletins are not required for declaring a security patch level. +Android device and chipset manufacturers are encouraged to document the presence +of other fixes on their devices through their own security websites, such as the +<a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a>, <a +href="https://lgsecurity.lge.com/security_updates.html">LGE</a>, or <a +href="/security/bulletin/pixel/">Pixel / Nexus</a> +security bulletins. +</p> +<h2 id="versions">Versions</h2> +<table> + <col width="15%"> + <col width="25%"> + <col width="60%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>January 2, 2018</td> + <td>Bulletin published.</td> + </tr> + <tr> + <td>1.1</td> + <td>January 3, 2018</td> + <td>Bulletin updated with announcement about CVE-2017-13218.</td> + </tr> + <tr> + <td>1.2</td> + <td>January 5, 2018</td> + <td>Bulletin revised to include AOSP links.</td> + </tr> +</table> +</body></html> diff --git a/en/security/bulletin/2018.html b/en/security/bulletin/2018.html new file mode 100644 index 00000000..268ef054 --- /dev/null +++ b/en/security/bulletin/2018.html @@ -0,0 +1,57 @@ +<html devsite> + <head> + <title>2018 Android Security Bulletins</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + +<p>This page contains all available 2018 Android Security Bulletins. For a list +of all bulletins, see the <a href="/security/bulletin/index.html">Android Security Bulletins</a> homepage.</p> + +<table> + <col width="15%"> + <col width="49%"> + <col width="17%"> + <col width="19%"> + <tr> + <th>Bulletin</th> + <th>Languages</th> + <th>Published date</th> + <th>Security patch level</th> + </tr> + <tr> + <td><a href="/security/bulletin/2018-01-01.html">January 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2018-01-01.html">English</a> / + <a href="/security/bulletin/2018-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2018-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2018-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>January 2018</td> + <td>2018-01-01<br> + 2018-01-05</td> + </tr> +</table> + </body> +</html> diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html index cb8a84f1..cc6a14a6 100644 --- a/en/security/bulletin/index.html +++ b/en/security/bulletin/index.html @@ -68,16 +68,30 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <th>Security patch level</th> </tr> <tr> - <td><a href="/security/bulletin/2017-12-01.html">December 2017</a></td> + <td><a href="/security/bulletin/2018-01-01.html">January 2018</a></td> <td>Coming soon <!-- + <a href="/security/bulletin/2018-01-01.html">English</a> / + <a href="/security/bulletin/2018-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2018-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2018-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>January 2, 2018</td> + <td>2018-01-01<br> + 2018-01-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/2017-12-01.html">December 2017</a></td> + <td> <a href="/security/bulletin/2017-12-01.html">English</a> / <a href="/security/bulletin/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2017-12-01.html?hl=ru">ру́сский</a> / <a href="/security/bulletin/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/bulletin/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> - --> </td> <td>December 4, 2017</td> <td>2017-12-01<br> diff --git a/en/security/bulletin/pixel/2017.html b/en/security/bulletin/pixel/2017.html new file mode 100644 index 00000000..23f1c15c --- /dev/null +++ b/en/security/bulletin/pixel/2017.html @@ -0,0 +1,82 @@ +<html devsite> + <head> + <title>2017 Pixel / Nexus Security Bulletins</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + +<p>This page contains all available 2017 Pixel / Nexus Security +Bulletins. For a list of all bulletins, see the +<a href="/security/bulletin/pixel/index.html">Pixel / Nexus Security +Bulletins</a> homepage.