Merge "Docs: Changes to source.android.com"
diff --git a/README.txt b/README.txt
index fa36971..aaa8a2a 100644
--- a/README.txt
+++ b/README.txt
@@ -1,5 +1,7 @@
# HOW TO UPDATE SOURCE.ANDROID.COM #
+Googlers, please see: go/sac-guide
+
The source.android.com site contains tutorials, references, and other
information related to the Android Open Source Project (AOSP). To report an
issue with the documentation on source.android.com, please file a bug at:
diff --git a/en/_index.yaml b/en/_index.yaml
index deaf935..c99beff 100644
--- a/en/_index.yaml
+++ b/en/_index.yaml
@@ -60,6 +60,14 @@
image_path: /images/android_stack.png
- heading: News
items:
+ - heading: July Android Security Bulletin
+ description: >
+ The July 2017 Android Security Bulletin has been published along with
+ links to associated fixes and new build numbers to support the July
+ Android security release.
+ buttons:
+ - label: July 6th, 2017
+ path: /security/bulletin/2017-07-01
- heading: Updated Debugging Docs
description: >
Debugging documentation has been updated with details on using
@@ -76,14 +84,6 @@
buttons:
- label: May 3rd, 2017
path: /source/devices#960hikey
- - heading: May Android Security Bulletin
- description: >
- The May 2017 Android Security Bulletin has been published along with
- links to associated fixes and new build numbers to support the May
- Android security release.
- buttons:
- - label: May 2nd, 2017
- path: /security/bulletin/2017-05-01
- heading: Evaluating Performance in Detail
description: >
Detailed instructions now exist for understanding and examining the
diff --git a/en/compatibility/7.1/android-7.1-cdd.html b/en/compatibility/7.1/android-7.1-cdd.html
index 433b1cb..8284962 100644
--- a/en/compatibility/7.1/android-7.1-cdd.html
+++ b/en/compatibility/7.1/android-7.1-cdd.html
@@ -1,11 +1,11 @@
-<!DOCTYPE html>
-<html>
- <head>
- <title>
- Android 7.1 Compatibility Definition
- </title>
- <link href="/compatibility/android-cdd.css" rel="stylesheet" type="text/css"/>
- </head>
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>
+ Android 7.0, (N) Compatibility Definition
+ </title>
+ <link href="/compatibility/android-cdd.css" rel="stylesheet" type="text/css" />
+ <meta charset="utf-8" />
+ </head>
<body>
<h6>
Table of Contents
@@ -1228,7 +1228,7 @@
SECURITY_PATCH
</td>
<td>
- A value indicating the security patch level of a build. It MUST signify that the build includes all security patches issued up through the designated Android Public Security Bulletin. It MUST be in the format [YYYY-MM-DD], matching one of the Android Security Patch Level strings of the <a href="source.android.com/security/bulletin">Public Security Bulletins</a> , for example "2015-11-01".
+ A value indicating the security patch level of a build. It MUST signify that the build is not in any way vulnerable to any of the issues described up through the designated Android Public Security Bulletin. It MUST be in the format [YYYY-MM-DD], matching a defined string documented in the <a href="source.android.com/security/bulletin">Android Public Security Bulletin</a> or in the <a href="http://source.android.com/security/advisory">Android Security Advisory</a> , for example "2015-11-01".
</td>
</tr>
<tr>
@@ -2032,10 +2032,6 @@
</li>
<li>Device implementations that include support for lock screen MAY support application widgets on the lock screen.
</li>
- <li>SHOULD trigger the fast-switch action between the two most recently used apps, when the recents function key is tapped twice.
- </li>
- <li>SHOULD trigger the split-screen multiwindow-mode, if supported, when the recents functions key is long pressed.
- </li>
</ul>
<h3 id="3_8_3_notifications">
3.8.3. Notifications
@@ -2093,9 +2089,9 @@
Device implementations that support the DND (Do not Disturb) feature MUST meet the following requirements:
</p>
<ul>
- <li>MUST implement an activity where the user can grant or deny the app access to DND policy configurations in response to the intent <a href="https://developer.android.com/reference/android/provider/Settings.html#ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS">ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS</a> .
+ <li>MUST implement an activity that would respond to the intent <a href="https://developer.android.com/reference/android/provider/Settings.html#ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS">ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS</a> , which for implementations with UI_MODE_TYPE_NORMAL it MUST be an activity where the user can grant or deny the app access to DND policy configurations.
</li>
- <li>MUST display <a href="https://developer.android.com/reference/android/app/NotificationManager.html#addAutomaticZenRule%28android.app.AutomaticZenRule%29">Automatic DND rules</a> created by applications alongside the user-created and pre-defined rules.
+ <li>MUST, for when the device implementation has provided a means for the user to grant or deny third-party apps to access the DND policy configuration, display <a href="https://developer.android.com/reference/android/app/NotificationManager.html#addAutomaticZenRule%28android.app.AutomaticZenRule%29">Automatic DND rules</a> created by applications alongside the user-created and pre-defined rules.
</li>
<li>MUST honor the <a href="https://developer.android.com/reference/android/app/NotificationManager.Policy.html#suppressedVisualEffects"><code>suppressedVisualEffects</code></a> values passed along the <a href="https://developer.android.com/reference/android/app/NotificationManager.Policy.html#NotificationManager.Policy%28int,%20int,%20int,%20int%29"><code>NotificationManager.Policy</code></a> and if an app has set any of the SUPPRESSED_EFFECT_SCREEN_OFF or SUPPRESSED_EFFECT_SCREEN_ON flags, it SHOULD indicate to the user that the visual effects are suppressed in the DND settings menu.
</li>
@@ -2184,7 +2180,7 @@
<ul>
<li>MUST support at least up to 20 displayed activities.
</li>
- <li>SHOULD display the titles of at least 4 activities at a time.
+ <li>SHOULD at least display the title of 4 activities at a time.
</li>
<li>MUST implement the <a href="http://developer.android.com/about/versions/android-5.0.html#ScreenPinning">screen pinning behavior</a> and provide the user with a settings menu to toggle the feature.
</li>
@@ -2196,6 +2192,10 @@
</li>
<li>MAY display affiliated recents as a group that moves together.
</li>
+ <li>SHOULD trigger the fast-switch action between the two most recently used apps, when the recents function key is tapped twice.
+ </li>
+ <li>SHOULD trigger the split-screen multiwindow-mode, if supported, when the recents functions key is long pressed.
+ </li>
</ul>
<p>
Device implementations are STRONGLY RECOMMENDED to use the upstream Android user interface (or a similar thumbnail-based interface) for the overview screen.
@@ -2566,7 +2566,7 @@
Device implementations MUST install and run Android “.apk” files as generated by the “aapt” tool included in the <a href="http://developer.android.com/tools/help/index.html">official Android SDK</a> . For this reason device implementations SHOULD use the reference implementation’s package management system.
</p>
<p>
- The package manager MUST support verifying “.apk” files using the <a href="https://source.android.com/security/apksigning/v2.html">APK Signature Scheme v2</a> .
+ The package manager MUST support verifying “.apk” files using the <a href="https://source.android.com/security/apksigning/v2.html">APK Signature Scheme v2</a> and <a href="https://source.android.com/security/apksigning/v2.html#v1-verification">JAR signing</a> .
</p>
<p>
Devices implementations MUST NOT extend either the <a href="http://developer.android.com/guide/components/fundamentals.html">.apk</a> , <a href="http://developer.android.com/guide/topics/manifest/manifest-intro.html">Android Manifest</a> , <a href="https://android.googlesource.com/platform/dalvik/">Dalvik bytecode</a> , or RenderScript bytecode formats in such a way that would prevent those files from installing and running correctly on other compatible devices.
@@ -4540,17 +4540,22 @@
<h4 id="7_1_1_2_screen_aspect_ratio">
7.1.1.2. Screen Aspect Ratio
</h4>
- <div class="note">
- Android Watch devices MAY have an aspect ratio of 1.0 (1:1).
- </div>
<p>
- The screen aspect ratio MUST be a value from 1.3333 (4:3) to 1.86 (roughly 16:9), but Android Watch devices MAY have an aspect ratio of 1.0 (1:1) because such a device implementation will use a UI_MODE_TYPE_WATCH as the android.content.res.Configuration.uiMode.
+ While there is no restriction to the screen aspect ratio value of the physical screen display, the screen aspect ratio of the surface that third-party apps are rendered on and which can be derived from the values reported via the <a href="https://developer.android.com/reference/android/util/DisplayMetrics.html">DisplayMetrics</a> MUST meet the following requirements:
</p>
+ <ul>
+ <li>If the <a href="https://developer.android.com/reference/android/content/res/Configuration.html#uiMode">uiMode</a> is configured as UI_MODE_TYPE_WATCH, the aspect ratio value MAY be set as 1.0 (1:1).
+ </li>
+ <li>If the third-party app indicates that it is resizeable via the <a href="https://developer.android.com/guide/topics/ui/multi-window.html#configuring">android:resizeableActivity</a> attribute, there are no restrictions to the aspect ratio value.
+ </li>
+ <li>For all other cases, the aspect ratio MUST be a value between 1.3333 (4:3) and 1.86 (roughly 16:9) unless the app has indicated explicitly that it supports a higher screen aspect ratio through the <a href="https://developer.android.com/guide/practices/screens_support.html#MaxAspectRatio">maxAspectRatio</a> metadata value.
+ </li>
+ </ul>
<h4 id="7_1_1_3_screen_density">
7.1.1.3. Screen Density
</h4>
<p>
- The Android UI framework defines a set of standard logical densities to help application developers target application resources. Device implementations MUST report only one of the following logical Android framework densities through the android.util.DisplayMetrics APIs, and MUST execute applications at this standard density and MUST NOT change the value at at any time for the default display.
+ The Android UI framework defines a set of standard logical densities to help application developers target application resources. By default, device implementations MUST report only one of the following logical Android framework densities through the <a href="https://developer.android.com/reference/android/util/DisplayMetrics.html#DENSITY_DEVICE_STABLE">DENSITY_DEVICE_STABLE</a> API and this value MUST NOT change at any time; however, the device MAY report a different arbitrary density according to the display configuration changes made by the user (for example, display size) set after initial boot.
</p>
<ul>
<li>120 dpi (ldpi)
@@ -4561,10 +4566,16 @@
</li>
<li>240 dpi (hdpi)
</li>
+ <li>260 dpi (260dpi)
+ </li>
<li>280 dpi (280dpi)
</li>
+ <li>300 dpi (300dpi)
+ </li>
<li>320 dpi (xhdpi)
</li>
+ <li>340 dpi (340dpi)
+ </li>
<li>360 dpi (360dpi)
</li>
<li>400 dpi (400dpi)
@@ -5091,7 +5102,7 @@
</p>
<ul>
<li>
- <strong>Search affordance</strong> . Device implementations MUST fire KEYCODE_SEARCH when the user invokes voice search either on the physical or software-based remote.
+ <strong>Search affordance</strong> . Device implementations MUST fire KEYCODE_SEARCH (or KEYCODE_ASSIST if the device supports an assistant) when the user invokes voice search on either the physical or software-based remote.
</li>
<li>
<strong>Navigation</strong> . All Android Television remotes MUST include <a href="http://developer.android.com/reference/android/view/KeyEvent.html">Back, Home, and Select buttons and support for D-pad events</a> .
@@ -6242,7 +6253,7 @@
</li>
<li>MUST implement the Android USB host API as documented in the Android SDK, and MUST declare support for the hardware feature <a href="http://developer.android.com/guide/topics/connectivity/usb/host.html">android.hardware.usb.host</a> .
</li>
- <li>SHOULD support the Charging Downstream Port output current range of 1.5 A ~ 5 A as specified in the <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">USB Battery Charging specifications, revision 1.2</a> .
+ <li>SHOULD support device charging while in host mode; advertising a source current of at least 1.5A as specified in the Termination Parameters section of the [USB Type-C Cable and Connector Specification Revision 1.2] (http://www.usb.org/developers/docs/usb_31_021517.zip) for USB Type-C connectors or using Charging Downstream Port(CDP) output current range as specified in the <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">USB Battery Charging specifications, revision 1.2</a> for Micro-AB connectors.
</li>
<li>USB Type-C devices are STRONGLY RECOMMENDED to support DisplayPort, SHOULD support USB SuperSpeed Data Rates, and are STRONGLY RECOMMENDED to support Power Delivery for data and power role swapping.
</li>
@@ -6383,7 +6394,7 @@
</li>
<li>Device implementations MUST declare android.software.vr.mode feature.
</li>
- <li>Device implementations MAY provide an exclusive core to the foreground application and MAY support the <code>Process.getExclusiveCores</code> API to return the numbers of the CPU cores that are exclusive to the top foreground application. If exclusive core is supported, then the core MUST not allow any other userspace processes to run on it (except device drivers used by the application), but MAY allow some kernel processes to run as necessary.
+ <li>Device implementations MAY provide an exclusive core to the foreground application and MAY support the Process.getExclusiveCores API to return the numbers of the cpu cores that are exclusive to the top foreground application. If exclusive core is supported then the core MUST not allow any other userspace processes to run on it (except device drivers used by the application), but MAY allow some kernel processes to run as necessary.
</li>
<li>Device implementations MUST support sustained performance mode.
</li>
@@ -6797,15 +6808,15 @@
</li>
<li>When the device implementation supports a secure lock screen it MUST back up the keystore implementation with secure hardware and meet following requirements:
<ul>
- <li>MUST have hardware backed implementations of RSA, AES, ECDSA and HMAC cryptographic algorithms and MD5, SHA1, SHA-2 Family hash functions to properly support the <a href="https://developer.android.com/training/articles/keystore.html#SupportedAlgorithms">Android Keystore system's supported algorithms</a> .
+ <li>MUST have implementations of RSA, AES, ECDSA and HMAC cryptographic algorithms and MD5, SHA1, and SHA-2 family hash functions to properly support the Android Keystore system's supported algorithms in an area that is securely isolated from the code running on the kernel and above. Secure isolation MUST block all potential mechanisms by which kernel or userspace code might access the internal state of the isolated environment, including DMA. The upstream Android Open Source Project (AOSP) meets this requirement by using the <a href="https://source.android.com/security/trusty/">Trusty</a> implementation, but another ARM TrustZone-based solution or a third-party reviewed secure implementation of a proper hypervisor-based isolation are alternative options.
</li>
- <li>MUST perform the lock screen authentication in the secure hardware and only when successful allow the authentication-bound keys to be used. The upstream Android Open Source Project provides the <a href="http://source.android.com/devices/tech/security/authentication/gatekeeper.html">Gatekeeper Hardware Abstraction Layer (HAL)</a> that can be used to satisfy this requirement.
+ <li>MUST perform the lock screen authentication in the isolated execution environment and only when successful, allow the authentication-bound keys to be used. The upstream Android Open Source Project provides the <a href="http://source.android.com/devices/tech/security/authentication/gatekeeper.html">Gatekeeper Hardware Abstraction Layer (HAL)</a> and Trusty, which can be used to satisfy this requirement.
</li>
</ul>
</li>
</ul>
<p>
- Note that if a device implementation is already launched on an earlier Android version, and does not have a fingerprint scanner, such a device is exempted from the requirement to have a hardware-backed keystore.
+ Note that if a device implementation is already launched on an earlier Android version, such a device is exempted from the requirement to have a hardware-backed keystore, unless it declares the <code>android.hardware.fingerprint</code> feature which requires a hardware-backed keystore.
</p>
<h3 id="9_11_1_secure_lock_screen">
9.11.1. Secure Lock Screen
diff --git a/en/compatibility/android-7.1-cdd.html b/en/compatibility/android-7.1-cdd.html
index 37a1c54..91aef4f 100644
--- a/en/compatibility/android-7.1-cdd.html
+++ b/en/compatibility/android-7.1-cdd.html
@@ -1,11 +1,11 @@
-<!DOCTYPE html>
-<html>
- <head>
- <title>
- Android 7.1 Compatibility Definition
- </title>
- <link href="source/android-cdd.css" rel="stylesheet" type="text/css"/>
- </head>
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>
+ Android 7.0, (N) Compatibility Definition
+ </title>
+ <link href="source/android-cdd.css" rel="stylesheet" type="text/css" />
+ <meta charset="utf-8" />
+ </head>
<body>
<h6>
Table of Contents
@@ -618,7 +618,7 @@
This document enumerates the requirements that must be met in order for devices to be compatible with Android 7.1.
</p>
<p>
- The use of “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” is per the IETF standard defined in <a href="http://www.ietf.org/rfc/rfc2119.txt">RFC2119</a>.
+ The use of “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” is per the IETF standard defined in <a href="http://www.ietf.org/rfc/rfc2119.txt">RFC2119</a> .
</p>
<p>
As used in this document, a “device implementer” or “implementer” is a person or organization developing a hardware/software solution running Android 7.1. A “device implementation” or “implementation is the hardware/software solution so developed.
@@ -667,7 +667,7 @@
</li>
<li>MUST declare the feature android.hardware.type.watch.
</li>
- <li>MUST support uiMode = <a href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_WATCH">UI_MODE_TYPE_WATCH</a>.
+ <li>MUST support uiMode = <a href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_WATCH">UI_MODE_TYPE_WATCH</a> .
</li>
</ul>
<p>
@@ -678,7 +678,7 @@
</li>
<li>MUST declare the feature android.hardware.type.automotive.
</li>
- <li>MUST support uiMode = <a href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_CAR">UI_MODE_TYPE_CAR</a>.
+ <li>MUST support uiMode = <a href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_CAR">UI_MODE_TYPE_CAR</a> .
</li>
<li>Android Automotive implementations MUST support all public APIs in the <code>android.car.*</code> namespace.
</li>
@@ -994,13 +994,13 @@
3.2. Soft API Compatibility
</h2>
<p>
- In addition to the managed APIs from <a href="#3_1_managed_api_compatibility">section 3.1</a>, Android also includes a significant runtime-only “soft” API, in the form of such things as intents, permissions, and similar aspects of Android applications that cannot be enforced at application compile time.
+ In addition to the managed APIs from <a href="#3_1_managed_api_compatibility">section 3.1</a> , Android also includes a significant runtime-only “soft” API, in the form of such things as intents, permissions, and similar aspects of Android applications that cannot be enforced at application compile time.
</p>
<h3 id="3_2_1_permissions">
3.2.1. Permissions
</h3>
<p>
- Device implementers MUST support and enforce all permission constants as documented by the <a href="http://developer.android.com/reference/android/Manifest.permission.html">Permission reference page</a>. Note that <a href="#9_security_model_compatibility">section 9</a> lists additional requirements related to the Android security model.
+ Device implementers MUST support and enforce all permission constants as documented by the <a href="http://developer.android.com/reference/android/Manifest.permission.html">Permission reference page</a> . Note that <a href="#9_security_model_compatibility">section 9</a> lists additional requirements related to the Android security model.
</p>
<h3 id="3_2_2_build_parameters">
3.2.2. Build Parameters
@@ -1022,7 +1022,7 @@
VERSION.RELEASE
</td>
<td>
- The version of the currently-executing Android system, in human-readable format. This field MUST have one of the string values defined in <a href="http://source.android.com/compatibility/7.1/versions.html">7.1</a>.
+ The version of the currently-executing Android system, in human-readable format. This field MUST have one of the string values defined in <a href="http://source.android.com/compatibility/7.1/versions.html">7.1</a> .
</td>
</tr>
<tr>
@@ -1070,7 +1070,7 @@
SUPPORTED_ABIS
</td>
<td>
- The name of the instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
+ The name of the instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a> .
</td>
</tr>
<tr>
@@ -1078,7 +1078,7 @@
SUPPORTED_32_BIT_ABIS
</td>
<td>
- The name of the instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
+ The name of the instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a> .
</td>
</tr>
<tr>
@@ -1086,7 +1086,7 @@
SUPPORTED_64_BIT_ABIS
</td>
<td>
- The name of the second instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
+ The name of the second instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a> .
</td>
</tr>
<tr>
@@ -1094,7 +1094,7 @@
CPU_ABI
</td>
<td>
- The name of the instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
+ The name of the instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a> .
</td>
</tr>
<tr>
@@ -1102,7 +1102,7 @@
CPU_ABI2
</td>
<td>
- The name of the second instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
+ The name of the second instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a> .
</td>
</tr>
<tr>
@@ -1228,7 +1228,7 @@
SECURITY_PATCH
</td>
<td>
- A value indicating the security patch level of a build. It MUST signify that the build includes all security patches issued up through the designated Android Public Security Bulletin. It MUST be in the format [YYYY-MM-DD], matching one of the Android Security Patch Level strings of the <a href="source.android.com/security/bulletin">Public Security Bulletins</a>, for example "2015-11-01".
+ A value indicating the security patch level of a build. It MUST signify that the build is not in any way vulnerable to any of the issues described up through the designated Android Public Security Bulletin. It MUST be in the format [YYYY-MM-DD], matching a defined string documented in the <a href="source.android.com/security/bulletin">Android Public Security Bulletin</a> or in the <a href="http://source.android.com/security/advisory">Android Security Advisory</a> , for example "2015-11-01".
</td>
</tr>
<tr>
@@ -1311,7 +1311,7 @@
3.2.3.3. Intent Namespaces
</h4>
<p>
- Device implementations MUST NOT include any Android component that honors any new intent or broadcast intent patterns using an ACTION, CATEGORY, or other key string in the android. <em>or com.android.</em> namespace. Device implementers MUST NOT include any Android components that honor any new intent or broadcast intent patterns using an ACTION, CATEGORY, or other key string in a package space belonging to another organization. Device implementers MUST NOT alter or extend any of the intent patterns used by the core apps listed in <a href="#3_2_3_1_core_application_intents">section 3.2.3.1</a>. Device implementations MAY include intent patterns using namespaces clearly and obviously associated with their own organization. This prohibition is analogous to that specified for Java language classes in <a href="#3_6_api_namespaces">section 3.6</a>.
+ Device implementations MUST NOT include any Android component that honors any new intent or broadcast intent patterns using an ACTION, CATEGORY, or other key string in the android. <em>or com.android.</em> namespace. Device implementers MUST NOT include any Android components that honor any new intent or broadcast intent patterns using an ACTION, CATEGORY, or other key string in a package space belonging to another organization. Device implementers MUST NOT alter or extend any of the intent patterns used by the core apps listed in <a href="#3_2_3_1_core_application_intents">section 3.2.3.1</a> . Device implementations MAY include intent patterns using namespaces clearly and obviously associated with their own organization. This prohibition is analogous to that specified for Java language classes in <a href="#3_6_api_namespaces">section 3.6</a> .
</p>
<h4 id="3_2_3_4_broadcast_intents">
3.2.3.4. Broadcast Intents
@@ -1335,7 +1335,7 @@
</li>
<li>MUST honor the <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_NFC_PAYMENT_SETTINGS">android.settings.NFC_PAYMENT_SETTINGS</a> intent to show a default app settings menu for Tap and Pay, if the device implementation reports android.hardware.nfc.hce.
</li>
- <li>MUST honor the <a href="https://developer.android.com/reference/android/telecom/TelecomManager.html#ACTION_CHANGE_DEFAULT_DIALER">android.telecom.action.CHANGE_DEFAULT_DIALER</a> intent to show a dialog to allow the user to change the default Phone application, if the device implementation reports <code>android.hardware.telephony</code>.
+ <li>MUST honor the <a href="https://developer.android.com/reference/android/telecom/TelecomManager.html#ACTION_CHANGE_DEFAULT_DIALER">android.telecom.action.CHANGE_DEFAULT_DIALER</a> intent to show a dialog to allow the user to change the default Phone application, if the device implementation reports <code>android.hardware.telephony</code> .
</li>
<li>MUST honor the <a href="https://developer.android.com/reference/android/provider/Settings.html#ACTION_VOICE_INPUT_SETTINGS">android.settings.ACTION_VOICE_INPUT_SETTINGS</a> intent when the device supports the VoiceInteractionService and show a default app settings menu for voice input and assist.
</li>
@@ -1350,7 +1350,7 @@
3.3.1. Application Binary Interfaces
</h3>
<p>
- Managed Dalvik bytecode can call into native code provided in the application.apk file as an ELF.so file compiled for the appropriate device hardware architecture. As native code is highly dependent on the underlying processor technology, Android defines a number of Application Binary Interfaces (ABIs) in the Android NDK. Device implementations MUST be compatible with one or more defined ABIs, and MUST implement compatibility with the Android NDK, as below.
+ Managed Dalvik bytecode can call into native code provided in the application .apk file as an ELF .so file compiled for the appropriate device hardware architecture. As native code is highly dependent on the underlying processor technology, Android defines a number of Application Binary Interfaces (ABIs) in the Android NDK. Device implementations MUST be compatible with one or more defined ABIs, and MUST implement compatibility with the Android NDK, as below.
</p>
<p>
If a device implementation includes support for an Android ABI, it:
@@ -1364,7 +1364,7 @@
</li>
<li>MUST accurately report the native Application Binary Interface (ABI) supported by the device, via the android.os.Build.SUPPORTED_ABIS, android.os.Build.SUPPORTED_32_BIT_ABIS, and android.os.Build.SUPPORTED_64_BIT_ABIS parameters, each a comma separated list of ABIs ordered from the most to the least preferred one.
</li>
- <li>MUST report, via the above parameters, only those ABIs documented and described in the latest version of the <a href="https://developer.android.com/ndk/guides/abis.html">Android NDK ABI Management documentation</a>, and MUST include support for the <a href="http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0388f/Beijfcja.html">Advanced SIMD</a> (a.k.a. NEON) extension.
+ <li>MUST report, via the above parameters, only those ABIs documented and described in the latest version of the <a href="https://developer.android.com/ndk/guides/abis.html">Android NDK ABI Management documentation</a> , and MUST include support for the <a href="http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0388f/Beijfcja.html">Advanced SIMD</a> (a.k.a. NEON) extension.
</li>
<li>SHOULD be built using the source code and header files available in the upstream Android Open Source Project
</li>
@@ -1428,7 +1428,7 @@
Native libraries not listed above but implemented and provided in AOSP as system libraries are reserved and MUST NOT be exposed to third-party apps targeting API level 24 or higher.
</p>
<p>
- Device implementations MAY add non-AOSP libraries and expose them directly as an API to third-party apps but the additional libraries SHOULD be in <code>/vendor/lib</code> or <code>/vendor/lib64</code> and MUST be listed in <code>/vendor/etc/public.libraries.txt</code>.
+ Device implementations MAY add non-AOSP libraries and expose them directly as an API to third-party apps but the additional libraries SHOULD be in <code>/vendor/lib</code> or <code>/vendor/lib64</code> and MUST be listed in <code>/vendor/etc/public.libraries.txt</code> .
</p>
<p>
Note that device implementations MUST include libGLESv3.so and in turn, MUST export all the OpenGL ES 3.1 and <a href="http://developer.android.com/guide/topics/graphics/opengl.html#aep">Android Extension Pack</a> function symbols as defined in the NDK release android-24. Although all the symbols must be present, only the corresponding functions for OpenGL ES versions and extensions actually supported by the device must be fully implemented.
@@ -1440,7 +1440,7 @@
<a href="https://www.khronos.org/registry/vulkan/specs/1.0-wsi_extensions/xhtml/vkspec.html">Vulkan</a> is a low-overhead, cross-platform API for high-performance 3D graphics. Device implementations, even if not including support of the Vulkan APIs, MUST satisfy the following requirements:
</p>
<ul>
- <li>It MUST always provide a native library named <code>libvulkan.so</code> which exports function symbols for the core Vulkan 1.0 API as well as the <code>VK_KHR_surface</code>, <code>VK_KHR_android_surface</code>, and <code>VK_KHR_swapchain</code> extensions.
+ <li>It MUST always provide a native library named <code>libvulkan.so</code> which exports function symbols for the core Vulkan 1.0 API as well as the <code>VK_KHR_surface</code> , <code>VK_KHR_android_surface</code> , and <code>VK_KHR_swapchain</code> extensions.
</li>
</ul>
<p>
@@ -1464,7 +1464,7 @@
<ul>
<li>MUST report 0 <code>VkPhysicalDevices</code> through the <code>vkEnumeratePhysicalDevices</code> call.
</li>
- <li>MUST NOT declare any of the Vulkan feature flags <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_LEVEL"><code>PackageManager#FEATURE_VULKAN_HARDWARE_LEVEL</code></a> and <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_VERSION"><code>PackageManager#FEATURE_VULKAN_HARDWARE_VERSION</code></a>.
+ <li>MUST NOT declare any of the Vulkan feature flags <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_LEVEL"><code>PackageManager#FEATURE_VULKAN_HARDWARE_LEVEL</code></a> and <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_VERSION"><code>PackageManager#FEATURE_VULKAN_HARDWARE_VERSION</code></a> .
</li>
</ul>
<h3 id="3_3_2_32-bit_arm_native_code_compatibility">
@@ -1503,7 +1503,7 @@
Android Watch devices MAY, but all other device implementations MUST provide a complete implementation of the android.webkit.Webview API.
</div>
<p>
- The platform feature android.software.webview MUST be reported on any device that provides a complete implementation of the android.webkit.WebView API, and MUST NOT be reported on devices without a complete implementation of the API. The Android Open Source implementation uses code from the Chromium Project to implement the <a href="http://developer.android.com/reference/android/webkit/WebView.html">android.webkit.WebView</a>. Because it is not feasible to develop a comprehensive test suite for a web rendering system, device implementers MUST use the specific upstream build of Chromium in the WebView implementation. Specifically:
+ The platform feature android.software.webview MUST be reported on any device that provides a complete implementation of the android.webkit.WebView API, and MUST NOT be reported on devices without a complete implementation of the API. The Android Open Source implementation uses code from the Chromium Project to implement the <a href="http://developer.android.com/reference/android/webkit/WebView.html">android.webkit.WebView</a> . Because it is not feasible to develop a comprehensive test suite for a web rendering system, device implementers MUST use the specific upstream build of Chromium in the WebView implementation. Specifically:
</p>
<ul>
<li>Device android.webkit.WebView implementations MUST be based on the <a href="http://www.chromium.org/">Chromium</a> build from the upstream Android Open Source Project for Android 7.1. This build includes a specific set of functionality and security fixes for the WebView.
@@ -1530,16 +1530,16 @@
</li>
</ul>
<p>
- The WebView component SHOULD include support for as many HTML5 features as possible and if it supports the feature SHOULD conform to the <a href="http://html.spec.whatwg.org/multipage/">HTML5 specification</a>.
+ The WebView component SHOULD include support for as many HTML5 features as possible and if it supports the feature SHOULD conform to the <a href="http://html.spec.whatwg.org/multipage/">HTML5 specification</a> .
</p>
<h3 id="3_4_2_browser_compatibility">
3.4.2. Browser Compatibility
</h3>
<div class="note">
- Android Television, Watch, and Android Automotive implementations MAY omit a browser application, but MUST support the public intent patterns as described in <a href="#3_2_3_1_core_application_intents">section 3.2.3.1</a>. All other types of device implementations MUST include a standalone Browser application for general user web browsing.
+ Android Television, Watch, and Android Automotive implementations MAY omit a browser application, but MUST support the public intent patterns as described in <a href="#3_2_3_1_core_application_intents">section 3.2.3.1</a> . All other types of device implementations MUST include a standalone Browser application for general user web browsing.
</div>
<p>
- The standalone Browser MAY be based on a browser technology other than WebKit. However, even if an alternate Browser application is used, the android.webkit.WebView component provided to third-party applications MUST be based on WebKit, as described in <a href="#3_4_1_webview_compatibility">section 3.4.1</a>.
+ The standalone Browser MAY be based on a browser technology other than WebKit. However, even if an alternate Browser application is used, the android.webkit.WebView component provided to third-party applications MUST be based on WebKit, as described in <a href="#3_4_1_webview_compatibility">section 3.4.1</a> .
</p>
<p>
Implementations MAY ship a custom user agent string in the standalone Browser application.
@@ -1559,13 +1559,13 @@
</li>
</ul>
<p>
- Additionally, device implementations MUST support the HTML5/W3C <a href="http://www.w3.org/TR/webstorage/">webstorage API</a> and SHOULD support the HTML5/W3C <a href="http://www.w3.org/TR/IndexedDB/">IndexedDB API</a>. Note that as the web development standards bodies are transitioning to favor IndexedDB over webstorage, IndexedDB is expected to become a required component in a future version of Android.
+ Additionally, device implementations MUST support the HTML5/W3C <a href="http://www.w3.org/TR/webstorage/">webstorage API</a> and SHOULD support the HTML5/W3C <a href="http://www.w3.org/TR/IndexedDB/">IndexedDB API</a> . Note that as the web development standards bodies are transitioning to favor IndexedDB over webstorage, IndexedDB is expected to become a required component in a future version of Android.
</p>
<h2 id="3_5_api_behavioral_compatibility">
3.5. API Behavioral Compatibility
</h2>
<p>
- The behaviors of each of the API types (managed, soft, native, and web) must be consistent with the preferred implementation of the upstream <a href="http://source.android.com/">Android Open Source Project</a>. Some specific areas of compatibility are:
+ The behaviors of each of the API types (managed, soft, native, and web) must be consistent with the preferred implementation of the upstream <a href="http://source.android.com/">Android Open Source Project</a> . Some specific areas of compatibility are:
</p>
<ul>
<li>Devices MUST NOT change the behavior or semantics of a standard intent.
@@ -1597,7 +1597,7 @@
</li>
</ul>
<p>
- <strong>Prohibited modifications include</strong>:
+ <strong>Prohibited modifications include</strong> :
</p>
<ul>
<li>Device implementations MUST NOT modify the publicly exposed APIs on the Android platform by changing any method or class signatures, or by removing classes or class fields.
@@ -1623,7 +1623,7 @@
3.7. Runtime Compatibility
</h2>
<p>
- Device implementations MUST support the full Dalvik Executable (DEX) format and <a href="https://android.googlesource.com/platform/dalvik/">Dalvik bytecode specification and semantics</a>. Device implementers SHOULD use ART, the reference upstream implementation of the Dalvik Executable Format, and the reference implementation’s package management system.
+ Device implementations MUST support the full Dalvik Executable (DEX) format and <a href="https://android.googlesource.com/platform/dalvik/">Dalvik bytecode specification and semantics</a> . Device implementers SHOULD use ART, the reference upstream implementation of the Dalvik Executable Format, and the reference implementation’s package management system.
</p>
<p>
Device implementations MUST configure Dalvik runtimes to allocate memory in accordance with the upstream Android platform, and as specified by the following table. (See <a href="#7_1_1_screen_configuration">section 7.1.1</a> for screen size and screen density definitions.) Note that memory values specified below are considered minimum values and device implementations MAY allocate more memory per application.
@@ -2032,10 +2032,6 @@
</li>
<li>Device implementations that include support for lock screen MAY support application widgets on the lock screen.
</li>
- <li>SHOULD trigger the fast-switch action between the two most recently used apps, when the recents function key is tapped twice.
- </li>
- <li>SHOULD trigger the split-screen multiwindow-mode, if supported, when the recents functions key is long pressed.
- </li>
</ul>
<h3 id="3_8_3_notifications">
3.8.3. Notifications
@@ -2044,10 +2040,10 @@
Android includes APIs that allow developers to <a href="http://developer.android.com/guide/topics/ui/notifiers/notifications.html">notify users of notable events</a> using hardware and software features of the device.
</p>
<p>
- Some APIs allow applications to perform notifications or attract attention using hardware—specifically sound, vibration, and light. Device implementations MUST support notifications that use hardware features, as described in the SDK documentation, and to the extent possible with the device implementation hardware. For instance, if a device implementation includes a vibrator, it MUST correctly implement the vibration APIs. If a device implementation lacks hardware, the corresponding APIs MUST be implemented as no-ops. This behavior is further detailed in <a href="#7_hardware_compatibility">section 7</a>.
+ Some APIs allow applications to perform notifications or attract attention using hardware—specifically sound, vibration, and light. Device implementations MUST support notifications that use hardware features, as described in the SDK documentation, and to the extent possible with the device implementation hardware. For instance, if a device implementation includes a vibrator, it MUST correctly implement the vibration APIs. If a device implementation lacks hardware, the corresponding APIs MUST be implemented as no-ops. This behavior is further detailed in <a href="#7_hardware_compatibility">section 7</a> .
</p>
<p>
- Additionally, the implementation MUST correctly render all <a href="https://developer.android.com/guide/topics/resources/available-resources.html">resources</a> (icons, animation files etc.) provided for in the APIs, or in the Status/System Bar <a href="http://developer.android.com/design/style/iconography.html">icon style guide</a>, which in the case of an Android Television device includes the possibility to not display the notifications. Device implementers MAY provide an alternative user experience for notifications than that provided by the reference Android Open Source implementation; however, such alternative notification systems MUST support existing notification resources, as above.
+ Additionally, the implementation MUST correctly render all <a href="https://developer.android.com/guide/topics/resources/available-resources.html">resources</a> (icons, animation files etc.) provided for in the APIs, or in the Status/System Bar <a href="http://developer.android.com/design/style/iconography.html">icon style guide</a> , which in the case of an Android Television device includes the possibility to not display the notifications. Device implementers MAY provide an alternative user experience for notifications than that provided by the reference Android Open Source implementation; however, such alternative notification systems MUST support existing notification resources, as above.
</p>
<div class="note">
Android Automotive implementations MAY manage the visibility and timing of notifications to mitigate driver distraction, but MUST display notifications that use <a href="https://developer.android.com/reference/android/app/Notification.CarExtender.html">CarExtender</a> when requested by applications.
@@ -2057,23 +2053,23 @@
</p>
<ul>
<li>
- <strong>Rich notifications</strong>. Interactive Views for ongoing notifications.
+ <strong>Rich notifications</strong> . Interactive Views for ongoing notifications.
</li>
<li>
- <strong>Heads-up notifications</strong>. Interactive Views users can act on or dismiss without leaving the current app.
+ <strong>Heads-up notifications</strong> . Interactive Views users can act on or dismiss without leaving the current app.
</li>
<li>
- <strong>Lock screen notifications</strong>. Notifications shown over a lock screen with granular control on visibility.
+ <strong>Lock screen notifications</strong> . Notifications shown over a lock screen with granular control on visibility.
</li>
</ul>
<p>
- Android device implementations, when such notifications are made visible, MUST properly execute Rich and Heads-up notifications and include the title/name, icon, text as <a href="https://developer.android.com/design/patterns/notifications.html">documented in the Android APIs</a>.
+ Android device implementations, when such notifications are made visible, MUST properly execute Rich and Heads-up notifications and include the title/name, icon, text as <a href="https://developer.android.com/design/patterns/notifications.html">documented in the Android APIs</a> .
</p>
<p>
Android includes Notification Listener Service APIs that allow apps (once explicitly enabled by the user) to receive a copy of all notifications as they are posted or updated. Device implementations MUST correctly and promptly send notifications in their entirety to all such installed and user-enabled listener services, including any and all metadata attached to the Notification object.
</p>
<p>
- Handheld device implementations MUST support the behaviors of updating, removing, replying to, and bundling notifications as described in this <a href="https://developer.android.com/guide/topics/ui/notifiers/notifications.html#Managing">section</a>.
+ Handheld device implementations MUST support the behaviors of updating, removing, replying to, and bundling notifications as described in this <a href="https://developer.android.com/guide/topics/ui/notifiers/notifications.html#Managing">section</a> .
</p>
<p>
Also, handheld device implementations MUST provide:
@@ -2087,15 +2083,15 @@
</li>
</ul>
<p>
- All 6 direct subclasses of the <code>Notification.Style class</code> MUST be supported as described in the <a href="https://developer.android.com/reference/android/app/Notification.Style.html">SDK documents</a>.
+ All 6 direct subclasses of the <code>Notification.Style class</code> MUST be supported as described in the <a href="https://developer.android.com/reference/android/app/Notification.Style.html">SDK documents</a> .
</p>
<p>
Device implementations that support the DND (Do not Disturb) feature MUST meet the following requirements:
</p>
<ul>
- <li>MUST implement an activity where the user can grant or deny the app access to DND policy configurations in response to the intent <a href="https://developer.android.com/reference/android/provider/Settings.html#ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS">ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS</a>.
+ <li>MUST implement an activity that would respond to the intent <a href="https://developer.android.com/reference/android/provider/Settings.html#ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS">ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS</a> , which for implementations with UI_MODE_TYPE_NORMAL it MUST be an activity where the user can grant or deny the app access to DND policy configurations.
</li>
- <li>MUST display <a href="https://developer.android.com/reference/android/app/NotificationManager.html#addAutomaticZenRule%28android.app.AutomaticZenRule%29">Automatic DND rules</a> created by applications alongside the user-created and pre-defined rules.
+ <li>MUST, for when the device implementation has provided a means for the user to grant or deny third-party apps to access the DND policy configuration, display <a href="https://developer.android.com/reference/android/app/NotificationManager.html#addAutomaticZenRule%28android.app.AutomaticZenRule%29">Automatic DND rules</a> created by applications alongside the user-created and pre-defined rules.
</li>
<li>MUST honor the <a href="https://developer.android.com/reference/android/app/NotificationManager.Policy.html#suppressedVisualEffects"><code>suppressedVisualEffects</code></a> values passed along the <a href="https://developer.android.com/reference/android/app/NotificationManager.Policy.html#NotificationManager.Policy%28int,%20int,%20int,%20int%29"><code>NotificationManager.Policy</code></a> and if an app has set any of the SUPPRESSED_EFFECT_SCREEN_OFF or SUPPRESSED_EFFECT_SCREEN_ON flags, it SHOULD indicate to the user that the visual effects are suppressed in the DND settings menu.
</li>
@@ -2110,7 +2106,7 @@
Android device implementations SHOULD include global search, a single, shared, system-wide search user interface capable of real-time suggestions in response to user input. Device implementations SHOULD implement the APIs that allow developers to reuse this user interface to provide search within their own applications. Device implementations that implement the global search interface MUST implement the APIs that allow third-party applications to add suggestions to the search box when it is run in global search mode. If no third-party applications are installed that make use of this functionality, the default behavior SHOULD be to display web search engine results and suggestions.
</p>
<p>
- Android device implementations SHOULD, and Android Automotive implementations MUST, implement an assistant on the device to handle the <a href="http://developer.android.com/reference/android/content/Intent.html#ACTION_ASSIST">Assist action</a>.
+ Android device implementations SHOULD, and Android Automotive implementations MUST, implement an assistant on the device to handle the <a href="http://developer.android.com/reference/android/content/Intent.html#ACTION_ASSIST">Assist action</a> .
</p>
<p>
Android also includes the <a href="https://developer.android.com/reference/android/app/assist/package-summary.html">Assist APIs</a> to allow applications to elect how much information of the current context is shared with the assistant on the device. Device implementations supporting the Assist action MUST indicate clearly to the end user when the context is shared by displaying a white light around the edges of the screen. To ensure clear visibility to the end user, the indication MUST meet or exceed the duration and brightness of the Android Open Source Project implementation.
@@ -2132,7 +2128,7 @@
</li>
<li>
<p>
- The device implementation MUST provide an affordance to enable the indication, less than two navigations away from (the default voice input and assistant app settings menu) <a href="#3_2_3_5_default_app_settings">section 3.2.3.5</a>.
+ The device implementation MUST provide an affordance to enable the indication, less than two navigations away from (the default voice input and assistant app settings menu) <a href="#3_2_3_5_default_app_settings">section 3.2.3.5</a> .
</p>
</li>
</ul>
@@ -2179,12 +2175,12 @@
As the Recent function navigation key is OPTIONAL, the requirement to implement the overview screen is OPTIONAL for Android Watch and Android Automotive implementations, and RECOMMENDED for Android Television devices. There SHOULD still be a method to switch between activities on Android Automotive implementations.
</div>
<p>
- The upstream Android source code includes the <a href="http://developer.android.com/guide/components/recents.html">overview screen</a>, a system-level user interface for task switching and displaying recently accessed activities and tasks using a thumbnail image of the application’s graphical state at the moment the user last left the application. Device implementations including the recents function navigation key as detailed in <a href="#7_2_3_navigation_keys">section 7.2.3</a> MAY alter the interface but MUST meet the following requirements:
+ The upstream Android source code includes the <a href="http://developer.android.com/guide/components/recents.html">overview screen</a> , a system-level user interface for task switching and displaying recently accessed activities and tasks using a thumbnail image of the application’s graphical state at the moment the user last left the application. Device implementations including the recents function navigation key as detailed in <a href="#7_2_3_navigation_keys">section 7.2.3</a> MAY alter the interface but MUST meet the following requirements:
</p>
<ul>
<li>MUST support at least up to 20 displayed activities.
</li>
- <li>SHOULD display the titles of at least 4 activities at a time.
+ <li>SHOULD at least display the title of 4 activities at a time.
</li>
<li>MUST implement the <a href="http://developer.android.com/about/versions/android-5.0.html#ScreenPinning">screen pinning behavior</a> and provide the user with a settings menu to toggle the feature.
</li>
@@ -2196,6 +2192,10 @@
</li>
<li>MAY display affiliated recents as a group that moves together.
</li>
+ <li>SHOULD trigger the fast-switch action between the two most recently used apps, when the recents function key is tapped twice.
+ </li>
+ <li>SHOULD trigger the split-screen multiwindow-mode, if supported, when the recents functions key is long pressed.
+ </li>
</ul>
<p>
Device implementations are STRONGLY RECOMMENDED to use the upstream Android user interface (or a similar thumbnail-based interface) for the overview screen.
@@ -2219,7 +2219,7 @@
3.8.11. Screen savers (previously Dreams)
</h3>
<p>
- Android includes support for <a href="http://developer.android.com/reference/android/service/dreams/DreamService.html">interactivescreensavers</a>, previously referred to as Dreams. Screen savers allow users to interact with applications when a device connected to a power source is idle or docked in a desk dock. Android Watch devices MAY implement screen savers, but other types of device implementations SHOULD include support for screen savers and provide a settings option for users toconfigure screen savers in response to the <code>android.settings.DREAM_SETTINGS</code> intent.
+ Android includes support for <a href="http://developer.android.com/reference/android/service/dreams/DreamService.html">interactivescreensavers</a> , previously referred to as Dreams. Screen savers allow users to interact with applications when a device connected to a power source is idle or docked in a desk dock. Android Watch devices MAY implement screen savers, but other types of device implementations SHOULD include support for screen savers and provide a settings option for users toconfigure screen savers in response to the <code>android.settings.DREAM_SETTINGS</code> intent.
</p>
<h3 id="3_8_12_location">
3.8.12. Location
@@ -2231,10 +2231,10 @@
3.8.13. Unicode and Font
</h3>
<p>
- Android includes support for the emoji characters defined in <a href="http://www.unicode.org/versions/Unicode9.0.0/">Unicode 9.0</a>. All device implementations MUST be capable of rendering these emoji characters in color glyph and when Android device implementations include an IME, it SHOULD provide an input method to the user for these emoji characters.
+ Android includes support for the emoji characters defined in <a href="http://www.unicode.org/versions/Unicode9.0.0/">Unicode 9.0</a> . All device implementations MUST be capable of rendering these emoji characters in color glyph and when Android device implementations include an IME, it SHOULD provide an input method to the user for these emoji characters.
</p>
<p>
- Android handheld devices SHOULD support the skin tone and diverse family emojis as specified in the <a href="http://unicode.org/reports/tr51">Unicode Technical Report #51</a>.
+ Android handheld devices SHOULD support the skin tone and diverse family emojis as specified in the <a href="http://unicode.org/reports/tr51">Unicode Technical Report #51</a> .
</p>
<p>
Android includes support for Roboto 2 font with different weights—sans-serif-thin, sans-serif-light, sans-serif-medium, sans-serif-black, sans-serif-condensed, sans-serif-condensed-light—which MUST all be included for the languages available on the device and full Unicode 7.0 coverage of Latin, Greek, and Cyrillic, including the Latin Extended A, B, C, and D ranges, and all glyphs in the currency symbols block of Unicode 7.0.
@@ -2277,17 +2277,17 @@
<ul>
<li>When the device implementation has no user data configured yet, it:
<ul>
- <li>MUST report <code>true</code> for <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProvisioningAllowed(java.lang.String)"><code>DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)</code></a>.
+ <li>MUST report <code>true</code> for <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProvisioningAllowed(java.lang.String)"><code>DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)</code></a> .
</li>
- <li>MUST enroll the DPC application as the Device Owner app in response to the intent action <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_DEVICE"><code>android.app.action.PROVISION_MANAGED_DEVICE</code></a>.
+ <li>MUST enroll the DPC application as the Device Owner app in response to the intent action <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_DEVICE"><code>android.app.action.PROVISION_MANAGED_DEVICE</code></a> .
</li>
- <li>MUST enroll the DPC application as the Device Owner app if the device declares Near-Field Communications (NFC) support via the feature flag <code>android.hardware.nfc</code> and receives an NFC message containing a record with MIME type <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#MIME_TYPE_PROVISIONING_NFC"><code>MIME_TYPE_PROVISIONING_NFC</code></a>.
+ <li>MUST enroll the DPC application as the Device Owner app if the device declares Near-Field Communications (NFC) support via the feature flag <code>android.hardware.nfc</code> and receives an NFC message containing a record with MIME type <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#MIME_TYPE_PROVISIONING_NFC"><code>MIME_TYPE_PROVISIONING_NFC</code></a> .
</li>
</ul>
</li>
<li>When the device implementation has user data, it:
<ul>
- <li>MUST report <code>false</code> for the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProvisioningAllowed(java.lang.String)"><code>DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)</code></a>.
+ <li>MUST report <code>false</code> for the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProvisioningAllowed(java.lang.String)"><code>DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)</code></a> .
</li>
<li>MUST not enroll any DPC application as the Device Owner App any more.
</li>
@@ -2301,7 +2301,7 @@
3.9.1.2 Managed profile provisioning
</h4>
<p>
- If a device implementation declares the android.software.managed_users, it MUST be possible to enroll a Device Policy Controller (DPC) application as the <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProfileOwnerApp(java.lang.String)">owner of a new Managed Profile</a>.
+ If a device implementation declares the android.software.managed_users, it MUST be possible to enroll a Device Policy Controller (DPC) application as the <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProfileOwnerApp(java.lang.String)">owner of a new Managed Profile</a> .
</p>
<p>
The managed profile provisioning process (the flow initiated by <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">android.app.action.PROVISION_MANAGED_PROFILE</a> ) user experience MUST align with the AOSP implementation.
@@ -2312,7 +2312,7 @@
<ul>
<li>A consistent icon or other user affordance (for example the upstream AOSP info icon) to represent when a particular setting is restricted by a Device Admin.
</li>
- <li>A short explanation message, as provided by the Device Admin via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setShortSupportMessage%28android.content.ComponentName,%20java.lang.CharSequence%29"><code>setShortSupportMessage</code></a>.
+ <li>A short explanation message, as provided by the Device Admin via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setShortSupportMessage%28android.content.ComponentName,%20java.lang.CharSequence%29"><code>setShortSupportMessage</code></a> .
</li>
<li>The DPC application’s icon.
</li>
@@ -2335,11 +2335,11 @@
Managed profile capable devices MUST:
</p>
<ul>
- <li>Declare the platform feature flag <code>android.software.managed_users</code>.
+ <li>Declare the platform feature flag <code>android.software.managed_users</code> .
</li>
<li>Support managed profiles via the <code>android.app.admin.DevicePolicyManager</code> APIs.
</li>
- <li>Allow one and only <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">one managed profile to be created</a>.
+ <li>Allow one and only <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">one managed profile to be created</a> .
</li>
<li>Use an icon badge (similar to the AOSP upstream work badge) to represent the managed applications and widgets and other badged UI elements like Recents & Notifications.
</li>
@@ -2371,7 +2371,7 @@
</li>
<li>The lock screen credentials of the managed profile MUST use the same credential storage and management mechanisms as the parent profile, as documented on the <a href="http://source.android.com/security/authentication/index.html">Android Open Source Project Site</a>
</li>
- <li>The DPC <a href="https://developer.android.com/guide/topics/admin/device-admin.html#pwd">password policies</a> MUST apply to only the managed profile's lock screen credentials unless called upon the <code>DevicePolicyManager</code> instance returned by <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#getParentProfileInstance%28android.content.ComponentName%29">getParentProfileInstance</a>.
+ <li>The DPC <a href="https://developer.android.com/guide/topics/admin/device-admin.html#pwd">password policies</a> MUST apply to only the managed profile's lock screen credentials unless called upon the <code>DevicePolicyManager</code> instance returned by <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#getParentProfileInstance%28android.content.ComponentName%29">getParentProfileInstance</a> .
</li>
</ul>
</li>
@@ -2390,7 +2390,7 @@
</li>
<li>Device implementations (Android Automotive excluded) MUST provide an implementation of the Android accessibility framework consistent with the default Android implementation.
</li>
- <li>Device implementations (Android Automotive excluded) MUST support third-party accessibility service implementations through the <a href="http://developer.android.com/reference/android/view/accessibility/package-summary.html">android.accessibilityservice APIs</a>.
+ <li>Device implementations (Android Automotive excluded) MUST support third-party accessibility service implementations through the <a href="http://developer.android.com/reference/android/view/accessibility/package-summary.html">android.accessibilityservice APIs</a> .
</li>
<li>Device implementations (Android Automotive excluded) MUST generate AccessibilityEvents and deliver these events to all registered AccessibilityService implementations in a manner consistent with the default Android implementation
</li>
@@ -2419,7 +2419,7 @@
3.11. Text-to-Speech
</h2>
<p>
- Android includes APIs that allow applications to make use of text-to-speech (TTS) services and allows service providers to provide implementations of TTS services. Device implementations reporting the feature android.hardware.audio.output MUST meet these requirements related to the <a href="http://developer.android.com/reference/android/speech/tts/package-summary.html">Android TTS framework</a>.
+ Android includes APIs that allow applications to make use of text-to-speech (TTS) services and allows service providers to provide implementations of TTS services. Device implementations reporting the feature android.hardware.audio.output MUST meet these requirements related to the <a href="http://developer.android.com/reference/android/speech/tts/package-summary.html">Android TTS framework</a> .
</p>
<p>
Android Automotive implementations:
@@ -2506,19 +2506,19 @@
3.12.1.3. TV input app linking
</h4>
<p>
- Android Television device implementations MUST support <a href="http://developer.android.com/reference/android/media/tv/TvContract.Channels.html#COLUMN_APP_LINK_INTENT_URI">TV input app linking</a>, which allows all inputs to provide activity links from the current activity to another activity (i.e. a link from live programming to related content). The TV App MUST show TV input app linking when it is provided.
+ Android Television device implementations MUST support <a href="http://developer.android.com/reference/android/media/tv/TvContract.Channels.html#COLUMN_APP_LINK_INTENT_URI">TV input app linking</a> , which allows all inputs to provide activity links from the current activity to another activity (i.e. a link from live programming to related content). The TV App MUST show TV input app linking when it is provided.
</p>
<h4 id="3_12_1_4_time_shifting">
3.12.1.4. Time shifting
</h4>
<p>
- Android Television device implementations MUST support time shifting, which allows the user to pause and resume live content. Device implementations MUST provide the user a way to pause and resume the currently playing program, if time shifting for that program <a href="https://developer.android.com/reference/android/media/tv/TvInputManager.html#TIME_SHIFT_STATUS_AVAILABLE">is available</a>.
+ Android Television device implementations MUST support time shifting, which allows the user to pause and resume live content. Device implementations MUST provide the user a way to pause and resume the currently playing program, if time shifting for that program <a href="https://developer.android.com/reference/android/media/tv/TvInputManager.html#TIME_SHIFT_STATUS_AVAILABLE">is available</a> .
</p>
<h4 id="3_12_1_5_tv_recording">
3.12.1.5. TV recording
</h4>
<p>
- Android Television device implementations are STRONGLY RECOMMENDED to support TV recording. If the TV input supports recording, the EPG MAY provide a way to <a href="https://developer.android.com/reference/android/media/tv/TvInputInfo.html#canRecord%28%29">record a program</a> if the recording of such a program is not <a href="https://developer.android.com/reference/android/media/tv/TvContract.Programs.html#COLUMN_RECORDING_PROHIBITED">prohibited</a>. Device implementations SHOULD provide a user interface to play recorded programs.
+ Android Television device implementations are STRONGLY RECOMMENDED to support TV recording. If the TV input supports recording, the EPG MAY provide a way to <a href="https://developer.android.com/reference/android/media/tv/TvInputInfo.html#canRecord%28%29">record a program</a> if the recording of such a program is not <a href="https://developer.android.com/reference/android/media/tv/TvContract.Programs.html#COLUMN_RECORDING_PROHIBITED">prohibited</a> . Device implementations SHOULD provide a user interface to play recorded programs.
</p>
<h2 id="3_13_quick_settings">
3.13. Quick Settings
@@ -2563,13 +2563,13 @@
4. Application Packaging Compatibility
</h1>
<p>
- Device implementations MUST install and run Android “.apk” files as generated by the “aapt” tool included in the <a href="http://developer.android.com/tools/help/index.html">official Android SDK</a>. For this reason device implementations SHOULD use the reference implementation’s package management system.
+ Device implementations MUST install and run Android “.apk” files as generated by the “aapt” tool included in the <a href="http://developer.android.com/tools/help/index.html">official Android SDK</a> . For this reason device implementations SHOULD use the reference implementation’s package management system.
</p>
<p>
- The package manager MUST support verifying “.apk” files using the <a href="https://source.android.com/security/apksigning/v2.html">APK Signature Scheme v2</a>.
+ The package manager MUST support verifying “.apk” files using the <a href="https://source.android.com/security/apksigning/v2.html">APK Signature Scheme v2</a> and <a href="https://source.android.com/security/apksigning/v2.html#v1-verification">JAR signing</a> .
</p>
<p>
- Devices implementations MUST NOT extend either the <a href="http://developer.android.com/guide/components/fundamentals.html">.apk</a>, <a href="http://developer.android.com/guide/topics/manifest/manifest-intro.html">Android Manifest</a>, <a href="https://android.googlesource.com/platform/dalvik/">Dalvik bytecode</a>, or RenderScript bytecode formats in such a way that would prevent those files from installing and running correctly on other compatible devices.
+ Devices implementations MUST NOT extend either the <a href="http://developer.android.com/guide/components/fundamentals.html">.apk</a> , <a href="http://developer.android.com/guide/topics/manifest/manifest-intro.html">Android Manifest</a> , <a href="https://android.googlesource.com/platform/dalvik/">Dalvik bytecode</a> , or RenderScript bytecode formats in such a way that would prevent those files from installing and running correctly on other compatible devices.
