Merge "Docs: Resolving bug on 7.3 C-1-2" into pi-dev
diff --git a/2_device-types/2_2_handheld-reqs.md b/2_device-types/2_2_handheld-reqs.md
index 810715e..5f079ac 100644
--- a/2_device-types/2_2_handheld-reqs.md
+++ b/2_device-types/2_2_handheld-reqs.md
@@ -351,11 +351,15 @@
performance of at least 15 MB/s.
* [[8.2](#8_2_file-io-access-performance)/H-0-4] MUST ensure a random read
performance of at least 3.5 MB/s.
-* [[8.3](#8_3_power-saving-modes)/H-0-1] All Apps exempted from App Standby
-and Doze power-saving modes MUST be made visible to the end user.
-* [[8.3](#8_3_power-saving-modes)/H-0-2] The triggering, maintenance, wakeup
-algorithms and the use of global system settings of App Standby and Doze
-power-saving modes MUST not deviate from the Android Open Source Project.
+
+If Handheld device implementations include features to improve device power
+management that are included in AOSP or extend the features that are included
+in AOSP, they:
+
+* [[8.3](#8_3_power-saving-modes)/H-1-1] MUST provide user affordance to enable
+ and disable the battery saver feature.
+* [[8.3](#8_3_power-saving-modes)/H-1-2] MUST provide user affordance to display
+ all apps that are exempted from App Standby and Doze power-saving modes.
Handheld device implementations:
diff --git a/2_device-types/2_3_television-reqs.md b/2_device-types/2_3_television-reqs.md
index 5ce2b20..0856947 100644
--- a/2_device-types/2_3_television-reqs.md
+++ b/2_device-types/2_3_television-reqs.md
@@ -224,7 +224,7 @@
* [[3.12](#3_12_tv-input-framework)/T-0-1] MUST support TV Input Framework.
-### 2.2.4\. Performance and Power
+### 2.3.4\. Performance and Power
* [[8.1](#8_1_user-experience-consistency)/T-0-1] **Consistent frame latency**.
Inconsistent frame latency or a delay to render frames MUST NOT happen more
@@ -238,12 +238,14 @@
* [[8.2](#8_2_file-io-access-performance)/T-0-4] MUST ensure a random read
performance of at least 3.5MB/s.
+If Television device implementations include features to improve device power
+management that are included in AOSP or extend the features that are included
+in AOSP, they:
-* [[8.3](#8_3_power-saving-modes)/T-0-1] All apps exempted from App Standby
-and Doze power-saving modes MUST be made visible to the end user.
-* [[8.3](#8_3_power-saving-modes)/T-0-2] The triggering, maintenance, wakeup
-algorithms and use of global system settings of App Standby and Doze
-power-saving modes MUST not deviate from the Android Open Source Project.
+* [[8.3](#8_3_power-saving-modes)/T-1-1] MUST provide user affordance to enable
+ and disable the battery saver feature.
+* [[8.3](#8_3_power-saving-modes)/T-1-2] MUST provide user affordance to display
+ all apps that are exempted from App Standby and Doze power-saving modes.
Television device implementations:
diff --git a/2_device-types/2_4_watch-reqs.md b/2_device-types/2_4_watch-reqs.md
index 99468a9..aa5912a 100644
--- a/2_device-types/2_4_watch-reqs.md
+++ b/2_device-types/2_4_watch-reqs.md
@@ -81,11 +81,21 @@
### 2.4.4\. Performance and Power
+If Watch device implementations include features to improve device power
+management that are included in AOSP or extend the features that are included
+in AOSP, they:
+
+* [[8.3](#8_3_power-saving-modes)/W-SR] Are STRONGLY RECOMMENDED to provide
+ user affordance to display all apps that are exempted from App Standby and
+ Doze power-saving modes.
+* [[8.3](#8_3_power-saving-modes)/W-SR] Are STRONGLY RECOMMENDED to provide
+ user affordance to enable and disable the battery saver feature.
+
Watch device implementations:
* [[8.4](#8_4_power-consumption-accounting)/W-0-1] MUST provide a
per-component power profile that defines the [current consumption value](
-http://source.android.com/devices/tech/power/values.html)
+http://source.android.com/devices/tech/power/values.html).
for each hardware component and the approximate battery drain caused by the
components over time as documented in the Android Open Source Project site.
* [[8.4](#8_4_power-consumption-accounting)/W-0-2] MUST report all power
diff --git a/2_device-types/2_5_automotive-reqs.md b/2_device-types/2_5_automotive-reqs.md
index f3cf08b..9246a37 100644
--- a/2_device-types/2_5_automotive-reqs.md
+++ b/2_device-types/2_5_automotive-reqs.md
@@ -251,6 +251,15 @@
### 2.5.4\. Performance and Power
+If Automotive device implementations include features to improve device power
+management that are included in AOSP or extend the features that are included
+in AOSP, they:
+
+* [[8.3](#8_3_power-saving-modes)/A-1-1] MUST provide user affordance to enable
+ and disable the battery saver feature.