</p> + +<table> + <col width="15%"> + <col width="49%"> + <col width="17%"> + <col width="19%"> + <tr> + <th>Bulletin</th> + <th>Languages</th> + <th>Published date</th> + <th>Security patch level</th> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2017-12-01.html">December 2017</a></td> + <td> + <a href="/security/bulletin/pixel/2017-12-01.html">English</a> / + <a href="/security/bulletin/pixel/2017-12-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2017-12-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2017-12-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> + </td> + <td>December 4, 2017</td> + <td>2017-12-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2017-11-01.html">November 2017</a></td> + <td> + <a href="/security/bulletin/pixel/2017-11-01.html">English</a> / + <a href="/security/bulletin/pixel/2017-11-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2017-11-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2017-11-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/pixel/2017-11-01.html?hl=zh-tw">中文 (台灣)</a> + </td> + <td>November 6, 2017</td> + <td>2017-11-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2017-10-01.html">October 2017</a></td> + <td> + <a href="/security/bulletin/pixel/2017-10-01.html">English</a> / + <a href="/security/bulletin/pixel/2017-10-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2017-10-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2017-10-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/pixel/2017-10-01.html?hl=zh-tw">中文 (台灣)</a> + </td> + <td>October 2, 2017</td> + <td>2017-10-05</td> + </tr> +</table> + </body> +</html> diff --git a/en/security/bulletin/pixel/2018-01-01.html b/en/security/bulletin/pixel/2018-01-01.html new file mode 100644 index 00000000..4c6dd4a4 --- /dev/null +++ b/en/security/bulletin/pixel/2018-01-01.html @@ -0,0 +1,793 @@ +<html devsite> + <head> + <title>Pixel / Nexus Security Bulletin—January 2018</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p><em>Published January 2, 2018 | Updated January 5, 2018</em></p> + +<p> +The Pixel / Nexus Security Bulletin contains details of security +vulnerabilities and functional improvements affecting <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported +Google Pixel and Nexus devices</a> (Google devices). For Google devices, +security patch levels of 2018-01-05 or later address all issues in this +bulletin and all issues in the <a href="/security/bulletin/2018-01-01">January +2018 Android Security Bulletin</a>. To learn how to check a device's security +patch level, see <a href="https://support.google.com/pixelphone/answer/4457705">Check +and update your Android version</a>. +</p> +<p> +All supported Google devices will receive an update to the 2018-01-05 patch +level. We encourage all customers to accept these updates to their devices. +</p> +<p class="note"> +<strong>Note:</strong> The Google device firmware images are available on the <a +href="https://developers.google.com/android/nexus/images">Google Developer +site</a>. +</p> +<h2 id="announcements">Announcements</h2> +<p> +In addition to the security vulnerabilities described in the <a +href="/security/bulletin/2018-01-01">January 2018 +Android Security Bulletin</a>, Pixel and Nexus devices also contain patches for +the security vulnerabilities described below. Partners were notified of these +issues at least a month ago and may choose to incorporate them as part of their +device updates. +</p> +<h2 id="security-patches">Security patches</h2> +<p> +Vulnerabilities are grouped under the component that they affect. There is a +description of the issue and a table with the CVE, associated references, <a +href="#type">type of vulnerability</a>, <a +href="/security/overview/updates-resources.html#severity">severity</a>, +and updated Android Open Source Project (AOSP) versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="framework">Framework</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0846</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/93d77b07c34077b6c403c459b7bb75933446a502">A-64934810</a> + [<a href="https://android.googlesource.com/platform/frameworks/base/+/395e162a0bf21c7e67923b9ae5fc9aded2d128a7">2</a>] + </td> + <td>ID</td> + <td>Moderate</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> + </tr> +</table> + + +<h3 id="media-framework">Media framework</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13201</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7f7783d0c0c726eaaf517125383b0fb30251bdd0">A-63982768</a></td> + <td>ID</td> + <td>Moderate</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13202</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/de7f50ee76ed5ed70d9174f23175287c1035b383">A-67647856</a></td> + <td>ID</td> + <td>Moderate</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13206</td> + <td><a href="https://android.googlesource.com/platform/external/aac/+/29189063770fbd7d00f04ed1fd16ec5eefee7ec9">A-65025048</a></td> + <td>ID</td> + <td>Moderate</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13207</td> + <td><a