Docs: Changes to source.android.com
- 156773369 Update definition of hash_start by daroberts <daroberts@google.com>
- 156452111 Remove Nexus 7 (2013) from list of supported devices by daroberts <daroberts@google.com>
- 156252062 Correct * in May 2017 security bulletin by daroberts <daroberts@google.com>
- 156195448 Add ANDROID_PRODUCT_OUT and ANDROID_VENDOR_KEYS environme... by claym <claym@google.com>
PiperOrigin-RevId: 156773369
Change-Id: Ice3c53838a8271fd8890a855a86ba57ff6015b0d
diff --git a/en/security/bulletin/2016-10-01.html b/en/security/bulletin/2016-10-01.html
index caaa232..ae196ad 100644
--- a/en/security/bulletin/2016-10-01.html
+++ b/en/security/bulletin/2016-10-01.html
@@ -2062,7 +2062,7 @@
the table will have “All Nexus” in the <em>Updated Nexus devices</em> column.
“All Nexus” encapsulates the following <a
href="https://support.google.com/nexus/answer/4457705#nexus_devices">supported
- devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9,
+ devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9,
Android One, Nexus Player and Pixel C.</li>
<li><strong>Some Nexus devices</strong>: If an issue doesn’t affect all Nexus
devices, the affected Nexus devices are listed in the <em>Updated Nexus
diff --git a/en/security/bulletin/2016-11-01.html b/en/security/bulletin/2016-11-01.html
index efc9390..463f3aa 100644
--- a/en/security/bulletin/2016-11-01.html
+++ b/en/security/bulletin/2016-11-01.html
@@ -2319,7 +2319,7 @@
devices, the table will have "All" in the <em>Updated Google devices</em>
column. "All" encapsulates the following
<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
- devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9,
+ devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9,
Android One, Nexus Player, Pixel C, Pixel, and Pixel XL.</li>
<li><strong>Some Google devices</strong>: If an issue doesn't affect all Google
devices, the affected Google devices are listed in the <em>Updated Google
diff --git a/en/security/bulletin/2016-12-01.html b/en/security/bulletin/2016-12-01.html
index 6043969..afdf5f1 100644
--- a/en/security/bulletin/2016-12-01.html
+++ b/en/security/bulletin/2016-12-01.html
@@ -2041,7 +2041,7 @@
devices, the table will have "All" in the <em>Updated Google devices</em>
column. "All" encapsulates the following <a
href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
- devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9,
+ devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9,
Android One, Nexus Player, Pixel C, Pixel, and Pixel XL.</li>
<li><strong>Some Google devices</strong>: If an issue doesn't affect all Google
devices, the affected Google devices are listed in the <em>Updated Google
diff --git a/en/security/bulletin/2017-01-01.html b/en/security/bulletin/2017-01-01.html
index b605e8a..c3ac2dd 100644
--- a/en/security/bulletin/2017-01-01.html
+++ b/en/security/bulletin/2017-01-01.html
@@ -2465,7 +2465,7 @@
devices, the table will have "All" in the <em>Updated Google devices</em>
column. "All" encapsulates the following <a
href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
- devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One,
+ devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One,
Nexus Player, Pixel C, Pixel, and Pixel XL.</li>
<li><strong>Some Google devices</strong>: If an issue doesn't affect all Google
devices, the affected Google devices are listed in the <em>Updated Google
diff --git a/en/security/bulletin/2017-02-01.html b/en/security/bulletin/2017-02-01.html
index 4c919af..2bc221f 100644
--- a/en/security/bulletin/2017-02-01.html
+++ b/en/security/bulletin/2017-02-01.html
@@ -1789,7 +1789,7 @@
devices, the table will have "All" in the <em>Updated Google devices</em>
column. "All" encapsulates the following <a
href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
- devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One,
+ devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One,
Nexus Player, Pixel C, Pixel, and Pixel XL.</li>
<li><strong>Some Google devices</strong>: If an issue doesn't affect all Google
devices, the affected Google devices are listed in the <em>Updated Google
diff --git a/en/security/bulletin/2017-03-01.html b/en/security/bulletin/2017-03-01.html
index c5bbf05..fea5591 100644
--- a/en/security/bulletin/2017-03-01.html
+++ b/en/security/bulletin/2017-03-01.html
@@ -2704,7 +2704,7 @@
devices, the table will have "All" in the <em>Updated Google devices</em>
column. "All" encapsulates the following <a
href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
-devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One,
+devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One,
Nexus Player, Pixel C, Pixel, and Pixel XL.</li>
<li><strong>Some Google devices</strong>: If an issue doesn't affect all Google
devices, the affected Google devices are listed in the <em>Updated Google
diff --git a/en/security/bulletin/2017-04-01.html b/en/security/bulletin/2017-04-01.html
index f5a9bd4..446616e 100644
--- a/en/security/bulletin/2017-04-01.html