+* [[8.3](#8_3_power-saving-modes)/A-1-2] MUST provide user affordance to display
+ all apps that are exempted from App Standby and Doze power-saving modes.
+
Automotive device implementations:
* [[8.2](#8.2_File I/O Access Performance)/A-0-1] MUST report the number of
@@ -258,11 +267,6 @@
stats are available to developers through System API
`android.car.storagemonitoring.CarStorageMonitoringManager`. The Android Open
Source Project meets the requirement through the `uid_sys_stats` kernel module.
-* [[8.3](#8_3_power-saving-modes)/A-0-1] All Apps exempted from App Standby
-and Doze power-saving modes MUST be made visible to the end user.
-* [[8.3](#8_3_power-saving-modes)/A-0-2] The triggering, maintenance, wakeup
-algorithms and the use of global system settings of App Standby and Doze
-power-saving modes MUST not deviate from the Android Open Source Project.
* [[8.4](#8_4_power-consumption-accounting)/A-0-1] MUST provide a
per-component power profile that defines the [current consumption value](
http://source.android.com/devices/tech/power/values.html)
@@ -281,7 +285,7 @@
http://source.android.com/devices/tech/power/batterystats.html)
shell command to the app developer.
-### 2.5.6\. Security Model
+### 2.5.5\. Security Model
If Automotive device implementations support multiple users, they:
diff --git a/3_software/3_15_instant-apps.md b/3_software/3_15_instant-apps.md
index f8d290f..1091e81 100644
--- a/3_software/3_15_instant-apps.md
+++ b/3_software/3_15_instant-apps.md
@@ -3,8 +3,9 @@
Device implementations MUST satisfy the following requirements:
* [C-0-1] Instant Apps MUST only be granted permissions that have the
- [`android:protectionLevel`](https://developer.android.com/guide/topics/manifest/permission-element.html#plevel)
- set to `"ephemeral"`.
+ [`android:protectionLevel`](
+ https://developer.android.com/reference/android/R.attr#protectionLevel)
+ set to `"instant"`.
* [C-0-2] Instant Apps MUST NOT interact with installed apps via [implicit intents](https://developer.android.com/reference/android/content/Intent.html)
unless one of the following is true:
* The component's intent pattern filter is exposed and has CATEGORY_BROWSABLE
diff --git a/3_software/3_2_soft-api-compatibility.md b/3_software/3_2_soft-api-compatibility.md
index 9b05496..169347b 100644
--- a/3_software/3_2_soft-api-compatibility.md
+++ b/3_software/3_2_soft-api-compatibility.md
@@ -270,8 +270,9 @@
* [C-0-1] As Android is an extensible platform, device implementations MUST
allow each intent pattern referenced in [section 3.2.3.1](#3_2_3_1_core_application_intents)
-to be overridden by third-party applications. The upstream Android open source
-implementation allows this by default.
+, except for Settings, to be overridden by third-party applications. The
+upstream Android open source implementation allows this by default.
+
* [C-0-2] Dvice implementers MUST NOT attach special privileges to system
applications' use of these intent patterns, or prevent third-party applications
from binding to and assuming control of these patterns. This prohibition
diff --git a/3_software/3_5_api-behavioral-compatibility.md b/3_software/3_5_api-behavioral-compatibility.md
index 1b3a18e..0d51391 100644
--- a/3_software/3_5_api-behavioral-compatibility.md
+++ b/3_software/3_5_api-behavioral-compatibility.md
@@ -1,5 +1,14 @@
## 3.5\. API Behavioral Compatibility
+Device implementations:
+
+* [C-0-9] MUST ensure that API behavioral compatibility is applied for all
+installed apps unless they are restricted as described in
+[Section 3.5.1](#3_5_1-background-restriction).
+* [C-0-10] MUST NOT implement the whitelisting approach that ensures API
+behavioral compatibility only for apps that are selected by device
+implementers.
+
The behaviors of each of the API types (managed, soft, native, and web) must be
consistent with the preferred implementation of the upstream
[Android Open Source Project](http://source.android.com/). Some specific areas
@@ -67,3 +76,38 @@
with the Android Open Source Project. For this reason, device implementers
SHOULD use the source code available via the Android Open Source Project where
possible, rather than re-implement significant parts of the system.
+
+## 3.5.1\. Background Restriction
+
+If device implementations implement the app restrictions that are included in
+AOSP or extend the app restrictions, they:
+
+* [C-1-1] MUST provide user affordance where the user can see the list of
+restricted apps.