</p>
<p>
Device implementations MUST NOT allow apps other than the current "installer of record" for the package to silently uninstall the app without any prompt, as documented in the SDK for the <a href="https://developer.android.com/reference/android/Manifest.permission.html#DELETE_PACKAGES"><code>DELETE_PACKAGE</code></a> permission. The only exceptions are the system package verifier app handling <a href="https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_NEEDS_VERIFICATION">PACKAGE_NEEDS_VERIFICATION</a> intent and the storage manager app handling <a href="https://developer.android.com/reference/android/os/storage/StorageManager.html#ACTION_MANAGE_STORAGE">ACTION_MANAGE_STORAGE</a> intent.
@@ -2591,7 +2591,7 @@
</li>
<li>
<p>
- MUST support the media formats, encoders, decoders, file types, and container formats defined in the tables below and reported via <a href="http://developer.android.com/reference/android/media/MediaCodecList.html">MediaCodecList</a>.
+ MUST support the media formats, encoders, decoders, file types, and container formats defined in the tables below and reported via <a href="http://developer.android.com/reference/android/media/MediaCodecList.html">MediaCodecList</a> .
</p>
</li>
<li>
@@ -2661,7 +2661,7 @@
<ul>
<li class="table_list">3GPP (.3gp)
</li>
- <li class="table_list">MPEG-4 (.mp4,.m4a)
+ <li class="table_list">MPEG-4 (.mp4, .m4a)
</li>
<li class="table_list">ADTS raw AAC (.aac, decode in Android 3.1+, encode in Android 4.0+, ADIF not supported)
</li>
@@ -2793,9 +2793,9 @@
</td>
<td>
<ul>
- <li class="table_list">Type 0 and 1 (.mid,.xmf,.mxmf)
+ <li class="table_list">Type 0 and 1 (.mid, .xmf, .mxmf)
</li>
- <li class="table_list">RTTTL/RTX (.rtttl,.rtx)
+ <li class="table_list">RTTTL/RTX (.rtttl, .rtx)
</li>
<li class="table_list">OTA (.ota)
</li>
@@ -3167,7 +3167,7 @@
2 Required for device implementations except Android Watch devices.
</p>
<p class="table_footnote">
- 3 For acceptable quality of web video streaming and video-conference services, device implementations SHOULD use a hardware VP8 codec that meets the <a href="http://www.webmproject.org/hardware/rtc-coding-requirements/">requirements</a>.
+ 3 For acceptable quality of web video streaming and video-conference services, device implementations SHOULD use a hardware VP8 codec that meets the <a href="http://www.webmproject.org/hardware/rtc-coding-requirements/">requirements</a> .
</p>
<p class="table_footnote">
4 Device implementations SHOULD support writing Matroska WebM files.
@@ -3530,7 +3530,7 @@
5.3.5. H.265 (HEVC)
</h3>
<p>
- Android device implementations, when supporting H.265 codec as described in <a href="#5_1_3_video_codecs">section 5.1.3</a>:
+ Android device implementations, when supporting H.265 codec as described in <a href="#5_1_3_video_codecs">section 5.1.3</a> :
</p>
<ul>
<li>MUST support the Main Profile Level 3 Main tier and the SD video decoding profiles as indicated in the following table.
@@ -3635,7 +3635,7 @@
5.3.6. VP8
</h3>
<p>
- Android device implementations, when supporting VP8 codec as described in <a href="https://source.android.com/compatibility/android-cdd.html#5_1_3_video_codecs">section 5.1.3</a>:
+ Android device implementations, when supporting VP8 codec as described in <a href="https://source.android.com/compatibility/android-cdd.html#5_1_3_video_codecs">section 5.1.3</a> :
</p>
<ul>
<li>MUST support the SD decoding profiles in the following table.
@@ -3723,7 +3723,7 @@
5.3.7. VP9
</h3>
<p>
- Android device implementations, when supporting VP9 codec as described in <a href="https://source.android.com/compatibility/android-cdd.html#5_1_3_video_codecs">section 5.1.3</a>:
+ Android device implementations, when supporting VP9 codec as described in <a href="https://source.android.com/compatibility/android-cdd.html#5_1_3_video_codecs">section 5.1.3</a> :
</p>
<ul>
<li>MUST support the SD video decoding profiles as indicated in the following table.
@@ -3843,13 +3843,13 @@
</p>
<ul>
<li>
- <strong>Format</strong>: Linear PCM, 16-bit
+ <strong>Format</strong> : Linear PCM, 16-bit
</li>
<li>
- <strong>Sampling rates</strong>: 8000, 11025, 16000, 44100
+ <strong>Sampling rates</strong> : 8000, 11025, 16000, 44100
</li>
<li>
- <strong>Channels</strong>: Mono
+ <strong>Channels</strong> : Mono
</li>
</ul>
<p>
@@ -3860,13 +3860,13 @@
</p>
<ul>
<li>
- <strong>Format</strong>: Linear PCM, 16-bit
+ <strong>Format</strong> : Linear PCM, 16-bit
</li>
<li>
- <strong>Sampling rates</strong>: 22050, 48000
+ <strong>Sampling rates</strong> : 22050, 48000
</li>
<li>
- <strong>Channels</strong>: Stereo
+ <strong>Channels</strong> : Stereo
</li>
</ul>
<p>
@@ -3926,13 +3926,13 @@
</p>
<ul>
<li>
- <strong>Format</strong>: Linear PCM, 16-bit
+ <strong>Format</strong> : Linear PCM, 16-bit
</li>
<li>
- <strong>Sampling rates</strong>: 8000, 11025, 16000, 22050, 32000, 44100
+ <strong>Sampling rates</strong> : 8000, 11025, 16000, 22050, 32000, 44100
</li>
<li>
- <strong>Channels</strong>: Mono, Stereo
+ <strong>Channels</strong> : Mono, Stereo
</li>
</ul>
<p>
@@ -3940,7 +3940,7 @@
</p>
<ul>
<li>
- <strong>Sampling rates</strong>: 24000, 48000
+ <strong>Sampling rates</strong> : 24000, 48000
</li>
</ul>
<h3 id="5_5_2_audio_effects">
@@ -3964,7 +3964,7 @@
Android Television device implementations MUST include support for system Master Volume and digital audio output volume attenuation on supported outputs, except for compressed audio passthrough output (where no audio decoding is done on the device).
</p>
<p>
- Android Automotive device implementations SHOULD allow adjusting audio volume separately per each audio stream using the content type or usage as defined by <a href="" title="http://developer.android.com/reference/android/media/AudioAttributes.html">AudioAttributes</a> and car audio usage as publicly defined in <code>android.car.CarAudioManager</code>.
+ Android Automotive device implementations SHOULD allow adjusting audio volume separately per each audio stream using the content type or usage as defined by <a href="" title="http://developer.android.com/reference/android/media/AudioAttributes.html">AudioAttributes</a> and car audio usage as publicly defined in <code>android.car.CarAudioManager</code> .
</p>
<h2 id="5_6_audio_latency">
5.6. Audio Latency
@@ -3977,37 +3977,37 @@
</p>
<ul>
<li>
- <strong>output latency</strong>. The interval between when an application writes a frame of PCM-coded data and when the corresponding sound is presented to environment at an on-device transducer or signal leaves the device via a port and can be observed externally.
+ <strong>output latency</strong> . The interval between when an application writes a frame of PCM-coded data and when the corresponding sound is presented to environment at an on-device transducer or signal leaves the device via a port and can be observed externally.
</li>
<li>
- <strong>cold output latency</strong>. The output latency for the first frame, when the audio output system has been idle and powered down prior to the request.
+ <strong>cold output latency</strong> . The output latency for the first frame, when the audio output system has been idle and powered down prior to the request.
</li>
<li>
- <strong>continuous output latency</strong>. The output latency for subsequent frames, after the device is playing audio.
+ <strong>continuous output latency</strong> . The output latency for subsequent frames, after the device is playing audio.
</li>
<li>
- <strong>input latency</strong>. The interval between when a sound is presented by environment to device at an on-device transducer or signal enters the device via a port and when an application reads the corresponding frame of PCM-coded data.
+ <strong>input latency</strong> . The interval between when a sound is presented by environment to device at an on-device transducer or signal enters the device via a port and when an application reads the corresponding frame of PCM-coded data.
</li>
<li>
- <strong>lost input</strong>. The initial portion of an input signal that is unusable or unavailable.
+ <strong>lost input</strong> . The initial portion of an input signal that is unusable or unavailable.
</li>
<li>
- <strong>cold input latency</strong>. The sum of lost input time and the input latency for the first frame, when the audio input system has been idle and powered down prior to the request.
+ <strong>cold input latency</strong> . The sum of lost input time and the input latency for the first frame, when the audio input system has been idle and powered down prior to the request.
</li>
<li>
- <strong>continuous input latency</strong>. The input latency for subsequent frames, while the device is capturing audio.
+ <strong>continuous input latency</strong> . The input latency for subsequent frames, while the device is capturing audio.
</li>
<li>
- <strong>cold output jitter</strong>. The variability among separate measurements of cold output latency values.
+ <strong>cold output jitter</strong> . The variability among separate measurements of cold output latency values.
</li>
<li>
- <strong>cold input jitter</strong>. The variability among separate measurements of cold input latency values.
+ <strong>cold input jitter</strong> . The variability among separate measurements of cold input latency values.
</li>
<li>
- <strong>continuous round-trip latency</strong>. The sum of continuous input latency plus continuous output latency plus one buffer period. The buffer period allows time for the app to process the signal and time for the app to mitigate phase difference between input and output streams.
+ <strong>continuous round-trip latency</strong> . The sum of continuous input latency plus continuous output latency plus one buffer period. The buffer period allows time for the app to process the signal and time for the app to mitigate phase difference between input and output streams.
</li>
<li>
- <strong>OpenSL ES PCM buffer queue API</strong>. The set of PCM-related OpenSL ES APIs within <a href="https://developer.android.com/ndk/index.html">Android NDK</a>.
+ <strong>OpenSL ES PCM buffer queue API</strong> . The set of PCM-related OpenSL ES APIs within <a href="https://developer.android.com/ndk/index.html">Android NDK</a> .
</li>
</ul>
<p>
@@ -4123,7 +4123,7 @@
RTSP (RTP, SDP)
</p>
<p>
- The following RTP audio video profile and related codecs MUST be supported. For exceptions please see the table footnotes in <a href="#5_1_media_codecs">section 5.1</a>.
+ The following RTP audio video profile and related codecs MUST be supported. For exceptions please see the table footnotes in <a href="#5_1_media_codecs">section 5.1</a> .
</p>
</li>
</ul>
@@ -4288,7 +4288,7 @@
</li>
<li>The device implementation MUST report support for feature android.software.midi.
</li>
- <li>If the device includes a 4 conductor 3.5mm audio jack, the device implementation is STRONGLY RECOMMENDED to comply with section <a href="https://source.android.com/accessories/headset/specification.html#mobile_device_jack_specifications">Mobile device (jack) specifications</a> of the <a href="https://source.android.com/accessories/headset/specification.html">Wired Audio Headset Specification (v1.1)</a>.
+ <li>If the device includes a 4 conductor 3.5mm audio jack, the device implementation is STRONGLY RECOMMENDED to comply with section <a href="https://source.android.com/accessories/headset/specification.html#mobile_device_jack_specifications">Mobile device (jack) specifications</a> of the <a href="https://source.android.com/accessories/headset/specification.html">Wired Audio Headset Specification (v1.1)</a> .
</li>
</ul>
<p>
@@ -4339,10 +4339,10 @@
5.11. Capture for Unprocessed
</h2>
<p>
- Starting from Android 7.0, a new recording source has been added. It can be accessed using the <code>android.media.MediaRecorder.AudioSource.UNPROCESSED</code> audio source. In OpenSL ES, it can be accessed with the record preset <code>SL_ANDROID_RECORDING_PRESET_UNPROCESSED</code>.
+ Starting from Android 7.0, a new recording source has been added. It can be accessed using the <code>android.media.MediaRecorder.AudioSource.UNPROCESSED</code> audio source. In OpenSL ES, it can be accessed with the record preset <code>SL_ANDROID_RECORDING_PRESET_UNPROCESSED</code> .
</p>
<p>
- A device MUST satisfy all of the following requirements to report support of the unprocessed audio source via the <code>android.media.AudioManager</code> property <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED">PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED</a>:
+ A device MUST satisfy all of the following requirements to report support of the unprocessed audio source via the <code>android.media.AudioManager</code> property <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED">PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED</a> :
</p>
<ul>
<li>
@@ -4408,7 +4408,7 @@
<li>
<a href="http://developer.android.com/tools/help/adb.html"><strong>Android Debug Bridge (adb)</strong></a>
<ul>
- <li>Device implementations MUST support all adb functions as documented in the Android SDK including <a href="https://source.android.com/devices/input/diagnostics.html">dumpsys</a>.
+ <li>Device implementations MUST support all adb functions as documented in the Android SDK including <a href="https://source.android.com/devices/input/diagnostics.html">dumpsys</a> .
</li>
<li>The device-side adb daemon MUST be inactive by default and there MUST be a user-accessible mechanism to turn on the Android Debug Bridge. If a device implementation omits USB peripheral mode, it MUST implement the Android Debug Bridge via local-area network (such as Ethernet or 802.11).
</li>
@@ -4477,23 +4477,23 @@
7.1. Display and Graphics
</h2>
<p>
- Android includes facilities that automatically adjust application assets and UI layouts appropriately for the device to ensure that third-party applications run well on a <a href="http://developer.android.com/guide/practices/screens_support.html">variety of hardware configurations</a>. Devices MUST properly implement these APIs and behaviors, as detailed in this section.
+ Android includes facilities that automatically adjust application assets and UI layouts appropriately for the device to ensure that third-party applications run well on a <a href="http://developer.android.com/guide/practices/screens_support.html">variety of hardware configurations</a> . Devices MUST properly implement these APIs and behaviors, as detailed in this section.
</p>
<p>
The units referenced by the requirements in this section are defined as follows:
</p>
<ul>
<li>
- <strong>physical diagonal size</strong>. The distance in inches between two opposing corners of the illuminated portion of the display.
+ <strong>physical diagonal size</strong> . The distance in inches between two opposing corners of the illuminated portion of the display.
</li>
<li>
- <strong>dots per inch (dpi)</strong>. The number of pixels encompassed by a linear horizontal or vertical span of 1”. Where dpi values are listed, both horizontal and vertical dpi must fall within the range.
+ <strong>dots per inch (dpi)</strong> . The number of pixels encompassed by a linear horizontal or vertical span of 1”. Where dpi values are listed, both horizontal and vertical dpi must fall within the range.
</li>
<li>
- <strong>aspect ratio</strong>. The ratio of the pixels of the longer dimension to the shorter dimension of the screen. For example, a display of 480x854 pixels would be 854/480 = 1.779, or roughly “16:9”.
+ <strong>aspect ratio</strong> . The ratio of the pixels of the longer dimension to the shorter dimension of the screen. For example, a display of 480x854 pixels would be 854/480 = 1.779, or roughly “16:9”.
</li>
<li>
- <strong>density-independent pixel (dp)</strong>. The virtual pixel unit normalized to a 160 dpi screen, calculated as: pixels = dps * (density/160).
+ <strong>density-independent pixel (dp)</strong> . The virtual pixel unit normalized to a 160 dpi screen, calculated as: pixels = dps * (density/160).
</li>
</ul>
<h3 id="7_1_1_screen_configuration">
@@ -4540,17 +4540,22 @@
<h4 id="7_1_1_2_screen_aspect_ratio">
7.1.1.2. Screen Aspect Ratio
</h4>
- <div class="note">
- Android Watch devices MAY have an aspect ratio of 1.0 (1:1).
- </div>
<p>
- The screen aspect ratio MUST be a value from 1.3333 (4:3) to 1.86 (roughly 16:9), but Android Watch devices MAY have an aspect ratio of 1.0 (1:1) because such a device implementation will use a UI_MODE_TYPE_WATCH as the android.content.res.Configuration.uiMode.
+ While there is no restriction to the screen aspect ratio value of the physical screen display, the screen aspect ratio of the surface that third-party apps are rendered on and which can be derived from the values reported via the <a href="https://developer.android.com/reference/android/util/DisplayMetrics.html">DisplayMetrics</a> MUST meet the following requirements:
</p>
+ <ul>
+ <li>If the <a href="https://developer.android.com/reference/android/content/res/Configuration.html#uiMode">uiMode</a> is configured as UI_MODE_TYPE_WATCH, the aspect ratio value MAY be set as 1.0 (1:1).
+ </li>
+ <li>If the third-party app indicates that it is resizeable via the <a href="https://developer.android.com/guide/topics/ui/multi-window.html#configuring">android:resizeableActivity</a> attribute, there are no restrictions to the aspect ratio value.
+ </li>
+ <li>For all other cases, the aspect ratio MUST be a value between 1.3333 (4:3) and 1.86 (roughly 16:9) unless the app has indicated explicitly that it supports a higher screen aspect ratio through the <a href="https://developer.android.com/guide/practices/screens_support.html#MaxAspectRatio">maxAspectRatio</a> metadata value.
+ </li>
+ </ul>
<h4 id="7_1_1_3_screen_density">
7.1.1.3. Screen Density
</h4>
<p>
- The Android UI framework defines a set of standard logical densities to help application developers target application resources. Device implementations MUST report only one of the following logical Android framework densities through the android.util.DisplayMetrics APIs, and MUST execute applications at this standard density and MUST NOT change the value at at any time for the default display.
+ The Android UI framework defines a set of standard logical densities to help application developers target application resources. By default, device implementations MUST report only one of the following logical Android framework densities through the <a href="https://developer.android.com/reference/android/util/DisplayMetrics.html#DENSITY_DEVICE_STABLE">DENSITY_DEVICE_STABLE</a> API and this value MUST NOT change at any time; however, the device MAY report a different arbitrary density according to the display configuration changes made by the user (for example, display size) set after initial boot.
</p>
<ul>
<li>120 dpi (ldpi)
@@ -4561,10 +4566,16 @@
</li>
<li>240 dpi (hdpi)
</li>
+ <li>260 dpi (260dpi)
+ </li>
<li>280 dpi (280dpi)
</li>
+ <li>300 dpi (300dpi)
+ </li>
<li>320 dpi (xhdpi)
</li>
+ <li>340 dpi (340dpi)
+ </li>
<li>360 dpi (360dpi)
</li>
<li>400 dpi (400dpi)
@@ -4627,7 +4638,7 @@
7.1.4. 2D and 3D Graphics Acceleration
</h3>
<p>
- Device implementations MUST support both OpenGL ES 1.0 and 2.0, as embodied and detailed in the Android SDK documentations. Device implementations SHOULD support OpenGL ES 3.0, 3.1, or 3.2 on devices capable of supporting it. Device implementations MUST also support <a href="http://developer.android.com/guide/topics/renderscript/">Android RenderScript</a>, as detailed in the Android SDK documentation.
+ Device implementations MUST support both OpenGL ES 1.0 and 2.0, as embodied and detailed in the Android SDK documentations. Device implementations SHOULD support OpenGL ES 3.0, 3.1, or 3.2 on devices capable of supporting it. Device implementations MUST also support <a href="http://developer.android.com/guide/topics/renderscript/">Android RenderScript</a> , as detailed in the Android SDK documentation.
</p>
<p>
Device implementations MUST also correctly identify themselves as supporting OpenGL ES 1.0, OpenGL ES 2.0, OpenGL ES 3.0, OpenGL 3.1, or OpenGL 3.2. That is:
@@ -4656,7 +4667,7 @@
Device implementations MUST enable hardware acceleration by default, and MUST disable hardware acceleration if the developer so requests by setting android:hardwareAccelerated="false” or disabling hardware acceleration directly through the Android View APIs.
</p>
<p>
- In addition, device implementations MUST exhibit behavior consistent with the Android SDK documentation on <a href="http://developer.android.com/guide/topics/graphics/hardware-accel.html">hardware acceleration</a>.
+ In addition, device implementations MUST exhibit behavior consistent with the Android SDK documentation on <a href="http://developer.android.com/guide/topics/graphics/hardware-accel.html">hardware acceleration</a> .
</p>
<p>
Android includes a TextureView object that lets developers directly integrate hardware-accelerated OpenGL ES textures as rendering targets in a UI hierarchy. Device implementations MUST support the TextureView API, and MUST exhibit consistent behavior with the upstream Android implementation.
@@ -4712,7 +4723,7 @@
Device implementations:
</p>
<ul>
- <li>MUST include support for the Input Management Framework (which allows third-party developers to create Input Method Editors—i.e. soft keyboard) as detailed at <a href="http://developer.android.com">http://developer.android.com</a>.
+ <li>MUST include support for the Input Management Framework (which allows third-party developers to create Input Method Editors—i.e. soft keyboard) as detailed at <a href="http://developer.android.com">http://developer.android.com</a> .
</li>
<li>MUST provide at least one soft keyboard implementation (regardless of whether a hard keyboard is present) except for Android Watch devices where the screen size makes it less reasonable to have a soft keyboard.
</li>
@@ -4735,7 +4746,7 @@
<ul>
<li>MAY omit a non-touch navigation option (trackball, d-pad, or wheel) if the device implementation is not an Android Television device.
</li>
- <li>MUST report the correct value for <a href="http://developer.android.com/reference/android/content/res/Configuration.html">android.content.res.Configuration.navigation</a>.
+ <li>MUST report the correct value for <a href="http://developer.android.com/reference/android/content/res/Configuration.html">android.content.res.Configuration.navigation</a> .
</li>
<li>MUST provide a reasonable alternative user interface mechanism for the selection and editing of text, compatible with Input Management Engines. The upstream Android open source implementation includes a selection mechanism suitable for use with devices that lack non-touch navigation inputs.
</li>
@@ -4754,7 +4765,7 @@
</li>
<li>Android Television device implementations MUST provide the Home and Back functions.
</li>
- <li>Android Watch device implementations MUST have the Home function available to the user, and the Back function except for when it is in <code>UI_MODE_TYPE_WATCH</code>.
+ <li>Android Watch device implementations MUST have the Home function available to the user, and the Back function except for when it is in <code>UI_MODE_TYPE_WATCH</code> .
</li>
<li>Android Watch device implementations, and no other Android device types, MAY consume the long press event on the key event <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BACK"><code>KEYCODE_BACK</code></a> and omit it from being sent to the foreground application.
</li>
@@ -4795,7 +4806,7 @@
<ul>
<li>Device implementation navigation keys MUST use a distinct portion of the screen, not available to applications, and MUST NOT obscure or otherwise interfere with the portion of the screen available to applications.
</li>
- <li>Device implementations MUST make available a portion of the display to applications that meets the requirements defined in <a href="#7_1_1_screen_configuration">section 7.1.1</a>.
+ <li>Device implementations MUST make available a portion of the display to applications that meets the requirements defined in <a href="#7_1_1_screen_configuration">section 7.1.1</a> .
</li>
<li>Device implementations MUST display the navigation keys when applications do not specify a system UI mode, or specify SYSTEM_UI_FLAG_VISIBLE.
</li>
@@ -4820,10 +4831,10 @@
</li>
</ul>
<p>
- Android includes support for a variety of touchscreens, touch pads, and fake touch input devices. <a href="http://source.android.com/devices/tech/input/touch-devices.html">Touchscreen-based device implementations</a> are associated with a display such that the user has the impression of directly manipulating items on screen. Since the user is directly touching the screen, the system does not require any additional affordances to indicate the objects being manipulated. In contrast, a fake touch interface provides a user input system that approximates a subset of touchscreen capabilities. For example, a mouse or remote control that drives an on-screen cursor approximates touch, but requires the user to first point or focus then click. Numerous input devices like the mouse, trackpad, gyro-based air mouse, gyro-pointer, joystick, and multi-touch trackpad can support fake touch interactions. Android includes the feature constant android.hardware.faketouch, which corresponds to a high-fidelity non-touch (pointer-based) input device such as a mouse or trackpad that can adequately emulate touch-based input (including basic gesture support), and indicates that the device supports an emulated subset of touchscreen functionality. Device implementations that declare the fake touch feature MUST meet the fake touch requirements in <a href="#7_2_5_fake_touch_input">section 7.2.5</a>.
+ Android includes support for a variety of touchscreens, touch pads, and fake touch input devices. <a href="http://source.android.com/devices/tech/input/touch-devices.html">Touchscreen-based device implementations</a> are associated with a display such that the user has the impression of directly manipulating items on screen. Since the user is directly touching the screen, the system does not require any additional affordances to indicate the objects being manipulated. In contrast, a fake touch interface provides a user input system that approximates a subset of touchscreen capabilities. For example, a mouse or remote control that drives an on-screen cursor approximates touch, but requires the user to first point or focus then click. Numerous input devices like the mouse, trackpad, gyro-based air mouse, gyro-pointer, joystick, and multi-touch trackpad can support fake touch interactions. Android includes the feature constant android.hardware.faketouch, which corresponds to a high-fidelity non-touch (pointer-based) input device such as a mouse or trackpad that can adequately emulate touch-based input (including basic gesture support), and indicates that the device supports an emulated subset of touchscreen functionality. Device implementations that declare the fake touch feature MUST meet the fake touch requirements in <a href="#7_2_5_fake_touch_input">section 7.2.5</a> .
</p>
<p>
- Device implementations MUST report the correct feature corresponding to the type of input used. Device implementations that include a touchscreen (single-touch or better) MUST report the platform feature constant android.hardware.touchscreen. Device implementations that report the platform feature constant android.hardware.touchscreen MUST also report the platform feature constant android.hardware.faketouch. Device implementations that do not include a touchscreen (and rely on a pointer device only) MUST NOT report any touchscreen feature, and MUST report only android.hardware.faketouch if they meet the fake touch requirements in <a href="#7_2_5_fake_touch_input">section 7.2.5</a>.
+ Device implementations MUST report the correct feature corresponding to the type of input used. Device implementations that include a touchscreen (single-touch or better) MUST report the platform feature constant android.hardware.touchscreen. Device implementations that report the platform feature constant android.hardware.touchscreen MUST also report the platform feature constant android.hardware.faketouch. Device implementations that do not include a touchscreen (and rely on a pointer device only) MUST NOT report any touchscreen feature, and MUST report only android.hardware.faketouch if they meet the fake touch requirements in <a href="#7_2_5_fake_touch_input">section 7.2.5</a> .
</p>
<h3 id="7_2_5_fake_touch_input">
7.2.5. Fake Touch Input
@@ -4834,7 +4845,7 @@
<ul>
<li>MUST report the <a href="http://developer.android.com/reference/android/view/MotionEvent.html">absolute X and Y screen positions</a> of the pointer location and display a visual pointer on the screen.
</li>
- <li>MUST report touch event with the action code that specifies the state change that occurs on the pointer <a href="http://developer.android.com/reference/android/view/MotionEvent.html">going down or up on the screen</a>.
+ <li>MUST report touch event with the action code that specifies the state change that occurs on the pointer <a href="http://developer.android.com/reference/android/view/MotionEvent.html">going down or up on the screen</a> .
</li>
<li>MUST support pointer down and up on an object on the screen, which allows users to emulate tap on an object on the screen.
</li>
@@ -5091,17 +5102,17 @@
</p>
<ul>
<li>
- <strong>Search affordance</strong>. Device implementations MUST fire KEYCODE_SEARCH when the user invokes voice search either on the physical or software-based remote.
+ <strong>Search affordance</strong> . Device implementations MUST fire KEYCODE_SEARCH (or KEYCODE_ASSIST if the device supports an assistant) when the user invokes voice search on either the physical or software-based remote.
</li>
<li>
- <strong>Navigation</strong>. All Android Television remotes MUST include <a href="http://developer.android.com/reference/android/view/KeyEvent.html">Back, Home, and Select buttons and support for D-pad events</a>.
+ <strong>Navigation</strong> . All Android Television remotes MUST include <a href="http://developer.android.com/reference/android/view/KeyEvent.html">Back, Home, and Select buttons and support for D-pad events</a> .
</li>
</ul>
<h2 id="7_3_sensors">
7.3. Sensors
</h2>
<p>
- Android includes APIs for accessing a variety of sensor types. Devices implementations generally MAY omit these sensors, as provided for in the following subsections. If a device includes a particular sensor type that has a corresponding API for third-party developers, the device implementation MUST implement that API as described in the Android SDK documentation and the Android Open Source documentation on <a href="http://source.android.com/devices/sensors/">sensors</a>. For example, device implementations:
+ Android includes APIs for accessing a variety of sensor types. Devices implementations generally MAY omit these sensors, as provided for in the following subsections. If a device includes a particular sensor type that has a corresponding API for third-party developers, the device implementation MUST implement that API as described in the Android SDK documentation and the Android Open Source documentation on <a href="http://source.android.com/devices/sensors/">sensors</a> . For example, device implementations:
</p>
<ul>
<li>MUST accurately report the presence or absence of sensors per the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager</a> class.
@@ -5123,10 +5134,10 @@
The list above is not comprehensive; the documented behavior of the Android SDK and the Android Open Source Documentations on <a href="http://source.android.com/devices/sensors/">sensors</a> is to be considered authoritative.
</p>
<p>
- Some sensor types are composite, meaning they can be derived from data provided by one or more other sensors. (Examples include the orientation sensor and the linear acceleration sensor.) Device implementations SHOULD implement these sensor types, when they include the prerequisite physical sensors as described in <a href="https://source.android.com/devices/sensors/sensor-types.html">sensor types</a>. If a device implementation includes a composite sensor it MUST implement the sensor as described in the Android Open Source documentation on <a href="https://source.android.com/devices/sensors/sensor-types.html#composite_sensor_type_summary">composite sensors</a>.
+ Some sensor types are composite, meaning they can be derived from data provided by one or more other sensors. (Examples include the orientation sensor and the linear acceleration sensor.) Device implementations SHOULD implement these sensor types, when they include the prerequisite physical sensors as described in <a href="https://source.android.com/devices/sensors/sensor-types.html">sensor types</a> . If a device implementation includes a composite sensor it MUST implement the sensor as described in the Android Open Source documentation on <a href="https://source.android.com/devices/sensors/sensor-types.html#composite_sensor_type_summary">composite sensors</a> .
</p>
<p>
- Some Android sensors support a <a href="https://source.android.com/devices/sensors/report-modes.html#continuous">“continuous” trigger mode</a>, which returns data continuously. For any API indicated by the Android SDK documentation to be a continuous sensor, device implementations MUST continuously provide periodic data samples that SHOULD have a jitter below 3%, where jitter is defined as the standard deviation of the difference of the reported timestamp values between consecutive events.
+ Some Android sensors support a <a href="https://source.android.com/devices/sensors/report-modes.html#continuous">“continuous” trigger mode</a> , which returns data continuously. For any API indicated by the Android SDK documentation to be a continuous sensor, device implementations MUST continuously provide periodic data samples that SHOULD have a jitter below 3%, where jitter is defined as the standard deviation of the difference of the reported timestamp values between consecutive events.
</p>
<p>
Note that the device implementations MUST ensure that the sensor event stream MUST NOT prevent the device CPU from entering a suspend state or waking up from a suspend state.
@@ -5141,13 +5152,13 @@
Device implementations SHOULD include a 3-axis accelerometer. Android Handheld devices, Android Automotive implementations, and Android Watch devices are STRONGLY RECOMMENDED to include this sensor. If a device implementation does include a 3-axis accelerometer, it:
</p>
<ul>
- <li>MUST implement and report <a href="http://developer.android.com/reference/android/hardware/Sensor.html#TYPE_ACCELEROMETER">TYPE_ACCELEROMETER sensor</a>.
+ <li>MUST implement and report <a href="http://developer.android.com/reference/android/hardware/Sensor.html#TYPE_ACCELEROMETER">TYPE_ACCELEROMETER sensor</a> .
</li>
<li>MUST be able to report events up to a frequency of at least 50 Hz for Android Watch devices as such devices have a stricter power constraint and 100 Hz for all other device types.
</li>
<li>SHOULD report events up to at least 200 Hz.
</li>
- <li>MUST comply with the <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html">Android sensor coordinate system</a> as detailed in the Android APIs. Android Automotive implementations MUST comply with the Android <a href="http://source.android.com/devices/sensors/sensor-types.html#auto_axes">car sensor coordinate system</a>.
+ <li>MUST comply with the <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html">Android sensor coordinate system</a> as detailed in the Android APIs. Android Automotive implementations MUST comply with the Android <a href="http://source.android.com/devices/sensors/sensor-types.html#auto_axes">car sensor coordinate system</a> .
</li>
<li>MUST be capable of measuring from freefall up to four times the gravity (4g) or more on any axis.
</li>
@@ -5207,7 +5218,7 @@
<ul>
<li>It is STRONGLY RECOMMENDED that the device continue to deliver normal GPS/GNSS outputs to applications during an emergency phone call and that location output not be blocked during an emergency phone call.
</li>
- <li>It MUST support location outputs at a rate of at least 1 Hz when requested via <code>LocationManager#requestLocationUpdate</code>.
+ <li>It MUST support location outputs at a rate of at least 1 Hz when requested via <code>LocationManager#requestLocationUpdate</code> .
</li>
<li>It MUST be able to determine the location in open-sky conditions (strong signals, negligible multipath, HDOP < 2) within 10 seconds (fast time to first fix), when connected to a 0.5 Mbps or faster data speed internet connection. This requirement is typically met by the use of some form of Assisted or Predicted GPS/GNSS technique to minimize GPS/GNSS lock-on time (Assistance data includes Reference Time, Reference Location and Satellite Ephemeris/Clock).
<ul>
@@ -5525,7 +5536,7 @@
7.3.11. Android Automotive-only sensors
</h3>
<p>
- Automotive-specific sensors are defined in the <code>android.car.CarSensorManager API</code>.
+ Automotive-specific sensors are defined in the <code>android.car.CarSensorManager API</code> .
</p>
<h4 id="7_3_11_1_current_gear">
7.3.11.1. Current Gear
@@ -5537,7 +5548,7 @@
7.3.11.2. Day Night Mode
</h4>
<p>
- Android Automotive implementations MUST support day/night mode defined as SENSOR_TYPE_NIGHT. The value of this flag MUST be consistent with dashboard day/night mode and SHOULD be based on ambient light sensor input. The underlying ambient light sensor MAY be the same as <a href="#7_3_7_photometer">Photometer</a>.
+ Android Automotive implementations MUST support day/night mode defined as SENSOR_TYPE_NIGHT. The value of this flag MUST be consistent with dashboard day/night mode and SHOULD be based on ambient light sensor input. The underlying ambient light sensor MAY be the same as <a href="#7_3_7_photometer">Photometer</a> .
</p>
<h4 id="7_3_11_3_driving_status">
7.3.11.3. Driving Status
@@ -5653,7 +5664,7 @@
Device implementations that support <code>android.hardware.vr.high_performance</code> feature MUST support Bluetooth 4.2 and Bluetooth LE Data Length Extension.
</p>
<p>
- Android includes support for <a href="http://developer.android.com/reference/android/bluetooth/package-summary.html">Bluetooth and Bluetooth Low Energy</a>. Device implementations that include support for Bluetooth and Bluetooth Low Energy MUST declare the relevant platform features (android.hardware.bluetooth and android.hardware.bluetooth_le respectively) and implement the platform APIs. Device implementations SHOULD implement relevant Bluetooth profiles such as A2DP, AVCP, OBEX, etc. as appropriate for the device.
+ Android includes support for <a href="http://developer.android.com/reference/android/bluetooth/package-summary.html">Bluetooth and Bluetooth Low Energy</a> . Device implementations that include support for Bluetooth and Bluetooth Low Energy MUST declare the relevant platform features (android.hardware.bluetooth and android.hardware.bluetooth_le respectively) and implement the platform APIs. Device implementations SHOULD implement relevant Bluetooth profiles such as A2DP, AVCP, OBEX, etc. as appropriate for the device.
</p>
<p>
Android Automotive implementations SHOULD support Message Access Profile (MAP). Android Automotive implementations MUST support the following Bluetooth profiles:
@@ -5674,11 +5685,11 @@
<ul>
<li>MUST declare the hardware feature android.hardware.bluetooth_le.
</li>
- <li>MUST enable the GATT (generic attribute profile) based Bluetooth APIs as described in the SDK documentation and <a href="http://developer.android.com/reference/android/bluetooth/package-summary.html">android.bluetooth</a>.
+ <li>MUST enable the GATT (generic attribute profile) based Bluetooth APIs as described in the SDK documentation and <a href="http://developer.android.com/reference/android/bluetooth/package-summary.html">android.bluetooth</a> .
</li>
<li>are STRONGLY RECOMMENDED to implement a Resolvable Private Address (RPA) timeout no longer than 15 minutes and rotate the address at timeout to protect user privacy.
</li>
- <li>SHOULD support offloading of the filtering logic to the bluetooth chipset when implementing the <a href="https://developer.android.com/reference/android/bluetooth/le/ScanFilter.html">ScanFilter API</a>, and MUST report the correct value of where the filtering logic is implemented whenever queried via the android.bluetooth.BluetoothAdapter.isOffloadedFilteringSupported() method.
+ <li>SHOULD support offloading of the filtering logic to the bluetooth chipset when implementing the <a href="https://developer.android.com/reference/android/bluetooth/le/ScanFilter.html">ScanFilter API</a> , and MUST report the correct value of where the filtering logic is implemented whenever queried via the android.bluetooth.BluetoothAdapter.isOffloadedFilteringSupported() method.
</li>
<li>SHOULD support offloading of the batched scanning to the bluetooth chipset, but if not supported, MUST report ‘false’ whenever queried via the android.bluetooth.BluetoothAdapter.isOffloadedScanBatchingSupported() method.
</li>
@@ -5692,7 +5703,7 @@
Device implementations SHOULD include a transceiver and related hardware for Near-Field Communications (NFC). If a device implementation does include NFC hardware and plans to make it available to third-party apps, then it:
</p>
<ul>
- <li>MUST report the android.hardware.nfc feature from the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager.hasSystemFeature() method</a>.
+ <li>MUST report the android.hardware.nfc feature from the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager.hasSystemFeature() method</a> .
</li>
<li>MUST be capable of reading and writing NDEF messages via the following NFC standards:
<ul>
@@ -5733,11 +5744,11 @@
</li>
</ul>
</li>
- <li>MUST include support for <a href="http://developer.android.com/guide/topics/connectivity/nfc/nfc.html">Android Beam</a>.
+ <li>MUST include support for <a href="http://developer.android.com/guide/topics/connectivity/nfc/nfc.html">Android Beam</a> .
</li>
<li>MUST implement the SNEP default server. Valid NDEF messages received by the default SNEP server MUST be dispatched to applications using the android.nfc.ACTION_NDEF_DISCOVERED intent. Disabling Android Beam in settings MUST NOT disable dispatch of incoming NDEF message.
</li>
- <li>MUST honor the android.settings.NFCSHARING_SETTINGS intent to show <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_NFCSHARING_SETTINGS">NFC sharing settings</a>.
+ <li>MUST honor the android.settings.NFCSHARING_SETTINGS intent to show <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_NFCSHARING_SETTINGS">NFC sharing settings</a> .
</li>
<li>MUST implement the NPP server. Messages received by the NPP server MUST be processed the same way as the SNEP default server.
</li>
@@ -5820,7 +5831,7 @@
Devices MAY implement more than one form of data connectivity.
</p>
<p>
- Devices MUST include an IPv6 networking stack and support IPv6 communication using the managed APIs, such as <code>java.net.Socket</code> and <code>java.net.URLConnection</code>, as well as the native APIs, such as <code>AF_INET6</code> sockets. The required level of IPv6 support depends on the network type, as follows:
+ Devices MUST include an IPv6 networking stack and support IPv6 communication using the managed APIs, such as <code>java.net.Socket</code> and <code>java.net.URLConnection</code> , as well as the native APIs, such as <code>AF_INET6</code> sockets. The required level of IPv6 support depends on the network type, as follows:
</p>
<ul>
<li>Devices that support Wi-Fi networks MUST support dual-stack and IPv6-only operation on Wi-Fi.
@@ -5928,7 +5939,7 @@
</li>
<li>MUST NOT use a front-facing camera as the default for the Camera API. The camera API in Android has specific support for front-facing cameras and device implementations MUST NOT configure the API to to treat a front-facing camera as the default rear-facing camera, even if it is the only camera on the device.
</li>
- <li>MAY include features (such as auto-focus, flash, etc.) available to rear-facing cameras as described in <a href="#7_5_1_rear-facing_camera">section 7.5.1</a>.
+ <li>MAY include features (such as auto-focus, flash, etc.) available to rear-facing cameras as described in <a href="#7_5_1_rear-facing_camera">section 7.5.1</a> .
</li>
<li>MUST horizontally reflect (i.e. mirror) the stream displayed by an app in a CameraPreview, as follows:
<ul>
@@ -5952,7 +5963,7 @@
Device implementations MAY include support for an external camera that is not necessarily always connected. If a device includes support for an external camera, it:
</p>
<ul>
- <li>MUST declare the platform feature flag <code>android.hardware.camera.external</code> and <code>android.hardware camera.any</code>.
+ <li>MUST declare the platform feature flag <code>android.hardware.camera.external</code> and <code>android.hardware camera.any</code> .
</li>
<li>MAY support multiple cameras.
</li>
@@ -5992,7 +6003,7 @@
Device implementations MUST recognize and honor each parameter name defined as a constant on the <a href="http://developer.android.com/reference/android/hardware/Camera.Parameters.html">android.hardware.Camera.Parameters</a> class, if the underlying hardware supports the feature. If the device hardware does not support a feature, the API must behave as documented. Conversely, device implementations MUST NOT honor or recognize string constants passed to the android.hardware.Camera.setParameters() method other than those documented as constants on the android.hardware.Camera.Parameters. That is, device implementations MUST support all standard Camera parameters if the hardware allows, and MUST NOT support custom Camera parameter types. For instance, device implementations that support image capture using high dynamic range (HDR) imaging techniques MUST support camera parameter Camera.SCENE_MODE_HDR.
</p>
<p>
- Because not all device implementations can fully support all the features of the android.hardware.camera2 API, device implementations MUST report the proper level of support with the <a href="https://developer.android.com/reference/android/hardware/camera2/CameraCharacteristics.html#INFO_SUPPORTED_HARDWARE_LEVEL">android.info.supportedHardwareLevel</a> property as described in the Android SDK and report the appropriate <a href="http://source.android.com/devices/camera/versioning.html">framework feature flags</a>.
+ Because not all device implementations can fully support all the features of the android.hardware.camera2 API, device implementations MUST report the proper level of support with the <a href="https://developer.android.com/reference/android/hardware/camera2/CameraCharacteristics.html#INFO_SUPPORTED_HARDWARE_LEVEL">android.info.supportedHardwareLevel</a> property as described in the Android SDK and report the appropriate <a href="http://source.android.com/devices/camera/versioning.html">framework feature flags</a> .
</p>
<p>
Device implementations MUST also declare its Individual camera capabilities of android.hardware.camera2 via the android.request.availableCapabilities property and declare the appropriate <a href="http://source.android.com/devices/camera/versioning.html">feature flags</a> ; a device must define the feature flag if any of its attached camera devices supports the feature.
@@ -6165,7 +6176,7 @@
Regardless of the form of shared storage used, if the device implementation has a USB port with USB peripheral mode support, it MUST provide some mechanism to access the contents of shared storage from a host computer. Device implementations MAY use USB mass storage, but SHOULD use Media Transfer Protocol to satisfy this requirement. If the device implementation supports Media Transfer Protocol, it:
</p>
<ul>
- <li>SHOULD be compatible with the reference Android MTP host, <a href="http://www.android.com/filetransfer">Android File Transfer</a>.
+ <li>SHOULD be compatible with the reference Android MTP host, <a href="http://www.android.com/filetransfer">Android File Transfer</a> .
</li>
<li>SHOULD report a USB device class of 0x00.
</li>
@@ -6204,7 +6215,7 @@
</li>
<li>It SHOULD implement the Android Open Accessory (AOA) API and specification as documented in the Android SDK documentation, and if it is an Android Handheld device it MUST implement the AOA API. Device implementations implementing the AOA specification:
<ul>
- <li>MUST declare support for the hardware feature <a href="http://developer.android.com/guide/topics/connectivity/usb/accessory.html">android.hardware.usb.accessory</a>.
+ <li>MUST declare support for the hardware feature <a href="http://developer.android.com/guide/topics/connectivity/usb/accessory.html">android.hardware.usb.accessory</a> .
</li>
<li>MUST implement the <a href="http://developer.android.com/reference/android/hardware/usb/UsbConstants.html#USB_CLASS_AUDIO">USB audio class</a> as documented in the Android SDK documentation.
</li>
@@ -6212,7 +6223,7 @@
</li>
</ul>
</li>
- <li>It SHOULD implement support to draw 1.5 A current during HS chirp and traffic as specified in the <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">USB Battery Charging specification, revision 1.2</a>. Existing and new Android devices are <strong>STRONGLY RECOMMENDED to meet these requirements</strong> so they will be able to upgrade to the future platform releases.
+ <li>It SHOULD implement support to draw 1.5 A current during HS chirp and traffic as specified in the <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">USB Battery Charging specification, revision 1.2</a> . Existing and new Android devices are <strong>STRONGLY RECOMMENDED to meet these requirements</strong> so they will be able to upgrade to the future platform releases.
</li>
<li>Type-C devices MUST detect 1.5A and 3.0A chargers per the Type-C resistor standard and it must detect changes in the advertisement.
</li>
@@ -6240,15 +6251,15 @@
</li>
<li>is <strong>STRONGLY RECOMMENDED</strong> to implement the <a href="http://developer.android.com/reference/android/hardware/usb/UsbConstants.html#USB_CLASS_AUDIO">USB audio class</a> as documented in the Android SDK documentation.
</li>
- <li>MUST implement the Android USB host API as documented in the Android SDK, and MUST declare support for the hardware feature <a href="http://developer.android.com/guide/topics/connectivity/usb/host.html">android.hardware.usb.host</a>.
+ <li>MUST implement the Android USB host API as documented in the Android SDK, and MUST declare support for the hardware feature <a href="http://developer.android.com/guide/topics/connectivity/usb/host.html">android.hardware.usb.host</a> .
</li>
- <li>SHOULD support the Charging Downstream Port output current range of 1.5 A ~ 5 A as specified in the <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">USB Battery Charging specifications, revision 1.2</a>.
+ <li>SHOULD support device charging while in host mode; advertising a source current of at least 1.5A as specified in the Termination Parameters section of the [USB Type-C Cable and Connector Specification Revision 1.2] (http://www.usb.org/developers/docs/usb_31_021517.zip) for USB Type-C connectors or using Charging Downstream Port(CDP) output current range as specified in the <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">USB Battery Charging specifications, revision 1.2</a> for Micro-AB connectors.
</li>
<li>USB Type-C devices are STRONGLY RECOMMENDED to support DisplayPort, SHOULD support USB SuperSpeed Data Rates, and are STRONGLY RECOMMENDED to support Power Delivery for data and power role swapping.
</li>
<li>Devices with any type-A or type-AB ports MUST NOT ship with an adapter converting from this port to a type-C receptacle.
</li>
- <li>MUST recognize any remotely connected MTP (Media Transfer Protocol) devices and make their contents accessible through the <code>ACTION_GET_CONTENT</code>, <code>ACTION_OPEN_DOCUMENT</code>, and <code>ACTION_CREATE_DOCUMENT</code> intents, if the Storage Access Framework (SAF) is supported.
+ <li>MUST recognize any remotely connected MTP (Media Transfer Protocol) devices and make their contents accessible through the <code>ACTION_GET_CONTENT</code> , <code>ACTION_OPEN_DOCUMENT</code> , and <code>ACTION_CREATE_DOCUMENT</code> intents, if the Storage Access Framework (SAF) is supported.
</li>
<li>MUST, if using a Type-C USB port and including support for peripheral mode, implement Dual Role Port functionality as defined by the USB Type-C specification (section 4.5.1.3.3).
</li>
@@ -6265,16 +6276,16 @@
Android Handheld, Watch, and Automotive implementations MUST include a microphone.
</div>
<p>
- Device implementations MAY omit a microphone. However, if a device implementation omits a microphone, it MUST NOT report the android.hardware.microphone feature constant, and MUST implement the audio recording API at least as no-ops, per <a href="#7_hardware_compatibility">section 7</a>. Conversely, device implementations that do possess a microphone:
+ Device implementations MAY omit a microphone. However, if a device implementation omits a microphone, it MUST NOT report the android.hardware.microphone feature constant, and MUST implement the audio recording API at least as no-ops, per <a href="#7_hardware_compatibility">section 7</a> . Conversely, device implementations that do possess a microphone:
</p>
<ul>
<li>MUST report the android.hardware.microphone feature constant.
</li>
- <li>MUST meet the audio recording requirements in <a href="#5_4_audio_recording">section 5.4</a>.
+ <li>MUST meet the audio recording requirements in <a href="#5_4_audio_recording">section 5.4</a> .
</li>
- <li>MUST meet the audio latency requirements in <a href="#5_6_audio_latency">section 5.6</a>.
+ <li>MUST meet the audio latency requirements in <a href="#5_6_audio_latency">section 5.6</a> .
</li>
- <li>STRONGLY RECOMMENDED to support near-ultrasound recording as described in <a href="#7_8_3_near_ultrasound">section 7.8.3</a>.
+ <li>STRONGLY RECOMMENDED to support near-ultrasound recording as described in <a href="#7_8_3_near_ultrasound">section 7.8.3</a> .
</li>
</ul>
<h3 id="7_8_2_audio_output">
@@ -6289,11 +6300,11 @@
<ul>
<li>MUST report the android.hardware.audio.output feature constant.
</li>
- <li>MUST meet the audio playback requirements in <a href="#5_5_audio_playback">section 5.5</a>.
+ <li>MUST meet the audio playback requirements in <a href="#5_5_audio_playback">section 5.5</a> .
</li>
- <li>MUST meet the audio latency requirements in <a href="#5_6_audio_latency">section 5.6</a>.
+ <li>MUST meet the audio latency requirements in <a href="#5_6_audio_latency">section 5.6</a> .
</li>
- <li>STRONGLY RECOMMENDED to support near-ultrasound playback as described in <a href="#7_8_3_near_ultrasound">section 7.8.3</a>.
+ <li>STRONGLY RECOMMENDED to support near-ultrasound playback as described in <a href="#7_8_3_near_ultrasound">section 7.8.3</a> .
</li>
</ul>
<p>
@@ -6318,13 +6329,13 @@
<li>MUST support the detection and mapping to the keycodes for the following 3 ranges of equivalent impedance between the microphone and ground conductors on the audio plug:
<ul>
<li>
- <strong>70 ohm or less</strong>: KEYCODE_HEADSETHOOK
+ <strong>70 ohm or less</strong> : KEYCODE_HEADSETHOOK
</li>
<li>
- <strong>210-290 Ohm</strong>: KEYCODE_VOLUME_UP
+ <strong>210-290 Ohm</strong> : KEYCODE_VOLUME_UP
</li>
<li>
- <strong>360-680 Ohm</strong>: KEYCODE_VOLUME_DOWN
+ <strong>360-680 Ohm</strong> : KEYCODE_VOLUME_DOWN
</li>
</ul>
</li>
@@ -6370,7 +6381,7 @@
7.9.1. Virtual Reality Mode
</h3>
<p>
- Android handheld device implementations that support a mode for VR applications that handles stereoscopic rendering of notifications and disable monocular system UI components while a VR application has user focus MUST declare <code>android.software.vr.mode</code> feature. Devices declaring this feature MUST include an application implementing <code>android.service.vr.VrListenerService</code> that can be enabled by VR applications via <code>android.app.Activity#setVrModeEnabled</code>.
+ Android handheld device implementations that support a mode for VR applications that handles stereoscopic rendering of notifications and disable monocular system UI components while a VR application has user focus MUST declare <code>android.software.vr.mode</code> feature. Devices declaring this feature MUST include an application implementing <code>android.service.vr.VrListenerService</code> that can be enabled by VR applications via <code>android.app.Activity#setVrModeEnabled</code> .
</p>
<h3 id="7_9_2_virtual_reality_high_performance">
7.9.2. Virtual Reality High Performance
@@ -6383,7 +6394,7 @@
</li>
<li>Device implementations MUST declare android.software.vr.mode feature.
</li>
- <li>Device implementations MAY provide an exclusive core to the foreground application and MAY support the <code>Process.getExclusiveCores</code> API to return the numbers of the CPU cores that are exclusive to the top foreground application. If exclusive core is supported, then the core MUST not allow any other userspace processes to run on it (except device drivers used by the application), but MAY allow some kernel processes to run as necessary.
+ <li>Device implementations MAY provide an exclusive core to the foreground application and MAY support the Process.getExclusiveCores API to return the numbers of the cpu cores that are exclusive to the top foreground application. If exclusive core is supported then the core MUST not allow any other userspace processes to run on it (except device drivers used by the application), but MAY allow some kernel processes to run as necessary.
</li>
<li>Device implementations MUST support sustained performance mode.
</li>
@@ -6419,7 +6430,7 @@
</li>
<li>The display MUST support a low-persistence mode with ≤5 ms persistence,persistence being defined as the amount of time for which a pixel is emitting light.
</li>
- <li>Device implementations MUST support Bluetooth 4.2 and Bluetooth LE Data Length Extension <a href="#7_4_3_bluetooth">section 7.4.3</a>.
+ <li>Device implementations MUST support Bluetooth 4.2 and Bluetooth LE Data Length Extension <a href="#7_4_3_bluetooth">section 7.4.3</a> .
</li>
</ul>
<h1 id="8_performance_and_power">
@@ -6436,13 +6447,13 @@
</p>
<ul>
<li>
- <strong>Consistent frame latency</strong>. Inconsistent frame latency or a delay to render frames MUST NOT happen more often than 5 frames in a second, and SHOULD be below 1 frames in a second.
+ <strong>Consistent frame latency</strong> . Inconsistent frame latency or a delay to render frames MUST NOT happen more often than 5 frames in a second, and SHOULD be below 1 frames in a second.
</li>
<li>
- <strong>User interface latency</strong>. Device implementations MUST ensure low latency user experience by scrolling a list of 10K list entries as defined by the Android Compatibility Test Suite (CTS) in less than 36 secs.
+ <strong>User interface latency</strong> . Device implementations MUST ensure low latency user experience by scrolling a list of 10K list entries as defined by the Android Compatibility Test Suite (CTS) in less than 36 secs.
</li>
<li>
- <strong>Task switching</strong>. When multiple applications have been launched, re-launching an already-running application after it has been launched MUST take less than 1 second.
+ <strong>Task switching</strong> . When multiple applications have been launched, re-launching an already-running application after it has been launched MUST take less than 1 second.
</li>
</ul>
<h2 id="8_2_file_i/o_access_performance">
@@ -6453,16 +6464,16 @@
</p>
<ul>
<li>
- <strong>Sequential write</strong>. Device implementations MUST ensure a sequential write performance of at least 5MB/s for a 256MB file using 10MB write buffer.
+ <strong>Sequential write</strong> . Device implementations MUST ensure a sequential write performance of at least 5MB/s for a 256MB file using 10MB write buffer.
</li>
<li>
- <strong>Random write</strong>. Device implementations MUST ensure a random write performance of at least 0.5MB/s for a 256MB file using 4KB write buffer.
+ <strong>Random write</strong> . Device implementations MUST ensure a random write performance of at least 0.5MB/s for a 256MB file using 4KB write buffer.
</li>
<li>
- <strong>Sequential read</strong>. Device implementations MUST ensure a sequential read performance of at least 15MB/s for a 256MB file using 10MB write buffer.
+ <strong>Sequential read</strong> . Device implementations MUST ensure a sequential read performance of at least 15MB/s for a 256MB file using 10MB write buffer.
</li>
<li>
- <strong>Random read</strong>. Device implementations MUST ensure a random read performance of at least 3.5MB/s for a 256MB file using 4KB write buffer.
+ <strong>Random read</strong> . Device implementations MUST ensure a random read performance of at least 3.5MB/s for a 256MB file using 4KB write buffer.
</li>
</ul>
<h2 id="8_3_power-saving_modes">
@@ -6555,13 +6566,13 @@
9.2. UID and Process Isolation
</h2>
<p>
- Device implementations MUST support the Android application sandbox model, in which each application runs as a unique Unixstyle UID and in a separate process. Device implementations MUST support running multiple applications as the same Linux user ID, provided that the applications are properly signed and constructed, as defined in the <a href="http://developer.android.com/guide/topics/security/permissions.html">Security and Permissions reference</a>.
+ Device implementations MUST support the Android application sandbox model, in which each application runs as a unique Unixstyle UID and in a separate process. Device implementations MUST support running multiple applications as the same Linux user ID, provided that the applications are properly signed and constructed, as defined in the <a href="http://developer.android.com/guide/topics/security/permissions.html">Security and Permissions reference</a> .
</p>
<h2 id="9_3_filesystem_permissions">
9.3. Filesystem Permissions
</h2>
<p>
- Device implementations MUST support the Android file access permissions model as defined in the <a href="http://developer.android.com/guide/topics/security/permissions.html">Security and Permissions reference</a>.
+ Device implementations MUST support the Android file access permissions model as defined in the <a href="http://developer.android.com/guide/topics/security/permissions.html">Security and Permissions reference</a> .
</p>
<h2 id="9_4_alternate_execution_environments">
9.4. Alternate Execution Environments
@@ -6570,7 +6581,7 @@
Device implementations MAY include runtime environments that execute applications using some other software or technology than the Dalvik Executable Format or native code. However, such alternate execution environments MUST NOT compromise the Android security model or the security of installed Android applications, as described in this section.
</p>
<p>
- Alternate runtimes MUST themselves be Android applications, and abide by the standard Android security model, as described elsewhere in <a href="#9_security_model_compatibility">section 9</a>.
+ Alternate runtimes MUST themselves be Android applications, and abide by the standard Android security model, as described elsewhere in <a href="#9_security_model_compatibility">section 9</a> .
</p>
<p>
Alternate runtimes MUST NOT be granted access to resources protected by permissions not requested in the runtime’s AndroidManifest.xml file via the <uses-permission> mechanism.
@@ -6594,7 +6605,7 @@
</li>
</ul>
<p>
- The.apk files of alternate runtimes MAY be included in the system image of a device implementation, but MUST be signed with a key distinct from the key used to sign other applications included with the device implementation.
+ The .apk files of alternate runtimes MAY be included in the system image of a device implementation, but MUST be signed with a key distinct from the key used to sign other applications included with the device implementation.
