Docs: Create security enhancements list for N
Bug: 26979842
Change-Id: If0881d5534950dca3ddf830c22bb9103d5296975
diff --git a/src/security/enhancements/enhancements70.jd b/src/security/enhancements/enhancements70.jd
new file mode 100644
index 0000000..88d4763
--- /dev/null
+++ b/src/security/enhancements/enhancements70.jd
@@ -0,0 +1,53 @@
+page.title=Security Enhancements in Android 7.0
+@jd:body
+<!--
+ Copyright 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<p>Every Android release includes dozens of security enhancements to protect
+users. Here are some of the major security enhancements available in Android
+7.0:</p>
+
+<ul>
+ <li><strong>File-based encryption</strong>. Encrypting at the file level,
+ instead of encrypting the entire storage area as a single unit, better
+ isolates and protects individual users and profiles (such as personal and
+ work) on a device.</li>
+ <li><strong>Direct Boot</strong>. Enabled by file-based encryption, Direct
+ Boot allows certain apps such as alarm clock and accessibility features to
+ run when device is powered on but not unlocked.</li>
+ <li><strong>Verified Boot</strong>. Verified Boot is now strictly enforced to
+ prevent compromised devices from booting; it supports error correction to
+ improve reliability against non-malicious data corruption.</li>
+ <li><strong>SELinux</strong>. Updated SELinux configuration and increased
+ seccomp coverage further locks down the application sandbox and reduces attack
+ surface.</li>
+ <li><strong>Library load-order randomization and improved ASLR</strong>.
+ Increased randomness makes some code-reuse attacks less reliable.</li>
+ <li><strong>Kernel hardening</strong>. Added additional memory protection for
+ newer kernels by marking portions of kernel memory as read-only, restricting
+ kernel access to userspace addresses and further reducing the existing attack
+ surface.</li>
+ <li><strong>APK signature scheme v2</strong>. Introduced a whole-file signature
+ scheme that improves verification speed and strengthens integrity guarantees.</li>
+ <li><strong>Trusted CA store</strong>. To make it easier for apps to control
+ access to their secure network traffic, user-installed certificate authorities
+ and those installed through Device Admin APIs are no longer trusted by default
+ for apps targeting API Level 24+. Additionally, all new Android devices must
+ ship with the same trusted CA store.</li>
+ <li><strong>Network Security Config</strong>. Configure network security and TLS
+ through a declarative configuration file.</li>
+</ul>
+
diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs
index 798e7e4..19070eb 100644
--- a/src/security/security_toc.cs
+++ b/src/security/security_toc.cs
@@ -32,6 +32,7 @@
</a>
</div>
<ul>
+ <li><a href="<?cs var:toroot ?>security/enhancements/enhancements70.html">Android 7.0</a></li>
<li><a href="<?cs var:toroot ?>security/enhancements/enhancements60.html">Android 6.0</a></li>
<li><a href="<?cs var:toroot ?>security/enhancements/enhancements50.html">Android 5.0</a></li>
<li><a href="<?cs var:toroot ?>security/enhancements/enhancements44.html">Android 4.4</a></li>