+* [C-1-2] MUST provide user affordance to turn on / off the restrictions
+on each app.
+* [C-1-3] MUST not automatically apply restrictions without evidence of poor
+system health behaviour, but MAY apply the restrictions on apps upon detection
+of poor system health behaviour like stuck wakelocks, long running services, and
+other criteria. The criteria MAY be determined by device implementers but MUST
+be related to the app’s impact on the system health. Other criteria that is not
+purely related to the system health, such as the app’s lack of popularity in
+the market, MUST NOT be used as criteria.
+* [C-1-4] MUST not automatically apply app restrictions for apps when a user
+has turned off app restrictions manually, and MAY suggest the user to apply
+app restrictions.
+* [C-1-5] MUST inform users if app restrictions are applied to an app
+automatically.
+* [C-1-6] MUST return `true` for [`ActivityManager.isBackgroundRestricted()`](
+https://developer.android.com/reference/android/app/ActivityManager.html#isBackgroundRestricted%28%29)
+when the restricted app calls this API.
+* [C-1-7] MUST NOT restrict the top foreground app that is explicitly used
+by the user.
+* [C-1-8] MUST suspend restrictions on an app that becomes the top foreground
+application when the user explicitly starts to use the app that used to be
+restricted.
+* [C-1-9] MUST report all app restriction events via [`UsageStats`](
+https://developer.android.com/reference/android/app/usage/UsageStats). If device
+implementations extend the app restrictions that are implemented in AOSP, MUST
+follow the implementation described in [this document](
+https://souce.android.com/devices/tech/power/app_mgmt.html).
\ No newline at end of file
diff --git a/7_hardware-compatibility/7_3_sensors.md b/7_hardware-compatibility/7_3_sensors.md
index e9d5af0..b452eff 100644
--- a/7_hardware-compatibility/7_3_sensors.md
+++ b/7_hardware-compatibility/7_3_sensors.md
@@ -228,7 +228,7 @@
in GnssStatus messages), with the exception of SBAS.
* [SR] Report AGC, and Frequency of GNSS measurement.
* [SR] Report all accuracy estimates (including Bearing, Speed, and Vertical)
-as part of each GPS Location.
+as part of each GPS/GNSS location.
* [SR] are STRONGLY RECOMMENDED to meet as many as possible from the
additional mandatory requirements for devices reporting the year "2016" or
"2017" through the Test API `LocationManager.getGnssYearOfHardware()`.
@@ -238,9 +238,9 @@
`LocationManager.getGnssYearOfHardware()` Test API reports the year "2016" or
newer, they:
-* [C-2-1] MUST report GPS measurements, as soon as they are found, even if a
+* [C-2-1] MUST report GNSS measurements, as soon as they are found, even if a
location calculated from GPS/GNSS is not yet reported.
-* [C-2-2] MUST report GPS pseudoranges and pseudorange rates, that, in
+* [C-2-2] MUST report GNSS pseudoranges and pseudorange rates, that, in
open-sky conditions after determining the location, while stationary or moving
with less than 0.2 meter per second squared of acceleration, are sufficient to
calculate position within 20 meters, and speed within 0.2 meters per second,
@@ -258,7 +258,7 @@
GnssStatus messages), with the exception of SBAS.
* [C-3-3] MUST report AGC, and Frequency of GNSS measurement.
* [C-3-4] MUST report all accuracy estimates (including Bearing, Speed, and
-Vertical) as part of each GPS Location.
+Vertical) as part of each GPS/GNSS location.
If device implementations include a GPS/GNSS receiver and report the capability
to applications through the `android.hardware.location.gps` feature flag and the
diff --git a/8_performance-and-power/8_3_power-saving-modes.md b/8_performance-and-power/8_3_power-saving-modes.md
index db5767f..f5d90ba 100644
--- a/8_performance-and-power/8_3_power-saving-modes.md
+++ b/8_performance-and-power/8_3_power-saving-modes.md
@@ -1,12 +1,30 @@
## 8.3\. Power-Saving Modes
-Android includes App Standby and Doze power-saving modes to optimize battery
-usage.
-* [SR] All Apps exempted from these modes are STRONGLY RECOMMENDED to be made
-visible to the end user.
-* [SR] The triggering, maintenance, wakeup algorithms and the use of
-global system settings of these power-saving modes are STRONGLY RECOMMENDED NOT
-to deviate from the Android Open Source Project.
+If device implementations include features to improve device power management
+that are included in AOSP or extend the features that are included in AOSP,
+they:
+
+* [C-1-1] MUST NOT deviate from the AOSP implementation for the triggering,
+ maintenance, wakeup algorithms and the use of global system settings of App
+ Standby and Doze power-saving modes.
+* [C-1-2] MUST NOT deviate from the AOSP implementation for the use of global
+ settings to manage the throttling of jobs, alarm and network for apps in
+ each bucket for App standby.