+++ b/en/security/bulletin/2017-04-01.html
@@ -2636,7 +2636,7 @@
devices, the table will have "All" in the <em>Updated Google devices</em>
column. "All" encapsulates the following <a
href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
- devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One,
+ devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One,
Nexus Player, Pixel C, Pixel, and Pixel XL.</li>
<li><strong>Some Google devices</strong>: If an issue doesn't affect all Google
devices, the affected Google devices are listed in the <em>Updated Google
diff --git a/en/security/bulletin/2017-05-01.html b/en/security/bulletin/2017-05-01.html
index bafb90e..b3e9a68 100644
--- a/en/security/bulletin/2017-05-01.html
+++ b/en/security/bulletin/2017-05-01.html
@@ -987,7 +987,7 @@
<tr>
<th>CVE</th>
<th>References</th>
- <th>Severity</th>
+ <th>Severity*</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
@@ -1032,10 +1032,6 @@
<a href="https://developers.google.com/android/nexus/drivers">
Google Developer site</a>.</p>
-<p>*** Supported Google devices on Android 7.1.1 or later that have installed all
-available updates are not affected by this vulnerability.</p>
-
-
<h3 id="rce-in-libxml2">Remote code execution vulnerability in libxml2</h3>
<p>A remote code execution vulnerability in libxml2 could enable an attacker to
@@ -2771,7 +2767,7 @@
<tr>
<th>CVE</th>
<th>References</th>
- <th>Severity</th>
+ <th>Severity*</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
diff --git a/en/security/verifiedboot/dm-verity.html b/en/security/verifiedboot/dm-verity.html
index 65e2cc2..763b2e4 100644
--- a/en/security/verifiedboot/dm-verity.html
+++ b/en/security/verifiedboot/dm-verity.html
@@ -128,8 +128,8 @@
<p>Build the dm-verity mapping table, which identifies the block device (or target)
for the kernel and the location of the hash tree (which is the same value.) This
mapping is used for <code>fstab</code> generation and booting. The table also identifies
-the size of the blocks and the hash_start, or the offset in hash size blocks
-(length of layer 0).</p>
+the size of the blocks and the hash_start, the start location of the hash tree
+(specifically, its block number from the beginning of the image).</p>
<p>See <a href="https://code.google.com/p/cryptsetup/wiki/DMVerity">cryptsetup</a> for a
detailed description of the verity target mapping table fields.</p>
diff --git a/en/source/add-device.html b/en/source/add-device.html
index 783fd6f..d9f42f8 100644
--- a/en/source/add-device.html
+++ b/en/source/add-device.html
@@ -417,5 +417,48 @@
</tbody>
</table>
+<h3 id="ANDROID_VENDOR_KEYS">Set ANDROID_VENDOR_KEYS to connect over USB</h3>
+
+<p>The <code>ANDROID_VENDOR_KEYS</code> environment variable enables device
+manufacturers to access production builds over <code>adb</code>. Generate a key
+for each release that every device will accept, store those internally (such as at
+<code>vendor/oem-name/security/adb/</code>), and then use
+<code>ANDROID_VENDOR_KEYS</code> to tell <code>adb</code> to use these canonical
+keys rather than random keys.</p>
+
+<p>Use the <code>ANDROID_VENDOR_KEYS</code> environment variable to
+point to the directory containing the generated <code>adb</code> public and
+private keys used for encryption. The private key is stored in file. The public
+key is stored in file.pub. The <code>ANDROID_VENDOR_KEYS</code> environment
+variable points to a file or directory where the generated key pairs are
+stored.</p>
+
+<p>This variable is set to a file or directory that contains 2048-bit RSA
+authentication key pairs generated with the <code>adb keygen</code> file command.
+These key pairs are in addition to the RSA key pairs generated by the ADB
+server. An RSA key pair is needed when you use <code>adb</code> to connect over
+USB for the first time.</p>
+
+<p>You must accept the host computer's RSA key to explicitly grant
+<code>adb</code> access to the device. By default key pairs generated by the
+ADB server are stored in the following key store directories as
+<code>adbkey</code> (private key) and <code>adbkey.pub</code> (public key):</p>
+
+<p>For file locations, on MacOS, this will likely be:
+<code>$HOME/.android</code>. On Windows and Linux, this will be:
+<code>%USERPOFILE%\.android</code>. On Windows, RSA authentication keys can
+also be in <code>C:\Windows\System32\config\systemprofile\.android</code> in
+some cases. When the ADB server needs a key, it first searches the ADB server
+key store directory. If no keys are found, it then checks the
+<code>ANDROID_VENDOR_KEYS</code> environment variable. If no keys are found,
+the local ADB server generates and saves a new key pair in the ADB server key
+store directory.</p>
+
+<p class="note"><strong>Note:</strong> You can override the default directory
+where the ADB server stores RSA keys by setting the
+<code>ANDROID_SDK_HOME</code> environment variable. On the device, keys are
+stored in the <code>/data/misc/adb/adb_keys/</code> file, and new authorized
+keys are appended to the same file as you accept them.</p>
+
</body>
</html>