</p>
<p>
When installing applications, alternate runtimes MUST obtain user consent for the Android permissions used by the application. If an application needs to make use of a device resource for which there is a corresponding Android permission (such as Camera, GPS, etc.), the alternate runtime MUST inform the user that the application will be able to access that resource. If the runtime environment does not record application capabilities in this manner, the runtime environment MUST list all permissions held by the runtime itself when installing any application using that runtime.
@@ -6606,7 +6617,7 @@
This feature is optional for all device types.
</div>
<p>
- Android includes <a href="http://developer.android.com/reference/android/os/UserManager.html">support for multiple users</a> and provides support for full user isolation. Device implementations MAY enable multiple users, but when enabled MUST meet the following requirements related to <a href="http://source.android.com/devices/storage/traditional.html">multi-user support</a>:
+ Android includes <a href="http://developer.android.com/reference/android/os/UserManager.html">support for multiple users</a> and provides support for full user isolation. Device implementations MAY enable multiple users, but when enabled MUST meet the following requirements related to <a href="http://source.android.com/devices/storage/traditional.html">multi-user support</a> :
</p>
<ul>
<li>Android Automotive device implementations with multi-user support enabled MUST include a guest account that allows all functions provided by the vehicle system without requiring a user to log in.
@@ -6624,7 +6635,7 @@
9.6. Premium SMS Warning
</h2>
<p>
- Android includes support for warning users of any outgoing <a href="http://en.wikipedia.org/wiki/Short_code">premium SMS message</a>. Premium SMS messages are text messages sent to a service registered with a carrier that may incur a charge to the user. Device implementations that declare support for android.hardware.telephony MUST warn users before sending a SMS message to numbers identified by regular expressions defined in /data/misc/sms/codes.xml file in the device. The upstream Android Open Source Project provides an implementation that satisfies this requirement.
+ Android includes support for warning users of any outgoing <a href="http://en.wikipedia.org/wiki/Short_code">premium SMS message</a> . Premium SMS messages are text messages sent to a service registered with a carrier that may incur a charge to the user. Device implementations that declare support for android.hardware.telephony MUST warn users before sending a SMS message to numbers identified by regular expressions defined in /data/misc/sms/codes.xml file in the device. The upstream Android Open Source Project provides an implementation that satisfies this requirement.
</p>
<h2 id="9_7_kernel_security_features">
9.7. Kernel Security Features
@@ -6663,7 +6674,7 @@
Device implementations SHOULD retain the default SELinux policy provided in the system/sepolicy folder of the upstream Android Open Source Project and only further add to this policy for their own device-specific configuration. Device implementations MUST be compatible with the upstream Android Open Source Project.
</p>
<p>
- Devices MUST implement a kernel application sandboxing mechanism which allows filtering of system calls using a configurable policy from multithreaded programs. The upstream Android Open Source Project meets this requirement through enabling the seccomp-BPF with threadgroup synchronization (TSYNC) as described <a href="http://source.android.com/devices/tech/config/kernel.html#Seccomp-BPF-TSYNC">in the Kernel Configuration section of source.android.com</a>.
+ Devices MUST implement a kernel application sandboxing mechanism which allows filtering of system calls using a configurable policy from multithreaded programs. The upstream Android Open Source Project meets this requirement through enabling the seccomp-BPF with threadgroup synchronization (TSYNC) as described <a href="http://source.android.com/devices/tech/config/kernel.html#Seccomp-BPF-TSYNC">in the Kernel Configuration section of source.android.com</a> .
</p>
<h2 id="9_8_privacy">
9.8. Privacy
@@ -6672,7 +6683,7 @@
If the device implements functionality in the system that captures the contents displayed on the screen and/or records the audio stream played on the device, it MUST continuously notify the user whenever this functionality is enabled and actively capturing/recording.
</p>
<p>
- If a device implementation has a mechanism that routes network data traffic through a proxy server or VPN gateway by default (for example, preloading a VPN service with android.permission.CONTROL_VPN granted), the device implementation MUST ask for the user's consent before enabling that mechanism, unless that VPN is enabled by the Device Policy Controller via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setAlwaysOnVpnPackage(android.content.ComponentName,%20java.lang.String,%20boolean)"><code>DevicePolicyManager.setAlwaysOnVpnPackage()</code></a>, in which case the user does not need to provide a separate consent, but MUST only be notified.
+ If a device implementation has a mechanism that routes network data traffic through a proxy server or VPN gateway by default (for example, preloading a VPN service with android.permission.CONTROL_VPN granted), the device implementation MUST ask for the user's consent before enabling that mechanism, unless that VPN is enabled by the Device Policy Controller via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setAlwaysOnVpnPackage(android.content.ComponentName,%20java.lang.String,%20boolean)"><code>DevicePolicyManager.setAlwaysOnVpnPackage()</code></a> , in which case the user does not need to provide a separate consent, but MUST only be notified.
</p>
<p>
Device implementations MUST ship with an empty user-added Certificate Authority (CA) store, and MUST preinstall the same root certificates for the system-trusted CA store as <a href="https://source.android.com/security/overview/app-security.html#certificate-authorities">provided</a> in the upstream Android Open Source Project.
@@ -6785,7 +6796,7 @@
9.11. Keys and Credentials
</h2>
<p>
- The <a href="https://developer.android.com/training/articles/keystore.html">Android Keystore System</a> allows app developers to store cryptographic keys in a container and use them in cryptographic operations through the <a href="https://developer.android.com/reference/android/security/KeyChain.html">KeyChain API</a> or the <a href="https://developer.android.com/reference/java/security/KeyStore.html">Keystore API</a>.
+ The <a href="https://developer.android.com/training/articles/keystore.html">Android Keystore System</a> allows app developers to store cryptographic keys in a container and use them in cryptographic operations through the <a href="https://developer.android.com/reference/android/security/KeyChain.html">KeyChain API</a> or the <a href="https://developer.android.com/reference/java/security/KeyStore.html">Keystore API</a> .
</p>
<p>
All Android device implementations MUST meet the following requirements:
@@ -6797,15 +6808,15 @@
</li>
<li>When the device implementation supports a secure lock screen it MUST back up the keystore implementation with secure hardware and meet following requirements:
<ul>
- <li>MUST have hardware backed implementations of RSA, AES, ECDSA and HMAC cryptographic algorithms and MD5, SHA1, SHA-2 Family hash functions to properly support the <a href="https://developer.android.com/training/articles/keystore.html#SupportedAlgorithms">Android Keystore system's supported algorithms</a>.
+ <li>MUST have implementations of RSA, AES, ECDSA and HMAC cryptographic algorithms and MD5, SHA1, and SHA-2 family hash functions to properly support the Android Keystore system's supported algorithms in an area that is securely isolated from the code running on the kernel and above. Secure isolation MUST block all potential mechanisms by which kernel or userspace code might access the internal state of the isolated environment, including DMA. The upstream Android Open Source Project (AOSP) meets this requirement by using the <a href="https://source.android.com/security/trusty/">Trusty</a> implementation, but another ARM TrustZone-based solution or a third-party reviewed secure implementation of a proper hypervisor-based isolation are alternative options.
</li>
- <li>MUST perform the lock screen authentication in the secure hardware and only when successful allow the authentication-bound keys to be used. The upstream Android Open Source Project provides the <a href="http://source.android.com/devices/tech/security/authentication/gatekeeper.html">Gatekeeper Hardware Abstraction Layer (HAL)</a> that can be used to satisfy this requirement.
+ <li>MUST perform the lock screen authentication in the isolated execution environment and only when successful, allow the authentication-bound keys to be used. The upstream Android Open Source Project provides the <a href="http://source.android.com/devices/tech/security/authentication/gatekeeper.html">Gatekeeper Hardware Abstraction Layer (HAL)</a> and Trusty, which can be used to satisfy this requirement.
</li>
</ul>
</li>
</ul>
<p>
- Note that if a device implementation is already launched on an earlier Android version, and does not have a fingerprint scanner, such a device is exempted from the requirement to have a hardware-backed keystore.
+ Note that if a device implementation is already launched on an earlier Android version, such a device is exempted from the requirement to have a hardware-backed keystore, unless it declares the <code>android.hardware.fingerprint</code> feature which requires a hardware-backed keystore.
</p>
<h3 id="9_11_1_secure_lock_screen">
9.11.1. Secure Lock Screen
@@ -6822,7 +6833,7 @@
</li>
<li>MUST not replace any of the existing authentication methods (PIN, pattern, password) implemented and provided in AOSP.
</li>
- <li>MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_SOMETHING</code>.
+ <li>MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_SOMETHING</code> .
</li>
</ul>
</li>
@@ -6830,7 +6841,7 @@
<ul>
<li>It MUST have a fall-back mechanism to use one of the primary authentication methods which is based on a known secret and meets the requirements to be treated as a secure lock screen.
</li>
- <li>It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the policy with either the <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setKeyguardDisabledFeatures%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_TRUST_AGENTS)</code></a> method or the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_UNSPECIFIED</code>.
+ <li>It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the policy with either the <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setKeyguardDisabledFeatures%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_TRUST_AGENTS)</code></a> method or the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_UNSPECIFIED</code> .
</li>
</ul>
</li>
@@ -6838,9 +6849,9 @@
<ul>
<li>It MUST have a fall-back mechanism to use one of the primary authentication methods which is based on a known secret and meets the requirements to be treated as a secure lock screen.
</li>
- <li>It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the keguard feature policy by calling the method <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setKeyguardDisabledFeatures%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_FINGERPRINT)</code></a>.
+ <li>It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the keguard feature policy by calling the method <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setKeyguardDisabledFeatures%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_FINGERPRINT)</code></a> .
</li>
- <li>It MUST have a false acceptance rate that is equal or stronger than what is required for a fingerprint sensor as described in section 7.3.10, or otherwise MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the password quality policy via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_BIOMETRIC_WEAK</code>.
+ <li>It MUST have a false acceptance rate that is equal or stronger than what is required for a fingerprint sensor as described in section 7.3.10, or otherwise MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the password quality policy via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_BIOMETRIC_WEAK</code> .
</li>
</ul>
</li>
@@ -6848,9 +6859,9 @@
<ul>
<li>MUST return <code>false</code> for both the <a href="http://developer.android.com/reference/android/app/KeyguardManager.html#isKeyguardSecure%28%29"><code>KeyguardManager.isKeyguardSecure()</code></a> and the <a href="https://developer.android.com/reference/android/app/KeyguardManager.html#isDeviceSecure%28%29"><code>KeyguardManager.isDeviceSecure()</code></a> methods.
</li>
- <li>MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_UNSPECIFIED</code>.
+ <li>MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_UNSPECIFIED</code> .
</li>
- <li>MUST NOT reset the password expiration timers set by <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordExpirationTimeout%28android.content.ComponentName,%20long%29"><code>DevicePolicyManager.setPasswordExpirationTimeout()</code></a>.
+ <li>MUST NOT reset the password expiration timers set by <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordExpirationTimeout%28android.content.ComponentName,%20long%29"><code>DevicePolicyManager.setPasswordExpirationTimeout()</code></a> .
</li>
<li>MUST NOT authenticate access to keystores if the application has called <a href="https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUserAuthenticationRequired%28boolean%29"><code>KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true)</code></a> ).
</li>
@@ -6858,9 +6869,9 @@
</li>
<li>If the authentication method is based on a physical token, the location, or biometrics that has higher false acceptance rate than what is required for fingerprint sensors as described in section 7.3.10, then it:
<ul>
- <li>MUST NOT reset the password expiration timers set by <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordExpirationTimeout%28android.content.ComponentName,%20long%29"><code>DevicePolicyManager.setPasswordExpirationTimeout()</code></a>.
+ <li>MUST NOT reset the password expiration timers set by <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordExpirationTimeout%28android.content.ComponentName,%20long%29"><code>DevicePolicyManager.setPasswordExpirationTimeout()</code></a> .
</li>
- <li>MUST NOT authenticate access to keystores if the application has called <a href="https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUserAuthenticationRequired%28boolean%29"><code>KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true)</code></a>.
+ <li>MUST NOT authenticate access to keystores if the application has called <a href="https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUserAuthenticationRequired%28boolean%29"><code>KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true)</code></a> .
</li>
</ul>
</li>
@@ -6878,7 +6889,7 @@
</li>
</ul>
<p>
- All user-generated data MUST be deleted. This MUST satisfy relevant industry standards for data deletion such as NIST SP800-88. This MUST be used for the implementation of the wipeData() API (part of the Android Device Administration API) described in <a href="#3_9_device_administration">section 3.9 Device Administration</a>.
+ All user-generated data MUST be deleted. This MUST satisfy relevant industry standards for data deletion such as NIST SP800-88. This MUST be used for the implementation of the wipeData() API (part of the Android Device Administration API) described in <a href="#3_9_device_administration">section 3.9 Device Administration</a> .
</p>
<p>
Devices MAY provide a fast data wipe that conducts a logical data erase.
@@ -6978,7 +6989,7 @@
For device implementations that are launching with Android 6.0 and later, the update mechanism SHOULD support verifying that the system image is binary identical to expected result following an OTA. The block-based OTA implementation in the upstream Android Open Source Project, added since Android 5.1, satisfies this requirement.
</p>
<p>
- Also, device implementations SHOULD support <a href="https://source.android.com/devices/tech/ota/ab_updates.html">A/B system updates</a>. The AOSP implements this feature using the boot control HAL.
+ Also, device implementations SHOULD support <a href="https://source.android.com/devices/tech/ota/ab_updates.html">A/B system updates</a> . The AOSP implements this feature using the boot control HAL.
</p>
<p>
If an error is found in a device implementation after it has been released but within its reasonable product lifetime that is determined in consultation with the Android Compatibility Team to affect the compatibility of third-party applications, the device implementer MUST correct the error via a software update available that can be applied per the mechanism just described.
diff --git a/en/compatibility/android-cdd.html b/en/compatibility/android-cdd.html
index 1306a44..3509896 100644
--- a/en/compatibility/android-cdd.html
+++ b/en/compatibility/android-cdd.html
@@ -1,15 +1,11 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html devsite="" xmlns="http://www.w3.org/1999/xhtml">
+<html devsite>
<head>
- <title>
- Android 7.1 Compatibility Definition
- </title>
+ <title>Android 7.1 Compatibility Definition</title>
<meta name="project_path" value="/_project.yaml" />
<meta name="book_path" value="/_book.yaml" />
</head>
<body>
- <!--
+ <!--
Copyright 2017 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,6469 +20,11392 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
- <h1>
- 1. Introduction
- </h1>
- <p>
- This document enumerates the requirements that must be met in order for devices to be compatible with Android 7.1.
+
+<body>
+ <h2 id="1_introduction">
+ 1. Introduction
+ </h2>
+ <p>
+ This document enumerates the requirements that must be met in order for devices
+to be compatible with Android 7.1.
+ </p>
+ <p>
+ The use of “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”,
+“SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” is per the IETF standard
+defined in
+ <a href="http://www.ietf.org/rfc/rfc2119.txt">
+ RFC2119
+ </a>.
+ </p>
+ <p>
+ As used in this document, a “device implementer” or “implementer” is a person
+or organization developing a hardware/software solution running Android
+7.1. A “device implementation” or “implementation is the
+hardware/software solution so developed.
+ </p>
+ <p>
+ To be considered compatible with Android 7.1, device
+implementations MUST meet the requirements presented in this Compatibility
+Definition, including any documents incorporated via reference.
+ </p>
+ <p>
+ Where this definition or the software tests described in
+ <a href="#10_software_compatibility_testing">
+ section
+10
+ </a>
+ is silent, ambiguous, or incomplete, it
+is the responsibility of the device implementer to ensure compatibility with
+existing implementations.
+ </p>
+ <p>
+ For this reason, the
+ <a href="http://source.android.com/">
+ Android Open Source Project
+ </a>
+ is both the reference and preferred implementation of Android. Device
+implementers are STRONGLY RECOMMENDED to base their implementations to the
+greatest extent possible on the “upstream” source code available from the
+Android Open Source Project. While some components can hypothetically be
+replaced with alternate implementations, it is STRONGLY RECOMMENDED to not
+follow this practice, as passing the software tests will become substantially
+more difficult. It is the implementer’s responsibility to ensure full
+behavioral compatibility with the standard Android implementation, including
+and beyond the Compatibility Test Suite. Finally, note that certain component
+substitutions and modifications are explicitly forbidden by this document.
+ </p>
+ <p>
+ Many of the resources linked to in this document are derived directly or
+indirectly from the Android SDK and will be functionally identical to the
+information in that SDK’s documentation. In any cases where this Compatibility
+Definition or the Compatibility Test Suite disagrees with the SDK
+documentation, the SDK documentation is considered authoritative. Any technical
+details provided in the linked resources throughout this document are
+considered by inclusion to be part of this Compatibility Definition.
+ </p>
+ <h2 id="2_device_types">
+ 2. Device Types
+ </h2>
+ <p>
+ While the Android Open Source Project has been used in the implementation of a
+variety of device types and form factors, many aspects of the architecture and
+compatibility requirements were optimized for handheld devices. Starting from
+Android 5.0, the Android Open Source Project aims to embrace a wider variety of
+device types as described in this section.
+ </p>
+ <p>
+ <strong>
+ Android Handheld device
+ </strong>
+ refers to an Android device implementation that is
+typically used by holding it in the hand, such as mp3 players, phones, and
+tablets. Android Handheld device implementations:
+ </p>
+ <ul>
+ <li>
+ MUST have a touchscreen embedded in the device.
+ </li>
+ <li>
+ MUST have a power source that provides mobility, such as a battery.
+ </li>
+ </ul>
+ <p>
+ <strong>
+ Android Television device
+ </strong>
+ refers to an Android device implementation that
+is an entertainment interface for consuming digital media, movies, games, apps,
+and/or live TV for users sitting about ten feet away (a “lean back” or “10-foot
+user interface”). Android Television devices:
+ </p>
+ <ul>
+ <li>
+ MUST have an embedded screen OR include a video output port, such as VGA,
+ HDMI, or a wireless port for display.
+ </li>
+ <li>
+ MUST declare the features
+ <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_LEANBACK">
+ android.software.leanback
+ </a>
+ and android.hardware.type.television.
+ </li>
+ </ul>
+ <p>
+ <strong>
+ Android Watch device
+ </strong>
+ refers to an Android device implementation intended to
+be worn on the body, perhaps on the wrist, and:
+ </p>
+ <ul>
+ <li>
+ MUST have a screen with the physical diagonal length in the range from 1.1
+ to 2.5 inches.
+ </li>
+ <li>
+ MUST declare the feature android.hardware.type.watch.
+ </li>
+ <li>
+ MUST support uiMode =
+ <a href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_WATCH">
+ UI_MODE_TYPE_WATCH
+ </a>.
+ </li>
+ </ul>
+ <p>
+ <strong>
+ Android Automotive implementation
+ </strong>
+ refers to a vehicle head unit running
+Android as an operating system for part or all of the system and/or
+infotainment functionality. Android Automotive implementations:
+ </p>
+ <ul>
+ <li>
+ MUST have a screen with the physical diagonal length equal to or greater
+ than 6 inches.
+ </li>
+ <li>
+ MUST declare the feature android.hardware.type.automotive.
+ </li>
+ <li>
+ MUST support uiMode =
+ <a href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_CAR">
+ UI_MODE_TYPE_CAR
+ </a>.
+ </li>
+ <li>
+ Android Automotive implementations MUST support all public APIs in the
+ <code>
+ android.car.*
+ </code>
+ namespace.
+ </li>
+ </ul>
+ <p>
+ All Android device implementations that do not fit into any of the above device
+types still MUST meet all requirements in this document to be Android
+7.1 compatible, unless the requirement is explicitly described to
+be only applicable to a specific Android device type from above.
+ </p>
+ <h3 id="2_1_device_configurations">
+ 2.1 Device Configurations
+ </h3>
+ <p>
+ This is a summary of major differences in hardware configuration by device
+type. (Empty cells denote a “MAY”). Not all configurations are covered in this
+table; see relevant hardware sections for more detail.
+ </p>
+ <table>
+ <tr>
+ <th>
+ Category
+ </th>
+ <th>
+ Feature
+ </th>
+ <th>
+ Section
+ </th>
+ <th>
+ Handheld
+ </th>
+ <th>
+ Television
+ </th>
+ <th>
+ Watch
+ </th>
+ <th>
+ Automotive
+ </th>
+ <th>
+ Other
+ </th>
+ </tr>
+ <tr>
+ <td rowspan="3">
+ Input
+ </td>
+ <td>
+ D-pad
+ </td>
+ <td>
+ <a href="#7_2_2_non-touch-navigation">
+ 7.2.2. Non-touch Navigation
+ </a>
+ </td>
+ <td>
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ </td>
+ <td>
+ </td>
+ <td>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Touchscreen
+ </td>
+ <td>
+ <a href="#7_2_4_touchscreen_input">
+ 7.2.4. Touchscreen input
+ </a>
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Microphone
+ </td>
+ <td>
+ <a href="#7_8_1_microphone">
+ 7.8.1. Microphone
+ </a>
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ SHOULD
+ </td>
+ </tr>
+ <tr>
+ <td rowspan="2">
+ Sensors
+ </td>
+ <td>
+ Accelerometer
+ </td>
+ <td>
+ <a href="#7_3_1_accelerometer">
+ 7.3.1 Accelerometer
+ </a>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ </tr>
+ <tr>
+ <td>
+ GPS
+ </td>
+ <td>
+ <a href="#7_3_3_gps">
+ 7.3.3. GPS
+ </a>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ </td>
+ <td>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ </td>
+ </tr>
+ <tr>
+ <td rowspan="6">
+ Connectivity
+ </td>
+ <td>
+ Wi-Fi
+ </td>
+ <td>
+ <a href="#7_4_2_ieee_802.11">
+ 7.4.2. IEEE 802.11
+ </a>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ SHOULD
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Wi-Fi Direct
+ </td>
+ <td>
+ <a href="#7_4_2_1_wi-fi-direct">
+ 7.4.2.1. Wi-Fi Direct
+ </a>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ </td>
+ <td>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Bluetooth
+ </td>
+ <td>
+ <a href="#7_4_3_bluetooth">
+ 7.4.3. Bluetooth
+ </a>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ SHOULD
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Bluetooth Low Energy
+ </td>
+ <td>
+ <a href="#7_4_3_bluetooth">
+ 7.4.3. Bluetooth
+ </a>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ SHOULD
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Cellular radio
+ </td>
+ <td>
+ <a href="#7_4_5_minimum_network_capability">
+ 7.4.5. Minimum Network Capability
+ </a>
+ </td>
+ <td>
+ </td>
+ <td>
+ </td>
+ <td>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ USB peripheral/host mode
+ </td>
+ <td>
+ <a href="#7_7_usb">
+ 7.7. USB
+ </a>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ </td>
+ <td>
+ </td>
+ <td>
+ SHOULD
+ </td>
+ <td>
+ SHOULD
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Output
+ </td>
+ <td>
+ Speaker and/or Audio output ports
+ </td>
+ <td>
+ <a href="#7_8_2_audio_output">
+ 7.8.2. Audio Output
+ </a>
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ </td>
+ <td>
+ MUST
+ </td>
+ <td>
+ MUST
+ </td>
+ </tr>
+ </table>
+ <h2 id="3_software">
+ 3. Software
+ </h2>
+ <h3 id="3_1_managed_api_compatibility">
+ 3.1. Managed API Compatibility
+ </h3>
+ <p>
+ The managed Dalvik bytecode execution environment is the primary vehicle for
+Android applications. The Android application programming interface (API) is the
+set of Android platform interfaces exposed to applications running in the
+managed runtime environment. Device implementations MUST provide complete
+implementations, including all documented behaviors, of any documented API
+exposed by the
+ <a href="http://developer.android.com/reference/packages.html">
+ Android SDK
+ </a>
+ or any API decorated with the “@SystemApi” marker in the upstream Android source code.
+ </p>
+ <p>
+ Device implementations MUST support/preserve all classes, methods, and
+associated elements marked by the TestApi annotation (@TestApi).
+ </p>
+ <p>
+ Device implementations MUST NOT omit any managed APIs, alter API interfaces or
+signatures, deviate from the documented behavior, or include no-ops, except
+where specifically allowed by this Compatibility Definition.
+ </p>
+ <p>
+ This Compatibility Definition permits some types of hardware for which Android
+includes APIs to be omitted by device implementations. In such cases, the APIs
+MUST still be present and behave in a reasonable way. See
+ <a href="#7_hardware_compatibility">
+ section 7
+ </a>
+ for specific requirements for this scenario.
+ </p>
+ <h3 id="3_1_1_android_extensions">
+ 3.1.1. Android Extensions
+ </h3>
+ <p>
+ Android includes the support of extending the managed APIs while keeping the same API
+level version. Android device implementations MUST preload the AOSP implementation
+of both the shared library
+ <code>
+ ExtShared
+ </code>
+ and services
+ <code>
+ ExtServices
+ </code>
+ with versions higher
+than or equal to the minimum versions allowed per each API level.
+For example, Android 7.0 device implementations, running API level 24 MUST include
+at least version 1.
+ </p>
+ <h3 id="3_2_soft_api_compatibility">
+ 3.2. Soft API Compatibility
+ </h3>
+ <p>
+ In addition to the managed APIs from
+ <a href="#3_1_managed_api_compatibility">
+ section 3.1
+ </a>,
+Android also includes a significant runtime-only “soft” API, in the form of such
+things as intents, permissions, and similar aspects of Android applications that
+cannot be enforced at application compile time.
+ </p>
+ <h4 id="3_2_1_permissions">
+ 3.2.1. Permissions
+ </h4>
+ <p>
+ Device implementers MUST support and enforce all permission constants as
+documented by the
+ <a href="http://developer.android.com/reference/android/Manifest.permission.html">
+ Permission reference page
+ </a>.
+Note that
+ <a href="#9_security_model_compatibility">
+ section 9
+ </a>
+ lists additional
+requirements related to the Android security model.
+ </p>
+ <h4 id="3_2_2_build_parameters">
+ 3.2.2. Build Parameters
+ </h4>
+ <p>
+ The Android APIs include a number of constants on the
+ <a href="http://developer.android.com/reference/android/os/Build.html">
+ android.os.Build class
+ </a>
+ that are intended to describe the current device. To provide consistent,
+meaningful values across device implementations, the table below includes
+additional restrictions on the formats of these values to which device
+implementations MUST conform.
+ </p>
+ <table>
+ <tr>
+ <th>
+ Parameter
+ </th>
+ <th>
+ Details
+ </th>
+ </tr>
+ <tr>
+ <td>
+ VERSION.RELEASE
+ </td>
+ <td>
+ The version of the currently-executing Android system, in human-readable
+ format. This field MUST have one of the string values defined in
+ <a href="http://source.android.com/compatibility/7.1/versions.html">
+ 7.1
+ </a>.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ VERSION.SDK
+ </td>
+ <td>
+ The version of the currently-executing Android system, in a format
+ accessible to third-party application code. For Android 7.1,
+ this field MUST have the integer value 7.1_INT.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ VERSION.SDK_INT
+ </td>
+ <td>
+ The version of the currently-executing Android system, in a format
+ accessible to third-party application code. For Android 7.1,
+ this field MUST have the integer value 7.1_INT.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ VERSION.INCREMENTAL
+ </td>
+ <td>
+ A value chosen by the device implementer designating the specific build
+ of the currently-executing Android system, in human-readable format. This
+ value MUST NOT be reused for different builds made available to end users. A
+ typical use of this field is to indicate which build number or
+ source-control change identifier was used to generate the build. There are
+ no requirements on the specific format of this field, except that it MUST
+ NOT be null or the empty string ("").
+ </td>
+ </tr>
+ <tr>
+ <td>
+ BOARD
+ </td>
+ <td>
+ A value chosen by the device implementer identifying the specific
+ internal hardware used by the device, in human-readable format. A possible
+ use of this field is to indicate the specific revision of the board powering
+ the device. The value of this field MUST be encodable as 7-bit ASCII and
+ match the regular expression “^[a-zA-Z0-9_-]+$”.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ BRAND
+ </td>
+ <td>
+ A value reflecting the brand name associated with the device as known to
+ the end users. MUST be in human-readable format and SHOULD represent the
+ manufacturer of the device or the company brand under which the device is
+ marketed. The value of this field MUST be encodable as 7-bit ASCII and match
+ the regular expression “^[a-zA-Z0-9_-]+$”.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ SUPPORTED_ABIS
+ </td>
+ <td>
+ The name of the instruction set (CPU type + ABI convention) of native
+ code. See
+ <a href="#3_3_native_api_compatibility">
+ section 3.3. Native API
+ Compatibility
+ </a>.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ SUPPORTED_32_BIT_ABIS
+ </td>
+ <td>
+ The name of the instruction set (CPU type + ABI convention) of native
+ code. See
+ <a href="#3_3_native_api_compatibility">
+ section 3.3. Native API
+ Compatibility
+ </a>.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ SUPPORTED_64_BIT_ABIS
+ </td>
+ <td>
+ The name of the second instruction set (CPU type + ABI convention) of
+ native code. See
+ <a href="#3_3_native_api_compatibility">
+ section 3.3. Native
+ API Compatibility
+ </a>.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ CPU_ABI
+ </td>
+ <td>
+ The name of the instruction set (CPU type + ABI convention) of native
+ code. See
+ <a href="#3_3_native_api_compatibility">
+ section 3.3. Native API
+ Compatibility
+ </a>.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ CPU_ABI2
+ </td>
+ <td>
+ The name of the second instruction set (CPU type + ABI convention) of
+ native code. See
+ <a href="#3_3_native_api_compatibility">
+ section 3.3. Native
+ API Compatibility
+ </a>.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ DEVICE
+ </td>
+ <td>
+ A value chosen by the device implementer containing the development name
+ or code name identifying the configuration of the hardware features and
+ industrial design of the device. The value of this field MUST be encodable
+ as 7-bit ASCII and match the regular expression
+ “^[a-zA-Z0-9_-]+$”. This device name MUST NOT change during the
+ lifetime of the product.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ FINGERPRINT
+ </td>
+ <td>
+ A string that uniquely identifies this build. It SHOULD be reasonably
+ human-readable. It MUST follow this template:
+ <p class="small">
+ $(BRAND)/$(PRODUCT)/
+ <br/>
+ $(DEVICE):$(VERSION.RELEASE)/$(ID)/$(VERSION.INCREMENTAL):$(TYPE)/$(TAGS)
</p>
<p>
- The use of “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” is per the IETF standard defined in <a href="http://www.ietf.org/rfc/rfc2119.txt">RFC2119</a>.
+ For example:
</p>
- <p>
- As used in this document, a “device implementer” or “implementer” is a person or organization developing a hardware/software solution running Android 7.1. A “device implementation” or “implementation is the hardware/software solution so developed.
+ <p class="small">
+ acme/myproduct/
+ <br/>
+ mydevice:7.1/LMYXX/3359:userdebug/test-keys
</p>
<p>
- To be considered compatible with Android 7.1, device implementations MUST meet the requirements presented in this Compatibility Definition, including any documents incorporated via reference.
+ The fingerprint MUST NOT include whitespace characters. If other fields
+ included in the template above have whitespace characters, they MUST be
+ replaced in the build fingerprint with another character, such as the
+ underscore ("_") character. The value of this field MUST be encodable as
+ 7-bit ASCII.
</p>
- <p>
- Where this definition or the software tests described in <a href="#10_software_compatibility_testing">section 10</a> is silent, ambiguous, or incomplete, it is the responsibility of the device implementer to ensure compatibility with existing implementations.
- </p>
- <p>
- For this reason, the <a href="http://source.android.com/">Android Open Source Project</a> is both the reference and preferred implementation of Android. Device implementers are STRONGLY RECOMMENDED to base their implementations to the greatest extent possible on the “upstream” source code available from the Android Open Source Project. While some components can hypothetically be replaced with alternate implementations, it is STRONGLY RECOMMENDED to not follow this practice, as passing the software tests will become substantially more difficult. It is the implementer’s responsibility to ensure full behavioral compatibility with the standard Android implementation, including and beyond the Compatibility Test Suite. Finally, note that certain component substitutions and modifications are explicitly forbidden by this document.
- </p>
- <p>
- Many of the resources linked to in this document are derived directly or indirectly from the Android SDK and will be functionally identical to the information in that SDK’s documentation. In any cases where this Compatibility Definition or the Compatibility Test Suite disagrees with the SDK documentation, the SDK documentation is considered authoritative. Any technical details provided in the linked resources throughout this document are considered by inclusion to be part of this Compatibility Definition.
- </p>
- <h1>
- 2. Device Types
- </h1>
- <p>
- While the Android Open Source Project has been used in the implementation of a variety of device types and form factors, many aspects of the architecture and compatibility requirements were optimized for handheld devices. Starting from Android 5.0, the Android Open Source Project aims to embrace a wider variety of device types as described in this section.
- </p>
- <p>
- <strong>Android Handheld device</strong> refers to an Android device implementation that is typically used by holding it in the hand, such as mp3 players, phones, and tablets. Android Handheld device implementations:
- </p>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ HARDWARE
+ </td>
+ <td>
+ The name of the hardware (from the kernel command line or /proc). It
+ SHOULD be reasonably human-readable. The value of this field MUST be
+ encodable as 7-bit ASCII and match the regular expression
+ “^[a-zA-Z0-9_-]+$”.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ HOST
+ </td>
+ <td>
+ A string that uniquely identifies the host the build was built on, in
+ human-readable format. There are no requirements on the specific format of
+ this field, except that it MUST NOT be null or the empty string ("").
+ </td>
+ </tr>
+ <tr>
+ <td>
+ ID
+ </td>
+ <td>
+ An identifier chosen by the device implementer to refer to a specific
+ release, in human-readable format. This field can be the same as
+ android.os.Build.VERSION.INCREMENTAL, but SHOULD be a value sufficiently
+ meaningful for end users to distinguish between software builds. The value
+ of this field MUST be encodable as 7-bit ASCII and match the regular
+ expression “^[a-zA-Z0-9._-]+$”.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MANUFACTURER
+ </td>
+ <td>
+ The trade name of the Original Equipment Manufacturer (OEM) of the
+ product. There are no requirements on the specific format of this field,
+ except that it MUST NOT be null or the empty string ("").
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MODEL
+ </td>
+ <td>
+ A value chosen by the device implementer containing the name of the
+ device as known to the end user. This SHOULD be the same name under which
+ the device is marketed and sold to end users. There are no requirements on
+ the specific format of this field, except that it MUST NOT be null or the
+ empty string ("").
+ </td>
+ </tr>
+ <tr>
+ <td>
+ PRODUCT
+ </td>
+ <td>
+ A value chosen by the device implementer containing the development name
+ or code name of the specific product (SKU) that MUST be unique within the
+ same brand. MUST be human-readable, but is not necessarily intended for view
+ by end users. The value of this field MUST be encodable as 7-bit ASCII and
+ match the regular expression “^[a-zA-Z0-9_-]+$”. This product
+ name MUST NOT change during the lifetime of the product.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ SERIAL
+ </td>
+ <td>
+ A hardware serial number, which MUST be available and unique across
+ devices with the same MODEL and MANUFACTURER. The value of this field MUST
+ be encodable as 7-bit ASCII and match the regular expression
+ “^([a-zA-Z0-9]{6,20})$”.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ TAGS
+ </td>
+ <td>
+ A comma-separated list of tags chosen by the device implementer that
+ further distinguishes the build. This field MUST have one of the values
+ corresponding to the three typical Android platform signing configurations:
+ release-keys, dev-keys, test-keys.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ TIME
+ </td>
+ <td>
+ A value representing the timestamp of when the build occurred.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ TYPE
+ </td>
+ <td>
+ A value chosen by the device implementer specifying the runtime
+ configuration of the build. This field MUST have one of the values
+ corresponding to the three typical Android runtime configurations: user,
+ userdebug, or eng.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ USER
+ </td>
+ <td>
+ A name or user ID of the user (or automated user) that generated the
+ build. There are no requirements on the specific format of this field,
+ except that it MUST NOT be null or the empty string ("").
+ </td>
+ </tr>
+ <tr>
+ <td>
+ SECURITY_PATCH
+ </td>
+ <td>
+ A value indicating the security patch level of a build. It MUST signify
+ that the build is not in any way vulnerable to any of the issues described
+ up through the designated Android Public Security Bulletin. It MUST be in
+ the format [YYYY-MM-DD], matching a defined string documented in the
+ <a href="source.android.com/security/bulletin">
+ Android Public Security
+ Bulletin
+ </a>
+ or in the
+ <a href="http://source.android.com/security/advisory">
+ Android Security Advisory
+ </a>, for example "2015-11-01".
+ </td>
+ </tr>
+ <tr>
+ <td>
+ BASE_OS
+ </td>
+ <td>
+ A value representing the FINGERPRINT parameter of the build that is
+ otherwise identical to this build except for the patches provided in the
+ Android Public Security Bulletin. It MUST report the correct value and if
+ such a build does not exist, report an empty string ("").
+ </td>
+ </tr>
+ </table>
+ <h4 id="3_2_3_intent_compatibility">
+ 3.2.3. Intent Compatibility
+ </h4>
+ <h5 id="3_2_3_1_core_application_intents">
+ 3.2.3.1. Core Application Intents
+ </h5>
+ <p>
+ Android intents allow application components to request functionality from
+other Android components. The Android upstream project includes a list of
+applications considered core Android applications, which implements several
+intent patterns to perform common actions. The core Android applications are:
+ </p>
+ <ul>
+ <li>
+ Desk Clock
+ </li>
+ <li>
+ Browser
+ </li>
+ <li>
+ Calendar
+ </li>
+ <li>
+ Contacts
+ </li>
+ <li>
+ Gallery
+ </li>
+ <li>
+ GlobalSearch
+ </li>
+ <li>
+ Launcher
+ </li>
+ <li>
+ Music
+ </li>
+ <li>
+ Settings
+ </li>
+ </ul>
+ <p>
+ Device implementations MUST include the core Android applications as
+appropriate or a component implementing the same intent patterns defined by
+all the Activity or Service components of these core Android applications
+exposed to other applications, implicitly or explicitly, through the
+ <code>
+ android:exported
+ </code>
+ attribute.
+ </p>
+ <h5 id="3_2_3_2_intent_resolution">
+ 3.2.3.2. Intent Resolution
+ </h5>
+ <p>
+ As Android is an extensible platform, device implementations MUST allow each
+intent pattern referenced in
+ <a href="#3_2_3_1_core_application_intents">
+ section 3.2.3.1
+ </a>
+ to be overridden by third-party
+applications. The upstream Android open source implementation allows this by
+default; device implementers MUST NOT attach special privileges to system
+applications' use of these intent patterns, or prevent third-party applications
+from binding to and assuming control of these patterns. This prohibition
+specifically includes but is not limited to disabling the “Chooser” user
+interface that allows the user to select between multiple applications that all
+handle the same intent pattern.
+ </p>
+ <p>
+ Device implementations MUST provide a user interface for users to modify the
+default activity for intents.
+ </p>
+ <p>
+ However, device implementations MAY provide default activities for specific URI
+patterns (e.g. http://play.google.com) when the default activity provides a
+more specific attribute for the data URI. For example, an intent filter pattern
+specifying the data URI “http://www.android.com” is more specific than the
+browser's core intent pattern for “http://”.
+ </p>
+ <p>
+ Android also includes a mechanism for third-party apps to declare an
+authoritative default
+ <a href="https://developer.android.com/training/app-links">
+ app linking behavior
+ </a>
+ for certain types of web URI intents. When such authoritative declarations are
+defined in an app's intent filter patterns, device implementations:
+ </p>
+ <ul>
+ <li>
+ MUST attempt to validate any intent filters by performing the validation
+steps defined in the
+ <a href="https://developers.google.com/digital-asset-links">
+ Digital Asset Links specification
+ </a>
+ as implemented by the Package Manager in the upstream Android Open Source
+Project.
+ </li>
+ <li>
+ MUST attempt validation of the intent filters during the installation of
+the application and set all successfully validated UIR intent filters as
+default app handlers for their UIRs.
+ </li>
+ <li>
+ MAY set specific URI intent filters as default app handlers for their URIs,
+if they are successfully verified but other candidate URI filters fail
+verification. If a device implementation does this, it MUST provide the
+user appropriate per-URI pattern overrides in the settings menu.
+ </li>
+ <li>
+ MUST provide the user with per-app App Links controls in Settings as
+follows:
+ <ul>
+ <li>
+ The user MUST be able to override holistically the default app links
+behavior for an app to be: always open, always ask, or never open,
+which must apply to all candidate URI intent filters equally.
+ </li>
+ <li>
+ The user MUST be able to see a list of the candidate URI intent filters.
+ </li>
+ <li>
+ The device implementation MAY provide the user with the ability to
+override specific candidate URI intent filters that were successfully
+verified, on a per-intent filter basis.
+ </li>
+ <li>
+ The device implementation MUST provide users with the ability to view
+and override specific candidate URI intent filters if the device
+implementation lets some candidate URI intent filters succeed
+verification while some others can fail.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <h5 id="3_2_3_3_intent_namespaces">
+ 3.2.3.3. Intent Namespaces
+ </h5>
+ <p>
+ Device implementations MUST NOT include any Android component that honors any
+new intent or broadcast intent patterns using an ACTION, CATEGORY, or other key
+string in the android.
+ <em>
+ or com.android.
+ </em>
+ namespace. Device implementers MUST
+NOT include any Android components that honor any new intent or broadcast
+intent patterns using an ACTION, CATEGORY, or other key string in a package
+space belonging to another organization. Device implementers MUST NOT alter or
+extend any of the intent patterns used by the core apps listed in
+ <a href="#3_2_3_1_core_application_intents">
+ section 3.2.3.1
+ </a>. Device implementations MAY
+include intent patterns using namespaces clearly and obviously associated with
+their own organization. This prohibition is analogous to that specified for Java
+language classes in
+ <a href="#3_6_api_namespaces">
+ section 3.6
+ </a>.
+ </p>
+ <h5 id="3_2_3_4_broadcast_intents">
+ 3.2.3.4. Broadcast Intents
+ </h5>
+ <p>
+ Third-party applications rely on the platform to broadcast certain intents to
+notify them of changes in the hardware or software environment.
+Android-compatible devices MUST broadcast the public broadcast intents in
+response to appropriate system events. Broadcast intents are described in the
+SDK documentation.
+ </p>
+ <h5 id="3_2_3_5_default_app_settings">
+ 3.2.3.5. Default App Settings
+ </h5>
+ <p>
+ Android includes settings that provide users an easy way to select their
+default applications, for example for Home screen or SMS. Where it makes sense,
+device implementations MUST provide a similar settings menu and be compatible
+with the intent filter pattern and API methods described in the SDK
+documentation as below.
+ </p>
+ <p>
+ Device implementations:
+ </p>
+ <ul>
+ <li>
+ MUST honor the
+ <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_HOME_SETTINGS">
+ android.settings.HOME_SETTINGS
+ </a>
+ intent to show a default app settings menu for Home Screen, if the device
+implementation reports android.software.home_screen.
+ </li>
+ <li>
+ MUST provide a settings menu that will call the
+ <a href="http://developer.android.com/reference/android/provider/Telephony.Sms.Intents.html">
+ android.provider.Telephony.ACTION_CHANGE_DEFAULT
+ </a>
+ intent to show a dialog to change the default SMS application, if the
+device implementation reports android.hardware.telephony.
+ </li>
+ <li>
+ MUST honor the
+ <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_NFC_PAYMENT_SETTINGS">
+ android.settings.NFC_PAYMENT_SETTINGS
+ </a>
+ intent to show a default app settings menu for Tap and Pay, if the device
+implementation reports android.hardware.nfc.hce.
+ </li>
+ <li>
+ MUST honor the
+ <a href="https://developer.android.com/reference/android/telecom/TelecomManager.html#ACTION_CHANGE_DEFAULT_DIALER">
+ android.telecom.action.CHANGE_DEFAULT_DIALER
+ </a>
+ intent to show a dialog to allow the user to change the default Phone application, if the
+device implementation reports
+ <code>
+ android.hardware.telephony
+ </code>
+ .
+ </li>
+ <li>
+ MUST honor the
+ <a href="https://developer.android.com/reference/android/provider/Settings.html#ACTION_VOICE_INPUT_SETTINGS">
+ android.settings.ACTION_VOICE_INPUT_SETTINGS
+ </a>
+ intent when the device supports the VoiceInteractionService and show a
+ default app settings menu for voice input and assist.
+ </li>
+ </ul>
+ <h3 id="3_3_native_api_compatibility">
+ 3.3. Native API Compatibility
+ </h3>
+ <p>
+ Native code compatibility is challenging. For this reason, device implementers
+are
+ <strong>
+ STRONGLY RECOMMENDED
+ </strong>
+ to use the implementations of the libraries listed
+below from the upstream Android Open Source Project.
+ </p>
+ <h4 id="3_3_1_application_binary_interfaces">
+ 3.3.1. Application Binary Interfaces
+ </h4>
+ <p>
+ Managed Dalvik bytecode can call into native code provided in the application
+.apk file as an ELF .so file compiled for the appropriate device hardware
+architecture. As native code is highly dependent on the underlying processor
+technology, Android defines a number of Application Binary Interfaces (ABIs) in
+the Android NDK. Device implementations MUST be compatible with one or more
+defined ABIs, and MUST implement compatibility with the Android NDK, as below.
+ </p>
+ <p>
+ If a device implementation includes support for an Android ABI, it:
+ </p>
+ <ul>
+ <li>
+ MUST include support for code running in the managed environment to call
+ into native code, using the standard Java Native Interface (JNI) semantics.
+ </li>
+ <li>
+ MUST be source-compatible (i.e. header compatible) and binary-compatible
+ (for the ABI) with each required library in the list below.
+ </li>
+ <li>
+ MUST support the equivalent 32-bit ABI if any 64-bit ABI is supported.
+ </li>
+ <li>
+ MUST accurately report the native Application Binary Interface (ABI)
+ supported by the device, via the android.os.Build.SUPPORTED_ABIS,
+ android.os.Build.SUPPORTED_32_BIT_ABIS, and
+ android.os.Build.SUPPORTED_64_BIT_ABIS parameters, each a comma separated
+ list of ABIs ordered from the most to the least preferred one.
+ </li>
+ <li>
+ MUST report, via the above parameters, only those ABIs documented and
+ described in the latest version of the
+ <a href="https://developer.android.com/ndk/guides/abis.html">
+ Android NDK ABI Management documentation
+ </a>, and MUST
+ include support for the
+ <a href="http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0388f/Beijfcja.html">
+ Advanced SIMD
+ </a>
+ (a.k.a. NEON) extension.
+ </li>
+ <li>
+ SHOULD be built using the source code and header files available in the
+ upstream Android Open Source Project
+ </li>
+ </ul>
+ <p>
+ Note that future releases of the Android NDK may introduce support for
+additional ABIs. If a device implementation is not compatible with an existing
+predefined ABI, it MUST NOT report support for any ABIs at all.
+ </p>
+ <p>
+ The following native code APIs MUST be available to apps that include native code:
+ </p>
+ <ul>
+ <li>
+ libandroid.so (native Android activity support)
+ </li>
+ <li>
+ libc (C library)
+ </li>
+ <li>
+ libcamera2ndk.so
+ </li>
+ <li>
+ libdl (dynamic linker)
+ </li>
+ <li>
+ libEGL.so (native OpenGL surface management)
+ </li>
+ <li>
+ libGLESv1_CM.so (OpenGL ES 1.x)
+ </li>
+ <li>
+ libGLESv2.so (OpenGL ES 2.0)
+ </li>
+ <li>
+ libGLESv3.so (OpenGL ES 3.x)
+ </li>
+ <li>
+ libicui18n.so
+ </li>
+ <li>
+ libicuuc.so
+ </li>
+ <li>
+ libjnigraphics.so
+ </li>
+ <li>
+ liblog (Android logging)
+ </li>
+ <li>
+ libmediandk.so (native media APIs support)
+ </li>
+ <li>
+ libm (math library)
+ </li>
+ <li>
+ libOpenMAXAL.so (OpenMAX AL 1.0.1 support)
+ </li>
+ <li>
+ libOpenSLES.so (OpenSL ES 1.0.1 audio support)
+ </li>
+ <li>
+ libRS.so
+ </li>
+ <li>
+ libstdc++ (Minimal support for C++)
+ </li>
+ <li>
+ libvulkan.so (Vulkan)
+ </li>
+ <li>
+ libz (Zlib compression)
+ </li>
+ <li>
+ JNI interface
+ </li>
+ <li>
+ Support for OpenGL, as described below
+ </li>
+ </ul>
+ <p>
+ For the native libraries listed above, the device implementation MUST NOT add
+or remove the public functions.
+ </p>
+ <p>
+ Native libraries not listed above but implemented and provided in AOSP as system
+libraries are reserved and MUST NOT be exposed to third-party apps targeting API
+level 24 or higher.
+ </p>
+ <p>
+ Device implementations MAY add non-AOSP libraries and expose them directly as
+an API to third-party apps but the additional libraries SHOULD be in
+ <code>
+ /vendor/lib
+ </code>
+ or
+ <code>
+ /vendor/lib64
+ </code>
+ and MUST be listed in
+ <code>
+ /vendor/etc/public.libraries.txt
+ </code>
+ .
+ </p>
+ <p>
+ Note that device implementations MUST include libGLESv3.so and in turn, MUST export
+all the OpenGL ES 3.1 and
+ <a href="http://developer.android.com/guide/topics/graphics/opengl.html#aep">
+ Android Extension Pack
+ </a>
+ function symbols as defined in the NDK release android-24. Although all the
+symbols must be present, only the corresponding functions for OpenGL ES versions
+and extensions actually supported by the device must be fully implemented.
+ </p>
+ <h5 id="3_3_1_1_graphic_libraries">
+ 3.3.1.1. Graphic Libraries
+ </h5>
+ <p>
+ <a href="https://www.khronos.org/registry/vulkan/specs/1.0-wsi_extensions/xhtml/vkspec.html">
+ Vulkan
+ </a>
+ is a low-overhead, cross-platform API for high-performance 3D graphics. Device
+implementations, even if not including support of the Vulkan APIs, MUST satisfy
+the following requirements:
+ </p>
+ <ul>
+ <li>
+ It MUST always provide a native library named
+ <code>
+ libvulkan.so
+ </code>
+ which exports
+ function symbols for the core Vulkan 1.0 API as well as the
+ <code>
+ VK_KHR_surface
+ </code>
+ ,
+ <code>
+ VK_KHR_android_surface
+ </code>
+ , and
+ <code>
+ VK_KHR_swapchain
+ </code>
+ extensions.
+ </li>
+ </ul>
+ <p>
+ Device implementations, if including support of the Vulkan APIs:
+ </p>
+ <ul>
+ <li>
+ MUST report, one or more
+ <code>
+ VkPhysicalDevices
+ </code>
+ through the
+ <code>
+ vkEnumeratePhysicalDevices
+ </code>
+ call.
+ </li>
+ <li>
+ Each enumerated
+ <code>
+ VkPhysicalDevices
+ </code>
+ MUST fully implement the Vulkan 1.0 API.
+ </li>
+ <li>
+ MUST report the correct
+ <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_LEVEL">
+ <code>
+ PackageManager#FEATURE_VULKAN_HARDWARE_LEVEL
+ </code>
+ </a>
+ and
+ <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_VERSION">
+ <code>
+ PackageManager#FEATURE_VULKAN_HARDWARE_VERSION
+ </code>
+ </a>
+ feature flags.
+ </li>
+ <li>
+ MUST enumerate layers, contained in native libraries named
+ <code>
+ libVkLayer*.so
+ </code>
+ in the application package’s native library directory, through the
+ <code>
+ vkEnumerateInstanceLayerProperties
+ </code>
+ and
+ <code>
+ vkEnumerateDeviceLayerProperties
+ </code>
+ functions in
+ <code>
+ libvulkan.so
+ </code>
+ </li>
+ <li>
+ MUST NOT enumerate layers provided by libraries outside of the application
+ package, or provide other ways of tracing or intercepting the Vulkan API,
+ unless the application has the
+ <code>
+ android:debuggable=”true”
+ </code>
+ attribute.
+ </li>
+ </ul>
+ <p>
+ Device implementations, if not including support of the Vulkan APIs:
+ </p>
+ <ul>
+ <li>
+ MUST report 0
+ <code>
+ VkPhysicalDevices
+ </code>
+ through the
+ <code>
+ vkEnumeratePhysicalDevices
+ </code>
+ call.
+ </li>
+ <li>
+ MUST NOT declare any of the Vulkan feature flags
+ <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_LEVEL">
+ <code>
+ PackageManager#FEATURE_VULKAN_HARDWARE_LEVEL
+ </code>
+ </a>
+ and
+ <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_VERSION">
+ <code>
+ PackageManager#FEATURE_VULKAN_HARDWARE_VERSION
+ </code>
+ </a>.
+ </li>
+ </ul>
+ <h4 id="3_3_2_32-bit_arm_native_code_compatibility">
+ 3.3.2. 32-bit ARM Native Code Compatibility
+ </h4>
+ <p>
+ The ARMv8 architecture deprecates several CPU operations, including some
+operations used in existing native code. On 64-bit ARM devices, the following
+deprecated operations MUST remain available to 32-bit native ARM code, either
+through native CPU support or through software emulation:
+ </p>
+ <ul>
+ <li>
+ SWP and SWPB instructions
+ </li>
+ <li>
+ SETEND instruction
+ </li>
+ <li>
+ CP15ISB, CP15DSB, and CP15DMB barrier operations
+ </li>
+ </ul>
+ <p>
+ Legacy versions of the Android NDK used /proc/cpuinfo to discover CPU features
+from 32-bit ARM native code. For compatibility with applications built using
+this NDK, devices MUST include the following lines in /proc/cpuinfo when it is
+read by 32-bit ARM applications:
+ </p>
+ <ul>
+ <li>
+ "Features: ", followed by a list of any optional ARMv7 CPU features supported by the device.
+ </li>
+ <li>
+ "CPU architecture: ", followed by an integer describing the device's highest
+ supported ARM architecture (e.g., "8" for ARMv8 devices).
+ </li>
+ </ul>
+ <p>
+ These requirements only apply when /proc/cpuinfo is read by 32-bit ARM
+applications. Devices SHOULD not alter /proc/cpuinfo when read by 64-bit ARM or
+non-ARM applications.
+ </p>
+ <h3 id="3_4_web_compatibility">
+ 3.4. Web Compatibility
+ </h3>
+ <h4 id="3_4_1_webview_compatibility">
+ 3.4.1. WebView Compatibility
+ </h4>
+ <div class="note">
+ Android Watch devices MAY, but all other device implementations MUST provide a
+complete implementation of the android.webkit.Webview API.
+ </div>
+ <p>
+ The platform feature android.software.webview MUST be reported on any device
+that provides a complete implementation of the android.webkit.WebView API, and
+MUST NOT be reported on devices without a complete implementation of the API.
+The Android Open Source implementation uses code from the Chromium Project to
+implement the
+ <a href="http://developer.android.com/reference/android/webkit/WebView.html">
+ android.webkit.WebView
+ </a>.
+Because it is not feasible to develop a comprehensive test suite for a web
+rendering system, device implementers MUST use the specific upstream build of
+Chromium in the WebView implementation. Specifically:
+ </p>
+ <ul>
+ <li>
+ Device android.webkit.WebView implementations MUST be based on the
+ <a href="http://www.chromium.org/">
+ Chromium
+ </a>
+ build from the upstream Android Open
+ Source Project for Android 7.1. This build includes a specific
+ set of functionality and security fixes for the WebView.
+ </li>
+ <li>
+ <p>
+ The user agent string reported by the WebView MUST be in this format:
+ </p>
+ <p>
+ Mozilla/5.0 (Linux; Android $(VERSION); $(MODEL) Build/$(BUILD); wv)
+AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 $(CHROMIUM_VER) Mobile
+Safari/537.36
+ </p>
+ <ul>
+ <li>
+ The value of the $(VERSION) string MUST be the same as the value for android.os.Build.VERSION.RELEASE.
+ </li>
+ <li>
+ The value of the $(MODEL) string MUST be the same as the value for android.os.Build.MODEL.
+ </li>
+ <li>
+ The value of the $(BUILD) string MUST be the same as the value for android.os.Build.ID.
+ </li>
+ <li>
+ The value of the $(CHROMIUM_VER) string MUST be the version of Chromium in the upstream Android Open Source Project.
+ </li>
+ <li>
+ Device implementations MAY omit Mobile in the user agent string.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <p>
+ The WebView component SHOULD include support for as many HTML5 features as
+possible and if it supports the feature SHOULD conform to the
+ <a href="http://html.spec.whatwg.org/multipage/">
+ HTML5 specification
+ </a>.
+ </p>
+ <h4 id="3_4_2_browser_compatibility">
+ 3.4.2. Browser Compatibility
+ </h4>
+ <div class="note">
+ Android Television, Watch, and Android Automotive implementations MAY omit a
+browser application, but MUST support the public intent patterns as described in
+ <a href="#3_2_3_1_core_application_intents">
+ section 3.2.3.1
+ </a>. All other types of device
+implementations MUST include a standalone Browser application for general user
+web browsing.
+ </div>
+ <p>
+ The standalone Browser MAY be based on a browser technology other than WebKit.
+However, even if an alternate Browser application is used, the
+android.webkit.WebView component provided to third-party applications MUST be
+based on WebKit, as described in
+ <a href="#3_4_1_webview_compatibility">
+ section 3.4.1
+ </a>.
+ </p>
+ <p>
+ Implementations MAY ship a custom user agent string in the standalone Browser application.
+ </p>
+ <p>
+ The standalone Browser application (whether based on the upstream WebKit Browser
+application or a third-party replacement) SHOULD include support for as much of
+ <a href="http://html.spec.whatwg.org/multipage/">
+ HTML5
+ </a>
+ as possible. Minimally, device
+implementations MUST support each of these APIs associated with HTML5:
+ </p>
+ <ul>
+ <li>
+ <a href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#offline">
+ application cache/offline operation
+ </a>
+ </li>
+ <li>
+ <a href="http://www.w3.org/html/wg/drafts/html/master/semantics.html#video">
+ <video> tag
+ </a>
+ </li>
+ <li>
+ <a href="http://www.w3.org/TR/geolocation-API/">
+ geolocation
+ </a>
+ </li>
+ </ul>
+ <p>
+ Additionally, device implementations MUST support the HTML5/W3C
+ <a href="http://www.w3.org/TR/webstorage/">
+ webstorage API
+ </a>
+ and SHOULD support the HTML5/W3C
+ <a href="http://www.w3.org/TR/IndexedDB/">
+ IndexedDB API
+ </a>. Note that as the web
+development standards bodies are transitioning to favor IndexedDB over
+webstorage, IndexedDB is expected to become a required component in a future
+version of Android.