href="http://lesource.com/platform/frameworks/av/+/212335cbc6e8795c3cfb332e7b119e03cf33f603">A-37564426</a></td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13185</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d">A-65123471</a></td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13187</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5">A-65034175</a></td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13188</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189">A-65280786</a></td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13203</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848">A-63122634</a></td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13204</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae">A-64380237</a></td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13205</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6">A-64550583</a></td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13200</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5">A-63100526</a></td> + <td>ID</td> + <td>Low</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>ID</td> + <td>Moderate</td> + <td>5.1.1, 6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13186</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9">A-65735716</a></td> + <td>NSI</td> + <td>NSI</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13189</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a">A-68300072</a></td> + <td>NSI</td> + <td>NSI</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13190</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600">A-68299873</a></td> + <td>NSI</td> + <td>NSI</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13194</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9">A-64710201</a></td> + <td>NSI</td> + <td>NSI</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13198</td> + <td rowspan="2"><a href="https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3">A-68399117</a></td> + <td>NSI</td> + <td>NSI</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>5.1.1, 6.0, 6.0.1</td> + </tr> +</table> + + +<h3 id="system">System</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13212</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e012d705dd8172048c3f32113b2a671847e3d1a2"> + A-62187985</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> + </tr> +</table> + + +<h3 id="broadcom-components">Broadcom components</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-13213</td> + <td>A-63374465<a href="#asterisk">*</a><br /> + B-V2017081501</td> + <td>EoP</td> + <td>Moderate</td> + <td>Bcmdhd driver</td> + </tr> +</table> + + +<h3 id="htc-components">HTC components</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-11072</td> + <td>A-65468991<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Partition table updater</td> + </tr> +</table> + + +<h3 id="kernel-components">Kernel components</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-13219</td> + <td>A-62800865<a href="#asterisk">*</a></td> + <td>DoS</td> + <td>Moderate</td> + <td>Synaptics touchscreen controller</td> + </tr> + <tr> + <td>CVE-2017-13220</td> + <td>A-63527053<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>BlueZ</td> + </tr> + <tr> + <td>CVE-2017-13221</td> + <td>A-64709938<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Wifi driver</td> + </tr> + <tr> + <td>CVE-2017-11473</td> + <td>A-64253928<br /> + <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dad5ab0db8deac535d03e3fe3d8f2892173fa6a4"> +Upstream kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Kernel</td> + </tr> + <tr> + <td>CVE-2017-13222</td> + <td>A-38159576<a href="#asterisk">*</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Kernel</td> + </tr> + <tr> + <td>CVE-2017-14140</td> + <td>A-65468230<br /> + <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197e7e521384a23b9e585178f3f11c9fa08274b9"> +Upstream kernel</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Kernel</td> + </tr> + <tr> + <td>CVE-2017-15537</td> + <td>A-68805943<br /> + <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e"> +Upstream kernel</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Kernel</td> + </tr> +</table> + + +<h3 id="mediatek-components">MediaTek components</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-13226</td> + <td>A-32591194<a href="#asterisk">*</a><br /> + M-ALPS03149184</td> + <td>EoP</td> + <td>Moderate</td> + <td>MTK</td> + </tr> +</table> + + +<h3 id="qualcomm-components">Qualcomm