Google Git
Sign in
android / platform / compatibility / cdd / e662d8f^! / .
commite662d8f1e421100fb06deadf5d57a7b1bbcdabbd[log] [tgz]
authorHunter Knepshield <hknepshield@google.com>Wed May 27 11:11:51 2020 -0700
committerHunter Knepshield <hknepshield@google.com>Tue Aug 18 05:35:28 2020 +0000
tree5777da84130c6d23a3c3b9ad8f967883ef1c0cd1
parent81c3a778806fe4d1ae58d107eaba06910e8d1211 [diff]
CDD: Requirements for Connectivity bug reports.

This new type of bug report is well-defined starting with Android R, and
is intended to capture information relevant to connectivity (telephony,
wi-fi, and networking) debugging without including unnecessary PII.

Bug: 145145343
Change-Id: Ie6e320482aaf07ca0b739a14ce627d6545367aa3

diff --git a/9_security-model/9_8_privacy.md b/9_security-model/9_8_privacy.md
index d445ca3..71d1b94 100644
--- a/9_security-model/9_8_privacy.md
+++ b/9_security-model/9_8_privacy.md

@@ -223,3 +223,39 @@
     about the other installed app through the managed APIs. This includes but is
     not limited to details exposed by any custom APIs added by the device
     implementer, or accessible via the filesystem.
+
+### 9.8.10\. Connectivity Bug Report
+
+If device implementations generate bug reports using System API
+`BUGREPORT_MODE_TELEPHONY` with BugreportManager, they:
+
+*   [C-1-1] MUST obtain user consent every time the System API
+    `BUGREPORT_MODE_TELEPHONY` is called to generate a report and MUST NOT
+    prompt the user to consent to all future requests from the application.
+*   [C-1-2] MUST display and obtain explicit user consent when the reports are
+    starting to be generated and MUST NOT return the generated report
+    to the requesting app without explicit user consent.
+*   [C-1-3] MUST generate requested reports containing at least the following
+    information:
+    *   TelephonyDebugService dump
+    *   TelephonyRegistry dump
+    *   WifiService dump
+    *   ConnectivityService dump
+    *   A dump of the calling package's CarrierService instance (if bound)
+    *   Radio log buffer
+*   [C-1-4] MUST NOT include the following in the generated reports:
+    *   Any kind of information unrelated to connectivity debugging.
+    *   Any kind of user-installed application traffic logs or detailed profiles
+        of user-installed applications/packages (UIDs are okay, package names
+        are not).
+*   MAY include additional information that is not associated with any user
+    identity. (e.g. vendor logs).
+
+If device implementations include additional information (e.g vendor logs) in
+the bug report and that information has privacy/security/battery/storage/memory
+impact, they:
+
+*   [C-SR] Are STRONGLY RECOMMENDED to have a developer setting defaulted to
+    disabled. The AOSP meets this by providing the
+    `Enable verbose vendor logging` option in developer settings to include
+    additional device-specific vendor logs in the bug reports.
\ No newline at end of file