+ </p>
+ <h3 id="3_5_api_behavioral_compatibility">
+ 3.5. API Behavioral Compatibility
+ </h3>
+ <p>
+ The behaviors of each of the API types (managed, soft, native, and web) must be
+consistent with the preferred implementation of the upstream
+ <a href="http://source.android.com/">
+ Android Open Source Project
+ </a>. Some specific areas of
+compatibility are:
+ </p>
+ <ul>
+ <li>
+ Devices MUST NOT change the behavior or semantics of a standard intent.
+ </li>
+ <li>
+ Devices MUST NOT alter the lifecycle or lifecycle semantics of a particular
+ type of system component (such as Service, Activity, ContentProvider, etc.).
+ </li>
+ <li>
+ Devices MUST NOT change the semantics of a standard permission.
+ </li>
+ </ul>
+ <p>
+ The above list is not comprehensive. The Compatibility Test Suite (CTS) tests
+significant portions of the platform for behavioral compatibility, but not all.
+It is the responsibility of the implementer to ensure behavioral compatibility
+with the Android Open Source Project. For this reason, device implementers
+SHOULD use the source code available via the Android Open Source Project where
+possible, rather than re-implement significant parts of the system.
+ </p>
+ <h3 id="3_6_api_namespaces">
+ 3.6. API Namespaces
+ </h3>
+ <p>
+ Android follows the package and class namespace conventions defined by the Java
+programming language. To ensure compatibility with third-party applications,
+device implementers MUST NOT make any prohibited modifications (see below) to
+these package namespaces:
+ </p>
+ <ul>
+ <li>
+ java.*
+ </li>
+ <li>
+ javax.*
+ </li>
+ <li>
+ sun.*
+ </li>
+ <li>
+ android.*
+ </li>
+ <li>
+ com.android.*
+ </li>
+ </ul>
+ <p>
+ <strong>
+ Prohibited modifications include
+ </strong>
+ :
+ </p>
+ <ul>
+ <li>
+ Device implementations MUST NOT modify the publicly exposed APIs on the
+ Android platform by changing any method or class signatures, or by removing
+ classes or class fields.
+ </li>
+ <li>
+ Device implementers MAY modify the underlying implementation of the APIs,
+ but such modifications MUST NOT impact the stated behavior and Java-language
+ signature of any publicly exposed APIs.
+ </li>
+ <li>
+ Device implementers MUST NOT add any publicly exposed elements (such as
+ classes or interfaces, or fields or methods to existing classes or
+ interfaces) to the APIs above.
+ </li>
+ </ul>
+ <p>
+ A “publicly exposed element” is any construct that is not decorated with
+the“@hide” marker as used in the upstream Android source code. In other words,
+device implementers MUST NOT expose new APIs or alter existing APIs in the
+namespaces noted above. Device implementers MAY make internal-only
+modifications, but those modifications MUST NOT be advertised or otherwise
+exposed to developers.
+ </p>
+ <p>
+ Device implementers MAY add custom APIs, but any such APIs MUST NOT be in a
+namespace owned by or referring to another organization. For instance, device
+implementers MUST NOT add APIs to the com.google.* or similar namespace: only
+Google may do so. Similarly, Google MUST NOT add APIs to other companies'
+namespaces. Additionally, if a device implementation includes custom APIs
+outside the standard Android namespace, those APIs MUST be packaged in an
+Android shared library so that only apps that explicitly use them (via the
+<uses-library> mechanism) are affected by the increased memory usage of such
+APIs.
+ </p>
+ <p>
+ If a device implementer proposes to improve one of the package namespaces above
+(such as by adding useful new functionality to an existing API, or adding a new
+API), the implementer SHOULD visit
+ <a href="http://source.android.com/">
+ source.android.com
+ </a>
+ and begin the process for
+contributing changes and code, according to the information on that site.
+ </p>
+ <p>
+ Note that the restrictions above correspond to standard conventions for naming
+APIs in the Java programming language; this section simply aims to reinforce
+those conventions and make them binding through inclusion in this Compatibility
+Definition.
+ </p>
+ <h3 id="3_7_runtime_compatibility">
+ 3.7. Runtime Compatibility
+ </h3>
+ <p>
+ Device implementations MUST support the full Dalvik Executable (DEX) format and
+ <a href="https://android.googlesource.com/platform/dalvik/">
+ Dalvik bytecode specification and semantics
+ </a>.
+Device implementers SHOULD use ART, the reference upstream implementation of the Dalvik
+Executable Format, and the reference implementation’s package management system.
+ </p>
+ <p>
+ Device implementations MUST configure Dalvik runtimes to allocate memory in
+accordance with the upstream Android platform, and as specified by the following
+table. (See
+ <a href="#7_1_1_screen_configuration">
+ section 7.1.1
+ </a>
+ for screen size and
+screen density definitions.) Note that memory values specified below are
+considered minimum values and device implementations MAY allocate more memory
+per application.
+ </p>
+ <table>
+ <tr>
+ <th>
+ Screen Layout
+ </th>
+ <th>
+ Screen Density
+ </th>
+ <th>
+ Minimum Application Memory
+ </th>
+ </tr>
+ <tr>
+ <td rowspan="12">
+ Android Watch
+ </td>
+ <td>
+ 120 dpi (ldpi)
+ </td>
+ <td rowspan="3">
+ 32MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 160 dpi (mdpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 213 dpi (tvdpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 240 dpi (hdpi)
+ </td>
+ <td rowspan="2">
+ 36MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 280 dpi (280dpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 320 dpi (xhdpi)
+ </td>
+ <td rowspan="2">
+ 48MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 360 dpi (360dpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 400 dpi (400dpi)
+ </td>
+ <td>
+ 56MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 420 dpi (420dpi)
+ </td>
+ <td>
+ 64MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 480 dpi (xxhdpi)
+ </td>
+ <td>
+ 88MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 560 dpi (560dpi)
+ </td>
+ <td>
+ 112MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 640 dpi (xxxhdpi)
+ </td>
+ <td>
+ 154MB
+ </td>
+ </tr>
+ <tr>
+ <td rowspan="12">
+ small/normal
+ </td>
+ <td>
+ 120 dpi (ldpi)
+ </td>
+ <td rowspan="2">
+ 32MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 160 dpi (mdpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 213 dpi (tvdpi)
+ </td>
+ <td rowspan="3">
+ 48MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 240 dpi (hdpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 280 dpi (280dpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 320 dpi (xhdpi)
+ </td>
+ <td rowspan="2">
+ 80MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 360 dpi (360dpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 400 dpi (400dpi)
+ </td>
+ <td>
+ 96MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 420 dpi (420dpi)
+ </td>
+ <td>
+ 112MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 480 dpi (xxhdpi)
+ </td>
+ <td>
+ 128MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 560 dpi (560dpi)
+ </td>
+ <td>
+ 192MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 640 dpi (xxxhdpi)
+ </td>
+ <td>
+ 256MB
+ </td>
+ </tr>
+ <tr>
+ <td rowspan="12">
+ large
+ </td>
+ <td>
+ 120 dpi (ldpi)
+ </td>
+ <td>
+ 32MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 160 dpi (mdpi)
+ </td>
+ <td>
+ 48MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 213 dpi (tvdpi)
+ </td>
+ <td rowspan="2">
+ 80MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 240 dpi (hdpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 280 dpi (280dpi)
+ </td>
+ <td>
+ 96MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 320 dpi (xhdpi)
+ </td>
+ <td>
+ 128MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 360 dpi (360dpi)
+ </td>
+ <td>
+ 160MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 400 dpi (400dpi)
+ </td>
+ <td>
+ 192MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 420 dpi (420dpi)
+ </td>
+ <td>
+ 228MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 480 dpi (xxhdpi)
+ </td>
+ <td>
+ 256MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 560 dpi (560dpi)
+ </td>
+ <td>
+ 384MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 640 dpi (xxxhdpi)
+ </td>
+ <td>
+ 512MB
+ </td>
+ </tr>
+ <tr>
+ <td rowspan="12">
+ xlarge
+ </td>
+ <td>
+ 120 dpi (ldpi)
+ </td>
+ <td>
+ 48MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 160 dpi (mdpi)
+ </td>
+ <td>
+ 80MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 213 dpi (tvdpi)
+ </td>
+ <td rowspan="2">
+ 96MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 240 dpi (hdpi)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 280 dpi (280dpi)
+ </td>
+ <td>
+ 144MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 320 dpi (xhdpi)
+ </td>
+ <td>
+ 192MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 360 dpi (360dpi)
+ </td>
+ <td>
+ 240MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 400 dpi (400dpi)
+ </td>
+ <td>
+ 288MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 420 dpi (420dpi)
+ </td>
+ <td>
+ 336MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 480 dpi (xxhdpi)
+ </td>
+ <td>
+ 384MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 560 dpi (560dpi)
+ </td>
+ <td>
+ 576MB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 640 dpi (xxxhdpi)
+ </td>
+ <td>
+ 768MB
+ </td>
+ </tr>
+ </table>
+ <h3 id="3_8_user_interface_compatibility">
+ 3.8. User Interface Compatibility
+ </h3>
+ <h4 id="3_8_1_launcher_(home_screen)">
+ 3.8.1. Launcher (Home Screen)
+ </h4>
+ <p>
+ Android includes a launcher application (home screen) and support for
+third-party applications to replace the device launcher (home screen). Device
+implementations that allow third-party applications to replace the device home
+screen MUST declare the platform feature android.software.home_screen.
+ </p>
+ <h4 id="3_8_2_widgets">
+ 3.8.2. Widgets
+ </h4>
+ <div class="note">
+ Widgets are optional for all Android device implementations, but SHOULD be
+supported on Android Handheld devices.
+ </div>
+ <p>
+ Android defines a component type and corresponding API and lifecycle that allows
+applications to expose an
+ <a href="http://developer.android.com/guide/practices/ui_guidelines/widget_design.html">
+ “AppWidget”
+ </a>
+ to the end user, a feature that is STRONGLY RECOMMENDED to be supported on
+Handheld Device implementations. Device implementations that support embedding
+widgets on the home screen MUST meet the following requirements and declare
+support for platform feature android.software.app_widgets.
+ </p>
+ <ul>
+ <li>
+ Device launchers MUST include built-in support for AppWidgets and expose
+ user interface affordances to add, configure, view, and remove AppWidgets
+ directly within the Launcher.
+ </li>
+ <li>
+ Device implementations MUST be capable of rendering widgets that are 4 x 4
+ in the standard grid size. See the
+ <a href="http://developer.android.com/guide/practices/ui_guidelines/widget_design.html">
+ App Widget Design
+ Guidelines
+ </a>
+ in the Android SDK documentation for details.
+ </li>
+ <li>
+ Device implementations that include support for lock screen MAY support
+ application widgets on the lock screen.
+ </li>
+ </ul>
+ <h4 id="3_8_3_notifications">
+ 3.8.3. Notifications
+ </h4>
+ <p>
+ Android includes APIs that allow developers to
+ <a href="http://developer.android.com/guide/topics/ui/notifiers/notifications.html">
+ notify users of notable events
+ </a>
+ using hardware and software features of the device.
+ </p>
+ <p>
+ Some APIs allow applications to perform notifications or attract attention using
+hardware—specifically sound, vibration, and light. Device implementations MUST
+support notifications that use hardware features, as described in the SDK
+documentation, and to the extent possible with the device implementation
+hardware. For instance, if a device implementation includes a vibrator, it MUST
+correctly implement the vibration APIs. If a device implementation lacks
+hardware, the corresponding APIs MUST be implemented as no-ops. This behavior is
+further detailed in
+ <a href="#7_hardware_compatibility">
+ section 7
+ </a>.
+ </p>
+ <p>
+ Additionally, the implementation MUST correctly render all
+ <a href="https://developer.android.com/guide/topics/resources/available-resources.html">
+ resources
+ </a>
+ (icons, animation files etc.) provided for in the APIs, or in the Status/System
+Bar
+ <a href="http://developer.android.com/design/style/iconography.html">
+ icon style guide
+ </a>, which in the
+case of an Android Television device includes the possibility to not display the
+notifications. Device implementers MAY provide an alternative user experience
+for notifications than that provided by the reference Android Open Source
+implementation; however, such alternative notification systems MUST support
+existing notification resources, as above.
+ </p>
+ <div class="note">
+ Android Automotive implementations MAY manage the visibility and timing of
+notifications to mitigate driver distraction, but MUST display
+notifications that use
+ <a href="https://developer.android.com/reference/android/app/Notification.CarExtender.html">
+ CarExtender
+ </a>
+ when requested by applications.
+ </div>
+ <p>
+ Android includes support for various notifications, such as:
+ </p>
+ <ul>
+ <li>
+ <strong>
+ Rich notifications
+ </strong>
+ . Interactive Views for ongoing notifications.
+ </li>
+ <li>
+ <strong>
+ Heads-up notifications
+ </strong>
+ . Interactive Views users can act on or dismiss without leaving the current app.
+ </li>
+ <li>
+ <strong>
+ Lock screen notifications
+ </strong>
+ . Notifications shown over a lock screen with granular control on visibility.
+ </li>
+ </ul>
+ <p>
+ Android device implementations, when such notifications are made visible, MUST
+properly execute Rich and Heads-up notifications and include the title/name,
+icon, text as
+ <a href="https://developer.android.com/design/patterns/notifications.html">
+ documented in the Android APIs
+ </a>.
+ </p>
+ <p>
+ Android includes Notification Listener Service APIs that allow apps (once
+explicitly enabled by the user) to receive a copy of all notifications as they
+are posted or updated. Device implementations MUST correctly and promptly send
+notifications in their entirety to all such installed and user-enabled listener
+services, including any and all metadata attached to the Notification object.
+ </p>
+ <p>
+ Handheld device implementations MUST support the behaviors of updating,
+removing, replying to, and bundling notifications as described in this
+ <a href="https://developer.android.com/guide/topics/ui/notifiers/notifications.html#Managing">
+ section
+ </a>.
+ </p>
+ <p>
+ Also, handheld device implementations MUST provide:
+ </p>
+ <ul>
+ <li>
+ The ability to control notifications directly in the notification shade.
+ </li>
+ <li>
+ The visual affordance to trigger the control panel in the notification shade.
+ </li>
+ <li>
+ The ability to BLOCK, MUTE and RESET notification preference from a
+ package, both in the inline control panel as well as in the settings app.
+ </li>
+ </ul>
+ <p>
+ All 6 direct subclasses of the
+ <code>
+ Notification.Style class
+ </code>
+ MUST be supported as
+described in the
+ <a href="https://developer.android.com/reference/android/app/Notification.Style.html">
+ SDK documents
+ </a>.
+ </p>
+ <p>
+ Device implementations that support the DND (Do not Disturb) feature MUST meet
+the following requirements:
+ </p>
+ <ul>
+ <li>
+ MUST implement an activity that would respond to the intent
+ <a href="https://developer.android.com/reference/android/provider/Settings.html#ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS">
+ ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS
+ </a>,
+ which for implementations with UI_MODE_TYPE_NORMAL it MUST be an activity
+ where the user can grant or deny the app access to DND policy
+ configurations.
+ </li>
+ <li>
+ MUST, for when the device implementation has provided a means for the user
+ to grant or deny third-party apps to access the DND policy configuration,
+ display
+ <a href="https://developer.android.com/reference/android/app/NotificationManager.html#addAutomaticZenRule%28android.app.AutomaticZenRule%29">
+ Automatic DND rules
+ </a>
+ created by applications alongside the user-created and pre-defined rules.
+ </li>
+ <li>
+ MUST honor the
+ <a href="https://developer.android.com/reference/android/app/NotificationManager.Policy.html#suppressedVisualEffects">
+ <code>
+ suppressedVisualEffects
+ </code>
+ </a>
+ values passed along the
+ <a href="https://developer.android.com/reference/android/app/NotificationManager.Policy.html#NotificationManager.Policy%28int, int, int, int%29">
+ <code>
+ NotificationManager.Policy
+ </code>
+ </a>
+ and if an app has set any of the SUPPRESSED_EFFECT_SCREEN_OFF or
+ SUPPRESSED_EFFECT_SCREEN_ON flags, it SHOULD indicate to the user that the
+ visual effects are suppressed in the DND settings menu.
+ </li>
+ </ul>
+ <h4 id="3_8_4_search">
+ 3.8.4. Search
+ </h4>
+ <p>
+ Android includes APIs that allow developers to
+ <a href="http://developer.android.com/reference/android/app/SearchManager.html">
+ incorporate search
+ </a>
+ into their applications and expose their application’s data into the global
+system search. Generally speaking, this functionality consists of a single,
+system-wide user interface that allows users to enter queries, displays
+suggestions as users type, and displays results. The Android APIs allow
+developers to reuse this interface to provide search within their own apps and
+allow developers to supply results to the common global search user interface.
+ </p>
+ <p>
+ Android device implementations SHOULD include global search, a single, shared,
+system-wide search user interface capable of real-time suggestions in response
+to user input. Device implementations SHOULD implement the APIs that allow
+developers to reuse this user interface to provide search within their own
+applications. Device implementations that implement the global search interface
+MUST implement the APIs that allow third-party applications to add suggestions
+to the search box when it is run in global search mode. If no third-party
+applications are installed that make use of this functionality, the default
+behavior SHOULD be to display web search engine results and suggestions.
+ </p>
+ <p>
+ Android device implementations SHOULD, and Android Automotive implementations
+MUST, implement an assistant on the device to
+handle the
+ <a href="http://developer.android.com/reference/android/content/Intent.html#ACTION_ASSIST">
+ Assist action
+ </a>.
+ </p>
+ <p>
+ Android also includes the
+ <a href="https://developer.android.com/reference/android/app/assist/package-summary.html">
+ Assist APIs
+ </a>
+ to allow applications to elect how much information of the current context is
+shared with the assistant on the device. Device implementations supporting the
+Assist action MUST indicate clearly to the end user when the context is
+shared by displaying a white light around the edges of the screen. To ensure
+clear visibility to the end user, the indication MUST meet or exceed the
+duration and brightness of the Android Open Source Project implementation.
+ </p>
+ <p>
+ This indication MAY be disabled by default for preinstalled apps using the Assist and
+VoiceInteractionService API, if all following requirements are met:
+ </p>
+ <ul>
+ <li>
+ <p>
+ The preinstalled app MUST request the context to be shared only when the
+ user invoked the app by one of the following means, and the app is running in the
+ foreground:
+ </p>
+ <ul>
+ <li>
+ hotword invocation
+ </li>
+ <li>
+ input of the ASSIST navigation key/button/gesture
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ The device implementation MUST provide an affordance to enable the
+ indication, less than two navigations away from
+ (the default voice input and assistant app settings menu)
+ <a href="#3_2_3_5_default_app_settings">
+ section 3.2.3.5
+ </a>.
+ </p>
+ </li>
+ </ul>
+ <h4 id="3_8_5_toasts">
+ 3.8.5. Toasts
+ </h4>
+ <p>
+ Applications can use the
+ <a href="http://developer.android.com/reference/android/widget/Toast.html">
+ “Toast” API
+ </a>
+ to
+display short non-modal strings to the end user that disappear after a brief
+period of time. Device implementations MUST display Toasts from applications to
+end users in some high-visibility manner.
+ </p>
+ <h4 id="3_8_6_themes">
+ 3.8.6. Themes
+ </h4>
+ <p>
+ Android provides “themes” as a mechanism for applications to apply styles across
+an entire Activity or application.
+ </p>
+ <p>
+ Android includes a “Holo” theme family as a set of defined styles for
+application developers to use if they want to match the
+ <a href="http://developer.android.com/guide/topics/ui/themes.html">
+ Holo theme look and feel
+ </a>
+ as defined by the Android SDK. Device implementations MUST NOT alter any of the
+ <a href="http://developer.android.com/reference/android/R.style.html">
+ Holo theme attributes
+ </a>
+ exposed to applications.
+ </p>
+ <p>
+ Android includes a “Material” theme family as a set of defined styles for
+application developers to use if they want to match the design theme’s look and
+feel across the wide variety of different Android device types. Device
+implementations MUST support the “Material” theme family and MUST NOT alter any
+of the
+ <a href="http://developer.android.com/reference/android/R.style.html#Theme_Material">
+ Material theme attributes
+ </a>
+ or their assets exposed to applications.
+ </p>
+ <p>
+ Android also includes a “Device Default” theme family as a set of defined styles
+for application developers to use if they want to match the look and feel of the
+device theme as defined by the device implementer. Device implementations MAY
+modify the
+ <a href="http://developer.android.com/reference/android/R.style.html">
+ Device Default theme attributes
+ </a>
+ exposed
+to applications.
+ </p>
+ <p>
+ Android supports a variant theme with translucent system bars, which allows
+application developers to fill the area behind the status and navigation bar
+with their app content. To enable a consistent developer experience in this
+configuration, it is important the status bar icon style is maintained across
+different device implementations. Therefore, Android device implementations MUST
+use white for system status icons (such as signal strength and battery level)
+and notifications issued by the system, unless the icon is indicating a
+problematic status or an app requests a light status bar using the
+SYSTEM_UI_FLAG_LIGHT_STATUS_BAR flag. When an app requests a light status bar,
+Android device implementations MUST change the color of the system status icons
+to black (for details, refer to
+ <a href="http://developer.android.com/reference/android/R.style.html">
+ R.style
+ </a>
+ ).
+ </p>
+ <h4 id="3_8_7_live_wallpapers">
+ 3.8.7. Live Wallpapers
+ </h4>
+ <p>
+ Android defines a component type and corresponding API and lifecycle that allows
+applications to expose one or more
+ <a href="http://developer.android.com/reference/android/service/wallpaper/WallpaperService.html">
+ “Live Wallpapers”
+ </a>
+ to the end user. Live wallpapers are animations, patterns, or similar images
+with limited input capabilities that display as a wallpaper, behind other
+applications.
+ </p>
+ <p>
+ Hardware is considered capable of reliably running live wallpapers if it can run
+all live wallpapers, with no limitations on functionality, at a reasonable frame
+rate with no adverse effects on other applications. If limitations in the
+hardware cause wallpapers and/or applications to crash, malfunction, consume
+excessive CPU or battery power, or run at unacceptably low frame rates, the
+hardware is considered incapable of running live wallpaper. As an example, some
+live wallpapers may use an OpenGL 2.0 or 3.x context to render their content.
+Live wallpaper will not run reliably on hardware that does not support multiple
+OpenGL contexts because the live wallpaper use of an OpenGL context may conflict
+with other applications that also use an OpenGL context.
+ </p>
+ <p>
+ Device implementations capable of running live wallpapers reliably as described
+above SHOULD implement live wallpapers, and when implemented MUST report the
+platform feature flag android.software.live_wallpaper.
+ </p>
+ <h4 id="3_8_8_activity_switching">
+ 3.8.8. Activity Switching
+ </h4>
+ <div class="note">
+ As the Recent function navigation key is OPTIONAL, the requirement to implement
+the overview screen is OPTIONAL for Android Watch and Android Automotive implementations,
+and RECOMMENDED for Android Television devices. There SHOULD still be a
+method to switch between activities on Android Automotive implementations.
+ </div>
+ <p>
+ The upstream Android source code includes the
+ <a href="http://developer.android.com/guide/components/recents.html">
+ overview screen
+ </a>, a
+system-level user interface for task switching and displaying recently accessed
+activities and tasks using a thumbnail image of the application’s graphical
+state at the moment the user last left the application. Device implementations
+including the recents function navigation key as detailed in
+ <a href="#7_2_3_navigation_keys">
+ section 7.2.3
+ </a>
+ MAY alter the interface but MUST meet the
+following requirements:
+ </p>
+ <ul>
+ <li>
+ MUST support at least up to 20 displayed activities.
+ </li>
+ <li>
+ SHOULD at least display the title of 4 activities at a time.
+ </li>
+ <li>
+ MUST implement the
+ <a href="http://developer.android.com/about/versions/android-5.0.html#ScreenPinning">
+ screen pinning behavior
+ </a>
+ and provide the user with a settings menu to toggle the feature.
+ </li>
+ <li>
+ SHOULD display highlight color, icon, screen title in recents.
+ </li>
+ <li>
+ SHOULD display a closing affordance ("x") but MAY delay this until user interacts with screens.
+ </li>
+ <li>
+ SHOULD implement a shortcut to switch easily to the previous activity
+ </li>
+ <li>
+ MAY display affiliated recents as a group that moves together.
+ </li>
+ <li>
+ SHOULD trigger the fast-switch action between the two most recently used
+ apps, when the recents function key is tapped twice.
+ </li>
+ <li>
+ SHOULD trigger the split-screen multiwindow-mode, if supported, when the
+ recents functions key is long pressed.
+ </li>
+ </ul>
+ <p>
+ Device implementations are STRONGLY RECOMMENDED to use the upstream Android user
+interface (or a similar thumbnail-based interface) for the overview screen.
+ </p>
+ <h4 id="3_8_9_input_management">
+ 3.8.9. Input Management
+ </h4>
+ <p>
+ Android includes support for
+ <a href="http://developer.android.com/guide/topics/text/creating-input-method.html">
+ Input Management
+ </a>
+ and support for third-party input method editors. Device implementations that
+allow users to use third-party input methods on the device MUST declare the
+platform feature android.software.input_methods and support IME APIs as defined
+in the Android SDK documentation.
+ </p>
+ <p>
+ Device implementations that declare the android.software.input_methods feature
+MUST provide a user-accessible mechanism to add and configure third-party input
+methods. Device implementations MUST display the settings interface in response
+to the android.settings.INPUT_METHOD_SETTINGS intent.
+ </p>
+ <h4 id="3_8_10_lock_screen_media_control">
+ 3.8.10. Lock Screen Media Control
+ </h4>
+ <p>
+ The Remote Control Client API is deprecated from Android 5.0 in favor of the
+ <a href="http://developer.android.com/reference/android/app/Notification.MediaStyle.html">
+ Media Notification Template
+ </a>
+ that allows media applications to integrate with playback controls that are
+displayed on the lock screen. Device implementations that support a lock screen,
+unless an Android Automotive or Watch implementation, MUST display the
+Lock screen Notifications including the Media Notification Template.
+ </p>
+ <h4 id="3_8_11_screen_savers_(previously_dreams)">
+ 3.8.11. Screen savers (previously Dreams)
+ </h4>
+ <p>
+ Android includes support for
+ <a href="http://developer.android.com/reference/android/service/dreams/DreamService.html">
+ interactivescreensavers
+ </a>,
+previously referred to as Dreams. Screen savers allow users to interact with
+applications when a device connected to a power source is idle or docked in a
+desk dock. Android Watch devices MAY implement screen savers, but other types
+of device implementations SHOULD include support for screen savers and provide
+a settings option for users toconfigure screen savers in response to the
+ <code>
+ android.settings.DREAM_SETTINGS
+ </code>
+ intent.
+ </p>
+ <h4 id="3_8_12_location">
+ 3.8.12. Location
+ </h4>
+ <p>
+ When a device has a hardware sensor (e.g. GPS) that is capable of providing the
+location coordinates,
+ <a href="http://developer.android.com/reference/android/provider/Settings.Secure.html#LOCATION_MODE">
+ location modes
+ </a>
+ MUST be displayed in the Location menu within Settings.
+ </p>
+ <h4 id="3_8_13_unicode_and_font">
+ 3.8.13. Unicode and Font
+ </h4>
+ <p>
+ Android includes support for the emoji characters defined in
+ <a href="http://www.unicode.org/versions/Unicode9.0.0/">
+ Unicode 9.0
+ </a>. All device
+implementations MUST be capable of rendering these emoji characters
+in color glyph and when Android device implementations include an IME,
+it SHOULD provide an input method to the user for these emoji characters.
+ </p>
+ <p>
+ Android handheld devices SHOULD support the skin tone and diverse family emojis
+as specified in the
+ <a href="http://unicode.org/reports/tr51">
+ Unicode Technical Report #51
+ </a>.
+ </p>
+ <p>
+ Android includes support for Roboto 2 font with different
+weights—sans-serif-thin, sans-serif-light, sans-serif-medium, sans-serif-black,
+sans-serif-condensed, sans-serif-condensed-light—which MUST all be included for
+the languages available on the device and full Unicode 7.0 coverage of Latin,
+Greek, and Cyrillic, including the Latin Extended A, B, C, and D ranges, and all
+glyphs in the currency symbols block of Unicode 7.0.
+ </p>
+ <h4 id="3_8_14_multi-windows">
+ 3.8.14. Multi-windows
+ </h4>
+ <p>
+ A device implementation MAY choose not to implement any multi-window modes, but
+if it has the capability to display multiple activities at the same time it
+MUST implement such multi-window mode(s) in accordance with the application
+behaviors and APIs described in the Android SDK
+ <a href="https://developer.android.com/preview/features/multi-window.html">
+ multi-window mode support documentation
+ </a>
+ and meet the following requirements:
+ </p>
+ <ul>
+ <li>
+ Applications can indicate whether they are capable of operating in
+ multi-window mode in the AndroidManifest.xml file, either explicitly via the
+ <a href="https://developer.android.com/reference/android/R.attr.html#resizeableActivity">
+ <code>
+ android:resizeableActivity
+ </code>
+ </a>
+ attribute or implicitly by having the targetSdkVersion > 24. Apps that
+ explicitly set this attribute to false in their manifest MUST not be
+ launched in multi-window mode. Apps that don't set the attribute in their
+ manifest file (targetSdkVersion < 24) can be launched in multi-window mode,
+ but the system MUST provide warning that the app may not work as expected in
+ multi-window mode.
+ </li>
+ <li>
+ Device implementations MUST NOT offer split-screen or freeform mode
+ if both the screen height and width is less than 440 dp.
+ </li>
+ <li>
+ Device implementations with screen size
+ <code>
+ xlarge
+ </code>
+ SHOULD support freeform mode.
+ </li>
+ <li>
+ Android Television device implementations MUST support picture-in-picture (PIP) mode multi-window
+ and place the PIP multi-window in the top right corner when PIP is ON.
+ </li>
+ <li>
+ Device implementations with PIP mode multi-window support
+ MUST allocate at least 240x135 dp for the PIP window.
+ </li>
+ <li>
+ If the PIP multi-window mode is supported the
+ <a href="https://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_WINDOW">
+ <code>
+ KeyEvent.KEYCODE_WINDOW
+ </code>
+ </a>
+ key MUST be used to control the PIP window; otherwise, the key MUST be
+ available to the foreground activity.
+ </li>
+ </ul>
+ <h3 id="3_9_device_administration">
+ 3.9. Device Administration
+ </h3>
+ <p>
+ Android includes features that allow security-aware applications to perform
+device administration functions at the system level, such as enforcing password
+policies or performing remote wipe, through the
+ <a href="http://developer.android.com/guide/topics/admin/device-admin.html">
+ Android Device Administration API
+ </a>
+ ].
+Device implementations MUST provide an implementation of the
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html">
+ DevicePolicyManager
+ </a>
+ class. Device implementations that supports a secure lock screen MUST implement
+the full range of
+ <a href="http://developer.android.com/guide/topics/admin/device-admin.html">
+ device administration
+ </a>
+ policies defined in the Android SDK documentation and report the platform
+feature android.software.device_admin.
+ </p>
+ <h4 id="3_9_1_device_provisioning">
+ 3.9.1 Device Provisioning
+ </h4>
+ <h5 id="3_9_1_1_device_owner_provisioning">
+ 3.9.1.1 Device owner provisioning
+ </h5>
+ <p>
+ If a device implementation declares the
+ <code>
+ android.software.device_admin
+ </code>
+ feature
+then it MUST implement the provisioning of the
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isDeviceOwnerApp(java.lang.String)">
+ Device Owner app
+ </a>
+ of a Device Policy Client (DPC) application as indicated below:
+ </p>
+ <ul>
+ <li>
+ When the device implementation has no user data configured yet, it:
+ <ul>
+ <li>
+ MUST report
+ <code>
+ true
+ </code>
+ for
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProvisioningAllowed(java.lang.String)">
+ <code>
+ DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)
+ </code>
+ </a>.
+ </li>
+ <li>
+ MUST enroll the DPC application as the Device Owner app in response to
+ the intent action
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_DEVICE">
+ <code>
+ android.app.action.PROVISION_MANAGED_DEVICE
+ </code>
+ </a>.
+ </li>
+ <li>
+ MUST enroll the DPC application as the Device Owner app if the device
+ declares Near-Field Communications (NFC) support via the feature flag
+ <code>
+ android.hardware.nfc
+ </code>
+ and receives an NFC message containing a record
+ with MIME type
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#MIME_TYPE_PROVISIONING_NFC">
+ <code>
+ MIME_TYPE_PROVISIONING_NFC
+ </code>
+ </a>.
+ </li>
+ </ul>
+ </li>
+ <li>
+ When the device implementation has user data, it:
+ <ul>
+ <li>
+ MUST report
+ <code>
+ false
+ </code>
+ for the
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProvisioningAllowed(java.lang.String)">
+ <code>
+ DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)
+ </code>
+ </a>.
+ </li>
+ <li>
+ MUST not enroll any DPC application as the Device Owner App any more.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <p>
+ Device implementations MAY have a preinstalled application performing device
+administration functions but this application MUST NOT be set as the Device
+Owner app without explicit consent or action from the user or the administrator
+of the device.
+ </p>
+ <h5 id="3_9_1_2_managed_profile_provisioning">
+ 3.9.1.2 Managed profile provisioning
+ </h5>
+ <p>
+ If a device implementation declares the android.software.managed_users, it MUST
+be possible to enroll a Device Policy Controller (DPC) application as the
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProfileOwnerApp(java.lang.String)">
+ owner of a new Managed Profile
+ </a>.
+ </p>
+ <p>
+ The managed profile provisioning process (the flow initiated by
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">
+ android.app.action.PROVISION_MANAGED_PROFILE
+ </a>
+ )
+user experience MUST align with the AOSP implementation.
+ </p>
+ <p>
+ Device implementations MUST provide the following user affordances within the
+Settings user interface to indicate to the user when a particular system function
+has been disabled by the Device Policy Controller (DPC):
+ </p>
+ <ul>
+ <li>
+ A consistent icon or other user affordance (for example the upstream AOSP
+ info icon) to represent when a particular setting is restricted by a
+ Device Admin.
+ </li>
+ <li>
+ A short explanation message, as provided by the Device Admin via the
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setShortSupportMessage%28android.content.ComponentName, java.lang.CharSequence%29">
+ <code>
+ setShortSupportMessage
+ </code>
+ </a>.
+ </li>
+ <li>
+ The DPC application’s icon.
+ </li>
+ </ul>
+ <h3 id="3_9_2_managed_profile_support">
+ 3.9.2 Managed Profile Support
+ </h3>
+ <p>
+ Managed profile capable devices are those devices that:
+ </p>
+ <ul>
+ <li>
+ Declare android.software.device_admin (see
+ <a href="#3_9_device_administration">
+ section 3.9 Device Administration
+ </a>
+ ).
+ </li>
+ <li>
+ Are not low RAM devices (see
+ <a href="#7_6_1_minimum_memory_and_storage">
+ section 7.6.1
+ </a>
+ ).
+ </li>
+ <li>
+ Allocate internal (non-removable) storage as shared storage (see
+ <a href="#7_6_2_application_shared_storage">
+ section 7.6.2
+ </a>
+ ).
+ </li>
+ </ul>
+ <p>
+ Managed profile capable devices MUST:
+ </p>
+ <ul>
+ <li>
+ Declare the platform feature flag
+ <code>
+ android.software.managed_users
+ </code>
+ .
+ </li>
+ <li>
+ Support managed profiles via the
+ <code>
+ android.app.admin.DevicePolicyManager
+ </code>
+ APIs.
+ </li>
+ <li>
+ Allow one and only
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">
+ one managed profile to be created
+ </a>.
+ </li>
+ <li>
+ Use an icon badge (similar to the AOSP upstream work badge) to represent the
+ managed applications and widgets and other badged UI elements like
+ Recents & Notifications.
+ </li>
+ <li>
+ Display a notification icon (similar to the AOSP upstream work badge) to
+ indicate when user is within a managed profile application.
+ </li>
+ <li>
+ Display a toast indicating that the user is in the managed profile if and
+ when the device wakes up (ACTION_USER_PRESENT) and the foreground
+ application is within the managed profile.
+ </li>
+ <li>
+ Where a managed profile exists, show a visual affordance in the Intent
+ 'Chooser' to allow the user to forward the intent from the managed profile
+ to the primary user or vice versa, if enabled by the Device Policy
+ Controller.
+ </li>
+ <li>
+ Where a managed profile exists, expose the following user affordances for
+ both the primary user and the managed profile:
+ <ul>
+ <li>
+ Separate accounting for battery, location, mobile data and storage usage
+ for the primary user and managed profile.
+ </li>
+ <li>
+ Independent management of VPN Applications installed within the primary
+ user or managed profile.
+ </li>
+ <li>
+ Independent management of applications installed within the primary user
+ or managed profile.
+ </li>
+ <li>
+ Independent management of accounts within the primary user or managed
+ profile.
+ </li>
+ </ul>
+ </li>
+ <li>
+ Ensure the preinstalled dialer, contacts and messaging applications can
+ search for and look up caller information from the managed profile (if one
+ exists) alongside those from the primary profile, if the Device Policy
+ Controller permits it. When contacts from the managed profile are displayed
+ in the preinstalled call log, in-call UI, in-progress and missed-call
+ notifications, contacts and messaging apps they SHOULD be badged with the
+ same badge used to indicate managed profile applications.
+ </li>
+ <li>
+ MUST ensure that it satisfies all the security requirements applicable for a
+ device with multiple users enabled (see
+ <a href="#9_5_multi-user_support">
+ section 9.5
+ </a>
+ ),
+ even though the managed profile is not counted as another user in addition
+ to the primary user.
+ </li>
+ <li>
+ Support the ability to specify a separate lock screen meeting the following
+ requirements to grant access to apps running in a managed profile.
+ <ul>
+ <li>
+ Device implementations MUST honor the
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_SET_NEW_PASSWORD">
+ <code>
+ DevicePolicyManager.ACTION_SET_NEW_PASSWORD
+ </code>
+ </a>
+ intent and show an interface to configure a separate lock screen
+ credential for the managed profile.
+ </li>
+ <li>
+ The lock screen credentials of the managed profile MUST use the same
+ credential storage and management mechanisms as the parent profile,
+ as documented on the
+ <a href="http://source.android.com/security/authentication/index.html">
+ Android Open Source Project Site
+ </a>
+ </li>
+ <li>
+ The DPC
+ <a href="https://developer.android.com/guide/topics/admin/device-admin.html#pwd">
+ password policies
+ </a>
+ MUST apply to only the managed profile's lock screen credentials unless
+ called upon the
+ <code>
+ DevicePolicyManager
+ </code>
+ instance returned by
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#getParentProfileInstance%28android.content.ComponentName%29">
+ getParentProfileInstance
+ </a>.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <h3 id="3_10_accessibility">
+ 3.10. Accessibility
+ </h3>
+ <p>
+ Android provides an accessibility layer that helps users with disabilities to
+navigate their devices more easily. In addition, Android provides platform APIs
+that enable
+ <a href="http://developer.android.com/reference/android/accessibilityservice/AccessibilityService.html">
+ accessibility service implementations
+ </a>
+ to receive callbacks for user and system events and generate alternate feedback
+mechanisms, such as text-to-speech, haptic feedback, and trackball/d-pad
+navigation.
+ </p>
+ <p>
+ Device implementations include the following requirements:
+ </p>
+ <ul>
+ <li>
+ Android Automotive implementations SHOULD provide an implementation of the
+ Android accessibility framework consistent with the default Android
+ implementation.
+ </li>
+ <li>
+ Device implementations (Android Automotive excluded) MUST provide an
+ implementation of the Android accessibility framework consistent with the
+ default Android implementation.
+ </li>
+ <li>
+ Device implementations (Android Automotive excluded) MUST support
+ third-party accessibility service implementations through the
+ <a href="http://developer.android.com/reference/android/view/accessibility/package-summary.html">
+ android.accessibilityservice APIs
+ </a>.
+ </li>
+ <li>
+ Device implementations (Android Automotive excluded) MUST generate
+ AccessibilityEvents and deliver these events to all registered
+ AccessibilityService implementations in a manner consistent with the default
+ Android implementation
+ </li>
+ <li>
+ <p>
+ Device implementations (Android Automotive and Android Watch devices with no
+ audio output excluded), MUST provide a user-accessible mechanism to enable
+ and disable accessibility services, and MUST display this interface in
+ response to the android.provider.Settings.ACTION_ACCESSIBILITY_SETTINGS
+ intent.
+ </p>
+ </li>
+ <li>
+ <p>
+ Android device implementations with audio output are STRONGLY RECOMMENDED to provide
+ implementations of accessibility services on the device comparable in or exceeding functionality
+ of the TalkBack** and Switch Access accessibility services (https://github.com/google/talkback).
+ </p>
+ </li>
+ <li>
+ Android Watch devices with audio output SHOULD provide implementations of an accessibility service
+ on the device comparable in or exceeding functionality of the TalkBack accessibility service
+ (https://github.com/google/talkback).
+ </li>
+ <li>
+ Device implementations SHOULD provide a mechanism in the out-of-box setup flow for users to enable
+ relevant accessibility services, as well as options to adjust the font size, display size and
+ magnification gestures.
+ </li>
+ </ul>
+ <p>
+ ** For languages supported by Text-to-speech.
+ </p>
+ <p>
+ Also, note that if there is a preloaded accessibility service, it MUST be a Direct Boot aware
+{directBootAware} app if the device has encrypted storage using File Based
+Encryption (FBE).
+ </p>
+ <h3 id="3_11_text-to-speech">
+ 3.11. Text-to-Speech
+ </h3>
+ <p>
+ Android includes APIs that allow applications to make use of text-to-speech
+(TTS) services and allows service providers to provide implementations of TTS
+services. Device implementations reporting the feature
+android.hardware.audio.output MUST meet these requirements related to the
+ <a href="http://developer.android.com/reference/android/speech/tts/package-summary.html">
+ Android TTS framework
+ </a>.
+ </p>
+ <p>
+ Android Automotive implementations:
+ </p>
+ <ul>
+ <li>
+ MUST support the Android TTS framework APIs.
+ </li>
+ <li>
+ MAY support installation of third-party TTS engines. If supported, partners
+ MUST provide a user-accessible interface that allows the user to select a
+ TTS engine for use at system level.
+ </li>
+ </ul>
+ <p>
+ All other device implementations:
+ </p>
+ <ul>
+ <li>
+ MUST support the Android TTS framework APIs and SHOULD include a TTS engine
+ supporting the languages available on the device. Note that the upstream
+ Android open source software includes a full-featured TTS engine
+ implementation.
+ </li>
+ <li>
+ MUST support installation of third-party TTS engines.
+ </li>
+ <li>
+ MUST provide a user-accessible interface that allows users to select a TTS
+ engine for use at the system level.
+ </li>
+ </ul>
+ <h3 id="3_12_tv_input_framework">
+ 3.12. TV Input Framework
+ </h3>
+ <p>
+ The
+ <a href="http://source.android.com/devices/tv/index.html">
+ Android Television Input Framework (TIF)
+ </a>
+ simplifies the delivery of live content to Android Television devices. TIF
+provides a standard API to create input modules that control Android Television
+devices. Android Television device implementations MUST support TV Input
+Framework.
+ </p>
+ <p>
+ Device implementations that support TIF MUST declare the platform feature
+android.software.live_tv.
+ </p>
+ <h4 id="3_12_1_tv_app">
+ 3.12.1. TV App
+ </h4>
+ <p>
+ Any device implementation that declares support for Live TV MUST have an
+installed TV application (TV App). The Android Open Source Project provides an
+implementation of the TV App.
+ </p>
+ <p>
+ The TV App MUST provide facilities to install and use
+ <a href="http://developer.android.com/reference/android/media/tv/TvContract.Channels.html">
+ TV Channels
+ </a>
+ and meet the following requirements:
+ </p>
+ <ul>
+ <li>
+ Device implementations MUST allow third-party TIF-based inputs
+ (
+ <a href="https://source.android.com/devices/tv/index.html#third-party_input_example">
+ third-party inputs
+ </a>
+ )
+ to be installed and managed.
+ </li>
+ <li>
+ Device implementations MAY provide visual separation between pre-installed
+ <a href="https://source.android.com/devices/tv/index.html#tv_inputs">
+ TIF-based inputs
+ </a>
+ (installed inputs) and third-party inputs.
+ </li>
+ <li>
+ Device implementations MUST NOT display the third-party inputs more than a
+ single navigation action away from the TV App (i.e. expanding a list of
+ third-party inputs from the TV App).
+ </li>
+ </ul>
+ <h5 id="3_12_1_1_electronic_program_guide">
+ 3.12.1.1. Electronic Program Guide
+ </h5>
+ <p>
+ Android Television device implementations MUST show an informational and
+interactive overlay, which MUST include an electronic program guide (EPG)
+generated from the values in the
+ <a href="https://developer.android.com/reference/android/media/tv/TvContract.Programs.html">
+ TvContract.Programs
+ </a>
+ fields. The EPG MUST meet the following requirements:
+ </p>
+ <ul>
+ <li>
+ The EPG MUST display information from all installed inputs and third-party
+ inputs.
+ </li>
+ <li>
+ The EPG MAY provide visual separation between the installed inputs and
+ third-party inputs.
+ </li>
+ <li>
+ The EPG is STRONGLY RECOMMENDED to display installed inputs and third-party
+ inputs with equal prominence. The EPG MUST NOT display the third-party
+ inputs more than a single navigation action away from the installed inputs
+ on the EPG.
+ </li>
+ <li>
+ On channel change, device implementations MUST display EPG data for the
+ currently playing program.
+ </li>
+ </ul>
+ <h5 id="3_12_1_2_navigation">
+ 3.12.1.2. Navigation
+ </h5>
+ <p>
+ The TV App MUST allow navigation for the following functions via the D-pad,
+Back, and Home keys on the Android Television device’s input device(s)
+(i.e. remote control, remote control application, or game controller):
+ </p>
+ <ul>
+ <li>
+ Changing TV channels
+ </li>
+ <li>
+ Opening EPG
+ </li>
+ <li>
+ Configuring and tuning to third-party TIF-based inputs
+ </li>
+ <li>
+ Opening Settings menu
+ </li>
+ </ul>
+ <p>
+ The TV App SHOULD pass key events to HDMI inputs through CEC.
+ </p>
+ <h5 id="3_12_1_3_tv_input_app_linking">
+ 3.12.1.3. TV input app linking
+ </h5>
+ <p>
+ Android Television device implementations MUST support
+ <a href="http://developer.android.com/reference/android/media/tv/TvContract.Channels.html#COLUMN_APP_LINK_INTENT_URI">
+ TV input app linking
+ </a>,
+which allows all inputs to provide activity links from the current activity to
+another activity (i.e. a link from live programming to related content). The TV
+App MUST show TV input app linking when it is provided.
+ </p>
+ <h5 id="3_12_1_4_time_shifting">
+ 3.12.1.4. Time shifting
+ </h5>
+ <p>
+ Android Television device implementations MUST support time shifting, which
+allows the user to pause and resume live content. Device implementations MUST
+provide the user a way to pause and resume the currently playing program, if
+time shifting for that program
+ <a href="https://developer.android.com/reference/android/media/tv/TvInputManager.html#TIME_SHIFT_STATUS_AVAILABLE">
+ is available
+ </a>.
+ </p>
+ <h5 id="3_12_1_5_tv_recording">
+ 3.12.1.5. TV recording
+ </h5>
+ <p>
+ Android Television device implementations are STRONGLY RECOMMENDED to support
+TV recording. If the TV input supports recording, the EPG MAY provide a way to
+ <a href="https://developer.android.com/reference/android/media/tv/TvInputInfo.html#canRecord%28%29">
+ record a program
+ </a>
+ if the recording of such a program is not
+ <a href="https://developer.android.com/reference/android/media/tv/TvContract.Programs.html#COLUMN_RECORDING_PROHIBITED">
+ prohibited
+ </a>.
+Device implementations SHOULD provide a user interface to play recorded programs.
+ </p>
+ <h3 id="3_13_quick_settings">
+ 3.13. Quick Settings
+ </h3>
+ <p>
+ Android device implementations SHOULD include a Quick Settings UI component that
+allow quick access to frequently used or urgently needed actions.
+ </p>
+ <p>
+ Android includes the
+ <a href="https://developer.android.com/reference/android/service/quicksettings/package-summary.html">
+ <code>
+ quicksettings
+ </code>
+ </a>
+ API allowing third party apps to implement tiles that can be added by the user
+alongside the system-provided tiles in the Quick Settings UI component. If a
+device implementation has a Quick Settings UI component, it:
+ </p>
+ <ul>
+ <li>
+ MUST allow the user to add or remove tiles from a third-party app to Quick
+ Settings.
+ </li>
+ <li>
+ MUST NOT automatically add a tile from a third-party app directly to Quick
+ Settings.
+ </li>
+ <li>
+ MUST display all the user-added tiles from third-party apps alongside the
+ system-provided quick setting tiles.
+ </li>
+ </ul>
+ <h3 id="3_14_vehicle_ui_apis">
+ 3.14. Vehicle UI APIs
+ </h3>
+ <h4 id="3_14_1__vehicle_media_ui">
+ 3.14.1. Vehicle Media UI
+ </h4>
+ <p>
+ Any device implementation that
+ <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html?#FEATURE_AUTOMOTIVE?">
+ declares automotive support
+ </a>
+ MUST include a UI framework to support third-party apps consuming the
+ <a href="http://developer.android.com/reference/android/media/browse/MediaBrowser.html">
+ MediaBrowser
+ </a>
+ and
+ <a href="http://developer.android.com/reference/android/media/session/MediaSession.html">
+ MediaSession
+ </a>
+ APIs.
+ </p>
+ <p>
+ The UI framework supporting third-party apps that depend on MediaBrowser and
+MediaSession has the following visual requirements:
+ </p>
+ <ul>
+ <li>
+ MUST display
+ <a href="http://developer.android.com/reference/android/media/browse/MediaBrowser.MediaItem.html">
+ MediaItem
+ </a>
+ icons and notification icons unaltered.
+ </li>
+ <li>
+ MUST display those items as described by MediaSession, e.g., metadata, icons,
+ imagery.
+ </li>
+ <li>
+ MUST show app title.
+ </li>
+ <li>
+ MUST have drawer to present
+ <a href="http://developer.android.com/reference/android/media/browse/MediaBrowser.html">
+ MediaBrowser
+ </a>
+ hierarchy.
+ </li>
+ </ul>
+ <h2 id="4_application_packaging_compatibility">
+ 4. Application Packaging Compatibility
+ </h2>
+ <p>
+ Device implementations MUST install and run Android “.apk” files as generated
+by the “aapt” tool included in the
+ <a href="http://developer.android.com/tools/help/index.html">
+ official Android SDK
+ </a>.
+For this reason device implementations SHOULD use the reference implementation’s
+package management system.
+ </p>
+ <p>
+ The package manager MUST support verifying “.apk” files using the
+ <a href="https://source.android.com/security/apksigning/v2.html">
+ APK Signature Scheme v2
+ </a>
+ and
+ <a href="https://source.android.com/security/apksigning/v2.html#v1-verification">
+ JAR signing
+ </a>.
+ </p>
+ <p>
+ Devices implementations MUST NOT extend either the
+ <a href="http://developer.android.com/guide/components/fundamentals.html">
+ .apk
+ </a>,
+ <a href="http://developer.android.com/guide/topics/manifest/manifest-intro.html">
+ Android Manifest
+ </a>,
+ <a href="https://android.googlesource.com/platform/dalvik/">
+ Dalvik bytecode
+ </a>, or
+RenderScript bytecode formats in such a way that would prevent those files from
+installing and running correctly on other compatible devices.
+ </p>
+ <p>
+ Device implementations MUST NOT allow apps other than the current
+"installer of record" for the package to silently uninstall the app without any
+prompt, as documented in the SDK for the
+ <a href="https://developer.android.com/reference/android/Manifest.permission.html#DELETE_PACKAGES">
+ <code>
+ DELETE_PACKAGE
+ </code>
+ </a>
+ permission. The only exceptions are the system package verifier app handling
+ <a href="https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_NEEDS_VERIFICATION">
+ PACKAGE_NEEDS_VERIFICATION
+ </a>
+ intent and the storage manager app handling
+ <a href="https://developer.android.com/reference/android/os/storage/StorageManager.html#ACTION_MANAGE_STORAGE">
+ ACTION_MANAGE_STORAGE
+ </a>
+ intent.
+ </p>
+ <h2 id="5_multimedia_compatibility">
+ 5. Multimedia Compatibility
+ </h2>
+ <h3 id="5_1_media_codecs">
+ 5.1. Media Codecs
+ </h3>
+ <p>
+ Device implementations—
+ </p>
+ <ul>
+ <li>
+ <p>
+ MUST support the
+ <a href="http://developer.android.com/guide/appendix/media-formats.html">
+ core media
+formats
+ </a>
+ specified in the Android SDK documentation, except where explicitly permitted
+in this document.
+ </p>
+ </li>
+ <li>
+ <p>
+ MUST support the media formats, encoders, decoders, file types, and
+container formats defined in the tables below and reported via
+ <a href="http://developer.android.com/reference/android/media/MediaCodecList.html">
+ MediaCodecList
+ </a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ MUST also be able to decode all profiles reported in its
+ <a href="http://developer.android.com/reference/android/media/CamcorderProfile.html">
+ CamcorderProfile
+ </a>
+ </p>
+ </li>
+ <li>
+ <p>
+ MUST be able to decode all formats it can encode. This includes all
+ bitstreams that its encoders generate.
+ </p>
+ </li>
+ </ul>
+ <p>
+ Codecs SHOULD aim for minimum codec latency, in other words, codecs—
+ </p>
+ <ul>
+ <li>
+ SHOULD NOT consume and store input buffers and return input buffers only
+once processed
+ </li>
+ <li>
+ SHOULD NOT hold onto decoded buffers for longer than as specified by the
+standard (e.g. SPS).
+ </li>
+ <li>
+ SHOULD NOT hold onto encoded buffers longer than required by the GOP
+structure.
+ </li>
+ </ul>
+ <p>
+ All of the codecs listed in the table below are provided as software
+implementations in the preferred Android implementation from the Android Open
+Source Project.
+ </p>
+ <p>
+ Please note that neither Google nor the Open Handset Alliance make any
+representation that these codecs are free from third-party patents. Those
+intending to use this source code in hardware or software products are advised
+that implementations of this code, including in open source software or
+shareware, may require patent licenses from the relevant patent holders.
+ </p>
+ <h4 id="5_1_1_audio_codecs">
+ 5.1.1. Audio Codecs
+ </h4>
+ <table>
+ <tr>
+ <th>
+ Format/Codec
+ </th>
+ <th>
+ Encoder
+ </th>
+ <th>
+ Decoder
+ </th>
+ <th>
+ Details
+ </th>
+ <th>
+ Supported File Types/Container Formats
+ </th>
+ </tr>
+ <tr>
+ <td>
+ MPEG-4 AAC Profile
+ <br/>
+ (AAC LC)
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ Support for mono/stereo/5.0/5.1
+ <sup>
+ 2
+ </sup>
+ content with standard
+ sampling rates from 8 to 48 kHz.
+ </td>
+ <td>
<ul>
- <li>MUST have a touchscreen embedded in the device.
- </li>
- <li>MUST have a power source that provides mobility, such as a battery.
- </li>
+ <li class="table_list">
+ 3GPP (.3gp)
+ </li>
+ <li class="table_list">
+ MPEG-4 (.mp4, .m4a)
+ </li>
+ <li class="table_list">
+ ADTS raw AAC (.aac, decode in Android 3.1+, encode in
+ Android 4.0+, ADIF not supported)
+ </li>
+ <li class="table_list">
+ MPEG-TS (.ts, not seekable, Android 3.0+)
+ </li>
</ul>
- <p>
- <strong>Android Television device</strong> refers to an Android device implementation that is an entertainment interface for consuming digital media, movies, games, apps, and/or live TV for users sitting about ten feet away (a “lean back” or “10-foot user interface”). Android Television devices:
- </p>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MPEG-4 HE AAC Profile (AAC+)
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 1
+ </sup>
+ <br/>
+ (Android 4.1+)
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ Support for mono/stereo/5.0/5.1
+ <sup>
+ 2
+ </sup>
+ content with standard
+ sampling rates from 16 to 48 kHz.
+ </td>
+ <td>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MPEG-4 HE AACv2
+ <br/>
+ Profile (enhanced AAC+)
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ Support for mono/stereo/5.0/5.1
+ <sup>
+ 2
+ </sup>
+ content with standard
+ sampling rates from 16 to 48 kHz.
+ </td>
+ <td>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ AAC ELD (enhanced low delay AAC)
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 1
+ </sup>
+ <br/>
+ (Android 4.1+)
+ </td>
+ <td>
+ REQUIRED
+ <br/>
+ (Android 4.1+)
+ </td>
+ <td>
+ Support for mono/stereo content with standard sampling rates from 16 to
+ 48 kHz.
+ </td>
+ <td>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ AMR-NB
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 3
+ </sup>
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 3
+ </sup>
+ </td>
+ <td>
+ 4.75 to 12.2 kbps sampled @ 8 kHz
+ </td>
+ <td>
+ 3GPP (.3gp)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ AMR-WB
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 3
+ </sup>
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 3
+ </sup>
+ </td>
+ <td>
+ 9 rates from 6.60 kbit/s to 23.85 kbit/s sampled @ 16 kHz
+ </td>
+ <td>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ FLAC
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ <br/>
+ (Android 3.1+)
+ </td>
+ <td>
+ Mono/Stereo (no multichannel). Sample rates up to 48 kHz (but up to 44.1
+ kHz is RECOMMENDED on devices with 44.1 kHz output, as the 48 to 44.1 kHz
+ downsampler does not include a low-pass filter). 16-bit RECOMMENDED; no
+ dither applied for 24-bit.
+ </td>
+ <td>
+ FLAC (.flac) only
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MP3
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ Mono/Stereo 8-320Kbps constant (CBR) or variable bitrate (VBR)
+ </td>
+ <td>
+ MP3 (.mp3)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MIDI
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ MIDI Type 0 and 1. DLS Version 1 and 2. XMF and Mobile XMF. Support for
+ ringtone formats RTTTL/RTX, OTA, and iMelody
+ </td>
+ <td>
<ul>
- <li>MUST have an embedded screen OR include a video output port, such as VGA, HDMI, or a wireless port for display.
- </li>
- <li>MUST declare the features <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_LEANBACK">android.software.leanback</a> and android.hardware.type.television.