components</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-9705</td> + <td>A-67713091<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=00515286cf52145f2979026b8641cfb15c8e7644"> +QC-CR#2059828</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>SOC Driver</td> + </tr> + <tr> + <td>CVE-2017-15847</td> + <td>A-67713087<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6f510e5c3ffe80ad9ea4271a39a21d3b647e1f0f"> +QC-CR#2070309</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>SOC Driver</td> + </tr> + <tr> + <td>CVE-2017-15848</td> + <td>A-67713083<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d24a74a7103cb6b773e1d8136ba51b64fa96b21d"> +QC-CR#2073777</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Driver</td> + </tr> + <tr> + <td>CVE-2017-11081</td> + <td>A-67713113<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=d650d091aad2b13887b374ddc4268a457040ffc1"> +QC-CR#2077622</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>WLan</td> + </tr> + <tr> + <td>CVE-2017-15845</td> + <td>A-67713111<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=d39f7f0663394e1e863090108a80946b90236112"> +QC-CR#2072966</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>WLan</td> + </tr> + <tr> + <td>CVE-2017-14873</td> + <td>A-67713104<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=57377acfed328757da280f4adf1c300f0b032422"> +QC-CR#2057144</a> + [<a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e9492b99156137cf533722eea6ba8846d424c800"> +2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>Graphics Driver</td> + </tr> + <tr> + <td>CVE-2017-11035</td> + <td>A-67713108<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=aeb7bcf516dfa00295329ec66bd0b62d746f4bbe"> +QC-CR#2070583</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Wireless driver</td> + </tr> + <tr> + <td>CVE-2017-11003</td> + <td>A-64439673<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=6ca5369f343f942ad925dc01371d87d040235243"> +QC-CR#2026193</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2017-9689</td> + <td>A-62828527<br /> + <a href="https://source.codeaurora.org/quic/la/platform/hardware/qcom/display/commit/?id=1583ea20412c1e9abb8c7ce2a916ad955f689530"> +QC-CR#2037019</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>HDMI driver</td> + </tr> + <tr> + <td>CVE-2017-14879</td> + <td>A-63890276<a href="#asterisk">*</a><br /> + QC-CR#2056307</td> + <td>EoP</td> + <td>Moderate</td> + <td>IPA driver</td> + </tr> + <tr> + <td>CVE-2017-11080</td> + <td>A-66937382<br /> + <a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/lk.git;a=commit;h=4f50bba52193cdf917037c98ce38a45aeb4582da"> +QC-CR#2078272</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2017-14869</td> + <td>A-67713093<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=e5d62d222504b9f4f079ea388f0724f471855fbe"> +QC-CR#2061498</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2017-11066</td> + <td>A-65468971<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=5addd693aec592118bd5c870ba547b6311a4aeca"> +QC-CR#2068506</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2017-15850</td> + <td>A-62464339<a href="#asterisk">*</a><br /> + QC-CR#2113240</td> + <td>ID</td> + <td>Moderate</td> + <td>Microphone driver</td> + </tr> + <tr> + <td>CVE-2017-9712</td> + <td>A-63868883<br /> + <a href="https://www.codeaurora.org/gitweb/quic/la/?p=platform/vendor/qcom-opensource/wlan/qcacld-2.0.git;a=commit;h=b1d0e250717fc4d8b7c45cef036ea9d16293c616"> +QC-CR#2033195</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Wireless driver</td> + </tr> + <tr> + <td>CVE-2017-11079</td> + <td>A-67713100<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=ddae8fa912fd2b207b56733f5294d33c6a956b65"> +QC-CR#2078342</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2017-14870</td> + <td>A-67713096<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=1ab72362bad8482392de02b425efaab76430de15"> +QC-CR#2061506</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2017-11079</td> + <td>A-66937383<br /> + <a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/lk.git;a=commit;h=48bd9bbeab9bc7f489193951338dae6adedbef2e"> +QC-CR#2078342</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Bootloader</td> + </tr> +</table> + +<h2 id="functional-updates">Functional updates</h2> +<p> +These updates are included for affected Pixel devices to address functionality +issues not related to the security of Pixel devices. The table includes +associated references; the affected category, such as Bluetooth or mobile data; +and a summary of the issue. +</p> +<table> + <tr> + <th>References</th> + <th>Category</th> + <th>Improvements</th> + </tr> + <tr> + <td>A-68810306</td> + <td>Keystore</td> + <td>Adjusted handling of key upgrades in keystore.