Snap for 7664297 from 0fc5bdedaf243ab8480161db346447da783f3216 to main-cg-testing-release
Change-Id: I7b25eea2d4aac280d23f78e11ccc3801d6a0bc96
diff --git a/2_device-types/2_6_tablet-reqs.md b/2_device-types/2_6_tablet-reqs.md
index 431a806..04f277a 100644
--- a/2_device-types/2_6_tablet-reqs.md
+++ b/2_device-types/2_6_tablet-reqs.md
@@ -8,6 +8,7 @@
* Physical keyboard implementations used with the device connect by
means of a standard connection (e.g. USB, Bluetooth).
* Has a power source that provides mobility, such as a battery.
+* Has a physical diagonal screen size in the range of 7 to 18 inches.
Tablet device implementations have similar requirements to handheld device
implementations. The exceptions are indicated by an \* in that section
diff --git a/3_software/3_2_soft-api-compatibility.md b/3_software/3_2_soft-api-compatibility.md
index 39a7937..3499db6 100644
--- a/3_software/3_2_soft-api-compatibility.md
+++ b/3_software/3_2_soft-api-compatibility.md
@@ -200,7 +200,7 @@
except that it MUST NOT be null or the empty string ("").</td>
</tr>
<tr>
- <td>SECURITY_PATCH</td>
+ <td>VERSION.SECURITY_PATCH</td>
<td>A value indicating the security patch level of a build. It MUST signify
that the build is not in any way vulnerable to any of the issues described
up through the designated Android Public Security Bulletin. It MUST be in
@@ -210,7 +210,7 @@
Android Security Advisory</a>, for example "2015-11-01".</td>
</tr>
<tr>
- <td>BASE_OS</td>
+ <td>VERSION.BASE_OS</td>
<td>A value representing the FINGERPRINT parameter of the build that is
otherwise identical to this build except for the patches provided in the
Android Public Security Bulletin. It MUST report the correct value and if
diff --git a/7_hardware-compatibility/7_4_data-connectivity.md b/7_hardware-compatibility/7_4_data-connectivity.md
index 7337035..16f8f17 100644
--- a/7_hardware-compatibility/7_4_data-connectivity.md
+++ b/7_hardware-compatibility/7_4_data-connectivity.md
@@ -347,7 +347,7 @@
* SHOULD implement relevant Bluetooth profiles such as
A2DP, AVRCP, OBEX, HFP, etc. as appropriate for the device.
-If device implementations include support for Bluetooth Low Energy, they:
+If device implementations include support for Bluetooth Low Energy (BLE), they:
* [C-3-1] MUST declare the hardware feature `android.hardware.bluetooth_le`.
* [C-3-2] MUST enable the GATT (generic attribute profile) based Bluetooth
@@ -363,7 +363,8 @@
`BluetoothAdapter.isMultipleAdvertisementSupported()` to indicate
whether Low Energy Advertising is supported.
* [C-3-5] MUST implement a Resolvable Private Address (RPA) timeout no longer
- than 15 minutes and rotate the address at timeout to protect user privacy.
+ than 15 minutes and rotate the address at timeout to protect user privacy
+ when device is actively using BLE for scanning or advertising.
To prevent timing attacks, timeout intervals MUST also be randomized
between 5 and 15 minutes.
* SHOULD support offloading of the filtering logic to the bluetooth chipset
diff --git a/7_hardware-compatibility/7_9_virtual-reality.md b/7_hardware-compatibility/7_9_virtual-reality.md
index ccc9a75..f555d48 100644
--- a/7_hardware-compatibility/7_9_virtual-reality.md
+++ b/7_hardware-compatibility/7_9_virtual-reality.md
@@ -36,12 +36,12 @@
[`GL_EXT_multisampled_render_to_texture2`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_multisampled_render_to_texture2.txt),
[`GL_OVR_multiview`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview.txt),
[`GL_OVR_multiview2`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview2.txt),
- [`GL_OVR_multiview_multisampled_render_to_texture`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview_multisampled_render_to_texture.txt),
[`GL_EXT_protected_textures`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_protected_textures.txt),
and expose the extensions in the list of available GL extensions.
* [C-SR] Are STRONGLY RECOMMENDED to implement
[`GL_EXT_external_buffer`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_external_buffer.txt),
[`GL_EXT_EGL_image_array`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_EGL_image_array.txt),
+ [`GL_OVR_multiview_multisampled_render_to_texture`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview_multisampled_render_to_texture.txt),
and expose the extensions in the list of available GL extensions.
* [C-SR] Are STRONGLY RECOMMENDED to support Vulkan 1.1.
* [C-SR] Are STRONGLY RECOMMENDED to implement
diff --git a/9_security-model/9_9_full-disk-encryption.md b/9_security-model/9_9_full-disk-encryption.md
index cbf4de5..0d89202 100644
--- a/9_security-model/9_9_full-disk-encryption.md
+++ b/9_security-model/9_9_full-disk-encryption.md
@@ -31,9 +31,13 @@
* [C-0-2] MUST enable the data storage encryption by default at the time
the user has completed the out-of-box setup experience.
* [C-0-3] MUST meet the above data storage encryption
-requirement via implementing [File Based Encryption](
-https://source.android.com/security/encryption/file-based.html) (FBE) and
-[Metadata Encryption](https://source.android.com/security/encryption/metadata).
+requirement by implementing one of the following two encryption methods:
+
+ * [File Based Encryption](https://source.android.com/security/encryption/file-based.html)
+ (FBE) and
+ [Metadata Encryption](https://source.android.com/security/encryption/metadata)
+ as described in section 9.9.3.1.
+ * Per-User Block-Level Encryption as described in section 9.9.3.2.
### 9.9.3\. Encryption Methods
@@ -51,6 +55,12 @@
resume on reboot implementation meeting the requirements in
[section 9.9.4](#9_9_4_resume_on_reboot).
* [C-1-4] MUST use Verified Boot.
+
+### 9.9.3.1\. File Based Encryption with Metadata Encryption
+
+If device implementations use File Based Encryption with Metadata Encryption,
+they:
+
* [C-1-5] MUST encrypt file contents and filesystem metadata using
AES-256-XTS or Adiantum. AES-256-XTS refers to the Advanced Encryption Standard
with a 256-bit cipher key length, operated in XTS mode; the full length of the
@@ -94,6 +104,29 @@
File Based Encryption based on the Linux kernel "fscrypt" encryption feature,
and of Metadata Encryption based on the Linux kernel "dm-default-key" feature.
+### 9.9.3.2\. Per-User Block-Level Encryption
+
+If device implementations use per-user block-level encryption, they:
+
+* [C-1-1] MUST enable multi-user support as described in section 9.5.
+* [C-1-2] MUST provide per-user partitions, either using raw partitions or
+logical volumes.
+* [C-1-3] MUST use unique and distinct encryption keys per-user for
+encryption of the underlying block devices.
+* [C-1-4] MUST use AES-256-XTS for block-level encryption of the user
+partitions.
+
+* The keys protecting the per-user block-level encrypted devices:
+
+ * [C-1-5] MUST be cryptographically bound to a hardware-backed Keystore.
+ This keystore MUST be bound to Verified Boot and the device's hardware
+ root of trust.
+ * [C-1-6] MUST be bound to the corresponding user's lock screen
+ credentials.
+
+Per-user block-level encryption can be implemented using the Linux kernel
+“dm-crypt” feature over per-user partitions.
+
### 9.9.4\. Resume on Reboot
Resume on Reboot allows unlocking the CE storage of all apps, including those