- </li>
+ <li class="table_list">
+ Type 0 and 1 (.mid, .xmf, .mxmf)
+ </li>
+ <li class="table_list">
+ RTTTL/RTX (.rtttl, .rtx)
+ </li>
+ <li class="table_list">
+ OTA (.ota)
+ </li>
+ <li class="table_list">
+ iMelody (.imy)
+ </li>
</ul>
- <p>
- <strong>Android Watch device</strong> refers to an Android device implementation intended to be worn on the body, perhaps on the wrist, and:
- </p>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Vorbis
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ </td>
+ <td>
<ul>
- <li>MUST have a screen with the physical diagonal length in the range from 1.1 to 2.5 inches.
- </li>
- <li>MUST declare the feature android.hardware.type.watch.
- </li>
- <li>MUST support uiMode = <a href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_WATCH">UI_MODE_TYPE_WATCH</a>.
- </li>
+ <li class="table_list">
+ Ogg (.ogg)
+ </li>
+ <li class="table_list">
+ Matroska (.mkv, Android 4.0+)
+ </li>
</ul>
- <p>
- <strong>Android Automotive implementation</strong> refers to a vehicle head unit running Android as an operating system for part or all of the system and/or infotainment functionality. Android Automotive implementations:
- </p>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ PCM/WAVE
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 4
+ </sup>
+ <br/>
+ (Android 4.1+)
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ 16-bit linear PCM (rates up to limit of hardware). Devices MUST support
+ sampling rates for raw PCM recording at 8000, 11025, 16000, and 44100 Hz
+ frequencies.
+ </td>
+ <td>
+ WAVE (.wav)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Opus
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ <br/>
+ (Android 5.0+)
+ </td>
+ <td>
+ </td>
+ <td>
+ Matroska (.mkv), Ogg(.ogg)
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1 Required for device implementations that define
+android.hardware.microphone but optional for Android Watch device
+implementations.
+ </p>
+ <p class="table_footnote">
+ 2 Recording or playback MAY be performed in mono
+or stereo, but the decoding of AAC input buffers of multichannel streams
+(i.e. more than two channels) to PCM through the default AAC audio decoder
+in the android.media.MediaCodec API, the following MUST be supported:
+ </p>
+ <ul>
+ <li>
+ decoding is performed without downmixing (e.g. a 5.0 AAC stream must be
+decoded to five channels of PCM, a 5.1 AAC stream must be decoded to six
+channels of PCM),
+ </li>
+ <li>
+ dynamic range metadata, as defined in "Dynamic Range Control (DRC)"
+in ISO/IEC 14496-3, and the android.media.MediaFormat DRC keys to
+configure the dynamic range-related behaviors of the audio decoder. The
+AAC DRC keys were introduced in API 21,and are:
+KEY_AAC_DRC_ATTENUATION_FACTOR, KEY_AAC_DRC_BOOST_FACTOR,
+KEY_AAC_DRC_HEAVY_COMPRESSION, KEY_AAC_DRC_TARGET_REFERENCE_LEVEL and
+KEY_AAC_ENCODED_TARGET_LEVEL
+ </li>
+ </ul>
+ <p class="table_footnote">
+ 3 Required for Android Handheld device
+implementations.
+ </p>
+ <p class="table_footnote">
+ 4 Required for device implementations that define
+android.hardware.microphone, including Android Watch device implementations.
+ </p>
+ <h4 id="5_1_2_image_codecs">
+ 5.1.2. Image Codecs
+ </h4>
+ <table>
+ <tr>
+ <th>
+ Format/Codec
+ </th>
+ <th>
+ Encoder
+ </th>
+ <th>
+ Decoder
+ </th>
+ <th>
+ Details
+ </th>
+ <th>
+ Supported File Types/Container Formats
+ </th>
+ </tr>
+ <tr>
+ <td>
+ JPEG
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ Base+progressive
+ </td>
+ <td>
+ JPEG (.jpg)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ GIF
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ </td>
+ <td>
+ GIF (.gif)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ PNG
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ </td>
+ <td>
+ PNG (.png)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ BMP
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ </td>
+ <td>
+ BMP (.bmp)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ WebP
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ </td>
+ <td>
+ WebP (.webp)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Raw
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ </td>
+ <td>
+ </td>
+ <td>
+ ARW (.arw), CR2 (.cr2), DNG (.dng), NEF (.nef), NRW (.nrw), ORF (.orf),
+ PEF (.pef), RAF (.raf), RW2 (.rw2), SRW (.srw)
+ </td>
+ </tr>
+ </table>
+ <h4 id="5_1_3_video_codecs">
+ 5.1.3. Video Codecs
+ </h4>
+ <ul>
+ <li>
+ <p>
+ Codecs advertising HDR profile support MUST support HDR static metadata
+parsing and handling.
+ </p>
+ </li>
+ <li>
+ <p>
+ If a media codec advertises intra refresh support, then it MUST support the
+refresh periods in the range of 10 - 60 frames and accurately operate within
+20% of configured refresh period.
+ </p>
+ </li>
+ <li>
+ <p>
+ Video codecs MUST support output and input bytebuffer sizes that
+accommodate the largest feasible compressed and uncompressed frame as dictated
+by the standard and configuration but also not overallocate.
+ </p>
+ </li>
+ <li>
+ <p>
+ Video encoders and decoders MUST support YUV420 flexible color format
+(COLOR_FormatYUV420Flexible).
+ </p>
+ </li>
+ </ul>
+ <table>
+ <tr>
+ <th>
+ Format/Codec
+ </th>
+ <th>
+ Encoder
+ </th>
+ <th>
+ Decoder
+ </th>
+ <th>
+ Details
+ </th>
+ <th>
+ Supported File Types/
+ <br/>
+ Container Formats
+ </th>
+ </tr>
+ <tr>
+ <td>
+ H.263
+ </td>
+ <td>
+ MAY
+ </td>
+ <td>
+ MAY
+ </td>
+ <td>
+ </td>
+ <td>
<ul>
- <li>MUST have a screen with the physical diagonal length equal to or greater than 6 inches.
- </li>
- <li>MUST declare the feature android.hardware.type.automotive.
- </li>
- <li>MUST support uiMode = <a href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_CAR">UI_MODE_TYPE_CAR</a>.
- </li>
- <li>Android Automotive implementations MUST support all public APIs in the <code>android.car.*</code> namespace.
- </li>
+ <li class="table_list">
+ 3GPP (.3gp)
+ </li>
+ <li class="table_list">
+ MPEG-4 (.mp4)
+ </li>
</ul>
- <p>
- All Android device implementations that do not fit into any of the above device types still MUST meet all requirements in this document to be Android 7.1 compatible, unless the requirement is explicitly described to be only applicable to a specific Android device type from above.
- </p>
- <h2>
- 2.1 Device Configurations
- </h2>
- <p>
- This is a summary of major differences in hardware configuration by device type. (Empty cells denote a “MAY”). Not all configurations are covered in this table; see relevant hardware sections for more detail.
- </p>
- <table>
- <tr>
- <th>
- Category
- </th>
- <th>
- Feature
- </th>
- <th>
- Section
- </th>
- <th>
- Handheld
- </th>
- <th>
- Television
- </th>
- <th>
- Watch
- </th>
- <th>
- Automotive
- </th>
- <th>
- Other
- </th>
- </tr>
- <tr>
- <td rowspan="3">
- Input
- </td>
- <td>
- D-pad
- </td>
- <td>
- <a href="#7_2_2_non-touch-navigation">7.2.2. Non-touch Navigation</a>
- </td>
- <td></td>
- <td>
- MUST
- </td>
- <td></td>
- <td></td>
- <td></td>
- </tr>
- <tr>
- <td>
- Touchscreen
- </td>
- <td>
- <a href="#7_2_4_touchscreen_input">7.2.4. Touchscreen input</a>
- </td>
- <td>
- MUST
- </td>
- <td></td>
- <td>
- MUST
- </td>
- <td></td>
- <td>
- SHOULD
- </td>
- </tr>
- <tr>
- <td>
- Microphone
- </td>
- <td>
- <a href="#7_8_1_microphone">7.8.1. Microphone</a>
- </td>
- <td>
- MUST
- </td>
- <td>
- SHOULD
- </td>
- <td>
- MUST
- </td>
- <td>
- MUST
- </td>
- <td>
- SHOULD
- </td>
- </tr>
- <tr>
- <td rowspan="2">
- Sensors
- </td>
- <td>
- Accelerometer
- </td>
- <td>
- <a href="#7_3_1_accelerometer">7.3.1 Accelerometer</a>
- </td>
- <td>
- SHOULD
- </td>
- <td></td>
- <td>
- SHOULD
- </td>
- <td></td>
- <td>
- SHOULD
- </td>
- </tr>
- <tr>
- <td>
- GPS
- </td>
- <td>
- <a href="#7_3_3_gps">7.3.3. GPS</a>
- </td>
- <td>
- SHOULD
- </td>
- <td></td>
- <td></td>
- <td>
- SHOULD
- </td>
- <td></td>
- </tr>
- <tr>
- <td rowspan="6">
- Connectivity
- </td>
- <td>
- Wi-Fi
- </td>
- <td>
- <a href="#7_4_2_ieee_802.11">7.4.2. IEEE 802.11</a>
- </td>
- <td>
- SHOULD
- </td>
- <td>
- SHOULD
- </td>
- <td></td>
- <td>
- SHOULD
- </td>
- <td>
- SHOULD
- </td>
- </tr>
- <tr>
- <td>
- Wi-Fi Direct
- </td>
- <td>
- <a href="#7_4_2_1_wi-fi-direct">7.4.2.1. Wi-Fi Direct</a>
- </td>
- <td>
- SHOULD
- </td>
- <td>
- SHOULD
- </td>
- <td></td>
- <td></td>
- <td>
- SHOULD
- </td>
- </tr>
- <tr>
- <td>
- Bluetooth
- </td>
- <td>
- <a href="#7_4_3_bluetooth">7.4.3. Bluetooth</a>
- </td>
- <td>
- SHOULD
- </td>
- <td>
- MUST
- </td>
- <td>
- MUST
- </td>
- <td>
- MUST
- </td>
- <td>
- SHOULD
- </td>
- </tr>
- <tr>
- <td>
- Bluetooth Low Energy
- </td>
- <td>
- <a href="#7_4_3_bluetooth">7.4.3. Bluetooth</a>
- </td>
- <td>
- SHOULD
- </td>
- <td>
- MUST
- </td>
- <td>
- SHOULD
- </td>
- <td>
- SHOULD
- </td>
- <td>
- SHOULD
- </td>
- </tr>
- <tr>
- <td>
- Cellular radio
- </td>
- <td>
- <a href="#7_4_5_minimum_network_capability">7.4.5. Minimum Network Capability</a>
- </td>
- <td></td>
- <td></td>
- <td></td>
- <td>
- SHOULD
- </td>
- <td></td>
- </tr>
- <tr>
- <td>
- USB peripheral/host mode
- </td>
- <td>
- <a href="#7_7_usb">7.7. USB</a>
- </td>
- <td>
- SHOULD
- </td>
- <td></td>
- <td></td>
- <td>
- SHOULD
- </td>
- <td>
- SHOULD
- </td>
- </tr>
- <tr>
- <td>
- Output
- </td>
- <td>
- Speaker and/or Audio output ports
- </td>
- <td>
- <a href="#7_8_2_audio_output">7.8.2. Audio Output</a>
- </td>
- <td>
- MUST
- </td>
- <td>
- MUST
- </td>
- <td></td>
- <td>
- MUST
- </td>
- <td>
- MUST
- </td>
- </tr>
- </table>
- <h1>
- 3. Software
- </h1>
- <h2>
- 3.1. Managed API Compatibility
- </h2>
- <p>
- The managed Dalvik bytecode execution environment is the primary vehicle for Android applications. The Android application programming interface (API) is the set of Android platform interfaces exposed to applications running in the managed runtime environment. Device implementations MUST provide complete implementations, including all documented behaviors, of any documented API exposed by the <a href="http://developer.android.com/reference/packages.html">Android SDK</a> or any API decorated with the “@SystemApi” marker in the upstream Android source code.
- </p>
- <p>
- Device implementations MUST support/preserve all classes, methods, and associated elements marked by the TestApi annotation (@TestApi).
- </p>
- <p>
- Device implementations MUST NOT omit any managed APIs, alter API interfaces or signatures, deviate from the documented behavior, or include no-ops, except where specifically allowed by this Compatibility Definition.
- </p>
- <p>
- This Compatibility Definition permits some types of hardware for which Android includes APIs to be omitted by device implementations. In such cases, the APIs MUST still be present and behave in a reasonable way. See <a href="#7_hardware_compatibility">section 7</a> for specific requirements for this scenario.
- </p>
- <h2>
- 3.1.1. Android Extensions
- </h2>
- <p>
- Android includes the support of extending the managed APIs while keeping the same API level version. Android device implementations MUST preload the AOSP implementation of both the shared library <code>ExtShared</code> and services <code>ExtServices</code> with versions higher than or equal to the minimum versions allowed per each API level. For example, Android 7.0 device implementations, running API level 24 MUST include at least version 1.
- </p>
- <h2>
- 3.2. Soft API Compatibility
- </h2>
- <p>
- In addition to the managed APIs from <a href="#3_1_managed_api_compatibility">section 3.1</a>, Android also includes a significant runtime-only “soft” API, in the form of such things as intents, permissions, and similar aspects of Android applications that cannot be enforced at application compile time.
- </p>
- <h3>
- 3.2.1. Permissions
- </h3>
- <p>
- Device implementers MUST support and enforce all permission constants as documented by the <a href="http://developer.android.com/reference/android/Manifest.permission.html">Permission reference page</a>. Note that <a href="#9_security_model_compatibility">section 9</a> lists additional requirements related to the Android security model.
- </p>
- <h3>
- 3.2.2. Build Parameters
- </h3>
- <p>
- The Android APIs include a number of constants on the <a href="http://developer.android.com/reference/android/os/Build.html">android.os.Build class</a> that are intended to describe the current device. To provide consistent, meaningful values across device implementations, the table below includes additional restrictions on the formats of these values to which device implementations MUST conform.
- </p>
- <table>
- <tr>
- <th>
- Parameter
- </th>
- <th>
- Details
- </th>
- </tr>
- <tr>
- <td>
- VERSION.RELEASE
- </td>
- <td>
- The version of the currently-executing Android system, in human-readable format. This field MUST have one of the string values defined in <a href="http://source.android.com/compatibility/7.1/versions.html">7.1</a>.
- </td>
- </tr>
- <tr>
- <td>
- VERSION.SDK
- </td>
- <td>
- The version of the currently-executing Android system, in a format accessible to third-party application code. For Android 7.1, this field MUST have the integer value 7.1_INT.
- </td>
- </tr>
- <tr>
- <td>
- VERSION.SDK_INT
- </td>
- <td>
- The version of the currently-executing Android system, in a format accessible to third-party application code. For Android 7.1, this field MUST have the integer value 7.1_INT.
- </td>
- </tr>
- <tr>
- <td>
- VERSION.INCREMENTAL
- </td>
- <td>
- A value chosen by the device implementer designating the specific build of the currently-executing Android system, in human-readable format. This value MUST NOT be reused for different builds made available to end users. A typical use of this field is to indicate which build number or source-control change identifier was used to generate the build. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string ("").
- </td>
- </tr>
- <tr>
- <td>
- BOARD
- </td>
- <td>
- A value chosen by the device implementer identifying the specific internal hardware used by the device, in human-readable format. A possible use of this field is to indicate the specific revision of the board powering the device. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”.
- </td>
- </tr>
- <tr>
- <td>
- BRAND
- </td>
- <td>
- A value reflecting the brand name associated with the device as known to the end users. MUST be in human-readable format and SHOULD represent the manufacturer of the device or the company brand under which the device is marketed. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”.
- </td>
- </tr>
- <tr>
- <td>
- SUPPORTED_ABIS
- </td>
- <td>
- The name of the instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
- </td>
- </tr>
- <tr>
- <td>
- SUPPORTED_32_BIT_ABIS
- </td>
- <td>
- The name of the instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
- </td>
- </tr>
- <tr>
- <td>
- SUPPORTED_64_BIT_ABIS
- </td>
- <td>
- The name of the second instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
- </td>
- </tr>
- <tr>
- <td>
- CPU_ABI
- </td>
- <td>
- The name of the instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
- </td>
- </tr>
- <tr>
- <td>
- CPU_ABI2
- </td>
- <td>
- The name of the second instruction set (CPU type + ABI convention) of native code. See <a href="#3_3_native_api_compatibility">section 3.3. Native API Compatibility</a>.
- </td>
- </tr>
- <tr>
- <td>
- DEVICE
- </td>
- <td>
- A value chosen by the device implementer containing the development name or code name identifying the configuration of the hardware features and industrial design of the device. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”. This device name MUST NOT change during the lifetime of the product.
- </td>
- </tr>
- <tr>
- <td>
- FINGERPRINT
- </td>
- <td>
- A string that uniquely identifies this build. It SHOULD be reasonably human-readable. It MUST follow this template:
- <p class="small">
- $(BRAND)/$(PRODUCT)/<br />
- $(DEVICE):$(VERSION.RELEASE)/$(ID)/$(VERSION.INCREMENTAL):$(TYPE)/$(TAGS)
- </p>
- <p>
- For example:
- </p>
- <p class="small">
- acme/myproduct/<br />
- mydevice:7.1/LMYXX/3359:userdebug/test-keys
- </p>
- <p>
- The fingerprint MUST NOT include whitespace characters. If other fields included in the template above have whitespace characters, they MUST be replaced in the build fingerprint with another character, such as the underscore ("_") character. The value of this field MUST be encodable as 7-bit ASCII.
- </p>
- </td>
- </tr>
- <tr>
- <td>
- HARDWARE
- </td>
- <td>
- The name of the hardware (from the kernel command line or /proc). It SHOULD be reasonably human-readable. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”.
- </td>
- </tr>
- <tr>
- <td>
- HOST
- </td>
- <td>
- A string that uniquely identifies the host the build was built on, in human-readable format. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string ("").
- </td>
- </tr>
- <tr>
- <td>
- ID
- </td>
- <td>
- An identifier chosen by the device implementer to refer to a specific release, in human-readable format. This field can be the same as android.os.Build.VERSION.INCREMENTAL, but SHOULD be a value sufficiently meaningful for end users to distinguish between software builds. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9._-]+$”.
- </td>
- </tr>
- <tr>
- <td>
- MANUFACTURER
- </td>
- <td>
- The trade name of the Original Equipment Manufacturer (OEM) of the product. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string ("").
- </td>
- </tr>
- <tr>
- <td>
- MODEL
- </td>
- <td>
- A value chosen by the device implementer containing the name of the device as known to the end user. This SHOULD be the same name under which the device is marketed and sold to end users. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string ("").
- </td>
- </tr>
- <tr>
- <td>
- PRODUCT
- </td>
- <td>
- A value chosen by the device implementer containing the development name or code name of the specific product (SKU) that MUST be unique within the same brand. MUST be human-readable, but is not necessarily intended for view by end users. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”. This product name MUST NOT change during the lifetime of the product.
- </td>
- </tr>
- <tr>
- <td>
- SERIAL
- </td>
- <td>
- A hardware serial number, which MUST be available and unique across devices with the same MODEL and MANUFACTURER. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^([a-zA-Z0-9]{6,20})$”.
- </td>
- </tr>
- <tr>
- <td>
- TAGS
- </td>
- <td>
- A comma-separated list of tags chosen by the device implementer that further distinguishes the build. This field MUST have one of the values corresponding to the three typical Android platform signing configurations: release-keys, dev-keys, test-keys.
- </td>
- </tr>
- <tr>
- <td>
- TIME
- </td>
- <td>
- A value representing the timestamp of when the build occurred.
- </td>
- </tr>
- <tr>
- <td>
- TYPE
- </td>
- <td>
- A value chosen by the device implementer specifying the runtime configuration of the build. This field MUST have one of the values corresponding to the three typical Android runtime configurations: user, userdebug, or eng.
- </td>
- </tr>
- <tr>
- <td>
- USER
- </td>
- <td>
- A name or user ID of the user (or automated user) that generated the build. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string ("").
- </td>
- </tr>
- <tr>
- <td>
- SECURITY_PATCH
- </td>
- <td>
- A value indicating the security patch level of a build. It MUST signify that the build is not in any way vulnerable to any of the issues described up through the designated Android Public Security Bulletin. It MUST be in the format [YYYY-MM-DD], matching a defined string documented in the <a href="source.android.com/security/bulletin">Android Public Security Bulletin</a> or in the <a href="http://source.android.com/security/advisory">Android Security Advisory</a>, for example "2015-11-01".
- </td>
- </tr>
- <tr>
- <td>
- BASE_OS
- </td>
- <td>
- A value representing the FINGERPRINT parameter of the build that is otherwise identical to this build except for the patches provided in the Android Public Security Bulletin. It MUST report the correct value and if such a build does not exist, report an empty string ("").
- </td>
- </tr>
- </table>
- <h3>
- 3.2.3. Intent Compatibility
- </h3>
- <h4>
- 3.2.3.1. Core Application Intents
- </h4>
- <p>
- Android intents allow application components to request functionality from other Android components. The Android upstream project includes a list of applications considered core Android applications, which implements several intent patterns to perform common actions. The core Android applications are:
- </p>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ H.264 AVC
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 2
+ </sup>
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 2
+ </sup>
+ </td>
+ <td>
+ See
+ <a href="#5_2_video_encoding">
+ section 5.2
+ </a>
+ and
+ <a href="#5_3_video_decoding">
+ 5.3
+ </a>
+ for details
+ </td>
+ <td>
<ul>
- <li>Desk Clock
- </li>
- <li>Browser
- </li>
- <li>Calendar
- </li>
- <li>Contacts
- </li>
- <li>Gallery
- </li>
- <li>GlobalSearch
- </li>
- <li>Launcher
- </li>
- <li>Music
- </li>
- <li>Settings
- </li>
+ <li class="table_list">
+ 3GPP (.3gp)
+ </li>
+ <li class="table_list">
+ MPEG-4 (.mp4)
+ </li>
+ <li class="table_list">
+ MPEG-2 TS (.ts, AAC audio only, not seekable, Android
+ 3.0+)
+ </li>
</ul>
- <p>
- Device implementations MUST include the core Android applications as appropriate or a component implementing the same intent patterns defined by all the Activity or Service components of these core Android applications exposed to other applications, implicitly or explicitly, through the <code>android:exported</code> attribute.
- </p>
- <h4>
- 3.2.3.2. Intent Resolution
- </h4>
- <p>
- As Android is an extensible platform, device implementations MUST allow each intent pattern referenced in <a href="#3_2_3_1_core_application_intents">section 3.2.3.1</a> to be overridden by third-party applications. The upstream Android open source implementation allows this by default; device implementers MUST NOT attach special privileges to system applications' use of these intent patterns, or prevent third-party applications from binding to and assuming control of these patterns. This prohibition specifically includes but is not limited to disabling the “Chooser” user interface that allows the user to select between multiple applications that all handle the same intent pattern.
- </p>
- <p>
- Device implementations MUST provide a user interface for users to modify the default activity for intents.
- </p>
- <p>
- However, device implementations MAY provide default activities for specific URI patterns (e.g. http://play.google.com) when the default activity provides a more specific attribute for the data URI. For example, an intent filter pattern specifying the data URI “http://www.android.com” is more specific than the browser's core intent pattern for “http://”.
- </p>
- <p>
- Android also includes a mechanism for third-party apps to declare an authoritative default <a href="https://developer.android.com/training/app-links">app linking behavior</a> for certain types of web URI intents. When such authoritative declarations are defined in an app's intent filter patterns, device implementations:
- </p>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ H.265 HEVC
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 5
+ </sup>
+ </td>
+ <td>
+ See
+ <a href="#5_3_video_decoding">
+ section 5.3
+ </a>
+ for details
+ </td>
+ <td>
+ MPEG-4 (.mp4)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MPEG-2
+ </td>
+ <td>
+ </td>
+ <td>
+ STRONGLY RECOMMENDED
+ <sup>
+ 6
+ </sup>
+ </td>
+ <td>
+ Main Profile
+ </td>
+ <td>
+ MPEG2-TS
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MPEG-4 SP
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 2
+ </sup>
+ </td>
+ <td>
+ </td>
+ <td>
+ 3GPP (.3gp)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ VP8
+ <sup>
+ 3
+ </sup>
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 2
+ </sup>
+ <br/>
+ (Android 4.3+)
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 2
+ </sup>
+ <br/>
+ (Android 2.3.3+)
+ </td>
+ <td>
+ See
+ <a href="#5_2_video_encoding">
+ section 5.2
+ </a>
+ and
+ <a href="#5_3_video_decoding">
+ 5.3
+ </a>
+ for details
+ </td>
+ <td>
<ul>
- <li>MUST attempt to validate any intent filters by performing the validation steps defined in the <a href="https://developers.google.com/digital-asset-links">Digital Asset Links specification</a> as implemented by the Package Manager in the upstream Android Open Source Project.
- </li>
- <li>MUST attempt validation of the intent filters during the installation of the application and set all successfully validated UIR intent filters as default app handlers for their UIRs.
- </li>
- <li>MAY set specific URI intent filters as default app handlers for their URIs, if they are successfully verified but other candidate URI filters fail verification. If a device implementation does this, it MUST provide the user appropriate per-URI pattern overrides in the settings menu.
- </li>
- <li>MUST provide the user with per-app App Links controls in Settings as follows:
- <ul>
- <li>The user MUST be able to override holistically the default app links behavior for an app to be: always open, always ask, or never open, which must apply to all candidate URI intent filters equally.
- </li>
- <li>The user MUST be able to see a list of the candidate URI intent filters.
- </li>
- <li>The device implementation MAY provide the user with the ability to override specific candidate URI intent filters that were successfully verified, on a per-intent filter basis.
- </li>
- <li>The device implementation MUST provide users with the ability to view and override specific candidate URI intent filters if the device implementation lets some candidate URI intent filters succeed verification while some others can fail.
- </li>
- </ul>
- </li>
+ <li class="table_list">
+ <a href="http://www.webmproject.org/">
+ WebM
+ (.webm)
+ </a>
+ </li>
+ <li class="table_list">
+ Matroska (.mkv, Android 4.0+)
+ <sup>
+ 4
+ </sup>
+ </li>
</ul>
- <h4>
- 3.2.3.3. Intent Namespaces
- </h4>
- <p>
- Device implementations MUST NOT include any Android component that honors any new intent or broadcast intent patterns using an ACTION, CATEGORY, or other key string in the android. <em>or com.android.</em> namespace. Device implementers MUST NOT include any Android components that honor any new intent or broadcast intent patterns using an ACTION, CATEGORY, or other key string in a package space belonging to another organization. Device implementers MUST NOT alter or extend any of the intent patterns used by the core apps listed in <a href="#3_2_3_1_core_application_intents">section 3.2.3.1</a>. Device implementations MAY include intent patterns using namespaces clearly and obviously associated with their own organization. This prohibition is analogous to that specified for Java language classes in <a href="#3_6_api_namespaces">section 3.6</a>.
- </p>
- <h4>
- 3.2.3.4. Broadcast Intents
- </h4>
- <p>
- Third-party applications rely on the platform to broadcast certain intents to notify them of changes in the hardware or software environment. Android-compatible devices MUST broadcast the public broadcast intents in response to appropriate system events. Broadcast intents are described in the SDK documentation.
- </p>
- <h4>
- 3.2.3.5. Default App Settings
- </h4>
- <p>
- Android includes settings that provide users an easy way to select their default applications, for example for Home screen or SMS. Where it makes sense, device implementations MUST provide a similar settings menu and be compatible with the intent filter pattern and API methods described in the SDK documentation as below.
- </p>
- <p>
- Device implementations:
- </p>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ VP9
+ </td>
+ <td>
+ </td>
+ <td>
+ REQUIRED
+ <sup>
+ 2
+ </sup>
+ <br/>
+ (Android 4.4+)
+ </td>
+ <td>
+ See
+ <a href="#5_3_video_decoding">
+ section 5.3
+ </a>
+ for details
+ </td>
+ <td>
<ul>
- <li>MUST honor the <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_HOME_SETTINGS">android.settings.HOME_SETTINGS</a> intent to show a default app settings menu for Home Screen, if the device implementation reports android.software.home_screen.
- </li>
- <li>MUST provide a settings menu that will call the <a href="http://developer.android.com/reference/android/provider/Telephony.Sms.Intents.html">android.provider.Telephony.ACTION_CHANGE_DEFAULT</a> intent to show a dialog to change the default SMS application, if the device implementation reports android.hardware.telephony.
- </li>
- <li>MUST honor the <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_NFC_PAYMENT_SETTINGS">android.settings.NFC_PAYMENT_SETTINGS</a> intent to show a default app settings menu for Tap and Pay, if the device implementation reports android.hardware.nfc.hce.
- </li>
- <li>MUST honor the <a href="https://developer.android.com/reference/android/telecom/TelecomManager.html#ACTION_CHANGE_DEFAULT_DIALER">android.telecom.action.CHANGE_DEFAULT_DIALER</a> intent to show a dialog to allow the user to change the default Phone application, if the device implementation reports <code>android.hardware.telephony</code>.
- </li>
- <li>MUST honor the <a href="https://developer.android.com/reference/android/provider/Settings.html#ACTION_VOICE_INPUT_SETTINGS">android.settings.ACTION_VOICE_INPUT_SETTINGS</a> intent when the device supports the VoiceInteractionService and show a default app settings menu for voice input and assist.
- </li>
+ <li class="table_list">
+ <a href="http://www.webmproject.org/">
+ WebM
+ (.webm)
+ </a>
+ </li>
+ <li class="table_list">
+ Matroska (.mkv, Android 4.0+)
+ <sup>
+ 4
+ </sup>
+ </li>
</ul>
- <h2>
- 3.3. Native API Compatibility
- </h2>
- <p>
- Native code compatibility is challenging. For this reason, device implementers are <strong>STRONGLY RECOMMENDED</strong> to use the implementations of the libraries listed below from the upstream Android Open Source Project.
- </p>
- <h3>
- 3.3.1. Application Binary Interfaces
- </h3>
- <p>
- Managed Dalvik bytecode can call into native code provided in the application .apk file as an ELF .so file compiled for the appropriate device hardware architecture. As native code is highly dependent on the underlying processor technology, Android defines a number of Application Binary Interfaces (ABIs) in the Android NDK. Device implementations MUST be compatible with one or more defined ABIs, and MUST implement compatibility with the Android NDK, as below.
- </p>
- <p>
- If a device implementation includes support for an Android ABI, it:
- </p>
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1 Required for device implementations that include
+camera hardware and define android.hardware.camera or
+android.hardware.camera.front.
+ </p>
+ <p class="table_footnote">
+ 2 Required for device implementations except Android
+Watch devices.
+ </p>
+ <p class="table_footnote">
+ 3 For acceptable quality of web video streaming and
+video-conference services, device implementations SHOULD use a hardware VP8
+codec that meets the
+ <a href="http://www.webmproject.org/hardware/rtc-coding-requirements/">
+ requirements
+ </a>.
+ </p>
+ <p class="table_footnote">
+ 4 Device implementations SHOULD support writing
+Matroska WebM files.
+ </p>
+ <p class="table_footnote">
+ 5 STRONGLY RECOMMENDED for Android Automotive,
+optional for Android Watch, and required for all other device types.
+ </p>
+ <p class="table_footnote">
+ 6 Applies only to Android Television device
+implementations.
+ </p>
+ <h3 id="5_2_video_encoding">
+ 5.2. Video Encoding
+ </h3>
+ <div class="note">
+ Video codecs are optional for Android Watch device implementations.
+ </div>
+ <p>
+ H.264, VP8, VP9 and HEVC video encoders—
+ </p>
+ <ul>
+ <li>
+ MUST support dynamically configurable bitrates.
+ </li>
+ <li>
+ SHOULD support variable frame rates, where video encoder SHOULD determine
+instantaneous frame duration based on the timestamps of input buffers, and
+allocate its bit bucket based on that frame duration.
+ </li>
+ </ul>
+ <p>
+ H.263 and MPEG-4 video encoder SHOULD support dynamically configurable
+bitrates.
+ </p>
+ <p>
+ All video encoders SHOULD meet the following bitrate targets over two sliding
+windows:
+ </p>
+ <ul>
+ <li>
+ It SHOULD be not more than ~15% over the bitrate between intraframe
+(I-frame) intervals.
+ </li>
+ <li>
+ It SHOULD be not more than ~100% over the bitrate over a sliding window of
+1 second.
+ </li>
+ </ul>
+ <h4 id="5_2_1_h_263">
+ 5.2.1. H.263
+ </h4>
+ <p>
+ Android device implementations with H.263 encoders MUST support Baseline Profile Level 45.
+ </p>
+ <h4 id="5_2_2_h-264">
+ 5.2.2. H-264
+ </h4>
+ <p>
+ Android device implementations with H.264 codec support:
+ </p>
+ <ul>
+ <li>
+ MUST support Baseline Profile Level 3.
+ <br/>
+ However, support for ASO (Arbitrary Slice Ordering), FMO (Flexible Macroblock
+ Ordering) and RS (Redundant Slices) is OPTIONAL. Moreover, to maintain
+ compatibility with other Android devices, it is RECOMMENDED that ASO, FMO
+ and RS are not used for Baseline Profile by encoders.
+ </li>
+ <li>
+ MUST support the SD (Standard Definition) video encoding profiles in the following table.
+ </li>
+ <li>
+ SHOULD support Main Profile Level 4.
+ </li>
+ <li>
+ SHOULD support the HD (High Definition) video encoding profiles as indicated in the following table.
+ </li>
+ <li>
+ In addition, Android Television devices are STRONGLY RECOMMENDED to encode HD 1080p video at 30 fps.
+ </li>
+ </ul>
+ <table>
+ <tr>
+ <th>
+ </th>
+ <th>
+ SD (Low quality)
+ </th>
+ <th>
+ SD (High quality)
+ </th>
+ <th>
+ HD 720p
+ <sup>
+ 1
+ </sup>
+ </th>
+ <th>
+ HD 1080p
+ <sup>
+ 1
+ </sup>
+ </th>
+ </tr>
+ <tr>
+ <th>
+ Video resolution
+ </th>
+ <td>
+ 320 x 240 px
+ </td>
+ <td>
+ 720 x 480 px
+ </td>
+ <td>
+ 1280 x 720 px
+ </td>
+ <td>
+ 1920 x 1080 px
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video frame rate
+ </th>
+ <td>
+ 20 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video bitrate
+ </th>
+ <td>
+ 384 Kbps
+ </td>
+ <td>
+ 2 Mbps
+ </td>
+ <td>
+ 4 Mbps
+ </td>
+ <td>
+ 10 Mbps
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1 When supported by hardware, but STRONGLY RECOMMENDED
+for Android Television devices.
+ </p>
+ <h4 id="5_2_3_vp8">
+ 5.2.3. VP8
+ </h4>
+ <p>
+ Android device implementations with VP8 codec support MUST support the SD video
+encoding profiles and SHOULD support the following HD (High Definition) video encoding profiles.
+ </p>
+ <table>
+ <tr>
+ <th>
+ </th>
+ <th>
+ SD (Low quality)
+ </th>
+ <th>
+ SD (High quality)
+ </th>
+ <th>
+ HD 720p
+ <sup>
+ 1
+ </sup>
+ </th>
+ <th>
+ HD 1080p
+ <sup>
+ 1
+ </sup>
+ </th>
+ </tr>
+ <tr>
+ <th>
+ Video resolution
+ </th>
+ <td>
+ 320 x 180 px
+ </td>
+ <td>
+ 640 x 360 px
+ </td>
+ <td>
+ 1280 x 720 px
+ </td>
+ <td>
+ 1920 x 1080 px
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video frame rate
+ </th>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video bitrate
+ </th>
+ <td>
+ 800 Kbps
+ </td>
+ <td>
+ 2 Mbps
+ </td>
+ <td>
+ 4 Mbps
+ </td>
+ <td>
+ 10 Mbps
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1 When supported by hardware.
+ </p>
+ <h3 id="5_3_video_decoding">
+ 5.3. Video Decoding
+ </h3>
+ <div class="note">
+ Video codecs are optional for Android Watch device implementations.
+ </div>
+ <p>
+ Device implementations—
+ </p>
+ <ul>
+ <li>
+ <p>
+ MUST support dynamic video resolution and frame rate switching through the
+ standard Android APIs within the same stream for all VP8, VP9, H.264, and
+ H.265 codecs in real time and up to the maximum resolution supported by each
+ codec on the device.
+ </p>
+ </li>
+ <li>
+ <p>
+ Implementations that support the Dolby Vision decoder—
+ </p>
+ </li>
+ <li>
+ MUST provide a Dolby Vision-capable extractor.
+ </li>
+ <li>
+ <p>
+ MUST properly display Dolby Vision content on the device screen or on a
+ standard video output port (e.g., HDMI).
+ </p>
+ </li>
+ <li>
+ <p>
+ Implementations that provide a Dolby Vision-capable extractor MUST set the
+ track index of backward-compatible base-layer(s) (if present) to be the same
+ as the combined Dolby Vision layer's track index.
+ </p>
+ </li>
+ </ul>
+ <h4 id="5_3_1_mpeg-2">
+ 5.3.1. MPEG-2
+ </h4>
+ <p>
+ Android device implementations with MPEG-2 decoders must support the Main
+Profile High Level.
+ </p>
+ <h4 id="5_3_2_h_263">
+ 5.3.2. H.263
+ </h4>
+ <p>
+ Android device implementations with H.263 decoders MUST support Baseline Profile
+Level 30 and Level 45.
+ </p>
+ <h4 id="5_3_3_mpeg-4">
+ 5.3.3. MPEG-4
+ </h4>
+ <p>
+ Android device implementations with MPEG-4 decoders MUST support Simple Profile
+Level 3.
+ </p>
+ <h4 id="5_3_4_h_264">
+ 5.3.4. H.264
+ </h4>
+ <p>
+ Android device implementations with H.264 decoders:
+ </p>
+ <ul>
+ <li>
+ MUST support Main Profile Level 3.1 and Baseline Profile.
+ <br/>
+ Support for ASO (Arbitrary Slice Ordering), FMO (Flexible Macroblock Ordering)
+ and RS (Redundant Slices) is OPTIONAL.
+ </li>
+ <li>
+ MUST be capable of decoding videos with the SD (Standard Definition)
+ profiles listed in the following table and encoded with the Baseline Profile and
+ Main Profile Level 3.1 (including 720p30).
+ </li>
+ <li>
+ SHOULD be capable of decoding videos with the HD (High Definition) profiles
+ as indicated in the following table.
+ </li>
+ <li>
+ In addition, Android Television devices—
+ <ul>
+ <li>
+ MUST support High Profile Level 4.2 and the HD 1080p60 decoding profile.
+ </li>
+ <li>
+ MUST be capable of decoding videos with both HD profiles as indicated
+ in the following table and encoded with either the Baseline Profile, Main
+ Profile, or the High Profile Level 4.2
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <table>
+ <tr>
+ <th>
+ </th>
+ <th>
+ SD (Low quality)
+ </th>
+ <th>
+ SD (High quality)
+ </th>
+ <th>
+ HD 720p
+ <sup>
+ 1
+ </sup>
+ </th>
+ <th>
+ HD 1080p
+ <sup>
+ 1
+ </sup>
+ </th>
+ </tr>
+ <tr>
+ <th>
+ Video resolution
+ </th>
+ <td>
+ 320 x 240 px
+ </td>
+ <td>
+ 720 x 480 px
+ </td>
+ <td>
+ 1280 x 720 px
+ </td>
+ <td>
+ 1920 x 1080 px
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video frame rate
+ </th>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 60 fps
+ </td>
+ <td>
+ 30 fps (60 fps
+ <sup>
+ 2
+ </sup>
+ )
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video bitrate
+ </th>
+ <td>
+ 800 Kbps
+ </td>
+ <td>
+ 2 Mbps
+ </td>
+ <td>
+ 8 Mbps
+ </td>
+ <td>
+ 20 Mbps
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1 REQUIRED for when the height as reported by the
+Display.getSupportedModes() method is equal or greater than the video resolution.
+ </p>
+ <p class="table_footnote">
+ 2 REQUIRED for Android Television device
+implementations.
+ </p>
+ <h4 id="5_3_5_h_265_(hevc)">
+ 5.3.5. H.265 (HEVC)
+ </h4>
+ <p>
+ Android device implementations, when supporting H.265 codec as described in
+ <a href="#5_1_3_video_codecs">
+ section 5.1.3
+ </a>:
+ </p>
+ <ul>
+ <li>
+ MUST support the Main Profile Level 3 Main tier and the SD video decoding profiles
+ as indicated in the following table.
+ </li>
+ <li>
+ SHOULD support the HD decoding profiles as indicated in the following table.
+ </li>
+ <li>
+ MUST support the HD decoding profiles as indicated in the following table
+ if there is a hardware decoder.
+ </li>
+ <li>
+ In addition, Android Television devices:
+ </li>
+ <li>
+ MUST support the HD 720p decoding profile.
+ </li>
+ <li>
+ STRONGLY RECOMMENDED to support the HD 1080p decoding profile. If the HD 1080p
+ decoding profile is supported, it MUST support the Main Profile Level 4.1 Main tier.
+ </li>
+ <li>
+ SHOULD support the UHD decoding profile. If the UHD decoding profile is supported the
+ codec MUST support Main10 Level 5 Main Tier profile.
+ </li>
+ </ul>
+ <table>
+ <tr>
+ <th>
+ </th>
+ <th>
+ SD (Low quality)
+ </th>
+ <th>
+ SD (High quality)
+ </th>
+ <th>
+ HD 720p
+ </th>
+ <th>
+ HD 1080p
+ </th>
+ <th>
+ UHD
+ </th>
+ </tr>
+ <tr>
+ <th>
+ Video resolution
+ </th>
+ <td>
+ 352 x 288 px
+ </td>
+ <td>
+ 720 x 480 px
+ </td>
+ <td>
+ 1280 x 720 px
+ </td>
+ <td>
+ 1920 x 1080 px
+ </td>
+ <td>
+ 3840 x 2160 px
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video frame rate
+ </th>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps (60 fps
+ <sup>
+ 1
+ </sup>
+ )
+ </td>
+ <td>
+ 60 fps
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video bitrate
+ </th>
+ <td>
+ 600 Kbps
+ </td>
+ <td>
+ 1.6 Mbps
+ </td>
+ <td>
+ 4 Mbps
+ </td>
+ <td>
+ 5 Mbps
+ </td>
+ <td>
+ 20 Mbps
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1 REQUIRED for Android Television device
+implementations with H.265 hardware decoding.
+ </p>
+ <h4 id="5_3_6_vp8">
+ 5.3.6. VP8
+ </h4>
+ <p>
+ Android device implementations, when supporting VP8 codec as described in
+ <a href="https://source.android.com/compatibility/android-cdd.html#5_1_3_video_codecs">
+ section 5.1.3
+ </a>:
+ </p>
+ <ul>
+ <li>
+ MUST support the SD decoding profiles in the following table.
+ </li>
+ <li>
+ SHOULD support the HD decoding profiles in the following table.
+ </li>
+ <li>
+ Android Television devices MUST support the HD 1080p60 decoding profile.
+ </li>
+ </ul>
+ <table>
+ <tr>
+ <th>
+ </th>
+ <th>
+ SD (Low quality)
+ </th>
+ <th>
+ SD (High quality)
+ </th>
+ <th>
+ HD 720p
+ <sup>
+ 1
+ </sup>
+ </th>
+ <th>
+ HD 1080p
+ <sup>
+ 1
+ </sup>
+ </th>
+ </tr>
+ <tr>
+ <th>
+ Video resolution
+ </th>
+ <td>
+ 320 x 180 px
+ </td>
+ <td>
+ 640 x 360 px
+ </td>
+ <td>
+ 1280 x 720 px
+ </td>
+ <td>
+ 1920 x 1080 px
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video frame rate
+ </th>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps (60 fps
+ <sup>
+ 2
+ </sup>
+ )
+ </td>
+ <td>
+ 30 (60 fps
+ <sup>
+ 2
+ </sup>
+ )
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video bitrate
+ </th>
+ <td>
+ 800 Kbps
+ </td>
+ <td>
+ 2 Mbps
+ </td>
+ <td>
+ 8 Mbps
+ </td>
+ <td>
+ 20 Mbps
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1 REQUIRED for when the height as reported by the
+Display.getSupportedModes() method is equal or greater than the video resolution.
+ </p>
+ <p class="table_footnote">
+ 2 REQUIRED for Android Television device
+implementations.
+ </p>
+ <h4 id="5_3_7_vp9">
+ 5.3.7. VP9
+ </h4>
+ <p>
+ Android device implementations, when supporting VP9 codec as described in
+ <a href="https://source.android.com/compatibility/android-cdd.html#5_1_3_video_codecs">
+ section 5.1.3
+ </a>:
+ </p>
+ <ul>
+ <li>
+ MUST support the SD video decoding profiles as indicated in the following table.
+ </li>
+ <li>
+ SHOULD support the HD decoding profiles as indicated in the following table.
+ </li>
+ <li>
+ MUST support the HD decoding profiles as indicated in the following table,
+ if there is a hardware decoder.
+ </li>
+ <li>
+ <p>
+ In addition, Android Television devices:
+ </p>
+ <ul>
+ <li>
+ MUST support the HD 720p decoding profile.
+ </li>
+ <li>
+ STRONGLY RECOMMENDED to support the HD 1080p decoding profile.
+ </li>
+ <li>
+ SHOULD support the UHD decoding profile. If the UHD video decoding
+ profile is supported, it MUST support 8-bit color depth and SHOULD
+ support VP9 Profile 2 (10-bit).
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <table>
+ <tr>
+ <th>
+ </th>
+ <th>
+ SD (Low quality)
+ </th>
+ <th>
+ SD (High quality)
+ </th>
+ <th>
+ HD 720p
+ </th>
+ <th>
+ HD 1080p
+ </th>
+ <th>
+ UHD
+ </th>
+ </tr>
+ <tr>
+ <th>
+ Video resolution
+ </th>
+ <td>
+ 320 x 180 px
+ </td>
+ <td>
+ 640 x 360 px
+ </td>
+ <td>
+ 1280 x 720 px
+ </td>
+ <td>
+ 1920 x 1080 px
+ </td>
+ <td>
+ 3840 x 2160 px
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video frame rate
+ </th>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps
+ </td>
+ <td>
+ 30 fps (60 fps
+ <sup>
+ 1
+ </sup>
+ )
+ </td>
+ <td>
+ 60 fps
+ </td>
+ </tr>
+ <tr>
+ <th>
+ Video bitrate
+ </th>
+ <td>
+ 600 Kbps
+ </td>
+ <td>
+ 1.6 Mbps
+ </td>
+ <td>
+ 4 Mbps
+ </td>
+ <td>
+ 5 Mbps
+ </td>
+ <td>
+ 20 Mbps
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1 REQUIRED for Android Television
+device implementations with VP9 hardware decoding.
+ </p>
+ <h3 id="5_4_audio_recording">
+ 5.4. Audio Recording
+ </h3>
+ <p>
+ While some of the requirements outlined in this section are stated as SHOULD
+since Android 4.3, the Compatibility Definition for a future version is planned
+to change these to MUST. Existing and new Android devices are
+ <strong>
+ STRONGLY
+RECOMMENDED
+ </strong>
+ to meet these requirements that are stated as SHOULD, or they
+will not be able to attain Android compatibility when upgraded to the future
+version.
+ </p>
+ <h4 id="5_4_1_raw_audio_capture">
+ 5.4.1. Raw Audio Capture
+ </h4>
+ <p>
+ Device implementations that declare android.hardware.microphone MUST allow
+capture of raw audio content with the following characteristics:
+ </p>
+ <ul>
+ <li>
+ <strong>
+ Format
+ </strong>
+ : Linear PCM, 16-bit
+ </li>
+ <li>
+ <strong>
+ Sampling rates
+ </strong>
+ : 8000, 11025, 16000, 44100
+ </li>
+ <li>
+ <strong>
+ Channels
+ </strong>
+ : Mono
+ </li>
+ </ul>
+ <p>
+ The capture for the above sample rates MUST be done without up-sampling, and
+any down-sampling MUST include an appropriate anti-aliasing filter.
+ </p>
+ <p>
+ Device implementations that declare android.hardware.microphone SHOULD allow
+capture of raw audio content with the following characteristics:
+ </p>
+ <ul>
+ <li>
+ <strong>
+ Format
+ </strong>
+ : Linear PCM, 16-bit
+ </li>
+ <li>
+ <strong>
+ Sampling rates
+ </strong>
+ : 22050, 48000
+ </li>
+ <li>
+ <strong>
+ Channels
+ </strong>
+ : Stereo
+ </li>
+ </ul>
+ <p>
+ If capture for the above sample rates is supported, then the capture MUST be
+done without up-sampling at any ratio higher than 16000:22050 or 44100:48000.
+Any up-sampling or down-sampling MUST include an appropriate anti-aliasing
+filter.
+ </p>
+ <h4 id="5_4_2_capture_for_voice_recognition">
+ 5.4.2. Capture for Voice Recognition
+ </h4>
+ <p>
+ The android.media.MediaRecorder.AudioSource.VOICE_RECOGNITION audio source MUST
+support capture at one of the sampling rates, 44100 and 48000.
+ </p>
+ <p>
+ In addition to the above recording specifications, when an application has
+started recording an audio stream using the
+android.media.MediaRecorder.AudioSource.VOICE_RECOGNITION audio source:
+ </p>
+ <ul>
+ <li>
+ The device SHOULD exhibit approximately flat amplitude versus frequency
+ characteristics: specifically, ±3 dB, from 100 Hz to 4000 Hz.
+ </li>
+ <li>
+ Audio input sensitivity SHOULD be set such that a 90 dB sound power level
+ (SPL) source at 1000 Hz yields RMS of 2500 for 16-bit samples.
+ </li>
+ <li>
+ PCM amplitude levels SHOULD linearly track input SPL changes over at least a
+ 30 dB range from -18 dB to +12 dB re 90 dB SPL at the microphone.
+ </li>
+ <li>
+ Total harmonic distortion SHOULD be less than 1% for 1 kHz at 90 dB SPL
+ input level at the microphone.
+ </li>
+ <li>
+ Noise reduction processing, if present, MUST be disabled.
+ </li>
+ <li>
+ Automatic gain control, if present, MUST be disabled.
+ </li>
+ </ul>
+ <p>
+ If the platform supports noise suppression technologies tuned for speech
+recognition, the effect MUST be controllable from the
+android.media.audiofx.NoiseSuppressor API. Moreover, the UUID field for the
+noise suppressor’s effect descriptor MUST uniquely identify each implementation
+of the noise suppression technology.
+ </p>
+ <h4 id="5_4_3_capture_for_rerouting_of_playback">
+ 5.4.3. Capture for Rerouting of Playback
+ </h4>
+ <p>
+ The android.media.MediaRecorder.AudioSource class includes the REMOTE_SUBMIX
+audio source. Devices that declare android.hardware.audio.output MUST properly
+implement the REMOTE_SUBMIX audio source so that when an application uses the
+android.media.AudioRecord API to record from this audio source, it can capture
+a mix of all audio streams except for the following:
+ </p>
+ <ul>
+ <li>
+ STREAM_RING
+ </li>
+ <li>
+ STREAM_ALARM
+ </li>
+ <li>
+ STREAM_NOTIFICATION
+ </li>
+ </ul>
+ <h3 id="5_5_audio_playback">
+ 5.5. Audio Playback
+ </h3>
+ <p>
+ Device implementations that declare android.hardware.audio.output MUST conform
+to the requirements in this section.
+ </p>
+ <h4 id="5_5_1_raw_audio_playback">
+ 5.5.1. Raw Audio Playback
+ </h4>
+ <p>
+ The device MUST allow playback of raw audio content with the following
+characteristics:
+ </p>
+ <ul>
+ <li>
+ <strong>
+ Format
+ </strong>
+ : Linear PCM, 16-bit
+ </li>
+ <li>
+ <strong>
+ Sampling rates
+ </strong>
+ : 8000, 11025, 16000, 22050, 32000, 44100
+ </li>
+ <li>
+ <strong>
+ Channels
+ </strong>
+ : Mono, Stereo
+ </li>
+ </ul>
+ <p>
+ The device SHOULD allow playback of raw audio content with the following
+characteristics:
+ </p>
+ <ul>
+ <li>
+ <strong>
+ Sampling rates
+ </strong>
+ : 24000, 48000
+ </li>
+ </ul>
+ <h4 id="5_5_2_audio_effects">
+ 5.5.2. Audio Effects
+ </h4>
+ <p>
+ Android provides an
+ <a href="http://developer.android.com/reference/android/media/audiofx/AudioEffect.html">
+ API for audio effects
+ </a>
+ for device implementations. Device implementations that declare the feature
+android.hardware.audio.output:
+ </p>
+ <ul>
+ <li>
+ MUST support the EFFECT_TYPE_EQUALIZER and EFFECT_TYPE_LOUDNESS_ENHANCER
+implementations controllable through the AudioEffect subclasses Equalizer,
+LoudnessEnhancer.
+ </li>
+ <li>
+ MUST support the visualizer API implementation, controllable through the
+Visualizer class.
+ </li>
+ <li>
+ SHOULD support the EFFECT_TYPE_BASS_BOOST, EFFECT_TYPE_ENV_REVERB,
+EFFECT_TYPE_PRESET_REVERB, and EFFECT_TYPE_VIRTUALIZER implementations
+controllable through the AudioEffect sub-classes BassBoost,
+EnvironmentalReverb, PresetReverb, and Virtualizer.
+ </li>
+ </ul>
+ <h4 id="5_5_3_audio_output_volume">
+ 5.5.3. Audio Output Volume
+ </h4>
+ <p>
+ Android Television device implementations MUST include support for system
+Master Volume and digital audio output volume attenuation on supported outputs,
+except for compressed audio passthrough output (where no audio decoding is done
+on the device).
+ </p>
+ <p>
+ Android Automotive device implementations SHOULD allow adjusting audio volume
+separately per each audio stream using the content type or usage as defined
+by
+ <a href="" title="http://developer.android.com/reference/android/media/AudioAttributes.html">
+ AudioAttributes
+ </a>
+ and car audio usage as publicly defined in
+ <code>
+ android.car.CarAudioManager
+ </code>
+ .
+ </p>
+ <h3 id="5_6_audio_latency">
+ 5.6. Audio Latency
+ </h3>
+ <p>
+ Audio latency is the time delay as an audio signal passes through a system.
+Many classes of applications rely on short latencies, to achieve real-time
+sound effects.
+ </p>
+ <p>
+ For the purposes of this section, use the following definitions:
+ </p>
+ <ul>
+ <li>
+ <strong>
+ output latency
+ </strong>
+ . The interval between when an application writes a frame
+of PCM-coded data and when the corresponding sound is presented to environment at an on-device transducer
+or signal leaves the device via a port and can be observed externally.
+ </li>
+ <li>
+ <strong>
+ cold output latency
+ </strong>
+ . The output latency for the first frame, when the
+audio output system has been idle and powered down prior to the request.
+ </li>
+ <li>
+ <strong>
+ continuous output latency
+ </strong>
+ . The output latency for subsequent frames,
+after the device is playing audio.
+ </li>
+ <li>
+ <strong>
+ input latency
+ </strong>
+ . The interval between when a sound is presented by environment to device
+at an on-device transducer or signal enters the device via a port
+and when an application reads the corresponding frame of
+PCM-coded data.
+ </li>
+ <li>
+ <strong>
+ lost input
+ </strong>
+ . The initial portion of an input signal that is unusable or unavailable.
+ </li>
+ <li>
+ <strong>
+ cold input latency
+ </strong>
+ . The sum of lost input time and the input latency
+for the first frame, when the audio input system has been idle and powered down
+prior to the request.
+ </li>
+ <li>
+ <strong>
+ continuous input latency
+ </strong>
+ . The input latency for subsequent frames,
+while the device is capturing audio.
+ </li>
+ <li>
+ <strong>
+ cold output jitter
+ </strong>
+ . The variability among separate measurements of cold
+output latency values.
+ </li>
+ <li>
+ <strong>
+ cold input jitter
+ </strong>
+ . The variability among separate measurements of cold
+input latency values.
+ </li>
+ <li>
+ <strong>
+ continuous round-trip latency
+ </strong>
+ . The sum of continuous input latency plus
+continuous output latency plus one buffer period. The buffer period allows
+time for the app to process the signal and time for the app to mitigate phase difference
+between input and output streams.
+ </li>
+ <li>
+ <strong>
+ OpenSL ES PCM buffer queue API
+ </strong>
+ . The set of PCM-related OpenSL ES APIs
+within
+ <a href="https://developer.android.com/ndk/index.html">
+ Android NDK
+ </a>.
+ </li>
+ </ul>
+ <p>
+ Device implementations that declare android.hardware.audio.output are STRONGLY
+RECOMMENDED to meet or exceed these audio output requirements:
+ </p>
+ <ul>
+ <li>
+ cold output latency of 100 milliseconds or less
+ </li>
+ <li>
+ continuous output latency of 45 milliseconds or less
+ </li>
+ <li>
+ minimize the cold output jitter
+ </li>
+ </ul>
+ <p>
+ If a device implementation meets the requirements of this section after any
+initial calibration when using the OpenSL ES PCM buffer queue API, for
+continuous output latency and cold output latency over at least one supported
+audio output device, it is STRONGLY RECOMMENDED to report support for
+low-latency audio, by reporting the feature android.hardware.audio.low_latency
+via the
+ <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">
+ android.content.pm.PackageManager
+ </a>
+ class. Conversely, if the device implementation does not meet these
+requirements it MUST NOT report support for low-latency audio.
+ </p>
+ <p>
+ Device implementations that include android.hardware.microphone are STRONGLY
+RECOMMENDED to meet these input audio requirements:
+ </p>
+ <ul>
+ <li>
+ cold input latency of 100 milliseconds or less
+ </li>
+ <li>
+ continuous input latency of 30 milliseconds or less
+ </li>
+ <li>
+ continuous round-trip latency of 50 milliseconds or less
+ </li>
+ <li>
+ minimize the cold input jitter
+ </li>
+ </ul>
+ <h3 id="5_7_network_protocols">
+ 5.7. Network Protocols
+ </h3>
+ <p>
+ Devices MUST support the
+ <a href="http://developer.android.com/guide/appendix/media-formats.html">
+ media network protocols
+ </a>
+ for audio and video playback as specified in the Android SDK documentation.