</td> + </tr> + <tr> + <td>A-70213235</td> + <td>Stability</td> + <td>Improve stability and performance after installing an OTA.</td> + </tr> +</table> + +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p> +This section answers common questions that may occur after reading this +bulletin. +</p> +<p> +<strong>1. How do I determine if my device is updated to address these issues? +</strong> +</p> +<p> +Security patch levels of 2018-01-05 or later address all issues associated with +the 2018-01-05 security patch level and all previous patch levels. To learn how +to check a device's security patch level, read the instructions on the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a>. +</p> +<p id="type"> +<strong>2. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>3. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>4. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Nexus devices available from the <a +href="https://developers.google.com/android/nexus/drivers">Google Developer +site</a>. +</p> +<p> +<strong>5. Why are security vulnerabilities split between this bulletin and the +Android Security Bulletins?</strong> +</p> +<p> +Security vulnerabilities that are documented in the Android Security Bulletins +are required in order to declare the latest security patch level on Android +devices. Additional security vulnerabilities, such as those documented in this +bulletin, are not required for declaring a security patch level. +</p> +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>January 2, 2018</td> + <td>Bulletin published.</td> + </tr> + <tr> + <td>1.1</td> + <td>January 5, 2018</td> + <td>Bulletin revised to include AOSP links.</td> + </tr> +</table> +</body></html> + diff --git a/en/security/bulletin/pixel/2018.html b/en/security/bulletin/pixel/2018.html new file mode 100644 index 00000000..7a5bae85 --- /dev/null +++ b/en/security/bulletin/pixel/2018.html @@ -0,0 +1,58 @@ +<html devsite> + <head> + <title>2018 Pixel / Nexus Security Bulletins</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + +<p>This page contains all available 2018 Pixel / Nexus Security +Bulletins. For a list of all bulletins, see the +<a href="/security/bulletin/pixel/index.html">Pixel / Nexus Security +Bulletins</a> homepage.</p> + +<table> + <col width="15%"> + <col width="49%"> + <col width="17%"> + <col width="19%"> + <tr> + <th>Bulletin</th> + <th>Languages</th> + <th>Published date</th> + <th>Security patch level</th> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2018-01-01.html">January 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/pixel/2018-01-01.html">English</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>January 2018</td> + <td>2018-01-05</td> + </tr> +</table> + </body> +</html> diff --git a/en/security/bulletin/pixel/index.html b/en/security/bulletin/pixel/index.html index 5479a4fa..1b3c5895 100644 --- a/en/security/bulletin/pixel/index.html +++ b/en/security/bulletin/pixel/index.html @@ -59,16 +59,29 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <th>Security patch level</th> </tr> <tr> - <td><a href="/security/bulletin/pixel/2017-12-01.html">December 2017</a></td> + <td><a href="/security/bulletin/pixel/2018-01-01.html">January 2018</a></td> <td>Coming soon <!-- + <a href="/security/bulletin/pixel/2018-01-01.html">English</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/pixel/2018-01-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>January 2, 2018</td> + <td>2018-01-05</td> + </tr> + <tr> + <td><a href="/security/bulletin/pixel/2017-12-01.html">December 2017</a></td> + <td> <a href="/security/bulletin/pixel/2017-12-01.html">English</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=ru">ру́сский</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/bulletin/pixel/2017-12-01.html?hl=zh-tw">中文 (台灣)</a> - --> </td> <td>December 4, 2017</td> <td>2017-12-05</td> diff --git a/en/security/encryption/file-based.html b/en/security/encryption/file-based.html index 0aad506b..806d822b 100644 --- a/en/security/encryption/file-based.html +++ b/en/security/encryption/file-based.html @@ -396,31 +396,28 @@ profile’s TEE key. </p> <h3 id="handling-updates">Handling updates</h3> <p> -The recovery partition is unable to access the DE protected storage on the +The recovery partition