+* [C-1-3] MUST NOT deviate from the AOSP implementation for the number of the
+ [App Standby Buckets](
+ https://developer.android.com/topic/performance/appstandby) used for App
+ Standby.
+* [C-1-4] MUST implement [App Standby Buckets](
+ https://developer.android.com/topic/performance/appstandby) and Doze as
+ described in [Power Management](
+ https://source.android.com/devices/tech/power/mgmt).
+* [C-1-5] MUST return `true` for [`PowerManager.isPowerSaveMode()`](
+ https://developer.android.com/reference/android/os/PowerManager#isPowerSaveMode%28%29)
+ when the device is on power save mode.
+* [C-SR] Are STRONGLY RECOMMENDED to provide user affordance to enable and
+ disable the battery saver feature.
+* [C-SR] Are STRONGLY RECOMMENDED to provide user affordance to display all
+ Apps that are exempted from App Standby and Doze power-saving modes.
In addition to the power-saving modes, Android device implementations MAY
implement any or all of the 4 sleeping power states as defined by the Advanced
diff --git a/9_security-model/9_9_full-disk-encryption.md b/9_security-model/9_9_full-disk-encryption.md
index 1fd7378..60e39ba 100644
--- a/9_security-model/9_9_full-disk-encryption.md
+++ b/9_security-model/9_9_full-disk-encryption.md
@@ -1,22 +1,23 @@
## 9.9\. Data Storage Encryption
-If device implementations support a secure lock screen as described in
-[section 9.11.1](#9_11_1_secure_lock_screen), they:
+If Advanced Encryption Standard (AES) crypto performance, measured with the most
+performant AES technology available on the device (e.g. the ARM Cryptography
+Extensions), is above 50 MiB/sec, device implementations:
* [C-1-1] MUST support data storage encryption of the application private
-data (`/data partition`), as well as the application shared storage partition
-(`/sdcard partition`) if it is a permanent, non-removable part of the device.
+data (`/data` partition), as well as the application shared storage partition
+(`/sdcard` partition) if it is a permanent, non-removable part of the device,
+except for device implementations that are typically shared (e.g.
+Television).
+* [C-1-2] MUST enable the data storage encryption by default at the time
+the user has completed the out-of-box setup experience, except for device
+implementations that are typically shared (e.g. Television).
-If device implementations support a secure lock screen as described in
-[section 9.11.1](#9_11_1_secure_lock_screen) and support data storage
-encryption with Advanced Encryption Standard (AES) crypto performance
-above 50MiB/sec, they:
+If device implementations are already launched on an earlier Android version
+and cannot meet the requirement through a system software update, they MAY be
+exempted from the above requirements.
-* [C-2-1] MUST enable the data storage encryption by default at the time
-the user has completed the out-of-box setup experience. If device
-implementations are already launched on an earlier Android version with
-encryption disabled by default, such a device cannot meet the requirement
-through a system software update and thus MAY be exempted.
+Device implementations:
* SHOULD meet the above data storage encryption
requirement via implementing [File Based Encryption](
@@ -52,10 +53,11 @@
without either the user-supplied credentials or a registered escrow key.
* [C-1-4] MUST support Verified Boot and ensure that DE keys are
cryptographically bound to the device's hardware root of trust.
-* [C-1-5] MUST support encrypting file contents using AES with a key length
-of 256-bits in XTS mode.
-* [C-1-6] MUST support encrypting file name using AES with a key length of
-256-bits in CBC-CTS mode.
+* [C-1-5] MUST support encrypting file contents using AES-256-XTS.
+AES-256-XTS refers to the Advanced Encryption Standard with
+a 256-bit key length, operated in XTS mode. The full length of the XTS key
+is 512 bits.
+* [C-1-6] MUST support encrypting file names using AES-256 in CBC-CTS mode.
* The keys protecting CE and DE storage areas:
@@ -86,12 +88,12 @@
http://source.android.com/devices/tech/security/encryption/index.html)
(FDE), they:
-* [C-1-1] MUST use AES with a key of 128-bits (or greater) and a mode
-designed for storage (for example, AES-XTS, AES-CBC-ESSIV).
+* [C-1-1] MUST use AES in a mode designed for storage (for example, XTS
+or CBC-ESSIV), and with a cipher key length of 128 bits or greater.
* [C-1-2] MUST use a default passcode to wrap the encryption key and
MUST NOT write the encryption key to storage at any time
without being encrypted.
- * [C-1-3] MUST AES encrypt the encryption key by default unless the user
+* [C-1-3] MUST AES encrypt the encryption key by default unless the user
explicitly opts out, except when it is in active use, with the lock screen
credentials stretched using a slow stretching algorithm
(e.g. PBKDF2 or scrypt).