+Specifically, devices MUST support the following media network protocols:
+ </p>
+ <ul>
+ <li>
+ <p>
+ HTTP(S) progressive streaming
+ <br/>
+ All required codecs and container formats in
+ <a href="#5_1_media_codecs">
+ section 5.1
+ </a>
+ MUST
+ be supported over HTTP(S)
+ </p>
+ </li>
+ <li>
+ <p>
+ <a href="http://tools.ietf.org/html/draft-pantos-http-live-streaming-07">
+ HTTP Live Streaming draft protocol, Version 7
+ </a>
+ <br/>
+ The following media segment formats MUST be supported:
+ </p>
+ </li>
+ </ul>
+ <table>
+ <tr>
+ <th>
+ Segment formats
+ </th>
+ <th>
+ Reference(s)
+ </th>
+ <th>
+ Required codec support
+ </th>
+ </tr>
+ <tr id="mp2t">
+ <td>
+ MPEG-2 Transport Stream
+ </td>
+ <td>
+ <a href="http://www.iso.org/iso/catalogue_detail?csnumber=44169">
+ ISO 13818
+ </a>
+ </td>
+ <td>
+ Video codecs:
<ul>
- <li>MUST include support for code running in the managed environment to call into native code, using the standard Java Native Interface (JNI) semantics.
- </li>
- <li>MUST be source-compatible (i.e. header compatible) and binary-compatible (for the ABI) with each required library in the list below.
- </li>
- <li>MUST support the equivalent 32-bit ABI if any 64-bit ABI is supported.
- </li>
- <li>MUST accurately report the native Application Binary Interface (ABI) supported by the device, via the android.os.Build.SUPPORTED_ABIS, android.os.Build.SUPPORTED_32_BIT_ABIS, and android.os.Build.SUPPORTED_64_BIT_ABIS parameters, each a comma separated list of ABIs ordered from the most to the least preferred one.
- </li>
- <li>MUST report, via the above parameters, only those ABIs documented and described in the latest version of the <a href="https://developer.android.com/ndk/guides/abis.html">Android NDK ABI Management documentation</a>, and MUST include support for the <a href="http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0388f/Beijfcja.html">Advanced SIMD</a> (a.k.a. NEON) extension.
- </li>
- <li>SHOULD be built using the source code and header files available in the upstream Android Open Source Project
- </li>
+ <li class="table_list">
+ H264 AVC
+ </li>
+ <li class="table_list">
+ MPEG-4 SP
+ </li>
+ <li class="table_list">
+ MPEG-2
+ </li>
</ul>
- <p>
- Note that future releases of the Android NDK may introduce support for additional ABIs. If a device implementation is not compatible with an existing predefined ABI, it MUST NOT report support for any ABIs at all.
- </p>
+ See
+ <a href="#5_1_3_video_codecs">
+ section 5.1.3
+ </a>
+ for details on H264 AVC, MPEG2-4 SP,
+ <br/>
+ and MPEG-2.
<p>
- The following native code APIs MUST be available to apps that include native code:
+ Audio codecs:
</p>
<ul>
- <li>libandroid.so (native Android activity support)
- </li>
- <li>libc (C library)
- </li>
- <li>libcamera2ndk.so
- </li>
- <li>libdl (dynamic linker)
- </li>
- <li>libEGL.so (native OpenGL surface management)
- </li>
- <li>libGLESv1_CM.so (OpenGL ES 1.x)
- </li>
- <li>libGLESv2.so (OpenGL ES 2.0)
- </li>
- <li>libGLESv3.so (OpenGL ES 3.x)
- </li>
- <li>libicui18n.so
- </li>
- <li>libicuuc.so
- </li>
- <li>libjnigraphics.so
- </li>
- <li>liblog (Android logging)
- </li>
- <li>libmediandk.so (native media APIs support)
- </li>
- <li>libm (math library)
- </li>
- <li>libOpenMAXAL.so (OpenMAX AL 1.0.1 support)
- </li>
- <li>libOpenSLES.so (OpenSL ES 1.0.1 audio support)
- </li>
- <li>libRS.so
- </li>
- <li>libstdc++ (Minimal support for C++)
- </li>
- <li>libvulkan.so (Vulkan)
- </li>
- <li>libz (Zlib compression)
- </li>
- <li>JNI interface
- </li>
- <li>Support for OpenGL, as described below
- </li>
+ <li class="table_list">
+ AAC
+ </li>
</ul>
- <p>
- For the native libraries listed above, the device implementation MUST NOT add or remove the public functions.
- </p>
- <p>
- Native libraries not listed above but implemented and provided in AOSP as system libraries are reserved and MUST NOT be exposed to third-party apps targeting API level 24 or higher.
- </p>
- <p>
- Device implementations MAY add non-AOSP libraries and expose them directly as an API to third-party apps but the additional libraries SHOULD be in <code>/vendor/lib</code> or <code>/vendor/lib64</code> and MUST be listed in <code>/vendor/etc/public.libraries.txt</code>.
- </p>
- <p>
- Note that device implementations MUST include libGLESv3.so and in turn, MUST export all the OpenGL ES 3.1 and <a href="http://developer.android.com/guide/topics/graphics/opengl.html#aep">Android Extension Pack</a> function symbols as defined in the NDK release android-24. Although all the symbols must be present, only the corresponding functions for OpenGL ES versions and extensions actually supported by the device must be fully implemented.
- </p>
- <h4>
- 3.3.1.1. Graphic Libraries
- </h4>
- <p>
- <a href="https://www.khronos.org/registry/vulkan/specs/1.0-wsi_extensions/xhtml/vkspec.html">Vulkan</a> is a low-overhead, cross-platform API for high-performance 3D graphics. Device implementations, even if not including support of the Vulkan APIs, MUST satisfy the following requirements:
- </p>
- <ul>
- <li>It MUST always provide a native library named <code>libvulkan.so</code> which exports function symbols for the core Vulkan 1.0 API as well as the <code>VK_KHR_surface</code>, <code>VK_KHR_android_surface</code>, and <code>VK_KHR_swapchain</code> extensions.
- </li>
- </ul>
- <p>
- Device implementations, if including support of the Vulkan APIs:
- </p>
- <ul>
- <li>MUST report, one or more <code>VkPhysicalDevices</code> through the <code>vkEnumeratePhysicalDevices</code> call.
- </li>
- <li>Each enumerated <code>VkPhysicalDevices</code> MUST fully implement the Vulkan 1.0 API.
- </li>
- <li>MUST report the correct <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_LEVEL"><code>PackageManager#FEATURE_VULKAN_HARDWARE_LEVEL</code></a> and <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_VERSION"><code>PackageManager#FEATURE_VULKAN_HARDWARE_VERSION</code></a> feature flags.
- </li>
- <li>MUST enumerate layers, contained in native libraries named <code>libVkLayer*.so</code> in the application package’s native library directory, through the <code>vkEnumerateInstanceLayerProperties</code> and <code>vkEnumerateDeviceLayerProperties</code> functions in <code>libvulkan.so</code>
- </li>
- <li>MUST NOT enumerate layers provided by libraries outside of the application package, or provide other ways of tracing or intercepting the Vulkan API, unless the application has the <code>android:debuggable=”true”</code> attribute.
- </li>
- </ul>
- <p>
- Device implementations, if not including support of the Vulkan APIs:
- </p>
- <ul>
- <li>MUST report 0 <code>VkPhysicalDevices</code> through the <code>vkEnumeratePhysicalDevices</code> call.
- </li>
- <li>MUST NOT declare any of the Vulkan feature flags <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_LEVEL"><code>PackageManager#FEATURE_VULKAN_HARDWARE_LEVEL</code></a> and <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html#FEATURE_VULKAN_HARDWARE_VERSION"><code>PackageManager#FEATURE_VULKAN_HARDWARE_VERSION</code></a>.
- </li>
- </ul>
- <h3>
- 3.3.2. 32-bit ARM Native Code Compatibility
- </h3>
- <p>
- The ARMv8 architecture deprecates several CPU operations, including some operations used in existing native code. On 64-bit ARM devices, the following deprecated operations MUST remain available to 32-bit native ARM code, either through native CPU support or through software emulation:
- </p>
- <ul>
- <li>SWP and SWPB instructions
- </li>
- <li>SETEND instruction
- </li>
- <li>CP15ISB, CP15DSB, and CP15DMB barrier operations
- </li>
- </ul>
- <p>
- Legacy versions of the Android NDK used /proc/cpuinfo to discover CPU features from 32-bit ARM native code. For compatibility with applications built using this NDK, devices MUST include the following lines in /proc/cpuinfo when it is read by 32-bit ARM applications:
- </p>
- <ul>
- <li>"Features: ", followed by a list of any optional ARMv7 CPU features supported by the device.
- </li>
- <li>"CPU architecture: ", followed by an integer describing the device's highest supported ARM architecture (e.g., "8" for ARMv8 devices).
- </li>
- </ul>
- <p>
- These requirements only apply when /proc/cpuinfo is read by 32-bit ARM applications. Devices SHOULD not alter /proc/cpuinfo when read by 64-bit ARM or non-ARM applications.
- </p>
- <h2>
- 3.4. Web Compatibility
- </h2>
- <h3>
- 3.4.1. WebView Compatibility
- </h3>
- <div class="note">
- Android Watch devices MAY, but all other device implementations MUST provide a complete implementation of the android.webkit.Webview API.
- </div>
- <p>
- The platform feature android.software.webview MUST be reported on any device that provides a complete implementation of the android.webkit.WebView API, and MUST NOT be reported on devices without a complete implementation of the API. The Android Open Source implementation uses code from the Chromium Project to implement the <a href="http://developer.android.com/reference/android/webkit/WebView.html">android.webkit.WebView</a>. Because it is not feasible to develop a comprehensive test suite for a web rendering system, device implementers MUST use the specific upstream build of Chromium in the WebView implementation. Specifically:
- </p>
- <ul>
- <li>Device android.webkit.WebView implementations MUST be based on the <a href="http://www.chromium.org/">Chromium</a> build from the upstream Android Open Source Project for Android 7.1. This build includes a specific set of functionality and security fixes for the WebView.
- </li>
- <li>
- <p>
- The user agent string reported by the WebView MUST be in this format:
- </p>
- <p>
- Mozilla/5.0 (Linux; Android $(VERSION); $(MODEL) Build/$(BUILD); wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 $(CHROMIUM_VER) Mobile Safari/537.36
- </p>
- <ul>
- <li>The value of the $(VERSION) string MUST be the same as the value for android.os.Build.VERSION.RELEASE.
- </li>
- <li>The value of the $(MODEL) string MUST be the same as the value for android.os.Build.MODEL.
- </li>
- <li>The value of the $(BUILD) string MUST be the same as the value for android.os.Build.ID.
- </li>
- <li>The value of the $(CHROMIUM_VER) string MUST be the version of Chromium in the upstream Android Open Source Project.
- </li>
- <li>Device implementations MAY omit Mobile in the user agent string.
- </li>
- </ul>
- </li>
- </ul>
- <p>
- The WebView component SHOULD include support for as many HTML5 features as possible and if it supports the feature SHOULD conform to the <a href="http://html.spec.whatwg.org/multipage/">HTML5 specification</a>.
- </p>
- <h3>
- 3.4.2. Browser Compatibility
- </h3>
- <div class="note">
- Android Television, Watch, and Android Automotive implementations MAY omit a browser application, but MUST support the public intent patterns as described in <a href="#3_2_3_1_core_application_intents">section 3.2.3.1</a>. All other types of device implementations MUST include a standalone Browser application for general user web browsing.
- </div>
- <p>
- The standalone Browser MAY be based on a browser technology other than WebKit. However, even if an alternate Browser application is used, the android.webkit.WebView component provided to third-party applications MUST be based on WebKit, as described in <a href="#3_4_1_webview_compatibility">section 3.4.1</a>.
- </p>
- <p>
- Implementations MAY ship a custom user agent string in the standalone Browser application.
- </p>
- <p>
- The standalone Browser application (whether based on the upstream WebKit Browser application or a third-party replacement) SHOULD include support for as much of <a href="http://html.spec.whatwg.org/multipage/">HTML5</a> as possible. Minimally, device implementations MUST support each of these APIs associated with HTML5:
- </p>
- <ul>
- <li>
- <a href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#offline">application cache/offline operation</a>
- </li>
- <li>
- <a href="http://www.w3.org/html/wg/drafts/html/master/semantics.html#video"><video> tag</a>
- </li>
- <li>
- <a href="http://www.w3.org/TR/geolocation-API/">geolocation</a>
- </li>
- </ul>
- <p>
- Additionally, device implementations MUST support the HTML5/W3C <a href="http://www.w3.org/TR/webstorage/">webstorage API</a> and SHOULD support the HTML5/W3C <a href="http://www.w3.org/TR/IndexedDB/">IndexedDB API</a>. Note that as the web development standards bodies are transitioning to favor IndexedDB over webstorage, IndexedDB is expected to become a required component in a future version of Android.
- </p>
- <h2>
- 3.5. API Behavioral Compatibility
- </h2>
- <p>
- The behaviors of each of the API types (managed, soft, native, and web) must be consistent with the preferred implementation of the upstream <a href="http://source.android.com/">Android Open Source Project</a>. Some specific areas of compatibility are:
- </p>
- <ul>
- <li>Devices MUST NOT change the behavior or semantics of a standard intent.
- </li>
- <li>Devices MUST NOT alter the lifecycle or lifecycle semantics of a particular type of system component (such as Service, Activity, ContentProvider, etc.).
- </li>
- <li>Devices MUST NOT change the semantics of a standard permission.
- </li>
- </ul>
- <p>
- The above list is not comprehensive. The Compatibility Test Suite (CTS) tests significant portions of the platform for behavioral compatibility, but not all. It is the responsibility of the implementer to ensure behavioral compatibility with the Android Open Source Project. For this reason, device implementers SHOULD use the source code available via the Android Open Source Project where possible, rather than re-implement significant parts of the system.
- </p>
- <h2>
- 3.6. API Namespaces
- </h2>
- <p>
- Android follows the package and class namespace conventions defined by the Java programming language. To ensure compatibility with third-party applications, device implementers MUST NOT make any prohibited modifications (see below) to these package namespaces:
- </p>
- <ul>
- <li>java.*
- </li>
- <li>javax.*
- </li>
- <li>sun.*
- </li>
- <li>android.*
- </li>
- <li>com.android.*
- </li>
- </ul>
- <p>
- <strong>Prohibited modifications include</strong>:
- </p>
- <ul>
- <li>Device implementations MUST NOT modify the publicly exposed APIs on the Android platform by changing any method or class signatures, or by removing classes or class fields.
- </li>
- <li>Device implementers MAY modify the underlying implementation of the APIs, but such modifications MUST NOT impact the stated behavior and Java-language signature of any publicly exposed APIs.
- </li>
- <li>Device implementers MUST NOT add any publicly exposed elements (such as classes or interfaces, or fields or methods to existing classes or interfaces) to the APIs above.
- </li>
- </ul>
- <p>
- A “publicly exposed element” is any construct that is not decorated with the“@hide” marker as used in the upstream Android source code. In other words, device implementers MUST NOT expose new APIs or alter existing APIs in the namespaces noted above. Device implementers MAY make internal-only modifications, but those modifications MUST NOT be advertised or otherwise exposed to developers.
- </p>
- <p>
- Device implementers MAY add custom APIs, but any such APIs MUST NOT be in a namespace owned by or referring to another organization. For instance, device implementers MUST NOT add APIs to the com.google.* or similar namespace: only Google may do so. Similarly, Google MUST NOT add APIs to other companies' namespaces. Additionally, if a device implementation includes custom APIs outside the standard Android namespace, those APIs MUST be packaged in an Android shared library so that only apps that explicitly use them (via the <uses-library> mechanism) are affected by the increased memory usage of such APIs.
- </p>
- <p>
- If a device implementer proposes to improve one of the package namespaces above (such as by adding useful new functionality to an existing API, or adding a new API), the implementer SHOULD visit <a href="http://source.android.com/">source.android.com</a> and begin the process for contributing changes and code, according to the information on that site.
- </p>
- <p>
- Note that the restrictions above correspond to standard conventions for naming APIs in the Java programming language; this section simply aims to reinforce those conventions and make them binding through inclusion in this Compatibility Definition.
- </p>
- <h2>
- 3.7. Runtime Compatibility
- </h2>
- <p>
- Device implementations MUST support the full Dalvik Executable (DEX) format and <a href="https://android.googlesource.com/platform/dalvik/">Dalvik bytecode specification and semantics</a>. Device implementers SHOULD use ART, the reference upstream implementation of the Dalvik Executable Format, and the reference implementation’s package management system.
- </p>
- <p>
- Device implementations MUST configure Dalvik runtimes to allocate memory in accordance with the upstream Android platform, and as specified by the following table. (See <a href="#7_1_1_screen_configuration">section 7.1.1</a> for screen size and screen density definitions.) Note that memory values specified below are considered minimum values and device implementations MAY allocate more memory per application.
- </p>
- <table>
- <tr>
- <th>
- Screen Layout
- </th>
- <th>
- Screen Density
- </th>
- <th>
- Minimum Application Memory
- </th>
- </tr>
- <tr>
- <td rowspan="12">
- Android Watch
- </td>
- <td>
- 120 dpi (ldpi)
- </td>
- <td rowspan="3">
- 32MB
- </td>
- </tr>
- <tr>
- <td>
- 160 dpi (mdpi)
- </td>
- </tr>
- <tr>
- <td>
- 213 dpi (tvdpi)
- </td>
- </tr>
- <tr>
- <td>
- 240 dpi (hdpi)
- </td>
- <td rowspan="2">
- 36MB
- </td>
- </tr>
- <tr>
- <td>
- 280 dpi (280dpi)
- </td>
- </tr>
- <tr>
- <td>
- 320 dpi (xhdpi)
- </td>
- <td rowspan="2">
- 48MB
- </td>
- </tr>
- <tr>
- <td>
- 360 dpi (360dpi)
- </td>
- </tr>
- <tr>
- <td>
- 400 dpi (400dpi)
- </td>
- <td>
- 56MB
- </td>
- </tr>
- <tr>
- <td>
- 420 dpi (420dpi)
- </td>
- <td>
- 64MB
- </td>
- </tr>
- <tr>
- <td>
- 480 dpi (xxhdpi)
- </td>
- <td>
- 88MB
- </td>
- </tr>
- <tr>
- <td>
- 560 dpi (560dpi)
- </td>
- <td>
- 112MB
- </td>
- </tr>
- <tr>
- <td>
- 640 dpi (xxxhdpi)
- </td>
- <td>
- 154MB
- </td>
- </tr>
- <tr>
- <td rowspan="12">
- small/normal
- </td>
- <td>
- 120 dpi (ldpi)
- </td>
- <td rowspan="2">
- 32MB
- </td>
- </tr>
- <tr>
- <td>
- 160 dpi (mdpi)
- </td>
- </tr>
- <tr>
- <td>
- 213 dpi (tvdpi)
- </td>
- <td rowspan="3">
- 48MB
- </td>
- </tr>
- <tr>
- <td>
- 240 dpi (hdpi)
- </td>
- </tr>
- <tr>
- <td>
- 280 dpi (280dpi)
- </td>
- </tr>
- <tr>
- <td>
- 320 dpi (xhdpi)
- </td>
- <td rowspan="2">
- 80MB
- </td>
- </tr>
- <tr>
- <td>
- 360 dpi (360dpi)
- </td>
- </tr>
- <tr>
- <td>
- 400 dpi (400dpi)
- </td>
- <td>
- 96MB
- </td>
- </tr>
- <tr>
- <td>
- 420 dpi (420dpi)
- </td>
- <td>
- 112MB
- </td>
- </tr>
- <tr>
- <td>
- 480 dpi (xxhdpi)
- </td>
- <td>
- 128MB
- </td>
- </tr>
- <tr>
- <td>
- 560 dpi (560dpi)
- </td>
- <td>
- 192MB
- </td>
- </tr>
- <tr>
- <td>
- 640 dpi (xxxhdpi)
- </td>
- <td>
- 256MB
- </td>
- </tr>
- <tr>
- <td rowspan="12">
- large
- </td>
- <td>
- 120 dpi (ldpi)
- </td>
- <td>
- 32MB
- </td>
- </tr>
- <tr>
- <td>
- 160 dpi (mdpi)
- </td>
- <td>
- 48MB
- </td>
- </tr>
- <tr>
- <td>
- 213 dpi (tvdpi)
- </td>
- <td rowspan="2">
- 80MB
- </td>
- </tr>
- <tr>
- <td>
- 240 dpi (hdpi)
- </td>
- </tr>
- <tr>
- <td>
- 280 dpi (280dpi)
- </td>
- <td>
- 96MB
- </td>
- </tr>
- <tr>
- <td>
- 320 dpi (xhdpi)
- </td>
- <td>
- 128MB
- </td>
- </tr>
- <tr>
- <td>
- 360 dpi (360dpi)
- </td>
- <td>
- 160MB
- </td>
- </tr>
- <tr>
- <td>
- 400 dpi (400dpi)
- </td>
- <td>
- 192MB
- </td>
- </tr>
- <tr>
- <td>
- 420 dpi (420dpi)
- </td>
- <td>
- 228MB
- </td>
- </tr>
- <tr>
- <td>
- 480 dpi (xxhdpi)
- </td>
- <td>
- 256MB
- </td>
- </tr>
- <tr>
- <td>
- 560 dpi (560dpi)
- </td>
- <td>
- 384MB
- </td>
- </tr>
- <tr>
- <td>
- 640 dpi (xxxhdpi)
- </td>
- <td>
- 512MB
- </td>
- </tr>
- <tr>
- <td rowspan="12">
- xlarge
- </td>
- <td>
- 120 dpi (ldpi)
- </td>
- <td>
- 48MB
- </td>
- </tr>
- <tr>
- <td>
- 160 dpi (mdpi)
- </td>
- <td>
- 80MB
- </td>
- </tr>
- <tr>
- <td>
- 213 dpi (tvdpi)
- </td>
- <td rowspan="2">
- 96MB
- </td>
- </tr>
- <tr>
- <td>
- 240 dpi (hdpi)
- </td>
- </tr>
- <tr>
- <td>
- 280 dpi (280dpi)
- </td>
- <td>
- 144MB
- </td>
- </tr>
- <tr>
- <td>
- 320 dpi (xhdpi)
- </td>
- <td>
- 192MB
- </td>
- </tr>
- <tr>
- <td>
- 360 dpi (360dpi)
- </td>
- <td>
- 240MB
- </td>
- </tr>
- <tr>
- <td>
- 400 dpi (400dpi)
- </td>
- <td>
- 288MB
- </td>
- </tr>
- <tr>
- <td>
- 420 dpi (420dpi)
- </td>
- <td>
- 336MB
- </td>
- </tr>
- <tr>
- <td>
- 480 dpi (xxhdpi)
- </td>
- <td>
- 384MB
- </td>
- </tr>
- <tr>
- <td>
- 560 dpi (560dpi)
- </td>
- <td>
- 576MB
- </td>
- </tr>
- <tr>
- <td>
- 640 dpi (xxxhdpi)
- </td>
- <td>
- 768MB
- </td>
- </tr>
- </table>
- <h2>
- 3.8. User Interface Compatibility
- </h2>
- <h3>
- 3.8.1. Launcher (Home Screen)
- </h3>
- <p>
- Android includes a launcher application (home screen) and support for third-party applications to replace the device launcher (home screen). Device implementations that allow third-party applications to replace the device home screen MUST declare the platform feature android.software.home_screen.
- </p>
- <h3>
- 3.8.2. Widgets
- </h3>
- <div class="note">
- Widgets are optional for all Android device implementations, but SHOULD be supported on Android Handheld devices.
- </div>
- <p>
- Android defines a component type and corresponding API and lifecycle that allows applications to expose an <a href="http://developer.android.com/guide/practices/ui_guidelines/widget_design.html">“AppWidget”</a> to the end user, a feature that is STRONGLY RECOMMENDED to be supported on Handheld Device implementations. Device implementations that support embedding widgets on the home screen MUST meet the following requirements and declare support for platform feature android.software.app_widgets.
- </p>
- <ul>
- <li>Device launchers MUST include built-in support for AppWidgets and expose user interface affordances to add, configure, view, and remove AppWidgets directly within the Launcher.
- </li>
- <li>Device implementations MUST be capable of rendering widgets that are 4 x 4 in the standard grid size. See the <a href="http://developer.android.com/guide/practices/ui_guidelines/widget_design.html">App Widget Design Guidelines</a> in the Android SDK documentation for details.
- </li>
- <li>Device implementations that include support for lock screen MAY support application widgets on the lock screen.
- </li>
- </ul>
- <h3>
- 3.8.3. Notifications
- </h3>
- <p>
- Android includes APIs that allow developers to <a href="http://developer.android.com/guide/topics/ui/notifiers/notifications.html">notify users of notable events</a> using hardware and software features of the device.
- </p>
- <p>
- Some APIs allow applications to perform notifications or attract attention using hardware—specifically sound, vibration, and light. Device implementations MUST support notifications that use hardware features, as described in the SDK documentation, and to the extent possible with the device implementation hardware. For instance, if a device implementation includes a vibrator, it MUST correctly implement the vibration APIs. If a device implementation lacks hardware, the corresponding APIs MUST be implemented as no-ops. This behavior is further detailed in <a href="#7_hardware_compatibility">section 7</a>.
- </p>
- <p>
- Additionally, the implementation MUST correctly render all <a href="https://developer.android.com/guide/topics/resources/available-resources.html">resources</a> (icons, animation files etc.) provided for in the APIs, or in the Status/System Bar <a href="http://developer.android.com/design/style/iconography.html">icon style guide</a>, which in the case of an Android Television device includes the possibility to not display the notifications. Device implementers MAY provide an alternative user experience for notifications than that provided by the reference Android Open Source implementation; however, such alternative notification systems MUST support existing notification resources, as above.
- </p>
- <div class="note">
- Android Automotive implementations MAY manage the visibility and timing of notifications to mitigate driver distraction, but MUST display notifications that use <a href="https://developer.android.com/reference/android/app/Notification.CarExtender.html">CarExtender</a> when requested by applications.
- </div>
- <p>
- Android includes support for various notifications, such as:
- </p>
- <ul>
- <li>
- <strong>Rich notifications</strong>. Interactive Views for ongoing notifications.
- </li>
- <li>
- <strong>Heads-up notifications</strong>. Interactive Views users can act on or dismiss without leaving the current app.
- </li>
- <li>
- <strong>Lock screen notifications</strong>. Notifications shown over a lock screen with granular control on visibility.
- </li>
- </ul>
- <p>
- Android device implementations, when such notifications are made visible, MUST properly execute Rich and Heads-up notifications and include the title/name, icon, text as <a href="https://developer.android.com/design/patterns/notifications.html">documented in the Android APIs</a>.
- </p>
- <p>
- Android includes Notification Listener Service APIs that allow apps (once explicitly enabled by the user) to receive a copy of all notifications as they are posted or updated. Device implementations MUST correctly and promptly send notifications in their entirety to all such installed and user-enabled listener services, including any and all metadata attached to the Notification object.
- </p>
- <p>
- Handheld device implementations MUST support the behaviors of updating, removing, replying to, and bundling notifications as described in this <a href="https://developer.android.com/guide/topics/ui/notifiers/notifications.html#Managing">section</a>.
- </p>
- <p>
- Also, handheld device implementations MUST provide:
- </p>
- <ul>
- <li>The ability to control notifications directly in the notification shade.
- </li>
- <li>The visual affordance to trigger the control panel in the notification shade.
- </li>
- <li>The ability to BLOCK, MUTE and RESET notification preference from a package, both in the inline control panel as well as in the settings app.
- </li>
- </ul>
- <p>
- All 6 direct subclasses of the <code>Notification.Style class</code> MUST be supported as described in the <a href="https://developer.android.com/reference/android/app/Notification.Style.html">SDK documents</a>.
- </p>
- <p>
- Device implementations that support the DND (Do not Disturb) feature MUST meet the following requirements:
- </p>
- <ul>
- <li>MUST implement an activity that would respond to the intent <a href="https://developer.android.com/reference/android/provider/Settings.html#ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS">ACTION_NOTIFICATION_POLICY_ACCESS_SETTINGS</a>, which for implementations with UI_MODE_TYPE_NORMAL it MUST be an activity where the user can grant or deny the app access to DND policy configurations.
- </li>
- <li>MUST, for when the device implementation has provided a means for the user to grant or deny third-party apps to access the DND policy configuration, display <a href="https://developer.android.com/reference/android/app/NotificationManager.html#addAutomaticZenRule%28android.app.AutomaticZenRule%29">Automatic DND rules</a> created by applications alongside the user-created and pre-defined rules.
- </li>
- <li>MUST honor the <a href="https://developer.android.com/reference/android/app/NotificationManager.Policy.html#suppressedVisualEffects"><code>suppressedVisualEffects</code></a> values passed along the <a href="https://developer.android.com/reference/android/app/NotificationManager.Policy.html#NotificationManager.Policy%28int,%20int,%20int,%20int%29"><code>NotificationManager.Policy</code></a> and if an app has set any of the SUPPRESSED_EFFECT_SCREEN_OFF or SUPPRESSED_EFFECT_SCREEN_ON flags, it SHOULD indicate to the user that the visual effects are suppressed in the DND settings menu.
- </li>
- </ul>
- <h3>
- 3.8.4. Search
- </h3>
- <p>
- Android includes APIs that allow developers to <a href="http://developer.android.com/reference/android/app/SearchManager.html">incorporate search</a> into their applications and expose their application’s data into the global system search. Generally speaking, this functionality consists of a single, system-wide user interface that allows users to enter queries, displays suggestions as users type, and displays results. The Android APIs allow developers to reuse this interface to provide search within their own apps and allow developers to supply results to the common global search user interface.
- </p>
- <p>
- Android device implementations SHOULD include global search, a single, shared, system-wide search user interface capable of real-time suggestions in response to user input. Device implementations SHOULD implement the APIs that allow developers to reuse this user interface to provide search within their own applications. Device implementations that implement the global search interface MUST implement the APIs that allow third-party applications to add suggestions to the search box when it is run in global search mode. If no third-party applications are installed that make use of this functionality, the default behavior SHOULD be to display web search engine results and suggestions.
- </p>
- <p>
- Android device implementations SHOULD, and Android Automotive implementations MUST, implement an assistant on the device to handle the <a href="http://developer.android.com/reference/android/content/Intent.html#ACTION_ASSIST">Assist action</a>.
- </p>
- <p>
- Android also includes the <a href="https://developer.android.com/reference/android/app/assist/package-summary.html">Assist APIs</a> to allow applications to elect how much information of the current context is shared with the assistant on the device. Device implementations supporting the Assist action MUST indicate clearly to the end user when the context is shared by displaying a white light around the edges of the screen. To ensure clear visibility to the end user, the indication MUST meet or exceed the duration and brightness of the Android Open Source Project implementation.
- </p>
- <p>
- This indication MAY be disabled by default for preinstalled apps using the Assist and VoiceInteractionService API, if all following requirements are met:
- </p>
- <ul>
- <li>
- <p>
- The preinstalled app MUST request the context to be shared only when the user invoked the app by one of the following means, and the app is running in the foreground:
- </p>
- <ul>
- <li>hotword invocation
- </li>
- <li>input of the ASSIST navigation key/button/gesture
- </li>
- </ul>
- </li>
- <li>
- <p>
- The device implementation MUST provide an affordance to enable the indication, less than two navigations away from (the default voice input and assistant app settings menu) <a href="#3_2_3_5_default_app_settings">section 3.2.3.5</a>.
- </p>
- </li>
- </ul>
- <h3>
- 3.8.5. Toasts
- </h3>
- <p>
- Applications can use the <a href="http://developer.android.com/reference/android/widget/Toast.html">“Toast” API</a> to display short non-modal strings to the end user that disappear after a brief period of time. Device implementations MUST display Toasts from applications to end users in some high-visibility manner.
- </p>
- <h3>
- 3.8.6. Themes
- </h3>
- <p>
- Android provides “themes” as a mechanism for applications to apply styles across an entire Activity or application.
- </p>
- <p>
- Android includes a “Holo” theme family as a set of defined styles for application developers to use if they want to match the <a href="http://developer.android.com/guide/topics/ui/themes.html">Holo theme look and feel</a> as defined by the Android SDK. Device implementations MUST NOT alter any of the <a href="http://developer.android.com/reference/android/R.style.html">Holo theme attributes</a> exposed to applications.
- </p>
- <p>
- Android includes a “Material” theme family as a set of defined styles for application developers to use if they want to match the design theme’s look and feel across the wide variety of different Android device types. Device implementations MUST support the “Material” theme family and MUST NOT alter any of the <a href="http://developer.android.com/reference/android/R.style.html#Theme_Material">Material theme attributes</a> or their assets exposed to applications.
- </p>
- <p>
- Android also includes a “Device Default” theme family as a set of defined styles for application developers to use if they want to match the look and feel of the device theme as defined by the device implementer. Device implementations MAY modify the <a href="http://developer.android.com/reference/android/R.style.html">Device Default theme attributes</a> exposed to applications.
- </p>
- <p>
- Android supports a variant theme with translucent system bars, which allows application developers to fill the area behind the status and navigation bar with their app content. To enable a consistent developer experience in this configuration, it is important the status bar icon style is maintained across different device implementations. Therefore, Android device implementations MUST use white for system status icons (such as signal strength and battery level) and notifications issued by the system, unless the icon is indicating a problematic status or an app requests a light status bar using the SYSTEM_UI_FLAG_LIGHT_STATUS_BAR flag. When an app requests a light status bar, Android device implementations MUST change the color of the system status icons to black (for details, refer to <a href="http://developer.android.com/reference/android/R.style.html">R.style</a>).
- </p>
- <h3>
- 3.8.7. Live Wallpapers
- </h3>
- <p>
- Android defines a component type and corresponding API and lifecycle that allows applications to expose one or more <a href="http://developer.android.com/reference/android/service/wallpaper/WallpaperService.html">“Live Wallpapers”</a> to the end user. Live wallpapers are animations, patterns, or similar images with limited input capabilities that display as a wallpaper, behind other applications.
- </p>
- <p>
- Hardware is considered capable of reliably running live wallpapers if it can run all live wallpapers, with no limitations on functionality, at a reasonable frame rate with no adverse effects on other applications. If limitations in the hardware cause wallpapers and/or applications to crash, malfunction, consume excessive CPU or battery power, or run at unacceptably low frame rates, the hardware is considered incapable of running live wallpaper. As an example, some live wallpapers may use an OpenGL 2.0 or 3.x context to render their content. Live wallpaper will not run reliably on hardware that does not support multiple OpenGL contexts because the live wallpaper use of an OpenGL context may conflict with other applications that also use an OpenGL context.
- </p>
- <p>
- Device implementations capable of running live wallpapers reliably as described above SHOULD implement live wallpapers, and when implemented MUST report the platform feature flag android.software.live_wallpaper.
- </p>
- <h3>
- 3.8.8. Activity Switching
- </h3>
- <div class="note">
- As the Recent function navigation key is OPTIONAL, the requirement to implement the overview screen is OPTIONAL for Android Watch and Android Automotive implementations, and RECOMMENDED for Android Television devices. There SHOULD still be a method to switch between activities on Android Automotive implementations.
- </div>
- <p>
- The upstream Android source code includes the <a href="http://developer.android.com/guide/components/recents.html">overview screen</a>, a system-level user interface for task switching and displaying recently accessed activities and tasks using a thumbnail image of the application’s graphical state at the moment the user last left the application. Device implementations including the recents function navigation key as detailed in <a href="#7_2_3_navigation_keys">section 7.2.3</a> MAY alter the interface but MUST meet the following requirements:
- </p>
- <ul>
- <li>MUST support at least up to 20 displayed activities.
- </li>
- <li>SHOULD at least display the title of 4 activities at a time.
- </li>
- <li>MUST implement the <a href="http://developer.android.com/about/versions/android-5.0.html#ScreenPinning">screen pinning behavior</a> and provide the user with a settings menu to toggle the feature.
- </li>
- <li>SHOULD display highlight color, icon, screen title in recents.
- </li>
- <li>SHOULD display a closing affordance ("x") but MAY delay this until user interacts with screens.
- </li>
- <li>SHOULD implement a shortcut to switch easily to the previous activity
- </li>
- <li>MAY display affiliated recents as a group that moves together.
- </li>
- <li>SHOULD trigger the fast-switch action between the two most recently used apps, when the recents function key is tapped twice.
- </li>
- <li>SHOULD trigger the split-screen multiwindow-mode, if supported, when the recents functions key is long pressed.
- </li>
- </ul>
- <p>
- Device implementations are STRONGLY RECOMMENDED to use the upstream Android user interface (or a similar thumbnail-based interface) for the overview screen.
- </p>
- <h3>
- 3.8.9. Input Management
- </h3>
- <p>
- Android includes support for <a href="http://developer.android.com/guide/topics/text/creating-input-method.html">Input Management</a> and support for third-party input method editors. Device implementations that allow users to use third-party input methods on the device MUST declare the platform feature android.software.input_methods and support IME APIs as defined in the Android SDK documentation.
- </p>
- <p>
- Device implementations that declare the android.software.input_methods feature MUST provide a user-accessible mechanism to add and configure third-party input methods. Device implementations MUST display the settings interface in response to the android.settings.INPUT_METHOD_SETTINGS intent.
- </p>
- <h3>
- 3.8.10. Lock Screen Media Control
- </h3>
- <p>
- The Remote Control Client API is deprecated from Android 5.0 in favor of the <a href="http://developer.android.com/reference/android/app/Notification.MediaStyle.html">Media Notification Template</a> that allows media applications to integrate with playback controls that are displayed on the lock screen. Device implementations that support a lock screen, unless an Android Automotive or Watch implementation, MUST display the Lock screen Notifications including the Media Notification Template.
- </p>
- <h3>
- 3.8.11. Screen savers (previously Dreams)
- </h3>
- <p>
- Android includes support for <a href="http://developer.android.com/reference/android/service/dreams/DreamService.html">interactivescreensavers</a>, previously referred to as Dreams. Screen savers allow users to interact with applications when a device connected to a power source is idle or docked in a desk dock. Android Watch devices MAY implement screen savers, but other types of device implementations SHOULD include support for screen savers and provide a settings option for users toconfigure screen savers in response to the <code>android.settings.DREAM_SETTINGS</code> intent.
- </p>
- <h3>
- 3.8.12. Location
- </h3>
- <p>
- When a device has a hardware sensor (e.g. GPS) that is capable of providing the location coordinates, <a href="http://developer.android.com/reference/android/provider/Settings.Secure.html#LOCATION_MODE">location modes</a> MUST be displayed in the Location menu within Settings.
- </p>
- <h3>
- 3.8.13. Unicode and Font
- </h3>
- <p>
- Android includes support for the emoji characters defined in <a href="http://www.unicode.org/versions/Unicode9.0.0/">Unicode 9.0</a>. All device implementations MUST be capable of rendering these emoji characters in color glyph and when Android device implementations include an IME, it SHOULD provide an input method to the user for these emoji characters.
- </p>
- <p>
- Android handheld devices SHOULD support the skin tone and diverse family emojis as specified in the <a href="http://unicode.org/reports/tr51">Unicode Technical Report #51</a>.
- </p>
- <p>
- Android includes support for Roboto 2 font with different weights—sans-serif-thin, sans-serif-light, sans-serif-medium, sans-serif-black, sans-serif-condensed, sans-serif-condensed-light—which MUST all be included for the languages available on the device and full Unicode 7.0 coverage of Latin, Greek, and Cyrillic, including the Latin Extended A, B, C, and D ranges, and all glyphs in the currency symbols block of Unicode 7.0.
- </p>
- <h3>
- 3.8.14. Multi-windows
- </h3>
- <p>
- A device implementation MAY choose not to implement any multi-window modes, but if it has the capability to display multiple activities at the same time it MUST implement such multi-window mode(s) in accordance with the application behaviors and APIs described in the Android SDK <a href="https://developer.android.com/preview/features/multi-window.html">multi-window mode support documentation</a> and meet the following requirements:
- </p>
- <ul>
- <li>Applications can indicate whether they are capable of operating in multi-window mode in the AndroidManifest.xml file, either explicitly via the <a href="https://developer.android.com/reference/android/R.attr.html#resizeableActivity"><code>android:resizeableActivity</code></a> attribute or implicitly by having the targetSdkVersion > 24. Apps that explicitly set this attribute to false in their manifest MUST not be launched in multi-window mode. Apps that don't set the attribute in their manifest file (targetSdkVersion < 24) can be launched in multi-window mode, but the system MUST provide warning that the app may not work as expected in multi-window mode.
- </li>
- <li>Device implementations MUST NOT offer split-screen or freeform mode if both the screen height and width is less than 440 dp.
- </li>
- <li>Device implementations with screen size <code>xlarge</code> SHOULD support freeform mode.
- </li>
- <li>Android Television device implementations MUST support picture-in-picture (PIP) mode multi-window and place the PIP multi-window in the top right corner when PIP is ON.
- </li>
- <li>Device implementations with PIP mode multi-window support MUST allocate at least 240x135 dp for the PIP window.
- </li>
- <li>If the PIP multi-window mode is supported the <a href="https://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_WINDOW"><code>KeyEvent.KEYCODE_WINDOW</code></a> key MUST be used to control the PIP window; otherwise, the key MUST be available to the foreground activity.
- </li>
- </ul>
- <h2>
- 3.9. Device Administration
- </h2>
- <p>
- Android includes features that allow security-aware applications to perform device administration functions at the system level, such as enforcing password policies or performing remote wipe, through the <a href="http://developer.android.com/guide/topics/admin/device-admin.html">Android Device Administration API</a>]. Device implementations MUST provide an implementation of the <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html">DevicePolicyManager</a> class. Device implementations that supports a secure lock screen MUST implement the full range of <a href="http://developer.android.com/guide/topics/admin/device-admin.html">device administration</a> policies defined in the Android SDK documentation and report the platform feature android.software.device_admin.
- </p>
- <h3>
- 3.9.1 Device Provisioning
- </h3>
- <h4>
- 3.9.1.1 Device owner provisioning
- </h4>
- <p>
- If a device implementation declares the <code>android.software.device_admin</code> feature then it MUST implement the provisioning of the <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isDeviceOwnerApp(java.lang.String)">Device Owner app</a> of a Device Policy Client (DPC) application as indicated below:
- </p>
- <ul>
- <li>When the device implementation has no user data configured yet, it:
- <ul>
- <li>MUST report <code>true</code> for <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProvisioningAllowed(java.lang.String)"><code>DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)</code></a>.
- </li>
- <li>MUST enroll the DPC application as the Device Owner app in response to the intent action <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_DEVICE"><code>android.app.action.PROVISION_MANAGED_DEVICE</code></a>.
- </li>
- <li>MUST enroll the DPC application as the Device Owner app if the device declares Near-Field Communications (NFC) support via the feature flag <code>android.hardware.nfc</code> and receives an NFC message containing a record with MIME type <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#MIME_TYPE_PROVISIONING_NFC"><code>MIME_TYPE_PROVISIONING_NFC</code></a>.
- </li>
- </ul>
- </li>
- <li>When the device implementation has user data, it:
- <ul>
- <li>MUST report <code>false</code> for the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProvisioningAllowed(java.lang.String)"><code>DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)</code></a>.
- </li>
- <li>MUST not enroll any DPC application as the Device Owner App any more.
- </li>
- </ul>
- </li>
- </ul>
- <p>
- Device implementations MAY have a preinstalled application performing device administration functions but this application MUST NOT be set as the Device Owner app without explicit consent or action from the user or the administrator of the device.
- </p>
- <h4>
- 3.9.1.2 Managed profile provisioning
- </h4>
- <p>
- If a device implementation declares the android.software.managed_users, it MUST be possible to enroll a Device Policy Controller (DPC) application as the <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProfileOwnerApp(java.lang.String)">owner of a new Managed Profile</a>.
- </p>
- <p>
- The managed profile provisioning process (the flow initiated by <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">android.app.action.PROVISION_MANAGED_PROFILE</a>) user experience MUST align with the AOSP implementation.
- </p>
- <p>
- Device implementations MUST provide the following user affordances within the Settings user interface to indicate to the user when a particular system function has been disabled by the Device Policy Controller (DPC):
- </p>
- <ul>
- <li>A consistent icon or other user affordance (for example the upstream AOSP info icon) to represent when a particular setting is restricted by a Device Admin.
- </li>
- <li>A short explanation message, as provided by the Device Admin via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setShortSupportMessage%28android.content.ComponentName,%20java.lang.CharSequence%29"><code>setShortSupportMessage</code></a>.
- </li>
- <li>The DPC application’s icon.
- </li>
- </ul>
- <h2>
- 3.9.2 Managed Profile Support
- </h2>
- <p>
- Managed profile capable devices are those devices that:
- </p>
- <ul>
- <li>Declare android.software.device_admin (see <a href="#3_9_device_administration">section 3.9 Device Administration</a>).
- </li>
- <li>Are not low RAM devices (see <a href="#7_6_1_minimum_memory_and_storage">section 7.6.1</a>).
- </li>
- <li>Allocate internal (non-removable) storage as shared storage (see <a href="#7_6_2_application_shared_storage">section 7.6.2</a>).
- </li>
- </ul>
- <p>
- Managed profile capable devices MUST:
- </p>
- <ul>
- <li>Declare the platform feature flag <code>android.software.managed_users</code>.
- </li>
- <li>Support managed profiles via the <code>android.app.admin.DevicePolicyManager</code> APIs.
- </li>
- <li>Allow one and only <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">one managed profile to be created</a>.
- </li>
- <li>Use an icon badge (similar to the AOSP upstream work badge) to represent the managed applications and widgets and other badged UI elements like Recents & Notifications.
- </li>
- <li>Display a notification icon (similar to the AOSP upstream work badge) to indicate when user is within a managed profile application.
- </li>
- <li>Display a toast indicating that the user is in the managed profile if and when the device wakes up (ACTION_USER_PRESENT) and the foreground application is within the managed profile.
- </li>
- <li>Where a managed profile exists, show a visual affordance in the Intent 'Chooser' to allow the user to forward the intent from the managed profile to the primary user or vice versa, if enabled by the Device Policy Controller.
- </li>
- <li>Where a managed profile exists, expose the following user affordances for both the primary user and the managed profile:
- <ul>
- <li>Separate accounting for battery, location, mobile data and storage usage for the primary user and managed profile.
- </li>
- <li>Independent management of VPN Applications installed within the primary user or managed profile.
- </li>
- <li>Independent management of applications installed within the primary user or managed profile.
- </li>
- <li>Independent management of accounts within the primary user or managed profile.
- </li>
- </ul>
- </li>
- <li>Ensure the preinstalled dialer, contacts and messaging applications can search for and look up caller information from the managed profile (if one exists) alongside those from the primary profile, if the Device Policy Controller permits it. When contacts from the managed profile are displayed in the preinstalled call log, in-call UI, in-progress and missed-call notifications, contacts and messaging apps they SHOULD be badged with the same badge used to indicate managed profile applications.
- </li>
- <li>MUST ensure that it satisfies all the security requirements applicable for a device with multiple users enabled (see<a href="#9_5_multi-user_support">section 9.5</a>), even though the managed profile is not counted as another user in addition to the primary user.
- </li>
- <li>Support the ability to specify a separate lock screen meeting the following requirements to grant access to apps running in a managed profile.
- <ul>
- <li>Device implementations MUST honor the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_SET_NEW_PASSWORD"><code>DevicePolicyManager.ACTION_SET_NEW_PASSWORD</code></a> intent and show an interface to configure a separate lock screen credential for the managed profile.
- </li>
- <li>The lock screen credentials of the managed profile MUST use the same credential storage and management mechanisms as the parent profile, as documented on the <a href="http://source.android.com/security/authentication/index.html">Android Open Source Project Site</a>
- </li>
- <li>The DPC <a href="https://developer.android.com/guide/topics/admin/device-admin.html#pwd">password policies</a> MUST apply to only the managed profile's lock screen credentials unless called upon the <code>DevicePolicyManager</code> instance returned by <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#getParentProfileInstance%28android.content.ComponentName%29">getParentProfileInstance</a>.
- </li>
- </ul>
- </li>
- </ul>
- <h2>
- 3.10. Accessibility
- </h2>
- <p>
- Android provides an accessibility layer that helps users with disabilities to navigate their devices more easily. In addition, Android provides platform APIs that enable <a href="http://developer.android.com/reference/android/accessibilityservice/AccessibilityService.html">accessibility service implementations</a> to receive callbacks for user and system events and generate alternate feedback mechanisms, such as text-to-speech, haptic feedback, and trackball/d-pad navigation.
- </p>
- <p>
- Device implementations include the following requirements:
- </p>
- <ul>
- <li>Android Automotive implementations SHOULD provide an implementation of the Android accessibility framework consistent with the default Android implementation.
- </li>
- <li>Device implementations (Android Automotive excluded) MUST provide an implementation of the Android accessibility framework consistent with the default Android implementation.
- </li>
- <li>Device implementations (Android Automotive excluded) MUST support third-party accessibility service implementations through the <a href="http://developer.android.com/reference/android/view/accessibility/package-summary.html">android.accessibilityservice APIs</a>.
- </li>
- <li>Device implementations (Android Automotive excluded) MUST generate AccessibilityEvents and deliver these events to all registered AccessibilityService implementations in a manner consistent with the default Android implementation
- </li>
- <li>
- <p>
- Device implementations (Android Automotive and Android Watch devices with no audio output excluded), MUST provide a user-accessible mechanism to enable and disable accessibility services, and MUST display this interface in response to the android.provider.Settings.ACTION_ACCESSIBILITY_SETTINGS intent.
- </p>
- </li>
- <li>
- <p>
- Android device implementations with audio output are STRONGLY RECOMMENDED to provide implementations of accessibility services on the device comparable in or exceeding functionality of the TalkBack** and Switch Access accessibility services (https://github.com/google/talkback).
- </p>
- </li>
- <li>Android Watch devices with audio output SHOULD provide implementations of an accessibility service on the device comparable in or exceeding functionality of the TalkBack accessibility service (https://github.com/google/talkback).
- </li>
- <li>Device implementations SHOULD provide a mechanism in the out-of-box setup flow for users to enable relevant accessibility services, as well as options to adjust the font size, display size and magnification gestures.
- </li>
- </ul>
- <p>
- ** For languages supported by Text-to-speech.
- </p>
- <p>
- Also, note that if there is a preloaded accessibility service, it MUST be a Direct Boot aware {directBootAware} app if the device has encrypted storage using File Based Encryption (FBE).
- </p>
- <h2>
- 3.11. Text-to-Speech
- </h2>
- <p>
- Android includes APIs that allow applications to make use of text-to-speech (TTS) services and allows service providers to provide implementations of TTS services. Device implementations reporting the feature android.hardware.audio.output MUST meet these requirements related to the <a href="http://developer.android.com/reference/android/speech/tts/package-summary.html">Android TTS framework</a>.
- </p>
- <p>
- Android Automotive implementations:
- </p>
- <ul>
- <li>MUST support the Android TTS framework APIs.
- </li>
- <li>MAY support installation of third-party TTS engines. If supported, partners MUST provide a user-accessible interface that allows the user to select a TTS engine for use at system level.
- </li>
- </ul>
- <p>
- All other device implementations:
- </p>
- <ul>
- <li>MUST support the Android TTS framework APIs and SHOULD include a TTS engine supporting the languages available on the device. Note that the upstream Android open source software includes a full-featured TTS engine implementation.
- </li>
- <li>MUST support installation of third-party TTS engines.
- </li>
- <li>MUST provide a user-accessible interface that allows users to select a TTS engine for use at the system level.
- </li>
- </ul>
- <h2>
- 3.12. TV Input Framework
- </h2>
- <p>
- The <a href="http://source.android.com/devices/tv/index.html">Android Television Input Framework (TIF)</a> simplifies the delivery of live content to Android Television devices. TIF provides a standard API to create input modules that control Android Television devices. Android Television device implementations MUST support TV Input Framework.
- </p>
- <p>
- Device implementations that support TIF MUST declare the platform feature android.software.live_tv.
- </p>
- <h3>
- 3.12.1. TV App
- </h3>
- <p>
- Any device implementation that declares support for Live TV MUST have an installed TV application (TV App). The Android Open Source Project provides an implementation of the TV App.
- </p>
- <p>
- The TV App MUST provide facilities to install and use <a href="http://developer.android.com/reference/android/media/tv/TvContract.Channels.html">TV Channels</a> and meet the following requirements:
- </p>
- <ul>
- <li>Device implementations MUST allow third-party TIF-based inputs (<a href="https://source.android.com/devices/tv/index.html#third-party_input_example">third-party inputs</a>) to be installed and managed.
- </li>
- <li>Device implementations MAY provide visual separation between pre-installed <a href="https://source.android.com/devices/tv/index.html#tv_inputs">TIF-based inputs</a> (installed inputs) and third-party inputs.
- </li>
- <li>Device implementations MUST NOT display the third-party inputs more than a single navigation action away from the TV App (i.e. expanding a list of third-party inputs from the TV App).
- </li>
- </ul>
- <h4>
- 3.12.1.1. Electronic Program Guide
- </h4>
- <p>
- Android Television device implementations MUST show an informational and interactive overlay, which MUST include an electronic program guide (EPG) generated from the values in the <a href="https://developer.android.com/reference/android/media/tv/TvContract.Programs.html">TvContract.Programs</a> fields. The EPG MUST meet the following requirements:
- </p>
- <ul>
- <li>The EPG MUST display information from all installed inputs and third-party inputs.
- </li>
- <li>The EPG MAY provide visual separation between the installed inputs and third-party inputs.
- </li>
- <li>The EPG is STRONGLY RECOMMENDED to display installed inputs and third-party inputs with equal prominence. The EPG MUST NOT display the third-party inputs more than a single navigation action away from the installed inputs on the EPG.
- </li>
- <li>On channel change, device implementations MUST display EPG data for the currently playing program.
- </li>
- </ul>
- <h4>
- 3.12.1.2. Navigation
- </h4>
- <p>
- The TV App MUST allow navigation for the following functions via the D-pad, Back, and Home keys on the Android Television device’s input device(s) (i.e. remote control, remote control application, or game controller):
- </p>
- <ul>
- <li>Changing TV channels
- </li>
- <li>Opening EPG
- </li>
- <li>Configuring and tuning to third-party TIF-based inputs
- </li>
- <li>Opening Settings menu
- </li>
- </ul>
- <p>
- The TV App SHOULD pass key events to HDMI inputs through CEC.
- </p>
- <h4>
- 3.12.1.3. TV input app linking
- </h4>
- <p>
- Android Television device implementations MUST support <a href="http://developer.android.com/reference/android/media/tv/TvContract.Channels.html#COLUMN_APP_LINK_INTENT_URI">TV input app linking</a>, which allows all inputs to provide activity links from the current activity to another activity (i.e. a link from live programming to related content). The TV App MUST show TV input app linking when it is provided.
- </p>
- <h4>
- 3.12.1.4. Time shifting
- </h4>
- <p>
- Android Television device implementations MUST support time shifting, which allows the user to pause and resume live content. Device implementations MUST provide the user a way to pause and resume the currently playing program, if time shifting for that program <a href="https://developer.android.com/reference/android/media/tv/TvInputManager.html#TIME_SHIFT_STATUS_AVAILABLE">is available</a>.
- </p>
- <h4>
- 3.12.1.5. TV recording
- </h4>
- <p>
- Android Television device implementations are STRONGLY RECOMMENDED to support TV recording. If the TV input supports recording, the EPG MAY provide a way to <a href="https://developer.android.com/reference/android/media/tv/TvInputInfo.html#canRecord%28%29">record a program</a> if the recording of such a program is not <a href="https://developer.android.com/reference/android/media/tv/TvContract.Programs.html#COLUMN_RECORDING_PROHIBITED">prohibited</a>. Device implementations SHOULD provide a user interface to play recorded programs.
- </p>
- <h2>
- 3.13. Quick Settings
- </h2>
- <p>
- Android device implementations SHOULD include a Quick Settings UI component that allow quick access to frequently used or urgently needed actions.
- </p>
- <p>
- Android includes the <a href="https://developer.android.com/reference/android/service/quicksettings/package-summary.html"><code>quicksettings</code></a> API allowing third party apps to implement tiles that can be added by the user alongside the system-provided tiles in the Quick Settings UI component. If a device implementation has a Quick Settings UI component, it:
- </p>
- <ul>
- <li>MUST allow the user to add or remove tiles from a third-party app to Quick Settings.
- </li>
- <li>MUST NOT automatically add a tile from a third-party app directly to Quick Settings.
- </li>
- <li>MUST display all the user-added tiles from third-party apps alongside the system-provided quick setting tiles.
- </li>
- </ul>
- <h2>
- 3.14. Vehicle UI APIs
- </h2>
- <h3>
- 3.14.1. Vehicle Media UI
- </h3>
- <p>
- Any device implementation that <a href="https://developer.android.com/reference/android/content/pm/PackageManager.html?#FEATURE_AUTOMOTIVE?">declares automotive support</a> MUST include a UI framework to support third-party apps consuming the <a href="http://developer.android.com/reference/android/media/browse/MediaBrowser.html">MediaBrowser</a> and <a href="http://developer.android.com/reference/android/media/session/MediaSession.html">MediaSession</a> APIs.
- </p>
- <p>
- The UI framework supporting third-party apps that depend on MediaBrowser and MediaSession has the following visual requirements:
- </p>
- <ul>
- <li>MUST display <a href="http://developer.android.com/reference/android/media/browse/MediaBrowser.MediaItem.html">MediaItem</a> icons and notification icons unaltered.
- </li>
- <li>MUST display those items as described by MediaSession, e.g., metadata, icons, imagery.
- </li>
- <li>MUST show app title.
- </li>
- <li>MUST have drawer to present <a href="http://developer.android.com/reference/android/media/browse/MediaBrowser.html">MediaBrowser</a> hierarchy.
- </li>
- </ul>
- <h1>
- 4. Application Packaging Compatibility
- </h1>
- <p>
- Device implementations MUST install and run Android “.apk” files as generated by the “aapt” tool included in the <a href="http://developer.android.com/tools/help/index.html">official Android SDK</a>. For this reason device implementations SHOULD use the reference implementation’s package management system.
- </p>
- <p>
- The package manager MUST support verifying “.apk” files using the <a href="https://source.android.com/security/apksigning/v2.html">APK Signature Scheme v2</a> and <a href="https://source.android.com/security/apksigning/v2.html#v1-verification">JAR signing</a>.