is unable to access the DE-protected storage on the userdata partition. Devices implementing FBE are strongly recommended to support -OTA using the upcoming A/B system updates. As the OTA can be applied during -normal operation there is no need for recovery to access data on the encrypted drive. +OTA using <a href="/devices/tech/ota/ab_implement">A/B system updates</a>. As +the OTA can be applied during normal operation there is no need for recovery to +access data on the encrypted drive. </p> <p> -If a legacy OTA solution is used, which requires recovery to access the OTA file -on the userdata partition then: +When using a legacy OTA solution, which requires recovery to access the OTA file +on the <code>userdata</code> partition: </p> -<ul> -<li>Create a top level directory (for example “misc_ne”) in the userdata -partition. -<li>Add this top level directory to the encryption policy exception (see <a -href="#encryption-policy">Encryption policy</a> above). -<li>Create a directory with this to hold OTA packages. -<li>Add an SELinux rule and file contexts to control access to this folder and -it contents. Only the process or applications receiving OTA updates should be be -able to read and write to this folder. -<li>No other application or process should have access to this folder.</li> -</ul> - -<p> -Within this folder create a directory to contain the OTA packages. -</p> +<ol> + <li>Create a top-level directory (for example <code>misc_ne</code>) in the + <code>userdata</code> partition.</li> + <li>Add this top-level directory to the encryption policy exception (see + <a href="#encryption-policy">Encryption policy</a> above).</li> + <li>Create a directory within the top-level directory to hold OTA packages.</li> + <li>Add an SELinux rule and file contexts to control access to this folder and + it contents. Only the process or applications receiving OTA updates should be + able to read and write to this folder. No other application or process should + have access to this folder.</li> +</ol> <h2 id="validation">Validation</h2> <p> To ensure the implemented version of the feature works as intended, employ the diff --git a/en/security/overview/acknowledgements.html b/en/security/overview/acknowledgements.html index 8bc07589..936c3d82 100644 --- a/en/security/overview/acknowledgements.html +++ b/en/security/overview/acknowledgements.html @@ -33,6 +33,141 @@ impact on Android security, including code that qualifies for the <a href="https://www.google.com/about/appsecurity/patch-rewards/">Patch Rewards</a> program.</p> +<h2 id="2018">2018</h2> +<p>In 2018, the security acknowledgements are listed by month. In prior years, +acknowledgements were listed together.</p> +<h4 id="january-2018">January</h4> + +<table> + <col width="70%"> + <col width="30%"> + <tr> + <th>Researchers</th> + <th>CVEs</th> + </tr> + <tr> + <td><a href="mailto:zhangadong@huawei.com">Adong Zhang</a> (张阿东), <a +href="mailto:liuchao741@huawei.com">Chao Liu</a> (刘超), and <a +href="mailto:dongjinguang@huawei.com">Jinguang Dong</a> (董金光)</td> + <td>CVE-2017-13215</td> + </tr> + <tr> + <td><a href="https://twitter.com/amarekano">Amar Menezes</a> of <a +href="https://labs.mwrinfosecurity.com/">MWR Labs</a></td> + <td>CVE-2017-13212</td> + </tr> + <tr> + <td>Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of <a +href="http://www.e2e-assure.com ">e2e-assure</a></td> + <td>CVE-2017-0846</td> + </tr> + <tr> + <td>Baozeng Ding (<a href="https://twitter.com/sploving1">@sploving</a>), +Chengming Yang, and Yang Song of Pandora Lab, Ali Security</td> + <td>CVE-2017-13222, CVE-2017-13220</td> + </tr> + <tr> + <td>Billy Lau of Google</td> + <td>CVE-2017-14879</td> + </tr> + <tr> + <td>Cameron Gutman</td> + <td>CVE-2017-13214</td> + </tr> + <tr> + <td><a href="mailto:zc1991@mail.ustc.edu.cn">Chi Zhang</a> and Mingjian Zhou +(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a +href="http://c0reteam.org">C0RE Team</a></td> + <td>CVE-2017-13178, CVE-2017-13179</td> + </tr> + <tr> + <td>Gal Beniamini of Google</td> + <td>CVE-2017-13209</td> + </tr> + <tr> + <td>Haosheng Wang (<a href="https://twitter.com/gnehsoah">@gnehsoah</a>)</td> + <td>CVE-2017-13198</td> + </tr> + <tr> + <td>Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>) and +Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) +of <a href="http://c0reteam.org">C0RE Team</a></td> + <td>CVE-2017-13183, CVE-2017-13180</td> + </tr> + <tr> + <td>Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>), <a +href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a>, and Mingjian Zhou (<a +href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a +href="http://c0reteam.org">C0RE Team</a></td> + <td>CVE-2017-13194</td> + </tr> + <tr> + <td>Max Moroz of Google</td> + <td>CVE-2017-13224</td> + </tr> + <tr> + <td>Mingjian Zhou (周明建) (<a +href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a +href="http://c0reteam.org">C0RE Team</a></td> + <td>CVE-2017-13184, CVE-2017-13201</td> + </tr> + <tr> + <td><a href="mailto:jiych.guru@gmail.com">Niky1235</a> (<a +href="https://twitter.com/jiych_guru">@jiych_guru</a>)</td> + <td>CVE-2017-0855, CVE-2017-13195, CVE-2017-13181</td> + </tr> + <tr> + <td><a href="http://github.com/tintinweb">tintinweb</a></td> + <td>CVE-2017-13208</td> + </tr> + <tr> + <td>Tongxin Li and Xinhui Han of Peking University; +Luyi Xing, Nan Zhang, Xueqiang Wang, and XiaoFeng Wang of Indiana University +Bloomington; Xiaolong Bai of Tsinghua University; and Kai Chen of IIE, Chinese +Academy of Sciences</td> + <td>CVE-2017-13176</td> + </tr> + <tr> + <td>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a +href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile +Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a></td> + <td>CVE-2017-13196, CVE-2017-13186</td> + </tr> + <tr> + <td>Wolfu (付敬贵) of Tencent Security Platform Department</td> + <td>CVE-2017-13219, CVE-2017-13207</td> + </tr> + <tr> + <td>Xuan Xing of Google</td> + <td>CVE-2017-13217</td> + </tr> + <tr> + <td>Yangkang (<a href="https://twitter.com/dnpushme">@dnpushme</a>) of +Qihoo360 Qex Team</td> + <td>CVE-2017-13200</td> + </tr> + <tr> + <td>Yongke Wang (<a href="https://twitter.com/Rudykewang">@Rudykewang</a>) +and Yuebin Sun of <a href="http://xlab.tencent.com">Tencent's Xuanwu Lab</a></td> + <td>CVE-2017-13202</td> + </tr> + <tr> + <td><a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a> of <a +href="http://c0reteam.org">C0RE Team</a></td> + <td>CVE-2017-13213, CVE-2017-13221</td> + </tr> + <tr> + <td><a href="http://weibo.com/panyu6325">Yu Pan</a> and <a +href="mailto:huahuaisadog@gmail.com">Yang Dai</a> of Vulpecker Team, Qihoo 360 +Technology Co. Ltd.</td> + <td>CVE-2017-0869</td> + </tr> + <tr> + <td><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security +Response Center, Qihoo 360 Technology Co. Ltd.</td> + <td>CVE-2017-13206, CVE-2017-13188, CVE-2017-13185</td> + </tr> +</table> <h2 id="2017">2017</h2> diff --git a/en/setup/build-numbers.html b/en/setup/build-numbers.html index 1e82c65d..5f2d08c9 100644 --- a/en/setup/build-numbers.html +++ b/en/setup/build-numbers.html @@ -213,6 +213,36 @@ site:</p> </thead> <tbody> <tr> + <td>OPM3.171019.013</td> + <td>android-8.1.0_r7</td> + <td>Oreo</td> + <td>Nexus 5X, Nexus 6P</td> + </tr> + <tr> + <td>OPM1.171019.015</td> + <td>android-8.1.0_r6</td> + <td>Oreo</td> + <td>Pixel C</td> + </tr> + <tr> + <td>OPM1.171019.014</td> + <td>android-8.1.0_r5</td> + <td>Oreo</td> + <td>Pixel 2 XL, Pixel 2, Pixel XL, Pixel</td> + </tr> + <tr> + <td>OPM1.171019.013</td> + <td>android-8.1.0_r4</td> + <td>Oreo</td> + <td>Pixel 2 XL, Pixel 2</td> + </tr> + <tr> + <td>OPM1.171019.012</td> + <td>android-8.1.0_r3</td> + <td>Oreo</td> + <td>Pixel XL, Pixel</td> + </tr> + <tr> <td>OPM2.171019.012</td> <td>android-8.1.0_r2</td> <td>Oreo</td> diff --git a/en/setup/initializing.html b/en/setup/initializing.html index 4fdb4700..aa857f4d 100644 --- a/en/setup/initializing.html +++ b/en/setup/initializing.html @@ -57,8 +57,8 @@ OS below.</p> <h3 id="installing-the-jdk">Installing the JDK</h3> <p>The <code>master</code> branch of Android in the <a href="https://android.googlesource.com/">Android Open Source Project (AOSP)</a> -comes with a prebuilt version of OpenJDK in -<code>platform/prebuilts/jdk/jdk8</code>. So no additional installation is +comes with prebuilt versions of OpenJDK below +<code>prebuilts/jdk/</code>. So no additional installation is required.</p> <p>Older versions of Android require a separate installation of the JDK. On diff --git a/en/setup/requirements.html b/en/setup/requirements.html index ced64cd3..69a60a27 100644 --- a/en/setup/requirements.html +++ b/en/setup/requirements.html @@ -167,7 +167,7 @@ for the prebuilt path and installation instructions for older versions.</p> <h4 id=make>Make</h4> <p> Android 4.0.x (Ice Cream Sandwich) and earlier will need to <a href="initializing.html#reverting-from-make-382">revert from make 3.82</a> - to avoid build errors</p>. + to avoid build errors.</p> </body> </html> |