- </p>
- <p>
- Devices implementations MUST NOT extend either the <a href="http://developer.android.com/guide/components/fundamentals.html">.apk</a>, <a href="http://developer.android.com/guide/topics/manifest/manifest-intro.html">Android Manifest</a>, <a href="https://android.googlesource.com/platform/dalvik/">Dalvik bytecode</a>, or RenderScript bytecode formats in such a way that would prevent those files from installing and running correctly on other compatible devices.
- </p>
- <p>
- Device implementations MUST NOT allow apps other than the current "installer of record" for the package to silently uninstall the app without any prompt, as documented in the SDK for the <a href="https://developer.android.com/reference/android/Manifest.permission.html#DELETE_PACKAGES"><code>DELETE_PACKAGE</code></a> permission. The only exceptions are the system package verifier app handling <a href="https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_NEEDS_VERIFICATION">PACKAGE_NEEDS_VERIFICATION</a> intent and the storage manager app handling <a href="https://developer.android.com/reference/android/os/storage/StorageManager.html#ACTION_MANAGE_STORAGE">ACTION_MANAGE_STORAGE</a> intent.
- </p>
- <h1>
- 5. Multimedia Compatibility
- </h1>
- <h2>
- 5.1. Media Codecs
- </h2>
- <p>
- Device implementations—
- </p>
- <ul>
- <li>
- <p>
- MUST support the <a href="http://developer.android.com/guide/appendix/media-formats.html">core media formats</a> specified in the Android SDK documentation, except where explicitly permitted in this document.
- </p>
- </li>
- <li>
- <p>
- MUST support the media formats, encoders, decoders, file types, and container formats defined in the tables below and reported via <a href="http://developer.android.com/reference/android/media/MediaCodecList.html">MediaCodecList</a>.
- </p>
- </li>
- <li>
- <p>
- MUST also be able to decode all profiles reported in its <a href="http://developer.android.com/reference/android/media/CamcorderProfile.html">CamcorderProfile</a>
- </p>
- </li>
- <li>
- <p>
- MUST be able to decode all formats it can encode. This includes all bitstreams that its encoders generate.
- </p>
- </li>
- </ul>
- <p>
- Codecs SHOULD aim for minimum codec latency, in other words, codecs—
- </p>
- <ul>
- <li>SHOULD NOT consume and store input buffers and return input buffers only once processed
- </li>
- <li>SHOULD NOT hold onto decoded buffers for longer than as specified by the standard (e.g. SPS).
- </li>
- <li>SHOULD NOT hold onto encoded buffers longer than required by the GOP structure.
- </li>
- </ul>
- <p>
- All of the codecs listed in the table below are provided as software implementations in the preferred Android implementation from the Android Open Source Project.
- </p>
- <p>
- Please note that neither Google nor the Open Handset Alliance make any representation that these codecs are free from third-party patents. Those intending to use this source code in hardware or software products are advised that implementations of this code, including in open source software or shareware, may require patent licenses from the relevant patent holders.
- </p>
- <h3>
- 5.1.1. Audio Codecs
- </h3>
- <table>
- <tr>
- <th>
- Format/Codec
- </th>
- <th>
- Encoder
- </th>
- <th>
- Decoder
- </th>
- <th>
- Details
- </th>
- <th>
- Supported File Types/Container Formats
- </th>
- </tr>
- <tr>
- <td>
- MPEG-4 AAC Profile<br />
- (AAC LC)
- </td>
- <td>
- REQUIRED<sup>1</sup>
- </td>
- <td>
- REQUIRED
- </td>
- <td>
- Support for mono/stereo/5.0/5.1<sup>2</sup> content with standard sampling rates from 8 to 48 kHz.
- </td>
- <td>
- <ul>
- <li class="table_list">3GPP (.3gp)
- </li>
- <li class="table_list">MPEG-4 (.mp4, .m4a)
- </li>
- <li class="table_list">ADTS raw AAC (.aac, decode in Android 3.1+, encode in Android 4.0+, ADIF not supported)
- </li>
- <li class="table_list">MPEG-TS (.ts, not seekable, Android 3.0+)
- </li>
- </ul>
- </td>
- </tr>
- <tr>
- <td>
- MPEG-4 HE AAC Profile (AAC+)
- </td>
- <td>
- REQUIRED<sup>1</sup><br />
- (Android 4.1+)
- </td>
- <td>
- REQUIRED
- </td>
- <td>
- Support for mono/stereo/5.0/5.1<sup>2</sup> content with standard sampling rates from 16 to 48 kHz.
- </td>
- <td></td>
- </tr>
- <tr>
- <td>
- MPEG-4 HE AACv2<br />
- Profile (enhanced AAC+)
- </td>
- <td></td>
- <td>
- REQUIRED
- </td>
- <td>
- Support for mono/stereo/5.0/5.1<sup>2</sup> content with standard sampling rates from 16 to 48 kHz.
- </td>
- <td></td>
- </tr>
- <tr>
- <td>
- AAC ELD (enhanced low delay AAC)
- </td>
- <td>
- REQUIRED<sup>1</sup><br />
- (Android 4.1+)
- </td>
- <td>
- REQUIRED<br />
- (Android 4.1+)
- </td>
- <td>
- Support for mono/stereo content with standard sampling rates from 16 to 48 kHz.
- </td>
- <td></td>
- </tr>
- <tr>
- <td>
- AMR-NB
- </td>
- <td>
- REQUIRED<sup>3</sup>
- </td>
- <td>
- REQUIRED<sup>3</sup>
- </td>
- <td>
- 4.75 to 12.2 kbps sampled @ 8 kHz
- </td>
- <td>
- 3GPP (.3gp)
- </td>
- </tr>
- <tr>
- <td>
- AMR-WB
- </td>
- <td>
- REQUIRED<sup>3</sup>
- </td>
- <td>
- REQUIRED<sup>3</sup>
- </td>
- <td>
- 9 rates from 6.60 kbit/s to 23.85 kbit/s sampled @ 16 kHz
- </td>
- <td></td>
- </tr>
- <tr>
- <td>
- FLAC
- </td>
- <td></td>
- <td>
- REQUIRED<br />
- (Android 3.1+)
- </td>
- <td>
- Mono/Stereo (no multichannel). Sample rates up to 48 kHz (but up to 44.1 kHz is RECOMMENDED on devices with 44.1 kHz output, as the 48 to 44.1 kHz downsampler does not include a low-pass filter). 16-bit RECOMMENDED; no dither applied for 24-bit.
- </td>
- <td>
- FLAC (.flac) only
- </td>
- </tr>
- <tr>
- <td>
- MP3
- </td>
- <td></td>
- <td>
- REQUIRED
- </td>
- <td>
- Mono/Stereo 8-320Kbps constant (CBR) or variable bitrate (VBR)
- </td>
- <td>
- MP3 (.mp3)
- </td>
- </tr>
- <tr>
- <td>
- MIDI
- </td>
- <td></td>
- <td>
- REQUIRED
- </td>
- <td>
- MIDI Type 0 and 1. DLS Version 1 and 2. XMF and Mobile XMF. Support for ringtone formats RTTTL/RTX, OTA, and iMelody
- </td>
- <td>
- <ul>
- <li class="table_list">Type 0 and 1 (.mid, .xmf, .mxmf)
- </li>
- <li class="table_list">RTTTL/RTX (.rtttl, .rtx)
- </li>
- <li class="table_list">OTA (.ota)
- </li>
- <li class="table_list">iMelody (.imy)
- </li>
- </ul>
- </td>
- </tr>
- <tr>
- <td>
- Vorbis
- </td>
- <td></td>
- <td>
- REQUIRED
- </td>
- <td></td>
- <td>
- <ul>
- <li class="table_list">Ogg (.ogg)
- </li>
- <li class="table_list">Matroska (.mkv, Android 4.0+)
- </li>
- </ul>
- </td>
- </tr>
- <tr>
- <td>
- PCM/WAVE
- </td>
- <td>
- REQUIRED<sup>4</sup><br />
- (Android 4.1+)
- </td>
- <td>
- REQUIRED
- </td>
- <td>
- 16-bit linear PCM (rates up to limit of hardware). Devices MUST support sampling rates for raw PCM recording at 8000, 11025, 16000, and 44100 Hz frequencies.
- </td>
- <td>
- WAVE (.wav)
- </td>
- </tr>
- <tr>
- <td>
- Opus
- </td>
- <td></td>
- <td>
- REQUIRED<br />
- (Android 5.0+)
- </td>
- <td></td>
- <td>
- Matroska (.mkv), Ogg(.ogg)
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 Required for device implementations that define android.hardware.microphone but optional for Android Watch device implementations.
- </p>
- <p class="table_footnote">
- 2 Recording or playback MAY be performed in mono or stereo, but the decoding of AAC input buffers of multichannel streams (i.e. more than two channels) to PCM through the default AAC audio decoder in the android.media.MediaCodec API, the following MUST be supported:
- </p>
- <ul>
- <li>decoding is performed without downmixing (e.g. a 5.0 AAC stream must be decoded to five channels of PCM, a 5.1 AAC stream must be decoded to six channels of PCM),
- </li>
- <li>dynamic range metadata, as defined in "Dynamic Range Control (DRC)" in ISO/IEC 14496-3, and the android.media.MediaFormat DRC keys to configure the dynamic range-related behaviors of the audio decoder. The AAC DRC keys were introduced in API 21,and are: KEY_AAC_DRC_ATTENUATION_FACTOR, KEY_AAC_DRC_BOOST_FACTOR, KEY_AAC_DRC_HEAVY_COMPRESSION, KEY_AAC_DRC_TARGET_REFERENCE_LEVEL and KEY_AAC_ENCODED_TARGET_LEVEL
- </li>
- </ul>
- <p class="table_footnote">
- 3 Required for Android Handheld device implementations.
- </p>
- <p class="table_footnote">
- 4 Required for device implementations that define android.hardware.microphone, including Android Watch device implementations.
- </p>
- <h3>
- 5.1.2. Image Codecs
- </h3>
- <table>
- <tr>
- <th>
- Format/Codec
- </th>
- <th>
- Encoder
- </th>
- <th>
- Decoder
- </th>
- <th>
- Details
- </th>
- <th>
- Supported File Types/Container Formats
- </th>
- </tr>
- <tr>
- <td>
- JPEG
- </td>
- <td>
- REQUIRED
- </td>
- <td>
- REQUIRED
- </td>
- <td>
- Base+progressive
- </td>
- <td>
- JPEG (.jpg)
- </td>
- </tr>
- <tr>
- <td>
- GIF
- </td>
- <td></td>
- <td>
- REQUIRED
- </td>
- <td></td>
- <td>
- GIF (.gif)
- </td>
- </tr>
- <tr>
- <td>
- PNG
- </td>
- <td>
- REQUIRED
- </td>
- <td>
- REQUIRED
- </td>
- <td></td>
- <td>
- PNG (.png)
- </td>
- </tr>
- <tr>
- <td>
- BMP
- </td>
- <td></td>
- <td>
- REQUIRED
- </td>
- <td></td>
- <td>
- BMP (.bmp)
- </td>
- </tr>
- <tr>
- <td>
- WebP
- </td>
- <td>
- REQUIRED
- </td>
- <td>
- REQUIRED
- </td>
- <td></td>
- <td>
- WebP (.webp)
- </td>
- </tr>
- <tr>
- <td>
- Raw
- </td>
- <td></td>
- <td>
- REQUIRED
- </td>
- <td></td>
- <td>
- ARW (.arw), CR2 (.cr2), DNG (.dng), NEF (.nef), NRW (.nrw), ORF (.orf), PEF (.pef), RAF (.raf), RW2 (.rw2), SRW (.srw)
- </td>
- </tr>
- </table>
- <h3 id="5_1_3_video_codecs">
- 5.1.3. Video Codecs
- </h3>
- <ul>
- <li>
- <p>
- Codecs advertising HDR profile support MUST support HDR static metadata parsing and handling.
- </p>
- </li>
- <li>
- <p>
- If a media codec advertises intra refresh support, then it MUST support the refresh periods in the range of 10 - 60 frames and accurately operate within 20% of configured refresh period.
- </p>
- </li>
- <li>
- <p>
- Video codecs MUST support output and input bytebuffer sizes that accommodate the largest feasible compressed and uncompressed frame as dictated by the standard and configuration but also not overallocate.
- </p>
- </li>
- <li>
- <p>
- Video encoders and decoders MUST support YUV420 flexible color format (COLOR_FormatYUV420Flexible).
- </p>
- </li>
- </ul>
- <table>
- <tr>
- <th>
- Format/Codec
- </th>
- <th>
- Encoder
- </th>
- <th>
- Decoder
- </th>
- <th>
- Details
- </th>
- <th>
- Supported File Types/<br />
- Container Formats
- </th>
- </tr>
- <tr>
- <td>
- H.263
- </td>
- <td>
- MAY
- </td>
- <td>
- MAY
- </td>
- <td></td>
- <td>
- <ul>
- <li class="table_list">3GPP (.3gp)
- </li>
- <li class="table_list">MPEG-4 (.mp4)
- </li>
- </ul>
- </td>
- </tr>
- <tr>
- <td>
- H.264 AVC
- </td>
- <td>
- REQUIRED<sup>2</sup>
- </td>
- <td>
- REQUIRED<sup>2</sup>
- </td>
- <td>
- See <a href="#5_2_video_encoding">section 5.2</a> and <a href="#5_3_video_decoding">5.3</a> for details
- </td>
- <td>
- <ul>
- <li class="table_list">3GPP (.3gp)
- </li>
- <li class="table_list">MPEG-4 (.mp4)
- </li>
- <li class="table_list">MPEG-2 TS (.ts, AAC audio only, not seekable, Android 3.0+)
- </li>
- </ul>
- </td>
- </tr>
- <tr>
- <td>
- H.265 HEVC
- </td>
- <td></td>
- <td>
- REQUIRED<sup>5</sup>
- </td>
- <td>
- See <a href="#5_3_video_decoding">section 5.3</a> for details
- </td>
- <td>
- MPEG-4 (.mp4)
- </td>
- </tr>
- <tr>
- <td>
- MPEG-2
- </td>
- <td></td>
- <td>
- STRONGLY RECOMMENDED<sup>6</sup>
- </td>
- <td>
- Main Profile
- </td>
- <td>
- MPEG2-TS
- </td>
- </tr>
- <tr>
- <td>
- MPEG-4 SP
- </td>
- <td></td>
- <td>
- REQUIRED<sup>2</sup>
- </td>
- <td></td>
- <td>
- 3GPP (.3gp)
- </td>
- </tr>
- <tr>
- <td>
- VP8<sup>3</sup>
- </td>
- <td>
- REQUIRED<sup>2</sup><br />
- (Android 4.3+)
- </td>
- <td>
- REQUIRED<sup>2</sup><br />
- (Android 2.3.3+)
- </td>
- <td>
- See <a href="#5_2_video_encoding">section 5.2</a> and <a href="#5_3_video_decoding">5.3</a> for details
- </td>
- <td>
- <ul>
- <li class="table_list">
- <a href="http://www.webmproject.org/">WebM (.webm)</a>
- </li>
- <li class="table_list">Matroska (.mkv, Android 4.0+)<sup>4</sup>
- </li>
- </ul>
- </td>
- </tr>
- <tr>
- <td>
- VP9
- </td>
- <td></td>
- <td>
- REQUIRED<sup>2</sup><br />
- (Android 4.4+)
- </td>
- <td>
- See <a href="#5_3_video_decoding">section 5.3</a> for details
- </td>
- <td>
- <ul>
- <li class="table_list">
- <a href="http://www.webmproject.org/">WebM (.webm)</a>
- </li>
- <li class="table_list">Matroska (.mkv, Android 4.0+)<sup>4</sup>
- </li>
- </ul>
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 Required for device implementations that include camera hardware and define android.hardware.camera or android.hardware.camera.front.
- </p>
- <p class="table_footnote">
- 2 Required for device implementations except Android Watch devices.
- </p>
- <p class="table_footnote">
- 3 For acceptable quality of web video streaming and video-conference services, device implementations SHOULD use a hardware VP8 codec that meets the <a href="http://www.webmproject.org/hardware/rtc-coding-requirements/">requirements</a>.
- </p>
- <p class="table_footnote">
- 4 Device implementations SHOULD support writing Matroska WebM files.
- </p>
- <p class="table_footnote">
- 5 STRONGLY RECOMMENDED for Android Automotive, optional for Android Watch, and required for all other device types.
- </p>
- <p class="table_footnote">
- 6 Applies only to Android Television device implementations.
- </p>
- <h2>
- 5.2. Video Encoding
- </h2>
- <div class="note">
- Video codecs are optional for Android Watch device implementations.
- </div>
- <p>
- H.264, VP8, VP9 and HEVC video encoders—
- </p>
- <ul>
- <li>MUST support dynamically configurable bitrates.
- </li>
- <li>SHOULD support variable frame rates, where video encoder SHOULD determine instantaneous frame duration based on the timestamps of input buffers, and allocate its bit bucket based on that frame duration.
- </li>
- </ul>
- <p>
- H.263 and MPEG-4 video encoder SHOULD support dynamically configurable bitrates.
- </p>
- <p>
- All video encoders SHOULD meet the following bitrate targets over two sliding windows:
- </p>
- <ul>
- <li>It SHOULD be not more than ~15% over the bitrate between intraframe (I-frame) intervals.
- </li>
- <li>It SHOULD be not more than ~100% over the bitrate over a sliding window of 1 second.
- </li>
- </ul>
- <h3>
- 5.2.1. H.263
- </h3>
- <p>
- Android device implementations with H.263 encoders MUST support Baseline Profile Level 45.
- </p>
- <h3>
- 5.2.2. H-264
- </h3>
- <p>
- Android device implementations with H.264 codec support:
- </p>
- <ul>
- <li>MUST support Baseline Profile Level 3.<br />
- However, support for ASO (Arbitrary Slice Ordering), FMO (Flexible Macroblock Ordering) and RS (Redundant Slices) is OPTIONAL. Moreover, to maintain compatibility with other Android devices, it is RECOMMENDED that ASO, FMO and RS are not used for Baseline Profile by encoders.
- </li>
- <li>MUST support the SD (Standard Definition) video encoding profiles in the following table.
- </li>
- <li>SHOULD support Main Profile Level 4.
- </li>
- <li>SHOULD support the HD (High Definition) video encoding profiles as indicated in the following table.
- </li>
- <li>In addition, Android Television devices are STRONGLY RECOMMENDED to encode HD 1080p video at 30 fps.
- </li>
- </ul>
- <table>
- <tr>
- <th></th>
- <th>
- SD (Low quality)
- </th>
- <th>
- SD (High quality)
- </th>
- <th>
- HD 720p<sup>1</sup>
- </th>
- <th>
- HD 1080p<sup>1</sup>
- </th>
- </tr>
- <tr>
- <th>
- Video resolution
- </th>
- <td>
- 320 x 240 px
- </td>
- <td>
- 720 x 480 px
- </td>
- <td>
- 1280 x 720 px
- </td>
- <td>
- 1920 x 1080 px
- </td>
- </tr>
- <tr>
- <th>
- Video frame rate
- </th>
- <td>
- 20 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- </tr>
- <tr>
- <th>
- Video bitrate
- </th>
- <td>
- 384 Kbps
- </td>
- <td>
- 2 Mbps
- </td>
- <td>
- 4 Mbps
- </td>
- <td>
- 10 Mbps
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 When supported by hardware, but STRONGLY RECOMMENDED for Android Television devices.
- </p>
- <h3>
- 5.2.3. VP8
- </h3>
- <p>
- Android device implementations with VP8 codec support MUST support the SD video encoding profiles and SHOULD support the following HD (High Definition) video encoding profiles.
- </p>
- <table>
- <tr>
- <th></th>
- <th>
- SD (Low quality)
- </th>
- <th>
- SD (High quality)
- </th>
- <th>
- HD 720p<sup>1</sup>
- </th>
- <th>
- HD 1080p<sup>1</sup>
- </th>
- </tr>
- <tr>
- <th>
- Video resolution
- </th>
- <td>
- 320 x 180 px
- </td>
- <td>
- 640 x 360 px
- </td>
- <td>
- 1280 x 720 px
- </td>
- <td>
- 1920 x 1080 px
- </td>
- </tr>
- <tr>
- <th>
- Video frame rate
- </th>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- </tr>
- <tr>
- <th>
- Video bitrate
- </th>
- <td>
- 800 Kbps
- </td>
- <td>
- 2 Mbps
- </td>
- <td>
- 4 Mbps
- </td>
- <td>
- 10 Mbps
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 When supported by hardware.
- </p>
- <h2>
- 5.3. Video Decoding
- </h2>
- <div class="note">
- Video codecs are optional for Android Watch device implementations.
- </div>
- <p>
- Device implementations—
- </p>
- <ul>
- <li>
- <p>
- MUST support dynamic video resolution and frame rate switching through the standard Android APIs within the same stream for all VP8, VP9, H.264, and H.265 codecs in real time and up to the maximum resolution supported by each codec on the device.
- </p>
- </li>
- <li>
- <p>
- Implementations that support the Dolby Vision decoder—
- </p>
- </li>
- <li>MUST provide a Dolby Vision-capable extractor.
- </li>
- <li>
- <p>
- MUST properly display Dolby Vision content on the device screen or on a standard video output port (e.g., HDMI).
- </p>
- </li>
- <li>
- <p>
- Implementations that provide a Dolby Vision-capable extractor MUST set the track index of backward-compatible base-layer(s) (if present) to be the same as the combined Dolby Vision layer's track index.
- </p>
- </li>
- </ul>
- <h3>
- 5.3.1. MPEG-2
- </h3>
- <p>
- Android device implementations with MPEG-2 decoders must support the Main Profile High Level.
- </p>
- <h3>
- 5.3.2. H.263
- </h3>
- <p>
- Android device implementations with H.263 decoders MUST support Baseline Profile Level 30 and Level 45.
- </p>
- <h3>
- 5.3.3. MPEG-4
- </h3>
- <p>
- Android device implementations with MPEG-4 decoders MUST support Simple Profile Level 3.
- </p>
- <h3>
- 5.3.4. H.264
- </h3>
- <p>
- Android device implementations with H.264 decoders:
- </p>
- <ul>
- <li>MUST support Main Profile Level 3.1 and Baseline Profile.<br />
- Support for ASO (Arbitrary Slice Ordering), FMO (Flexible Macroblock Ordering) and RS (Redundant Slices) is OPTIONAL.
- </li>
- <li>MUST be capable of decoding videos with the SD (Standard Definition) profiles listed in the following table and encoded with the Baseline Profile and Main Profile Level 3.1 (including 720p30).
- </li>
- <li>SHOULD be capable of decoding videos with the HD (High Definition) profiles as indicated in the following table.
- </li>
- <li>In addition, Android Television devices—
- <ul>
- <li>MUST support High Profile Level 4.2 and the HD 1080p60 decoding profile.
- </li>
- <li>MUST be capable of decoding videos with both HD profiles as indicated in the following table and encoded with either the Baseline Profile, Main Profile, or the High Profile Level 4.2
- </li>
- </ul>
- </li>
- </ul>
- <table>
- <tr>
- <th></th>
- <th>
- SD (Low quality)
- </th>
- <th>
- SD (High quality)
- </th>
- <th>
- HD 720p<sup>1</sup>
- </th>
- <th>
- HD 1080p<sup>1</sup>
- </th>
- </tr>
- <tr>
- <th>
- Video resolution
- </th>
- <td>
- 320 x 240 px
- </td>
- <td>
- 720 x 480 px
- </td>
- <td>
- 1280 x 720 px
- </td>
- <td>
- 1920 x 1080 px
- </td>
- </tr>
- <tr>
- <th>
- Video frame rate
- </th>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 60 fps
- </td>
- <td>
- 30 fps (60 fps<sup>2</sup>)
- </td>
- </tr>
- <tr>
- <th>
- Video bitrate
- </th>
- <td>
- 800 Kbps
- </td>
- <td>
- 2 Mbps
- </td>
- <td>
- 8 Mbps
- </td>
- <td>
- 20 Mbps
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 REQUIRED for when the height as reported by the Display.getSupportedModes() method is equal or greater than the video resolution.
- </p>
- <p class="table_footnote">
- 2 REQUIRED for Android Television device implementations.
- </p>
- <h3>
- 5.3.5. H.265 (HEVC)
- </h3>
- <p>
- Android device implementations, when supporting H.265 codec as described in <a href="#5_1_3_video_codecs">section 5.1.3</a>:
- </p>
- <ul>
- <li>MUST support the Main Profile Level 3 Main tier and the SD video decoding profiles as indicated in the following table.
- </li>
- <li>SHOULD support the HD decoding profiles as indicated in the following table.
- </li>
- <li>MUST support the HD decoding profiles as indicated in the following table if there is a hardware decoder.
- </li>
- <li>In addition, Android Television devices:
- </li>
- <li>MUST support the HD 720p decoding profile.
- </li>
- <li>STRONGLY RECOMMENDED to support the HD 1080p decoding profile. If the HD 1080p decoding profile is supported, it MUST support the Main Profile Level 4.1 Main tier.
- </li>
- <li>SHOULD support the UHD decoding profile. If the UHD decoding profile is supported the codec MUST support Main10 Level 5 Main Tier profile.
- </li>
- </ul>
- <table>
- <tr>
- <th></th>
- <th>
- SD (Low quality)
- </th>
- <th>
- SD (High quality)
- </th>
- <th>
- HD 720p
- </th>
- <th>
- HD 1080p
- </th>
- <th>
- UHD
- </th>
- </tr>
- <tr>
- <th>
- Video resolution
- </th>
- <td>
- 352 x 288 px
- </td>
- <td>
- 720 x 480 px
- </td>
- <td>
- 1280 x 720 px
- </td>
- <td>
- 1920 x 1080 px
- </td>
- <td>
- 3840 x 2160 px
- </td>
- </tr>
- <tr>
- <th>
- Video frame rate
- </th>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps (60 fps<sup>1</sup>)
- </td>
- <td>
- 60 fps
- </td>
- </tr>
- <tr>
- <th>
- Video bitrate
- </th>
- <td>
- 600 Kbps
- </td>
- <td>
- 1.6 Mbps
- </td>
- <td>
- 4 Mbps
- </td>
- <td>
- 5 Mbps
- </td>
- <td>
- 20 Mbps
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 REQUIRED for Android Television device implementations with H.265 hardware decoding.
- </p>
- <h3>
- 5.3.6. VP8
- </h3>
- <p>
- Android device implementations, when supporting VP8 codec as described in <a href="https://source.android.com/compatibility/android-cdd.html#5_1_3_video_codecs">section 5.1.3</a>:
- </p>
- <ul>
- <li>MUST support the SD decoding profiles in the following table.
- </li>
- <li>SHOULD support the HD decoding profiles in the following table.
- </li>
- <li>Android Television devices MUST support the HD 1080p60 decoding profile.
- </li>
- </ul>
- <table>
- <tr>
- <th></th>
- <th>
- SD (Low quality)
- </th>
- <th>
- SD (High quality)
- </th>
- <th>
- HD 720p<sup>1</sup>
- </th>
- <th>
- HD 1080p<sup>1</sup>
- </th>
- </tr>
- <tr>
- <th>
- Video resolution
- </th>
- <td>
- 320 x 180 px
- </td>
- <td>
- 640 x 360 px
- </td>
- <td>
- 1280 x 720 px
- </td>
- <td>
- 1920 x 1080 px
- </td>
- </tr>
- <tr>
- <th>
- Video frame rate
- </th>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps (60 fps<sup>2</sup>)
- </td>
- <td>
- 30 (60 fps<sup>2</sup>)
- </td>
- </tr>
- <tr>
- <th>
- Video bitrate
- </th>
- <td>
- 800 Kbps
- </td>
- <td>
- 2 Mbps
- </td>
- <td>
- 8 Mbps
- </td>
- <td>
- 20 Mbps
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 REQUIRED for when the height as reported by the Display.getSupportedModes() method is equal or greater than the video resolution.
- </p>
- <p class="table_footnote">
- 2 REQUIRED for Android Television device implementations.
- </p>
- <h3>
- 5.3.7. VP9
- </h3>
- <p>
- Android device implementations, when supporting VP9 codec as described in <a href="https://source.android.com/compatibility/android-cdd.html#5_1_3_video_codecs">section 5.1.3</a>:
- </p>
- <ul>
- <li>MUST support the SD video decoding profiles as indicated in the following table.
- </li>
- <li>SHOULD support the HD decoding profiles as indicated in the following table.
- </li>
- <li>MUST support the HD decoding profiles as indicated in the following table, if there is a hardware decoder.
- </li>
- <li>
- <p>
- In addition, Android Television devices:
- </p>
- <ul>
- <li>MUST support the HD 720p decoding profile.
- </li>
- <li>STRONGLY RECOMMENDED to support the HD 1080p decoding profile.
- </li>
- <li>SHOULD support the UHD decoding profile. If the UHD video decoding profile is supported, it MUST support 8-bit color depth and SHOULD support VP9 Profile 2 (10-bit).
- </li>
- </ul>
- </li>
- </ul>
- <table>
- <tr>
- <th></th>
- <th>
- SD (Low quality)
- </th>
- <th>
- SD (High quality)
- </th>
- <th>
- HD 720p
- </th>
- <th>
- HD 1080p
- </th>
- <th>
- UHD
- </th>
- </tr>
- <tr>
- <th>
- Video resolution
- </th>
- <td>
- 320 x 180 px
- </td>
- <td>
- 640 x 360 px
- </td>
- <td>
- 1280 x 720 px
- </td>
- <td>
- 1920 x 1080 px
- </td>
- <td>
- 3840 x 2160 px
- </td>
- </tr>
- <tr>
- <th>
- Video frame rate
- </th>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps
- </td>
- <td>
- 30 fps (60 fps<sup>1</sup>)
- </td>
- <td>
- 60 fps
- </td>
- </tr>
- <tr>
- <th>
- Video bitrate
- </th>
- <td>
- 600 Kbps
- </td>
- <td>
- 1.6 Mbps
- </td>
- <td>
- 4 Mbps
- </td>
- <td>
- 5 Mbps
- </td>
- <td>
- 20 Mbps
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 REQUIRED for Android Television device implementations with VP9 hardware decoding.
- </p>
- <h2>
- 5.4. Audio Recording
- </h2>
- <p>
- While some of the requirements outlined in this section are stated as SHOULD since Android 4.3, the Compatibility Definition for a future version is planned to change these to MUST. Existing and new Android devices are <strong>STRONGLY RECOMMENDED</strong> to meet these requirements that are stated as SHOULD, or they will not be able to attain Android compatibility when upgraded to the future version.
- </p>
- <h3>
- 5.4.1. Raw Audio Capture
- </h3>
- <p>
- Device implementations that declare android.hardware.microphone MUST allow capture of raw audio content with the following characteristics:
- </p>
- <ul>
- <li>
- <strong>Format</strong>: Linear PCM, 16-bit
- </li>
- <li>
- <strong>Sampling rates</strong>: 8000, 11025, 16000, 44100
- </li>
- <li>
- <strong>Channels</strong>: Mono
- </li>
- </ul>
- <p>
- The capture for the above sample rates MUST be done without up-sampling, and any down-sampling MUST include an appropriate anti-aliasing filter.
- </p>
- <p>
- Device implementations that declare android.hardware.microphone SHOULD allow capture of raw audio content with the following characteristics:
- </p>
- <ul>
- <li>
- <strong>Format</strong>: Linear PCM, 16-bit
- </li>
- <li>
- <strong>Sampling rates</strong>: 22050, 48000
- </li>
- <li>
- <strong>Channels</strong>: Stereo
- </li>
- </ul>
- <p>
- If capture for the above sample rates is supported, then the capture MUST be done without up-sampling at any ratio higher than 16000:22050 or 44100:48000. Any up-sampling or down-sampling MUST include an appropriate anti-aliasing filter.
- </p>
- <h3>
- 5.4.2. Capture for Voice Recognition
- </h3>
- <p>
- The android.media.MediaRecorder.AudioSource.VOICE_RECOGNITION audio source MUST support capture at one of the sampling rates, 44100 and 48000.
- </p>
- <p>
- In addition to the above recording specifications, when an application has started recording an audio stream using the android.media.MediaRecorder.AudioSource.VOICE_RECOGNITION audio source:
- </p>
- <ul>
- <li>The device SHOULD exhibit approximately flat amplitude versus frequency characteristics: specifically, ±3 dB, from 100 Hz to 4000 Hz.
- </li>
- <li>Audio input sensitivity SHOULD be set such that a 90 dB sound power level (SPL) source at 1000 Hz yields RMS of 2500 for 16-bit samples.
- </li>
- <li>PCM amplitude levels SHOULD linearly track input SPL changes over at least a 30 dB range from -18 dB to +12 dB re 90 dB SPL at the microphone.
- </li>
- <li>Total harmonic distortion SHOULD be less than 1% for 1 kHz at 90 dB SPL input level at the microphone.
- </li>
- <li>Noise reduction processing, if present, MUST be disabled.
- </li>
- <li>Automatic gain control, if present, MUST be disabled.
- </li>
- </ul>
- <p>
- If the platform supports noise suppression technologies tuned for speech recognition, the effect MUST be controllable from the android.media.audiofx.NoiseSuppressor API. Moreover, the UUID field for the noise suppressor’s effect descriptor MUST uniquely identify each implementation of the noise suppression technology.
- </p>
- <h3>
- 5.4.3. Capture for Rerouting of Playback
- </h3>
- <p>
- The android.media.MediaRecorder.AudioSource class includes the REMOTE_SUBMIX audio source. Devices that declare android.hardware.audio.output MUST properly implement the REMOTE_SUBMIX audio source so that when an application uses the android.media.AudioRecord API to record from this audio source, it can capture a mix of all audio streams except for the following:
- </p>
- <ul>
- <li>STREAM_RING
- </li>
- <li>STREAM_ALARM
- </li>
- <li>STREAM_NOTIFICATION
- </li>
- </ul>
- <h2>
- 5.5. Audio Playback
- </h2>
- <p>
- Device implementations that declare android.hardware.audio.output MUST conform to the requirements in this section.
- </p>
- <h3>
- 5.5.1. Raw Audio Playback
- </h3>
- <p>
- The device MUST allow playback of raw audio content with the following characteristics:
- </p>
- <ul>
- <li>
- <strong>Format</strong>: Linear PCM, 16-bit
- </li>
- <li>
- <strong>Sampling rates</strong>: 8000, 11025, 16000, 22050, 32000, 44100
- </li>
- <li>
- <strong>Channels</strong>: Mono, Stereo
- </li>
- </ul>
- <p>
- The device SHOULD allow playback of raw audio content with the following characteristics:
- </p>
- <ul>
- <li>
- <strong>Sampling rates</strong>: 24000, 48000
- </li>
- </ul>
- <h3>
- 5.5.2. Audio Effects
- </h3>
- <p>
- Android provides an <a href="http://developer.android.com/reference/android/media/audiofx/AudioEffect.html">API for audio effects</a> for device implementations. Device implementations that declare the feature android.hardware.audio.output:
- </p>
- <ul>
- <li>MUST support the EFFECT_TYPE_EQUALIZER and EFFECT_TYPE_LOUDNESS_ENHANCER implementations controllable through the AudioEffect subclasses Equalizer, LoudnessEnhancer.
- </li>
- <li>MUST support the visualizer API implementation, controllable through the Visualizer class.
- </li>
- <li>SHOULD support the EFFECT_TYPE_BASS_BOOST, EFFECT_TYPE_ENV_REVERB, EFFECT_TYPE_PRESET_REVERB, and EFFECT_TYPE_VIRTUALIZER implementations controllable through the AudioEffect sub-classes BassBoost, EnvironmentalReverb, PresetReverb, and Virtualizer.
- </li>
- </ul>
- <h3>
- 5.5.3. Audio Output Volume
- </h3>
- <p>
- Android Television device implementations MUST include support for system Master Volume and digital audio output volume attenuation on supported outputs, except for compressed audio passthrough output (where no audio decoding is done on the device).
- </p>
- <p>
- Android Automotive device implementations SHOULD allow adjusting audio volume separately per each audio stream using the content type or usage as defined by <a href="" title="http://developer.android.com/reference/android/media/AudioAttributes.html">AudioAttributes</a> and car audio usage as publicly defined in <code>android.car.CarAudioManager</code>.
- </p>
- <h2>
- 5.6. Audio Latency
- </h2>
- <p>
- Audio latency is the time delay as an audio signal passes through a system. Many classes of applications rely on short latencies, to achieve real-time sound effects.
- </p>
- <p>
- For the purposes of this section, use the following definitions:
- </p>
- <ul>
- <li>
- <strong>output latency</strong>. The interval between when an application writes a frame of PCM-coded data and when the corresponding sound is presented to environment at an on-device transducer or signal leaves the device via a port and can be observed externally.
- </li>
- <li>
- <strong>cold output latency</strong>. The output latency for the first frame, when the audio output system has been idle and powered down prior to the request.
- </li>
- <li>
- <strong>continuous output latency</strong>. The output latency for subsequent frames, after the device is playing audio.
- </li>
- <li>
- <strong>input latency</strong>. The interval between when a sound is presented by environment to device at an on-device transducer or signal enters the device via a port and when an application reads the corresponding frame of PCM-coded data.
- </li>
- <li>
- <strong>lost input</strong>. The initial portion of an input signal that is unusable or unavailable.
- </li>
- <li>
- <strong>cold input latency</strong>. The sum of lost input time and the input latency for the first frame, when the audio input system has been idle and powered down prior to the request.
- </li>
- <li>
- <strong>continuous input latency</strong>. The input latency for subsequent frames, while the device is capturing audio.
- </li>
- <li>
- <strong>cold output jitter</strong>. The variability among separate measurements of cold output latency values.
- </li>
- <li>
- <strong>cold input jitter</strong>. The variability among separate measurements of cold input latency values.
- </li>
- <li>
- <strong>continuous round-trip latency</strong>. The sum of continuous input latency plus continuous output latency plus one buffer period. The buffer period allows time for the app to process the signal and time for the app to mitigate phase difference between input and output streams.
- </li>
- <li>
- <strong>OpenSL ES PCM buffer queue API</strong>. The set of PCM-related OpenSL ES APIs within <a href="https://developer.android.com/ndk/index.html">Android NDK</a>.
- </li>
- </ul>
- <p>
- Device implementations that declare android.hardware.audio.output are STRONGLY RECOMMENDED to meet or exceed these audio output requirements:
- </p>
- <ul>
- <li>cold output latency of 100 milliseconds or less
- </li>
- <li>continuous output latency of 45 milliseconds or less
- </li>
- <li>minimize the cold output jitter
- </li>
- </ul>
- <p>
- If a device implementation meets the requirements of this section after any initial calibration when using the OpenSL ES PCM buffer queue API, for continuous output latency and cold output latency over at least one supported audio output device, it is STRONGLY RECOMMENDED to report support for low-latency audio, by reporting the feature android.hardware.audio.low_latency via the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager</a> class. Conversely, if the device implementation does not meet these requirements it MUST NOT report support for low-latency audio.
- </p>
- <p>
- Device implementations that include android.hardware.microphone are STRONGLY RECOMMENDED to meet these input audio requirements:
- </p>
- <ul>
- <li>cold input latency of 100 milliseconds or less
- </li>
- <li>continuous input latency of 30 milliseconds or less
- </li>
- <li>continuous round-trip latency of 50 milliseconds or less
- </li>
- <li>minimize the cold input jitter
- </li>
- </ul>
- <h2>
- 5.7. Network Protocols
- </h2>
- <p>
- Devices MUST support the <a href="http://developer.android.com/guide/appendix/media-formats.html">media network protocols</a> for audio and video playback as specified in the Android SDK documentation. Specifically, devices MUST support the following media network protocols:
- </p>
- <ul>
- <li>
- <p>
- HTTP(S) progressive streaming<br />
- All required codecs and container formats in <a href="#5_1_media_codecs">section 5.1</a> MUST be supported over HTTP(S)
- </p>
- </li>
- <li>
- <p>
- <a href="http://tools.ietf.org/html/draft-pantos-http-live-streaming-07">HTTP Live Streaming draft protocol, Version 7</a><br />
- The following media segment formats MUST be supported:
- </p>
- </li>
- </ul>
- <table>
- <tr>
- <th>
- Segment formats
- </th>
- <th>
- Reference(s)
- </th>
- <th>
- Required codec support
- </th>
- </tr>
- <tr id="mp2t">
- <td>
- MPEG-2 Transport Stream
- </td>
- <td>
- <a href="http://www.iso.org/iso/catalogue_detail?csnumber=44169">ISO 13818</a>
- </td>
- <td>
- Video codecs:
- <ul>
- <li class="table_list">H264 AVC
- </li>
- <li class="table_list">MPEG-4 SP
- </li>
- <li class="table_list">MPEG-2
- </li>
- </ul>See <a href="#5_1_3_video_codecs">section 5.1.3</a> for details on H264 AVC, MPEG2-4 SP,<br />
- and MPEG-2.
- <p>
- Audio codecs:
- </p>
- <ul>
- <li class="table_list">AAC
- </li>
- </ul>See <a href="#5_1_1_audio_codecs">section 5.1.1</a> for details on AAC and its variants.
- </td>
- </tr>
- <tr>
- <td>
- AAC with ADTS framing and ID3 tags
- </td>
- <td>
- <a href="http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43345">ISO 13818-7</a>
- </td>
- <td>
- See <a href="#5_1_1_audio_codecs">section 5.1.1</a> for details on AAC and its variants
- </td>
- </tr>
- <tr>
- <td>
- WebVTT
- </td>
- <td>
- <a href="http://dev.w3.org/html5/webvtt/">WebVTT</a>
- </td>
- <td></td>
- </tr>
- </table>
- <ul>
- <li>
- <p>
- RTSP (RTP, SDP)
- </p>
- <p>
- The following RTP audio video profile and related codecs MUST be supported. For exceptions please see the table footnotes in <a href="#5_1_media_codecs">section 5.1</a>.
- </p>
- </li>
- </ul>
- <table>
- <tr>
- <th>
- Profile name
- </th>
- <th>
- Reference(s)
- </th>
- <th>
- Required codec support
- </th>
- </tr>
- <tr>
- <td>
- H264 AVC
- </td>
- <td>
- <a href="https://tools.ietf.org/html/rfc6184">RFC 6184</a>
- </td>
- <td>
- See <a href="#5_1_3_video_codecs">section 5.1.3</a> for details on H264 AVC
- </td>
- </tr>
- <tr>
- <td>
- MP4A-LATM
- </td>
- <td>
- <a href="https://tools.ietf.org/html/rfc6416">RFC 6416</a>
- </td>
- <td>
- See <a href="#5_1_1_audio_codecs">section 5.1.1</a> for details on AAC and its variants
- </td>
- </tr>
- <tr>
- <td>
- H263-1998
- </td>
- <td>
- <a href="https://tools.ietf.org/html/rfc3551">RFC 3551</a><br />
- <a href="https://tools.ietf.org/html/rfc4629">RFC 4629</a><br />
- <a href="https://tools.ietf.org/html/rfc2190">RFC 2190</a>
- </td>
- <td>
- See <a href="#5_1_3_video_codecs">section 5.1.3</a> for details on H263
- </td>
- </tr>
- <tr>
- <td>
- H263-2000
- </td>
- <td>
- <a href="https://tools.ietf.org/html/rfc4629">RFC 4629</a>
- </td>
- <td>
- See <a href="#5_1_3_video_codecs">section 5.1.3</a> for details on H263
- </td>
- </tr>
- <tr>
- <td>
- AMR
- </td>
- <td>
- <a href="https://tools.ietf.org/html/rfc4867">RFC 4867</a>
- </td>
- <td>
- See <a href="#5_1_1_audio_codecs">section 5.1.1</a> for details on AMR-NB
- </td>
- </tr>
- <tr>
- <td>
- AMR-WB
- </td>
- <td>
- <a href="https://tools.ietf.org/html/rfc4867">RFC 4867</a>
- </td>
- <td>
- See <a href="#5_1_1_audio_codecs">section 5.1.1</a> for details on AMR-WB
- </td>
- </tr>
- <tr>
- <td>
- MP4V-ES
- </td>
- <td>
- <a href="https://tools.ietf.org/html/rfc6416">RFC 6416</a>
- </td>
- <td>
- See <a href="#5_1_3_video_codecs">section 5.1.3</a> for details on MPEG-4 SP
- </td>
- </tr>
- <tr>
- <td>
- mpeg4-generic
- </td>
- <td>
- <a href="https://tools.ietf.org/html/rfc3640">RFC 3640</a>
- </td>
- <td>
- See <a href="#5_1_1_audio_codecs">section 5.1.1</a> for details on AAC and its variants
- </td>
- </tr>
- <tr>
- <td>
- MP2T
- </td>
- <td>
- <a href="https://tools.ietf.org/html/rfc2250">RFC 2250</a>
- </td>
- <td>
- See <a href="#mp2t">MPEG-2 Transport Stream</a> underneath HTTP Live Streaming for details
- </td>
- </tr>
- </table>
- <h2>
- 5.8. Secure Media
- </h2>
- <p>
- Device implementations that support secure video output and are capable of supporting secure surfaces MUST declare support for Display.FLAG_SECURE. Device implementations that declare support for Display.FLAG_SECURE, if they support a wireless display protocol, MUST secure the link with a cryptographically strong mechanism such as HDCP 2.x or higher for Miracast wireless displays. Similarly if they support a wired external display, the device implementations MUST support HDCP 1.2 or higher. Android Television device implementations MUST support HDCP 2.2 for devices supporting 4K resolution and HDCP 1.4 or above for lower resolutions. The upstream Android open source implementation includes support for wireless (Miracast) and wired (HDMI) displays that satisfies this requirement.
- </p>
- <h2>
- 5.9. Musical Instrument Digital Interface (MIDI)
- </h2>
- <p>
- If a device implementation supports the inter-app MIDI software transport (virtual MIDI devices), and it supports MIDI over <em>all</em> of the following MIDI-capable hardware transports for which it provides generic non-MIDI connectivity, it is STRONGLY RECOMMENDED to report support for feature android.software.midi via the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager</a> class.
- </p>
- <p>
- The MIDI-capable hardware transports are:
- </p>
- <ul>
- <li>USB host mode (section 7.7 USB)
- </li>
- <li>USB peripheral mode (section 7.7 USB)
- </li>
- <li>MIDI over Bluetooth LE acting in central role (section 7.4.3 Bluetooth)
- </li>
- </ul>
- <p>
- Conversely, if the device implementation provides generic non-MIDI connectivity over a particular MIDI-capable hardware transport listed above, but does not support MIDI over that hardware transport, it MUST NOT report support for feature android.software.midi.
- </p>
- <h2>
- 5.10. Professional Audio
- </h2>
- <p>
- If a device implementation meets <em>all</em> of the following requirements, it is STRONGLY RECOMMENDED to report support for feature android.hardware.audio.pro via the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager</a> class.
- </p>
- <ul>
- <li>The device implementation MUST report support for feature android.hardware.audio.low_latency.
- </li>
- <li>The continuous round-trip audio latency, as defined in section 5.6 Audio Latency, MUST be 20 milliseconds or less and SHOULD be 10 milliseconds or less over at least one supported path.
- </li>
- <li>If the device includes a 4 conductor 3.5mm audio jack, the continuous round-trip audio latency MUST be 20 milliseconds or less over the audio jack path, and SHOULD be 10 milliseconds or less over at the audio jack path.
- </li>
- <li>The device implementation MUST include a USB port(s) supporting USB host mode and USB peripheral mode.
- </li>
- <li>The USB host mode MUST implement the USB audio class.
- </li>
- <li>If the device includes an HDMI port, the device implementation MUST support output in stereo and eight channels at 20-bit or 24-bit depth and 192 kHz without bit-depth loss or resampling.
- </li>
- <li>The device implementation MUST report support for feature android.software.midi.
- </li>
- <li>If the device includes a 4 conductor 3.5mm audio jack, the device implementation is STRONGLY RECOMMENDED to comply with section <a href="https://source.android.com/accessories/headset/specification.html#mobile_device_jack_specifications">Mobile device (jack) specifications</a> of the <a href="https://source.android.com/accessories/headset/specification.html">Wired Audio Headset Specification (v1.1)</a>.
- </li>
- </ul>
- <p>
- Latencies and USB audio requirements MUST be met using the <a href="https://developer.android.com/ndk/guides/audio/opensl-for-android.html">OpenSL ES</a> PCM buffer queue API.
- </p>
- <p>
- In addition, a device implementation that reports support for this feature SHOULD:
- </p>
- <ul>
- <li>Provide a sustainable level of CPU performance while audio is active.
- </li>
- <li>Minimize audio clock inaccuracy and drift relative to standard time.
- </li>
- <li>Minimize audio clock drift relative to the CPU <code>CLOCK_MONOTONIC</code> when both are active.
- </li>
- <li>Minimize audio latency over on-device transducers.
- </li>
- <li>Minimize audio latency over USB digital audio.
- </li>
- <li>Document audio latency measurements over all paths.
- </li>
- <li>Minimize jitter in audio buffer completion callback entry times, as this affects usable percentage of full CPU bandwidth by the callback.
- </li>
- <li>Provide zero audio underruns (output) or overruns (input) under normal use at reported latency.
- </li>
- <li>Provide zero inter-channel latency difference.
- </li>
- <li>Minimize MIDI mean latency over all transports.
- </li>
- <li>Minimize MIDI latency variability under load (jitter) over all transports.
- </li>
- <li>Provide accurate MIDI timestamps over all transports.
- </li>
- <li>Minimize audio signal noise over on-device transducers, including the period immediately after cold start.
- </li>
- <li>Provide zero audio clock difference between the input and output sides of corresponding end-points, when both are active. Examples of corresponding end-points include the on-device microphone and speaker, or the audio jack input and output.
- </li>
- <li>Handle audio buffer completion callbacks for the input and output sides of corresponding end-points on the same thread when both are active, and enter the output callback immediately after the return from the input callback. Or if it is not feasible to handle the callbacks on the same thread, then enter the output callback shortly after entering the input callback to permit the application to have a consistent timing of the input and output sides.
- </li>
- <li>Minimize the phase difference between HAL audio buffering for the input and output sides of corresponding end-points.
- </li>
- <li>Minimize touch latency.
- </li>
- <li>Minimize touch latency variability under load (jitter).
- </li>
- </ul>
- <h2>
- 5.11. Capture for Unprocessed
- </h2>
- <p>
- Starting from Android 7.0, a new recording source has been added. It can be accessed using the <code>android.media.MediaRecorder.AudioSource.UNPROCESSED</code> audio source. In OpenSL ES, it can be accessed with the record preset <code>SL_ANDROID_RECORDING_PRESET_UNPROCESSED</code>.
- </p>
- <p>
- A device MUST satisfy all of the following requirements to report support of the unprocessed audio source via the <code>android.media.AudioManager</code> property <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED">PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED</a>:
- </p>
- <ul>
- <li>
- <p>
- The device MUST exhibit approximately flat amplitude-versus-frequency characteristics in the mid-frequency range: specifically ±10dB from 100 Hz to 7000 Hz.
- </p>
- </li>
- <li>
- <p>
- The device MUST exhibit amplitude levels in the low frequency range: specifically from ±20 dB from 5 Hz to 100 Hz compared to the mid-frequency range.
- </p>
- </li>
- <li>
- <p>
- The device MUST exhibit amplitude levels in the high frequency range: specifically from ±30 dB from 7000 Hz to 22 KHz compared to the mid-frequency range.
- </p>
- </li>
- <li>
- <p>
- Audio input sensitivity MUST be set such that a 1000 Hz sinusoidal tone source played at 94 dB Sound Pressure Level (SPL) yields a response with RMS of 520 for 16 bit-samples (or -36 dB Full Scale for floating point/double precision samples).
- </p>
- </li>
- <li>
- <p>
- SNR > 60 dB (difference between 94 dB SPL and equivalent SPL of self noise, A-weighted).
- </p>
- </li>
- <li>
- <p>
- Total harmonic distortion MUST be less than 1% for 1 kHZ at 90 dB SPL input level at the microphone.
- </p>
- </li>
- <li>
- <p>
- The only signal processing allowed in the path is a level multiplier to bring the level to desired range. This level multiplier MUST NOT introduce delay or latency to the signal path.
- </p>
- </li>
- <li>
- <p>
- No other signal processing is allowed in the path, such as Automatic Gain Control, High Pass Filter, or Echo Cancellation. If any signal processing is present in the architecture for any reason, it MUST be disabled and effectively introduce zero delay or extra latency to the signal path.
- </p>
- </li>
- </ul>
- <p>
- All SPL measurements are made directly next to the microphone under test.
- </p>
- <p>
- For multiple microphone configurations, these requirements apply to each microphone.
- </p>
- <p>
- It is STRONGLY RECOMMENDED that a device satisfy as many of the requirements for the signal path for the unprocessed recording source; however, a device must satisfy <em>all</em> of these requirements, listed above, if it claims to support the unprocessed audio source.
- </p>
- <h1>
- 6. Developer Tools and Options Compatibility
- </h1>
- <h2>
- 6.1. Developer Tools
- </h2>
- <p>
- Device implementations MUST support the Android Developer Tools provided in the Android SDK. Android compatible devices MUST be compatible with:
- </p>
- <ul>
- <li>
- <a href="http://developer.android.com/tools/help/adb.html"><strong>Android Debug Bridge (adb)</strong></a>
- <ul>
- <li>Device implementations MUST support all adb functions as documented in the Android SDK including <a href="https://source.android.com/devices/input/diagnostics.html">dumpsys</a>.
- </li>
- <li>The device-side adb daemon MUST be inactive by default and there MUST be a user-accessible mechanism to turn on the Android Debug Bridge. If a device implementation omits USB peripheral mode, it MUST implement the Android Debug Bridge via local-area network (such as Ethernet or 802.11).
- </li>
- <li>Android includes support for secure adb. Secure adb enables adb on known authenticated hosts. Device implementations MUST support secure adb.
- </li>
- </ul>
- </li>
- <li>
- <a href="http://developer.android.com/tools/debugging/ddms.html"><strong>Dalvik Debug Monitor Service (ddms)</strong></a>
- <ul>
- <li>Device implementations MUST support all ddms features as documented in the Android SDK.
- </li>
- <li>As ddms uses adb, support for ddms SHOULD be inactive by default, but MUST be supported whenever the user has activated the Android Debug Bridge, as above.
- </li>
- </ul>
- </li>
- <li>
- <a href="http://developer.android.com/tools/help/monkey.html"><strong>Monkey</strong></a> Device implementations MUST include the Monkey framework, and make it available for applications to use.
- </li>
- <li>
- <a href="http://developer.android.com/tools/help/systrace.html"><strong>SysTrace</strong></a>
- <ul>
- <li>Device implementations MUST support systrace tool as documented in the Android SDK. Systrace must be inactive by default, and there MUST be a user-accessible mechanism to turn on Systrace.
- </li>
- <li>Most Linux-based systems and Apple Macintosh systems recognize Android devices using the standard Android SDK tools, without additional support; however Microsoft Windows systems typically require a driver for new Android devices. (For instance, new vendor IDs and sometimes new device IDs require custom USB drivers for Windows systems.)
- </li>
- <li>If a device implementation is unrecognized by the adb tool as provided in the standard Android SDK, device implementers MUST provide Windows drivers allowing developers to connect to the device using the adb protocol. These drivers MUST be provided for Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 10 in both 32-bit and 64-bit versions.
- </li>
- </ul>
- </li>
- </ul>
- <h2>
- 6.2. Developer Options
- </h2>
- <p>
- Android includes support for developers to configure application development-related settings. Device implementations MUST honor the <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_APPLICATION_DEVELOPMENT_SETTINGS">android.settings.APPLICATION_DEVELOPMENT_SETTINGS</a> intent to show application development-related settings The upstream Android implementation hides the Developer Options menu by default and enables users to launch Developer Options after pressing seven (7) times on the <strong>Settings</strong> > <strong>About Device</strong> > <strong>Build Number</strong> menu item. Device implementations MUST provide a consistent experience for Developer Options. Specifically, device implementations MUST hide Developer Options by default and MUST provide a mechanism to enable Developer Options that is consistent with the upstream Android implementation.
- </p>
- <div class="note">
- Android Automotive implementations MAY limit access to the Developer Options menu by visually hiding or disabling the menu when the vehicle is in motion.
- </div>
- <h1>
- 7. Hardware Compatibility
- </h1>
- <p>
- If a device includes a particular hardware component that has a corresponding API for third-party developers, the device implementation MUST implement that API as described in the Android SDK documentation. If an API in the SDK interacts with a hardware component that is stated to be optional and the device implementation does not possess that component:
- </p>
- <ul>
- <li>Complete class definitions (as documented by the SDK) for the component APIs MUST still be presented.
- </li>
- <li>The API’s behaviors MUST be implemented as no-ops in some reasonable fashion.
- </li>
- <li>API methods MUST return null values where permitted by the SDK documentation.
- </li>
- <li>API methods MUST return no-op implementations of classes where null values are not permitted by the SDK documentation.
- </li>
- <li>API methods MUST NOT throw exceptions not documented by the SDK documentation.
- </li>
- </ul>
- <p>
- A typical example of a scenario where these requirements apply is the telephony API: Even on non-phone devices, these APIs must be implemented as reasonable no-ops.
- </p>
- <p>
- Device implementations MUST consistently report accurate hardware configuration information via the getSystemAvailableFeatures() and hasSystemFeature(String) methods on the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager</a> class for the same build fingerprint.
- </p>
- <h2>
- 7.1. Display and Graphics
- </h2>
- <p>
- Android includes facilities that automatically adjust application assets and UI layouts appropriately for the device to ensure that third-party applications run well on a <a href="http://developer.android.com/guide/practices/screens_support.html">variety of hardware configurations</a>. Devices MUST properly implement these APIs and behaviors, as detailed in this section.
- </p>
- <p>
- The units referenced by the requirements in this section are defined as follows:
- </p>
- <ul>
- <li>
- <strong>physical diagonal size</strong>. The distance in inches between two opposing corners of the illuminated portion of the display.
- </li>
- <li>
- <strong>dots per inch (dpi)</strong>. The number of pixels encompassed by a linear horizontal or vertical span of 1”. Where dpi values are listed, both horizontal and vertical dpi must fall within the range.
- </li>
- <li>
- <strong>aspect ratio</strong>. The ratio of the pixels of the longer dimension to the shorter dimension of the screen. For example, a display of 480x854 pixels would be 854/480 = 1.779, or roughly “16:9”.
- </li>
- <li>
- <strong>density-independent pixel (dp)</strong>. The virtual pixel unit normalized to a 160 dpi screen, calculated as: pixels = dps * (density/160).
- </li>
- </ul>
- <h3>
- 7.1.1. Screen Configuration
- </h3>
- <h4>
- 7.1.1.1. Screen Size
- </h4>
- <div class="note">
- Android Watch devices (detailed in <a href="#2_device_types">section 2</a>) MAY have smaller screen sizes as described in this section.
- </div>
- <p>
- The Android UI framework supports a variety of different screen sizes, and allows applications to query the device screen size (aka “screen layout") via android.content.res.Configuration.screenLayout with the SCREENLAYOUT_SIZE_MASK. Device implementations MUST report the correct <a href="http://developer.android.com/guide/practices/screens_support.html">screen size</a> as defined in the Android SDK documentation and determined by the upstream Android platform. Specifically, device implementations MUST report the correct screen size according to the following logical density-independent pixel (dp) screen dimensions.
- </p>
- <ul>
- <li>Devices MUST have screen sizes of at least 426 dp x 320 dp (‘small’), unless it is an Android Watch device.
- </li>
- <li>Devices that report screen size ‘normal’ MUST have screen sizes of at least 480 dp x 320 dp.
- </li>
- <li>Devices that report screen size ‘large’ MUST have screen sizes of at least 640 dp x 480 dp.
- </li>
- <li>Devices that report screen size ‘xlarge’ MUST have screen sizes of at least 960 dp x 720 dp.
- </li>
- </ul>
- <p>
- In addition:
- </p>
- <ul>
- <li>Android Watch devices MUST have a screen with the physical diagonal size in the range from 1.1 to 2.5 inches.
- </li>
- <li>Android Automotive devices MUST have a screen with the physical diagonal size greater than or equal to 6 inches.
- </li>
- <li>Android Automotive devices MUST have a screen size of at least 750 dp x 480 dp.
- </li>
- <li>Other types of Android device implementations, with a physically integrated screen, MUST have a screen at least 2.5 inches in physical diagonal size.
- </li>
- </ul>
- <p>
- Devices MUST NOT change their reported screen size at any time.
- </p>
- <p>
- Applications optionally indicate which screen sizes they support via the <supports-screens> attribute in the AndroidManifest.xml file. Device implementations MUST correctly honor applications' stated support for small, normal, large, and xlarge screens, as described in the Android SDK documentation.
- </p>
- <h4>
- 7.1.1.2. Screen Aspect Ratio
- </h4>
- <p>
- While there is no restriction to the screen aspect ratio value of the physical screen display, the screen aspect ratio of the surface that third-party apps are rendered on and which can be derived from the values reported via the <a href="https://developer.android.com/reference/android/util/DisplayMetrics.html">DisplayMetrics</a> MUST meet the following requirements:
- </p>
- <ul>
- <li>If the <a href="https://developer.android.com/reference/android/content/res/Configuration.html#uiMode">uiMode</a> is configured as UI_MODE_TYPE_WATCH, the aspect ratio value MAY be set as 1.0 (1:1).
- </li>
- <li>If the third-party app indicates that it is resizeable via the <a href="https://developer.android.com/guide/topics/ui/multi-window.html#configuring">android:resizeableActivity</a> attribute, there are no restrictions to the aspect ratio value.
- </li>
- <li>For all other cases, the aspect ratio MUST be a value between 1.3333 (4:3) and 1.86 (roughly 16:9) unless the app has indicated explicitly that it supports a higher screen aspect ratio through the <a href="https://developer.android.com/guide/practices/screens_support.html#MaxAspectRatio">maxAspectRatio</a> metadata value.
- </li>
- </ul>
- <h4>
- 7.1.1.3. Screen Density
- </h4>
- <p>
- The Android UI framework defines a set of standard logical densities to help application developers target application resources. Device implementations MUST report only one of the following logical Android framework densities through the android.util.DisplayMetrics APIs, and MUST execute applications at this standard density and MUST NOT change the value at at any time for the default display.
- </p>
- <ul>
- <li>120 dpi (ldpi)
- </li>
- <li>160 dpi (mdpi)
- </li>
- <li>213 dpi (tvdpi)
- </li>
- <li>240 dpi (hdpi)
- </li>
- <li>280 dpi (280dpi)
- </li>
- <li>320 dpi (xhdpi)
- </li>
- <li>360 dpi (360dpi)
- </li>
- <li>400 dpi (400dpi)
- </li>
- <li>420 dpi (420dpi)
- </li>
- <li>480 dpi (xxhdpi)
- </li>
- <li>560 dpi (560dpi)
- </li>
- <li>640 dpi (xxxhdpi)
- </li>
- </ul>
- <p>
- Device implementations SHOULD define the standard Android framework density that is numerically closest to the physical density of the screen, unless that logical density pushes the reported screen size below the minimum supported. If the standard Android framework density that is numerically closest to the physical density results in a screen size that is smaller than the smallest supported compatible screen size (320 dp width), device implementations SHOULD report the next lowest standard Android framework density.
- </p>
- <p>
- Device implementations are STRONGLY RECOMMENDED to provide users a setting to change the display size. If there is an implementation to change the display size of the device, it MUST align with the AOSP implementation as indicated below:
- </p>
- <ul>
- <li>The display size MUST NOT be scaled any larger than 1.5 times the native density or produce an effective minimum screen dimension smaller than 320dp (equivalent to resource qualifier sw320dp), whichever comes first.
- </li>
- <li>Display size MUST NOT be scaled any smaller than 0.85 times the native density.
- </li>
- <li>To ensure good usability and consistent font sizes, it is RECOMMENDED that the following scaling of Native Display options be provided (while complying with the limits specified above)
- </li>
- <li>Small: 0.85x
- </li>
- <li>Default: 1x (Native display scale)
- </li>
- <li>Large: 1.15x
- </li>
- <li>Larger: 1.3x
- </li>
- <li>Largest 1.45x
- </li>
- </ul>
- <h3>
- 7.1.2. Display Metrics
- </h3>
- <p>
- Device implementations MUST report correct values for all display metrics defined in <a href="http://developer.android.com/reference/android/util/DisplayMetrics.html">android.util.DisplayMetrics</a> and MUST report the same values regardless of whether the embedded or external screen is used as the default display.
- </p>
- <h3>
- 7.1.3. Screen Orientation
- </h3>
- <p>
- Devices MUST report which screen orientations they support (android.hardware.screen.portrait and/or android.hardware.screen.landscape) and MUST report at least one supported orientation. For example, a device with a fixed orientation landscape screen, such as a television or laptop, SHOULD only report android.hardware.screen.landscape.
- </p>
- <p>
- Devices that report both screen orientations MUST support dynamic orientation by applications to either portrait or landscape screen orientation. That is, the device must respect the application’s request for a specific screen orientation. Device implementations MAY select either portrait or landscape orientation as the default.
- </p>
- <p>
- Devices MUST report the correct value for the device’s current orientation, whenever queried via the android.content.res.Configuration.orientation, android.view.Display.getOrientation(), or other APIs.
- </p>
- <p>
- Devices MUST NOT change the reported screen size or density when changing orientation.
- </p>
- <h3>
- 7.1.4. 2D and 3D Graphics Acceleration
- </h3>
- <p>
- Device implementations MUST support both OpenGL ES 1.0 and 2.0, as embodied and detailed in the Android SDK documentations. Device implementations SHOULD support OpenGL ES 3.0, 3.1, or 3.2 on devices capable of supporting it. Device implementations MUST also support <a href="http://developer.android.com/guide/topics/renderscript/">Android RenderScript</a>, as detailed in the Android SDK documentation.
- </p>
- <p>
- Device implementations MUST also correctly identify themselves as supporting OpenGL ES 1.0, OpenGL ES 2.0, OpenGL ES 3.0, OpenGL 3.1, or OpenGL 3.2. That is:
- </p>
- <ul>
- <li>The managed APIs (such as via the GLES10.getString() method) MUST report support for OpenGL ES 1.0 and OpenGL ES 2.0.
- </li>
- <li>The native C/C++ OpenGL APIs (APIs available to apps via libGLES_v1CM.so, libGLES_v2.so, or libEGL.so) MUST report support for OpenGL ES 1.0 and OpenGL ES 2.0.
- </li>
- <li>Device implementations that declare support for OpenGL ES 3.0, 3.1, or 3.2 MUST support the corresponding managed APIs and include support for native C/C++ APIs. On device implementations that declare support for OpenGL ES 3.0, 3.1, or 3.2 libGLESv2.so MUST export the corresponding function symbols in addition to the OpenGL ES 2.0 function symbols.
- </li>
- </ul>
- <p>
- Android provides an OpenGL ES <a href="https://developer.android.com/reference/android/opengl/GLES31Ext.html">extension pack</a> with Java interfaces and native support for advanced graphics functionality such as tessellation and the ASTC texture compression format. Android device implementations MUST support the extension pack if the device supports OpenGL ES 3.2 and MAY support it otherwise. If the extension pack is supported in its entirety, the device MUST identify the support through the <code>android.hardware.opengles.aep</code> feature flag.
- </p>
- <p>
- Also, device implementations MAY implement any desired OpenGL ES extensions. However, device implementations MUST report via the OpenGL ES managed and native APIs all extension strings that they do support, and conversely MUST NOT report extension strings that they do not support.
- </p>
- <p>
- Note that Android includes support for applications to optionally specify that they require specific OpenGL texture compression formats. These formats are typically vendor-specific. Device implementations are not required by Android to implement any specific texture compression format. However, they SHOULD accurately report any texture compression formats that they do support, via the getString() method in the OpenGL API.
- </p>
- <p>
- Android includes a mechanism for applications to declare that they want to enable hardware acceleration for 2D graphics at the Application, Activity, Window, or View level through the use of a manifest tag <a href="http://developer.android.com/guide/topics/graphics/hardware-accel.html">android:hardwareAccelerated</a> or direct API calls.
- </p>
- <p>
- Device implementations MUST enable hardware acceleration by default, and MUST disable hardware acceleration if the developer so requests by setting android:hardwareAccelerated="false” or disabling hardware acceleration directly through the Android View APIs.
- </p>
- <p>
- In addition, device implementations MUST exhibit behavior consistent with the Android SDK documentation on <a href="http://developer.android.com/guide/topics/graphics/hardware-accel.html">hardware acceleration</a>.
- </p>
- <p>
- Android includes a TextureView object that lets developers directly integrate hardware-accelerated OpenGL ES textures as rendering targets in a UI hierarchy. Device implementations MUST support the TextureView API, and MUST exhibit consistent behavior with the upstream Android implementation.
- </p>
- <p>
- Android includes support for EGL_ANDROID_RECORDABLE, an EGLConfig attribute that indicates whether the EGLConfig supports rendering to an ANativeWindow that records images to a video. Device implementations MUST support <a href="https://www.khronos.org/registry/egl/extensions/ANDROID/EGL_ANDROID_recordable.txt">EGL_ANDROID_RECORDABLE</a> extension.
- </p>
- <h3>
- 7.1.5. Legacy Application Compatibility Mode
- </h3>
- <p>
- Android specifies a “compatibility mode” in which the framework operates in a 'normal' screen size equivalent (320dp width) mode for the benefit of legacy applications not developed for old versions of Android that pre-date screen-size independence.
- </p>
- <ul>
- <li>Android Automotive does not support legacy compatibility mode.
- </li>
- <li>All other device implementations MUST include support for legacy application compatibility mode as implemented by the upstream Android open source code. That is, device implementations MUST NOT alter the triggers or thresholds at which compatibility mode is activated, and MUST NOT alter the behavior of the compatibility mode itself.
- </li>
- </ul>
- <h3>
- 7.1.6. Screen Technology
- </h3>
- <p>
- The Android platform includes APIs that allow applications to render rich graphics to the display. Devices MUST support all of these APIs as defined by the Android SDK unless specifically allowed in this document.
- </p>
- <ul>
- <li>Devices MUST support displays capable of rendering 16-bit color graphics and SHOULD support displays capable of 24-bit color graphics.
- </li>
- <li>Devices MUST support displays capable of rendering animations.
- </li>
- <li>The display technology used MUST have a pixel aspect ratio (PAR) between 0.9 and 1.15. That is, the pixel aspect ratio MUST be near square (1.0) with a 10 ~ 15% tolerance.
- </li>
- </ul>
- <h3>
- 7.1.7. Secondary Displays
- </h3>
- <p>
- Android includes support for secondary display to enable media sharing capabilities and developer APIs for accessing external displays. If a device supports an external display either via a wired, wireless, or an embedded additional display connection then the device implementation MUST implement the <a href="http://developer.android.com/reference/android/hardware/display/DisplayManager.html">display manager API</a> as described in the Android SDK documentation.
- </p>
- <h2>
- 7.2. Input Devices
- </h2>
- <p>
- Devices MUST support a touchscreen or meet the requirements listed in 7.2.2 for non-touch navigation.
- </p>
- <h3>
- 7.2.1. Keyboard
- </h3>
- <div class="note">
- Android Watch and Android Automotive implementations MAY implement a soft keyboard. All other device implementations MUST implement a soft keyboard and:
- </div>
- <p>
- Device implementations:
- </p>
- <ul>
- <li>MUST include support for the Input Management Framework (which allows third-party developers to create Input Method Editors—i.e. soft keyboard) as detailed at <a href="http://developer.android.com">http://developer.android.com</a>.
- </li>
- <li>MUST provide at least one soft keyboard implementation (regardless of whether a hard keyboard is present) except for Android Watch devices where the screen size makes it less reasonable to have a soft keyboard.
- </li>
- <li>MAY include additional soft keyboard implementations.
- </li>
- <li>MAY include a hardware keyboard.
- </li>
- <li>MUST NOT include a hardware keyboard that does not match one of the formats specified in <a href="http://developer.android.com/reference/android/content/res/Configuration.html">android.content.res.Configuration.keyboard</a> (QWERTY or 12-key).
- </li>
- </ul>
- <h3>
- 7.2.2. Non-touch Navigation
- </h3>
- <div class="note">
- Android Television devices MUST support D-pad.
- </div>
- <p>
- Device implementations:
- </p>
- <ul>
- <li>MAY omit a non-touch navigation option (trackball, d-pad, or wheel) if the device implementation is not an Android Television device.
- </li>
- <li>MUST report the correct value for <a href="http://developer.android.com/reference/android/content/res/Configuration.html">android.content.res.Configuration.navigation</a>.
- </li>
- <li>MUST provide a reasonable alternative user interface mechanism for the selection and editing of text, compatible with Input Management Engines. The upstream Android open source implementation includes a selection mechanism suitable for use with devices that lack non-touch navigation inputs.
- </li>
- </ul>
- <h3>
- 7.2.3. Navigation Keys
- </h3>
- <div class="note">
- The availability and visibility requirement of the Home, Recents, and Back functions differ between device types as described in this section.
- </div>
- <p>
- The Home, Recents, and Back functions (mapped to the key events KEYCODE_HOME, KEYCODE_APP_SWITCH, KEYCODE_BACK, respectively) are essential to the Android navigation paradigm and therefore:
- </p>
- <ul>
- <li>Android Handheld device implementations MUST provide the Home, Recents, and Back functions.
- </li>
- <li>Android Television device implementations MUST provide the Home and Back functions.
- </li>
- <li>Android Watch device implementations MUST have the Home function available to the user, and the Back function except for when it is in <code>UI_MODE_TYPE_WATCH</code>.
- </li>
- <li>Android Watch device implementations, and no other Android device types, MAY consume the long press event on the key event <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BACK"><code>KEYCODE_BACK</code></a> and omit it from being sent to the foreground application.
- </li>
- <li>Android Automotive implementations MUST provide the Home function and MAY provide Back and Recent functions.
- </li>
- <li>All other types of device implementations MUST provide the Home and Back functions.
- </li>
- </ul>
- <p>
- These functions MAY be implemented via dedicated physical buttons (such as mechanical or capacitive touch buttons), or MAY be implemented using dedicated software keys on a distinct portion of the screen, gestures, touch panel, etc. Android supports both implementations. All of these functions MUST be accessible with a single action (e.g. tap, double-click or gesture) when visible.
- </p>
- <p>
- Recents function, if provided, MUST have a visible button or icon unless hidden together with other navigation functions in full-screen mode. This does not apply to devices upgrading from earlier Android versions that have physical buttons for navigation and no recents key.
- </p>
- <p>
- The Home and Back functions, if provided, MUST each have a visible button or icon unless hidden together with other navigation functions in full-screen mode or when the uiMode UI_MODE_TYPE_MASK is set to UI_MODE_TYPE_WATCH.
- </p>
- <p>
- The Menu function is deprecated in favor of action bar since Android 4.0. Therefore the new device implementations shipping with Android 7.1 and later MUST NOT implement a dedicated physical button for the Menu function. Older device implementations SHOULD NOT implement a dedicated physical button for the Menu function, but if the physical Menu button is implemented and the device is running applications with targetSdkVersion > 10, the device implementation:
- </p>
- <ul>
- <li>MUST display the action overflow button on the action bar when it is visible and the resulting action overflow menu popup is not empty. For a device implementation launched before Android 4.4 but upgrading to Android 7.1, this is RECOMMENDED.
- </li>
- <li>MUST NOT modify the position of the action overflow popup displayed by selecting the overflow button in the action bar.
- </li>
- <li>MAY render the action overflow popup at a modified position on the screen when it is displayed by selecting the physical menu button.
- </li>
- </ul>
- <p>
- For backwards compatibility, device implementations MUST make the Menu function available to applications when targetSdkVersion is less than 10, either by a physical button, a software key, or gestures. This Menu function should be presented unless hidden together with other navigation functions.
- </p>
- <p>
- Android device implementations supporting the <a href="http://developer.android.com/reference/android/content/Intent.html#ACTION_ASSIST">Assist action</a> and/or <a href="https://developer.android.com/reference/android/service/voice/VoiceInteractionService.html"><code>VoiceInteractionService</code></a> MUST be able to launch an assist app with a single interaction (e.g. tap, double-click, or gesture) when other navigation keys are visible. It is STRONGLY RECOMMENDED to use long press on home as this interaction. The designated interaction MUST launch the user-selected assist app, in other words the app that implements a VoiceInteractionService, or an activity handling the ACTION_ASSIST intent.
- </p>
- <p>
- Device implementations MAY use a distinct portion of the screen to display the navigation keys, but if so, MUST meet these requirements:
- </p>
- <ul>
- <li>Device implementation navigation keys MUST use a distinct portion of the screen, not available to applications, and MUST NOT obscure or otherwise interfere with the portion of the screen available to applications.
- </li>
- <li>Device implementations MUST make available a portion of the display to applications that meets the requirements defined in <a href="#7_1_1_screen_configuration">section 7.1.1</a>.
- </li>
- <li>Device implementations MUST display the navigation keys when applications do not specify a system UI mode, or specify SYSTEM_UI_FLAG_VISIBLE.
- </li>
- <li>Device implementations MUST present the navigation keys in an unobtrusive “low profile” (eg. dimmed) mode when applications specify SYSTEM_UI_FLAG_LOW_PROFILE.
- </li>
- <li>Device implementations MUST hide the navigation keys when applications specify SYSTEM_UI_FLAG_HIDE_NAVIGATION.
- </li>
- </ul>
- <h3>
- 7.2.4. Touchscreen Input
- </h3>
- <div class="note">
- Android Handhelds and Watch Devices MUST support touchscreen input.
- </div>
- <p>
- Device implementations SHOULD have a pointer input system of some kind (either mouse-like or touch). However, if a device implementation does not support a pointer input system, it MUST NOT report the android.hardware.touchscreen or android.hardware.faketouch feature constant. Device implementations that do include a pointer input system:
- </p>
- <ul>
- <li>SHOULD support fully independently tracked pointers, if the device input system supports multiple pointers.
- </li>
- <li>MUST report the value of <a href="http://developer.android.com/reference/android/content/res/Configuration.html">android.content.res.Configuration.touchscreen</a> corresponding to the type of the specific touchscreen on the device.
- </li>
- </ul>
- <p>
- Android includes support for a variety of touchscreens, touch pads, and fake touch input devices. <a href="http://source.android.com/devices/tech/input/touch-devices.html">Touchscreen-based device implementations</a> are associated with a display such that the user has the impression of directly manipulating items on screen. Since the user is directly touching the screen, the system does not require any additional affordances to indicate the objects being manipulated. In contrast, a fake touch interface provides a user input system that approximates a subset of touchscreen capabilities. For example, a mouse or remote control that drives an on-screen cursor approximates touch, but requires the user to first point or focus then click. Numerous input devices like the mouse, trackpad, gyro-based air mouse, gyro-pointer, joystick, and multi-touch trackpad can support fake touch interactions. Android includes the feature constant android.hardware.faketouch, which corresponds to a high-fidelity non-touch (pointer-based) input device such as a mouse or trackpad that can adequately emulate touch-based input (including basic gesture support), and indicates that the device supports an emulated subset of touchscreen functionality. Device implementations that declare the fake touch feature MUST meet the fake touch requirements in <a href="#7_2_5_fake_touch_input">section 7.2.5</a>.
- </p>
- <p>
- Device implementations MUST report the correct feature corresponding to the type of input used. Device implementations that include a touchscreen (single-touch or better) MUST report the platform feature constant android.hardware.touchscreen. Device implementations that report the platform feature constant android.hardware.touchscreen MUST also report the platform feature constant android.hardware.faketouch. Device implementations that do not include a touchscreen (and rely on a pointer device only) MUST NOT report any touchscreen feature, and MUST report only android.hardware.faketouch if they meet the fake touch requirements in <a href="#7_2_5_fake_touch_input">section 7.2.5</a>.
- </p>
- <h3>
- 7.2.5. Fake Touch Input
- </h3>
- <p>
- Device implementations that declare support for android.hardware.faketouch:
- </p>
- <ul>
- <li>MUST report the <a href="http://developer.android.com/reference/android/view/MotionEvent.html">absolute X and Y screen positions</a> of the pointer location and display a visual pointer on the screen.
- </li>
- <li>MUST report touch event with the action code that specifies the state change that occurs on the pointer <a href="http://developer.android.com/reference/android/view/MotionEvent.html">going down or up on the screen</a>.
- </li>
- <li>MUST support pointer down and up on an object on the screen, which allows users to emulate tap on an object on the screen.
- </li>
- <li>MUST support pointer down, pointer up, pointer down then pointer up in the same place on an object on the screen within a time threshold, which allows users to <a href="http://developer.android.com/reference/android/view/MotionEvent.html">emulate double tap</a> on an object on the screen.
- </li>
- <li>MUST support pointer down on an arbitrary point on the screen, pointer move to any other arbitrary point on the screen, followed by a pointer up, which allows users to emulate a touch drag.
- </li>
- <li>MUST support pointer down then allow users to quickly move the object to a different position on the screen and then pointer up on the screen, which allows users to fling an object on the screen.
- </li>
- </ul>
- <p>
- Devices that declare support for android.hardware.faketouch.multitouch.distinct MUST meet the requirements for faketouch above, and MUST also support distinct tracking of two or more independent pointer inputs.
- </p>
- <h3>
- 7.2.6. Game Controller Support
- </h3>
- <p>
- Android Television device implementations MUST support button mappings for game controllers as listed below. The upstream Android implementation includes implementation for game controllers that satisfies this requirement.
- </p>
- <h4>
- 7.2.6.1. Button Mappings
- </h4>
- <p>
- Android Television device implementations MUST support the following key mappings:
- </p>
- <table>
- <tr>
- <th>
- Button
- </th>
- <th>
- HID Usage<sup>2</sup>
- </th>
- <th>
- Android Button
- </th>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_A">A</a><sup>1</sup>
- </td>
- <td>
- 0x09 0x0001
- </td>
- <td>
- KEYCODE_BUTTON_A (96)
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_B">B</a><sup>1</sup>
- </td>
- <td>
- 0x09 0x0002
- </td>
- <td>
- KEYCODE_BUTTON_B (97)
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_X">X</a><sup>1</sup>
- </td>
- <td>
- 0x09 0x0004
- </td>
- <td>
- KEYCODE_BUTTON_X (99)
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_Y">Y</a><sup>1</sup>
- </td>
- <td>
- 0x09 0x0005
- </td>
- <td>
- KEYCODE_BUTTON_Y (100)
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_UP">D-pad up</a><sup>1</sup><br />
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_DOWN">D-pad down</a><sup>1</sup>
- </td>
- <td>
- 0x01 0x0039<sup>3</sup>
- </td>
- <td>
- <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_HAT_Y">AXIS_HAT_Y</a><sup>4</sup>
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_LEFT">D-pad left</a>1<br />
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_RIGHT">D-pad right</a><sup>1</sup>
- </td>
- <td>
- 0x01 0x0039<sup>3</sup>
- </td>
- <td>
- <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_HAT_X">AXIS_HAT_X</a><sup>4</sup>
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_L1">Left shoulder button</a><sup>1</sup>
- </td>
- <td>
- 0x09 0x0007
- </td>
- <td>
- KEYCODE_BUTTON_L1 (102)
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_R1">Right shoulder button</a><sup>1</sup>
- </td>
- <td>
- 0x09 0x0008
- </td>
- <td>
- KEYCODE_BUTTON_R1 (103)
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_THUMBL">Left stick click</a><sup>1</sup>
- </td>
- <td>
- 0x09 0x000E
- </td>
- <td>
- KEYCODE_BUTTON_THUMBL (106)
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_THUMBR">Right stick click</a><sup>1</sup>
- </td>
- <td>
- 0x09 0x000F
- </td>
- <td>
- KEYCODE_BUTTON_THUMBR (107)
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_HOME">Home</a><sup>1</sup>
- </td>
- <td>
- 0x0c 0x0223
- </td>
- <td>
- KEYCODE_HOME (3)
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BACK">Back</a><sup>1</sup>
- </td>
- <td>
- 0x0c 0x0224
- </td>
- <td>
- KEYCODE_BACK (4)
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 <a href="http://developer.android.com/reference/android/view/KeyEvent.html">KeyEvent</a>
- </p>
- <p class="table_footnote">
- 2 The above HID usages must be declared within a Game pad CA (0x01 0x0005).
- </p>
- <p class="table_footnote">
- 3 This usage must have a Logical Minimum of 0, a Logical Maximum of 7, a Physical Minimum of 0, a Physical Maximum of 315, Units in Degrees, and a Report Size of 4. The logical value is defined to be the clockwise rotation away from the vertical axis; for example, a logical value of 0 represents no rotation and the up button being pressed, while a logical value of 1 represents a rotation of 45 degrees and both the up and left keys being pressed.
- </p>
- <p class="table_footnote">
- 4 <a href="http://developer.android.com/reference/android/view/MotionEvent.html">MotionEvent</a>
- </p>
- <table>
- <tr>
- <th>
- Analog Controls<sup>1</sup>
- </th>
- <th>
- HID Usage
- </th>
- <th>
- Android Button
- </th>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_LTRIGGER">Left Trigger</a>
- </td>
- <td>
- 0x02 0x00C5
- </td>
- <td>
- AXIS_LTRIGGER
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_THROTTLE">Right Trigger</a>
- </td>
- <td>
- 0x02 0x00C4
- </td>
- <td>
- AXIS_RTRIGGER
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_Y">Left Joystick</a>
- </td>
- <td>
- 0x01 0x0030<br />
- 0x01 0x0031
- </td>
- <td>
- AXIS_X<br />
- AXIS_Y
- </td>
- </tr>
- <tr>
- <td>
- <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_Z">Right Joystick</a>
- </td>
- <td>
- 0x01 0x0032<br />
- 0x01 0x0035
- </td>
- <td>
- AXIS_Z<br />
- AXIS_RZ
- </td>
- </tr>
- </table>
- <p class="table_footnote">
- 1 <a href="http://developer.android.com/reference/android/view/MotionEvent.html">MotionEvent</a>
- </p>
- <h3>
- 7.2.7. Remote Control
- </h3>
- <p>
- Android Television device implementations SHOULD provide a remote control to allow users to access the TV interface. The remote control MAY be a physical remote or can be a software-based remote that is accessible from a mobile phone or tablet. The remote control MUST meet the requirements defined below.
- </p>
- <ul>
- <li>
- <strong>Search affordance</strong>. Device implementations MUST fire KEYCODE_SEARCH when the user invokes voice search either on the physical or software-based remote.
- </li>
- <li>
- <strong>Navigation</strong>. All Android Television remotes MUST include <a href="http://developer.android.com/reference/android/view/KeyEvent.html">Back, Home, and Select buttons and support for D-pad events</a>.
- </li>
- </ul>
- <h2>
- 7.3. Sensors
- </h2>
- <p>
- Android includes APIs for accessing a variety of sensor types. Devices implementations generally MAY omit these sensors, as provided for in the following subsections. If a device includes a particular sensor type that has a corresponding API for third-party developers, the device implementation MUST implement that API as described in the Android SDK documentation and the Android Open Source documentation on <a href="http://source.android.com/devices/sensors/">sensors</a>. For example, device implementations:
- </p>
- <ul>
- <li>MUST accurately report the presence or absence of sensors per the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager</a> class.
- </li>
- <li>MUST return an accurate list of supported sensors via the SensorManager.getSensorList() and similar methods.
- </li>
- <li>MUST behave reasonably for all other sensor APIs (for example, by returning true or false as appropriate when applications attempt to register listeners, not calling sensor listeners when the corresponding sensors are not present; etc.).
- </li>
- <li>MUST <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html">report all sensor measurements</a> using the relevant International System of Units (metric) values for each sensor type as defined in the Android SDK documentation.
- </li>
- <li>SHOULD <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html#timestamp">report the event time</a> in nanoseconds as defined in the Android SDK documentation, representing the time the event happened and synchronized with the SystemClock.elapsedRealtimeNano() clock. Existing and new Android devices are <strong>STRONGLY RECOMMENDED</strong> to meet these requirements so they will be able to upgrade to the future platform releases where this might become a REQUIRED component. The synchronization error SHOULD be below 100 milliseconds.
- </li>
- <li>MUST report sensor data with a maximum latency of 100 milliseconds + 2 * sample_time for the case of a sensor streamed with a minimum required latency of 5 ms + 2 * sample_time when the application processor is active. This delay does not include any filtering delays.
- </li>
- <li>MUST report the first sensor sample within 400 milliseconds + 2 * sample_time of the sensor being activated. It is acceptable for this sample to have an accuracy of 0.
- </li>
- </ul>
- <p>
- The list above is not comprehensive; the documented behavior of the Android SDK and the Android Open Source Documentations on <a href="http://source.android.com/devices/sensors/">sensors</a> is to be considered authoritative.
- </p>
- <p>
- Some sensor types are composite, meaning they can be derived from data provided by one or more other sensors. (Examples include the orientation sensor and the linear acceleration sensor.) Device implementations SHOULD implement these sensor types, when they include the prerequisite physical sensors as described in <a href="https://source.android.com/devices/sensors/sensor-types.html">sensor types</a>. If a device implementation includes a composite sensor it MUST implement the sensor as described in the Android Open Source documentation on <a href="https://source.android.com/devices/sensors/sensor-types.html#composite_sensor_type_summary">composite sensors</a>.
- </p>
- <p>
- Some Android sensors support a <a href="https://source.android.com/devices/sensors/report-modes.html#continuous">“continuous” trigger mode</a>, which returns data continuously. For any API indicated by the Android SDK documentation to be a continuous sensor, device implementations MUST continuously provide periodic data samples that SHOULD have a jitter below 3%, where jitter is defined as the standard deviation of the difference of the reported timestamp values between consecutive events.
- </p>
- <p>
- Note that the device implementations MUST ensure that the sensor event stream MUST NOT prevent the device CPU from entering a suspend state or waking up from a suspend state.
- </p>
- <p>
- Finally, when several sensors are activated, the power consumption SHOULD NOT exceed the sum of the individual sensor’s reported power consumption.
- </p>
- <h3>
- 7.3.1. Accelerometer
- </h3>
- <p>
- Device implementations SHOULD include a 3-axis accelerometer. Android Handheld devices, Android Automotive implementations, and Android Watch devices are STRONGLY RECOMMENDED to include this sensor. If a device implementation does include a 3-axis accelerometer, it:
- </p>
- <ul>
- <li>MUST implement and report <a href="http://developer.android.com/reference/android/hardware/Sensor.html#TYPE_ACCELEROMETER">TYPE_ACCELEROMETER sensor</a>.
- </li>
- <li>MUST be able to report events up to a frequency of at least 50 Hz for Android Watch devices as such devices have a stricter power constraint and 100 Hz for all other device types.
- </li>
- <li>SHOULD report events up to at least 200 Hz.
- </li>
- <li>MUST comply with the <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html">Android sensor coordinate system</a> as detailed in the Android APIs. Android Automotive implementations MUST comply with the Android <a href="http://source.android.com/devices/sensors/sensor-types.html#auto_axes">car sensor coordinate system</a>.
- </li>
- <li>MUST be capable of measuring from freefall up to four times the gravity (4g) or more on any axis.
- </li>
- <li>MUST have a resolution of at least 12-bits and SHOULD have a resolution of at least 16-bits.
- </li>
- <li>SHOULD be calibrated while in use if the characteristics changes over the life cycle and compensated, and preserve the compensation parameters between device reboots.
- </li>
- <li>SHOULD be temperature compensated.
- </li>
- <li>MUST have a standard deviation no greater than 0.05 m/s^, where the standard deviation should be calculated on a per axis basis on samples collected over a period of at least 3 seconds at the fastest sampling rate.
- </li>
- <li>SHOULD implement the TYPE_SIGNIFICANT_MOTION, TYPE_TILT_DETECTOR, TYPE_STEP_DETECTOR, TYPE_STEP_COUNTER composite sensors as described in the Android SDK document. Existing and new Android devices are <strong>STRONGLY RECOMMENDED</strong> to implement the TYPE_SIGNIFICANT_MOTION composite sensor. If any of these sensors are implemented, the sum of their power consumption MUST always be less than 4 mW and SHOULD each be below 2 mW and 0.5 mW for when the device is in a dynamic or static condition.
- </li>
- <li>If a gyroscope sensor is included, MUST implement the TYPE_GRAVITY and TYPE_LINEAR_ACCELERATION composite sensors and SHOULD implement the TYPE_GAME_ROTATION_VECTOR composite sensor. Existing and new Android devices are STRONGLY RECOMMENDED to implement the TYPE_GAME_ROTATION_VECTOR sensor.
- </li>
- <li>MUST implement a TYPE_ROTATION_VECTOR composite sensor, if a gyroscope sensor and a magnetometer sensor is also included.
- </li>
- </ul>
- <h3>
- 7.3.2. Magnetometer
- </h3>
- <p>
- Device implementations SHOULD include a 3-axis magnetometer (compass). If a device does include a 3-axis magnetometer, it:
- </p>
- <ul>
- <li>MUST implement the TYPE_MAGNETIC_FIELD sensor and SHOULD also implement TYPE_MAGNETIC_FIELD_UNCALIBRATED sensor. Existing and new Android devices are STRONGLY RECOMMENDED to implement the TYPE_MAGNETIC_FIELD_UNCALIBRATED sensor.
- </li>
- <li>MUST be able to report events up to a frequency of at least 10 Hz and SHOULD report events up to at least 50 Hz.
- </li>
- <li>MUST comply with the <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html">Android sensor coordinate system</a> as detailed in the Android APIs.
- </li>
- <li>MUST be capable of measuring between -900 µT and +900 µT on each axis before saturating.
- </li>
- <li>MUST have a hard iron offset value less than 700 µT and SHOULD have a value below 200 µT, by placing the magnetometer far from dynamic (current-induced) and static (magnet-induced) magnetic fields.
- </li>
- <li>MUST have a resolution equal or denser than 0.6 µT and SHOULD have a resolution equal or denser than 0.2 µT.
- </li>
- <li>SHOULD be temperature compensated.
- </li>
- <li>MUST support online calibration and compensation of the hard iron bias, and preserve the compensation parameters between device reboots.
- </li>
- <li>MUST have the soft iron compensation applied—the calibration can be done either while in use or during the production of the device.
- </li>
- <li>SHOULD have a standard deviation, calculated on a per axis basis on samples collected over a period of at least 3 seconds at the fastest sampling rate, no greater than 0.5 µT.
- </li>
- <li>MUST implement a TYPE_ROTATION_VECTOR composite sensor, if an accelerometer sensor and a gyroscope sensor is also included.
- </li>
- <li>MAY implement the TYPE_GEOMAGNETIC_ROTATION_VECTOR sensor if an accelerometer sensor is also implemented. However if implemented, it MUST consume less than 10 mW and SHOULD consume less than 3 mW when the sensor is registered for batch mode at 10 Hz.
- </li>
- </ul>
- <h3>
- 7.3.3. GPS
- </h3>
- <p>
- Device implementations SHOULD include a GPS/GNSS receiver. If a device implementation does include a GPS/GNSS receiver and reports the capability to applications through the <code>android.hardware.location.gps</code> feature flag:
- </p>
- <ul>
- <li>It is STRONGLY RECOMMENDED that the device continue to deliver normal GPS/GNSS outputs to applications during an emergency phone call and that location output not be blocked during an emergency phone call.
- </li>
- <li>It MUST support location outputs at a rate of at least 1 Hz when requested via <code>LocationManager#requestLocationUpdate</code>.
- </li>
- <li>It MUST be able to determine the location in open-sky conditions (strong signals, negligible multipath, HDOP < 2) within 10 seconds (fast time to first fix), when connected to a 0.5 Mbps or faster data speed internet connection. This requirement is typically met by the use of some form of Assisted or Predicted GPS/GNSS technique to minimize GPS/GNSS lock-on time (Assistance data includes Reference Time, Reference Location and Satellite Ephemeris/Clock).
- <ul>
- <li>After making such a location calculation, it is STRONGLY RECOMMENDED for the device to be able to determine its location, in open sky, within 10 seconds, when location requests are restarted, up to an hour after the initial location calculation, even when the subsequent request is made without a data connection, and/or after a power cycle.
- </li>
- </ul>
- </li>
- <li>In open sky conditions after determining the location, while stationary or moving with less than 1 meter per second squared of acceleration:
- <ul>
- <li>It MUST be able to determine location within 20 meters, and speed within 0.5 meters per second, at least 95% of the time.
- </li>
- <li>It MUST simultaneously track and report via <a href="https://developer.android.com/reference/android/location/GnssStatus.Callback.html#GnssStatus.Callback()'">GnssStatus.Callback</a> at least 8 satellites from one constellation.
- </li>
- <li>It SHOULD be able to simultaneously track at least 24 satellites, from multiple constellations (e.g. GPS + at least one of Glonass, Beidou, Galileo).
- </li>
- </ul>
- </li>
- <li>It MUST report the GNSS technology generation through the test API ‘getGnssYearOfHardware’.
- </li>
- <li>It is STRONGLY RECOMMENDED to meet and MUST meet all requirements below if the GNSS technology generation is reported as the year "2016" or newer.
- <ul>
- <li>It MUST report GPS measurements, as soon as they are found, even if a location calculated from GPS/GNSS is not yet reported.
- </li>
- <li>It MUST report GPS pseudoranges and pseudorange rates, that, in open-sky conditions after determining the location, while stationary or moving with less than 0.2 meter per second squared of acceleration, are sufficient to calculate position within 20 meters, and speed within 0.2 meters per second, at least 95% of the time.
- </li>
- </ul>
- </li>
- </ul>
- <p>
- Note that while some of the GPS requirements above are stated as STRONGLY RECOMMENDED, the Compatibility Definition for the next major version is expected to change these to a MUST.
- </p>
- <h3>
- 7.3.4. Gyroscope
- </h3>
- <p>
- Device implementations SHOULD include a gyroscope (angular change sensor). Devices SHOULD NOT include a gyroscope sensor unless a 3-axis accelerometer is also included. If a device implementation includes a gyroscope, it:
- </p>
- <ul>
- <li>MUST implement the TYPE_GYROSCOPE sensor and SHOULD also implement TYPE_GYROSCOPE_UNCALIBRATED sensor. Existing and new Android devices are STRONGLY RECOMMENDED to implement the SENSOR_TYPE_GYROSCOPE_UNCALIBRATED sensor.
- </li>
- <li>MUST be capable of measuring orientation changes up to 1,000 degrees per second.
- </li>
- <li>MUST be able to report events up to a frequency of at least 50 Hz for Android Watch devices as such devices have a stricter power constraint and 100 Hz for all other device types.
- </li>
- <li>SHOULD report events up to at least 200 Hz.
- </li>
- <li>MUST have a resolution of 12-bits or more and SHOULD have a resolution of 16-bits or more.
- </li>
- <li>MUST be temperature compensated.
- </li>
- <li>MUST be calibrated and compensated while in use, and preserve the compensation parameters between device reboots.
- </li>
- <li>MUST have a variance no greater than 1e-7 rad^2 / s^2 per Hz (variance per Hz, or rad^2 / s). The variance is allowed to vary with the sampling rate, but must be constrained by this value. In other words, if you measure the variance of the gyro at 1 Hz sampling rate it should be no greater than 1e-7 rad^2/s^2.
- </li>
- <li>MUST implement a TYPE_ROTATION_VECTOR composite sensor, if an accelerometer sensor and a magnetometer sensor is also included.
- </li>
- <li>If an accelerometer sensor is included, MUST implement the TYPE_GRAVITY and TYPE_LINEAR_ACCELERATION composite sensors and SHOULD implement the TYPE_GAME_ROTATION_VECTOR composite sensor. Existing and new Android devices are STRONGLY RECOMMENDED to implement the TYPE_GAME_ROTATION_VECTOR sensor.
- </li>
- </ul>
- <h3>
- 7.3.5. Barometer
- </h3>
- <p>
- Device implementations SHOULD include a barometer (ambient air pressure sensor). If a device implementation includes a barometer, it:
- </p>
- <ul>
- <li>MUST implement and report TYPE_PRESSURE sensor.
- </li>
- <li>MUST be able to deliver events at 5 Hz or greater.
- </li>
- <li>MUST have adequate precision to enable estimating altitude.
- </li>
- <li>MUST be temperature compensated.
- </li>
- </ul>
- <h3>
- 7.3.6. Thermometer
- </h3>
- <p>
- Device implementations MAY include an ambient thermometer (temperature sensor). If present, it MUST be defined as SENSOR_TYPE_AMBIENT_TEMPERATURE and it MUST measure the ambient (room) temperature in degrees Celsius.
- </p>
- <p>
- Device implementations MAY but SHOULD NOT include a CPU temperature sensor. If present, it MUST be defined as SENSOR_TYPE_TEMPERATURE, it MUST measure the temperature of the device CPU, and it MUST NOT measure any other temperature. Note the SENSOR_TYPE_TEMPERATURE sensor type was deprecated in Android 4.0.
- </p>
- <div class="note">
- For Android Automotive implementations, SENSOR_TYPE_AMBIENT_TEMPERATURE MUST measure the temperature inside the vehicle cabin.
- </div>
- <h3>
- 7.3.7. Photometer
- </h3>
- <p>
- Device implementations MAY include a photometer (ambient light sensor).
- </p>
- <h3>
- 7.3.8. Proximity Sensor
- </h3>
- <p>
- Device implementations MAY include a proximity sensor. Devices that can make a voice call and indicate any value other than PHONE_TYPE_NONE in getPhoneType SHOULD include a proximity sensor. If a device implementation does include a proximity sensor, it:
- </p>
- <ul>
- <li>MUST measure the proximity of an object in the same direction as the screen. That is, the proximity sensor MUST be oriented to detect objects close to the screen, as the primary intent of this sensor type is to detect a phone in use by the user. If a device implementation includes a proximity sensor with any other orientation, it MUST NOT be accessible through this API.
- </li>
- <li>MUST have 1-bit of accuracy or more.
- </li>
- </ul>
- <h3>
- 7.3.9. High Fidelity Sensors
- </h3>
- <p>
- Device implementations supporting a set of higher quality sensors that can meet all the requirements listed in this section MUST identify the support through the <code>android.hardware.sensor.hifi_sensors</code> feature flag.
- </p>
- <p>
- A device declaring android.hardware.sensor.hifi_sensors MUST support all of the following sensor types meeting the quality requirements as below:
- </p>
- <ul>
- <li>SENSOR_TYPE_ACCELEROMETER
- <ul>
- <li>MUST have a measurement range between at least -8g and +8g.
- </li>
- <li>MUST have a measurement resolution of at least 1024 LSB/G.
- </li>
- <li>MUST have a minimum measurement frequency of 12.5 Hz or lower.
- </li>
- <li>MUST have a maximum measurement frequency of 400 Hz or higher.
- </li>
- <li>MUST have a measurement noise not above 400 uG/√Hz.
- </li>
- <li>MUST implement a non-wake-up form of this sensor with a buffering capability of at least 3000 sensor events.
- </li>
- <li>MUST have a batching power consumption not worse than 3 mW.
- </li>
- <li>SHOULD have a stationary noise bias stability of \<15 μg √Hz from 24hr static dataset.
- </li>
- <li>SHOULD have a bias change vs. temperature of ≤ +/- 1mg / °C.
- </li>
- <li>SHOULD have a best-fit line non-linearity of ≤ 0.5%, and sensitivity change vs. temperature of ≤ 0.03%/C°.
- </li>
- </ul>
- </li>
- <li>
- <p>
- SENSOR_TYPE_GYROSCOPE
- </p>
- <ul>
- <li>MUST have a measurement range between at least -1000 and +1000 dps.
- </li>
- <li>MUST have a measurement resolution of at least 16 LSB/dps.
- </li>
- <li>MUST have a minimum measurement frequency of 12.5 Hz or lower.
- </li>
- <li>MUST have a maximum measurement frequency of 400 Hz or higher.
- </li>
- <li>MUST have a measurement noise not above 0.014°/s/√Hz.
- </li>
- <li>SHOULD have a stationary bias stability of < 0.0002 °/s √Hz from 24-hour static dataset.
- </li>
- <li>SHOULD have a bias change vs. temperature of ≤ +/- 0.05 °/ s / °C.
- </li>
- <li>SHOULD have a sensitivity change vs. temperature of ≤ 0.02% / °C.
- </li>
- <li>SHOULD have a best-fit line non-linearity of ≤ 0.2%.
- </li>
- <li>SHOULD have a noise density of ≤ 0.007 °/s/√Hz.
- </li>
- </ul>
- </li>
- <li>
- <p>
- SENSOR_TYPE_GYROSCOPE_UNCALIBRATED with the same quality requirements as SENSOR_TYPE_GYROSCOPE.
- </p>
- </li>
- <li>SENSOR_TYPE_GEOMAGNETIC_FIELD
- <ul>
- <li>MUST have a measurement range between at least -900 and +900 uT.
- </li>
- <li>MUST have a measurement resolution of at least 5 LSB/uT.
- </li>
- <li>MUST have a minimum measurement frequency of 5 Hz or lower.
- </li>
- <li>MUST have a maximum measurement frequency of 50 Hz or higher.
- </li>
- <li>MUST have a measurement noise not above 0.5 uT.
- </li>
- </ul>
- </li>
- <li>SENSOR_TYPE_MAGNETIC_FIELD_UNCALIBRATED with the same quality requirements as SENSOR_TYPE_GEOMAGNETIC_FIELD and in addition:
- <ul>
- <li>MUST implement a non-wake-up form of this sensor with a buffering capability of at least 600 sensor events.
- </li>
- </ul>
- </li>
- <li>SENSOR_TYPE_PRESSURE
- <ul>
- <li>MUST have a measurement range between at least 300 and 1100 hPa.
- </li>
- <li>MUST have a measurement resolution of at least 80 LSB/hPa.
- </li>
- <li>MUST have a minimum measurement frequency of 1 Hz or lower.
- </li>
- <li>MUST have a maximum measurement frequency of 10 Hz or higher.
- </li>
- <li>MUST have a measurement noise not above 2 Pa/√Hz.
- </li>
- <li>MUST implement a non-wake-up form of this sensor with a buffering capability of at least 300 sensor events.
- </li>
- <li>MUST have a batching power consumption not worse than 2 mW.
- </li>
- </ul>
- </li>
- <li>SENSOR_TYPE_GAME_ROTATION_VECTOR
- <ul>
- <li>MUST implement a non-wake-up form of this sensor with a buffering capability of at least 300 sensor events.
- </li>
- <li>MUST have a batching power consumption not worse than 4 mW.
- </li>
- </ul>
- </li>
- <li>SENSOR_TYPE_SIGNIFICANT_MOTION
- <ul>
- <li>MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.
- </li>
- </ul>
- </li>
- <li>SENSOR_TYPE_STEP_DETECTOR
- <ul>
- <li>MUST implement a non-wake-up form of this sensor with a buffering capability of at least 100 sensor events.
- </li>
- <li>MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.
- </li>
- <li>MUST have a batching power consumption not worse than 4 mW.
- </li>
- </ul>
- </li>
- <li>SENSOR_TYPE_STEP_COUNTER
- <ul>
- <li>MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.
- </li>
- </ul>
- </li>
- <li>SENSOR_TILT_DETECTOR
- <ul>
- <li>MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.
- </li>
- </ul>
- </li>
- </ul>
- <p>
- Also such a device MUST meet the following sensor subsystem requirements:
- </p>
- <ul>
- <li>The event timestamp of the same physical event reported by the Accelerometer, Gyroscope sensor and Magnetometer MUST be within 2.5 milliseconds of each other.
- </li>
- <li>The Gyroscope sensor event timestamps MUST be on the same time base as the camera subsystem and within 1 milliseconds of error.
- </li>
- <li>High Fidelity sensors MUST deliver samples to applications within 5 milliseconds from the time when the data is available on the physical sensor to the application.
- </li>
- <li>The power consumption MUST not be higher than 0.5 mW when device is static and 2.0 mW when device is moving when any combination of the following sensors are enabled:
- <ul>
- <li>SENSOR_TYPE_SIGNIFICANT_MOTION
- </li>
- <li>SENSOR_TYPE_STEP_DETECTOR
- </li>
- <li>SENSOR_TYPE_STEP_COUNTER
- </li>
- <li>SENSOR_TILT_DETECTORS
- </li>
- </ul>
- </li>
- </ul>
- <p>
- Note that all power consumption requirements in this section do not include the power consumption of the Application Processor. It is inclusive of the power drawn by the entire sensor chain—the sensor, any supporting circuitry, any dedicated sensor processing system, etc.
- </p>
- <p>
- The following sensor types MAY also be supported on a device implementation declaring android.hardware.sensor.hifi_sensors, but if these sensor types are present they MUST meet the following minimum buffering capability requirement:
- </p>
- <ul>
- <li>SENSOR_TYPE_PROXIMITY: 100 sensor events
- </li>
- </ul>
- <h3>
- 7.3.10. Fingerprint Sensor
- </h3>
- <p>
- Device implementations with a secure lock screen SHOULD include a fingerprint sensor. If a device implementation includes a fingerprint sensor and has a corresponding API for third-party developers, it:
- </p>
- <ul>
- <li>MUST declare support for the android.hardware.fingerprint feature.
- </li>
- <li>MUST fully implement the <a href="https://developer.android.com/reference/android/hardware/fingerprint/package-summary.html">corresponding API</a> as described in the Android SDK documentation.
- </li>
- <li>MUST have a false acceptance rate not higher than 0.002%.
- </li>
- <li>Is STRONGLY RECOMMENDED to have a false rejection rate of less than 10%, as measured on the device
- </li>
- <li>Is STRONGLY RECOMMENDED to have a latency below 1 second, measured from when the fingerprint sensor is touched until the screen is unlocked, for one enrolled finger.
- </li>
- <li>MUST rate limit attempts for at least 30 seconds after five false trials for fingerprint verification.
- </li>
- <li>MUST have a hardware-backed keystore implementation, and perform the fingerprint matching in a Trusted Execution Environment (TEE) or on a chip with a secure channel to the TEE.
- </li>
- <li>MUST have all identifiable fingerprint data encrypted and cryptographically authenticated such that they cannot be acquired, read or altered outside of the Trusted Execution Environment (TEE) as documented in the <a href="https://source.android.com/devices/tech/security/authentication/fingerprint-hal.html">implementation guidelines</a> on the Android Open Source Project site.
- </li>
- <li>MUST prevent adding a fingerprint without first establishing a chain of trust by having the user confirm existing or add a new device credential (PIN/pattern/password) that's secured by TEE; the Android Open Source Project implementation provides the mechanism in the framework to do so.
- </li>
- <li>MUST NOT enable 3rd-party applications to distinguish between individual fingerprints.
- </li>
- <li>MUST honor the DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT flag.
- </li>
- <li>MUST, when upgraded from a version earlier than Android 6.0, have the fingerprint data securely migrated to meet the above requirements or removed.
- </li>
- <li>SHOULD use the Android Fingerprint icon provided in the Android Open Source Project.
- </li>
- </ul>
- <h3>
- 7.3.11. Android Automotive-only sensors
- </h3>
- <p>
- Automotive-specific sensors are defined in the <code>android.car.CarSensorManager API</code>.
- </p>
- <h4>
- 7.3.11.1. Current Gear
- </h4>
- <p>
- Android Automotive implementations SHOULD provide current gear as SENSOR_TYPE_GEAR.
- </p>
- <h4>
- 7.3.11.2. Day Night Mode
- </h4>
- <p>
- Android Automotive implementations MUST support day/night mode defined as SENSOR_TYPE_NIGHT. The value of this flag MUST be consistent with dashboard day/night mode and SHOULD be based on ambient light sensor input. The underlying ambient light sensor MAY be the same as <a href="#7_3_7_photometer">Photometer</a>.
- </p>
- <h4>
- 7.3.11.3. Driving Status
- </h4>
- <p>
- Android Automotive implementations MUST support driving status defined as SENSOR_TYPE_DRIVING_STATUS, with a default value of DRIVE_STATUS_UNRESTRICTED when the vehicle is fully stopped and parked. It is the responsibility of device manufacturers to configure SENSOR_TYPE_DRIVING_STATUS in compliance with all laws and regulations that apply to markets where the product is shipping.
- </p>
- <h4>
- 7.3.11.4. Wheel Speed
- </h4>
- <p>
- Android Automotive implementations MUST provide vehicle speed defined as SENSOR_TYPE_CAR_SPEED.
- </p>
- <h2>
- 7.3.12. Pose Sensor
- </h2>
- <p>
- Device implementations MAY support pose sensor with 6 degrees of freedom. Android Handheld devices are RECOMMENDED to support this sensor. If a device implementation does support pose sensor with 6 degrees of freedom, it:
- </p>
- <ul>
- <li>MUST implement and report <a href="https://developer.android.com/reference/android/hardware/Sensor.html#TYPE_POSE_6DOF"><code>TYPE_POSE_6DOF</code></a> sensor.
- </li>
- <li>MUST be more accurate than the rotation vector alone.
- </li>
- </ul>
- <h2>
- 7.4. Data Connectivity
- </h2>
- <h3>
- 7.4.1. Telephony
- </h3>
- <p>
- “Telephony” as used by the Android APIs and this document refers specifically to hardware related to placing voice calls and sending SMS messages via a GSM or CDMA network. While these voice calls may or may not be packet-switched, they are for the purposes of Android considered independent of any data connectivity that may be implemented using the same network. In other words, the Android “telephony” functionality and APIs refer specifically to voice calls and SMS. For instance, device implementations that cannot place calls or send/receive SMS messages MUST NOT report the android.hardware.telephony feature or any subfeatures, regardless of whether they use a cellular network for data connectivity.
- </p>
- <p>
- Android MAY be used on devices that do not include telephony hardware. That is, Android is compatible with devices that are not phones. However, if a device implementation does include GSM or CDMA telephony, it MUST implement full support for the API for that technology. Device implementations that do not include telephony hardware MUST implement the full APIs as no-ops.
- </p>
- <h4>
- 7.4.1.1. Number Blocking Compatibility
- </h4>
- <p>
- Android Telephony device implementations MUST include number blocking support and:
- </p>
- <ul>
- <li>MUST fully implement <a href="http://developer.android.com/reference/android/provider/BlockedNumberContract.html">BlockedNumberContract</a> and the corresponding API as described in the SDK documentation.
- </li>
- <li>MUST block all calls and messages from a phone number in 'BlockedNumberProvider' without any interaction with apps. The only exception is when number blocking is temporarily lifted as described in the SDK documentation.
- </li>
- <li>MUST NOT write to the <a href="http://developer.android.com/reference/android/provider/CallLog.html">platform call log provider</a> for a blocked call.
- </li>
- <li>MUST NOT write to the <a href="http://developer.android.com/reference/android/provider/Telephony.html">Telephony provider</a> for a blocked message.
- </li>
- <li>MUST implement a blocked numbers management UI, which is opened with the intent returned by TelecomManager.createManageBlockedNumbersIntent() method.
- </li>
- <li>MUST NOT allow secondary users to view or edit the blocked numbers on the device as the Android platform assumes the primary user to have full control of the telephony services, a single instance, on the device. All blocking related UI MUST be hidden for secondary users and the blocked list MUST still be respected.
- </li>
- <li>SHOULD migrate the blocked numbers into the provider when a device updates to Android 7.0.
- </li>
- </ul>
- <h3>
- 7.4.2. IEEE 802.11 (Wi-Fi)
- </h3>
- <p>
- All Android device implementations SHOULD include support for one or more forms of 802.11. If a device implementation does include support for 802.11 and exposes the functionality to a third-party application, it MUST implement the corresponding Android API and:
- </p>
- <ul>
- <li>MUST report the hardware feature flag android.hardware.wifi.
- </li>
- <li>MUST implement the <a href="http://developer.android.com/reference/android/net/wifi/WifiManager.MulticastLock.html">multicast API</a> as described in the SDK documentation.
- </li>
- <li>MUST support multicast DNS (mDNS) and MUST NOT filter mDNS packets (224.0.0.251) at any time of operation including:
- <ul>
- <li>Even when the screen is not in an active state.
- </li>
- <li>For Android Television device implementations, even when in standby power states.
- </li>
- </ul>
- </li>
- </ul>
- <h4>
- 7.4.2.1. Wi-Fi Direct
- </h4>
- <p>
- Device implementations SHOULD include support for Wi-Fi Direct (Wi-Fi peer-to-peer). If a device implementation does include support for Wi-Fi Direct, it MUST implement the <a href="http://developer.android.com/reference/android/net/wifi/p2p/WifiP2pManager.html">corresponding Android API</a> as described in the SDK documentation. If a device implementation includes support for Wi-Fi Direct, then it:
- </p>
- <ul>
- <li>MUST report the hardware feature android.hardware.wifi.direct.
- </li>
- <li>MUST support regular Wi-Fi operation.
- </li>
- <li>SHOULD support concurrent Wi-Fi and Wi-Fi Direct operation.
- </li>
- </ul>
- <h4>
- 7.4.2.2. Wi-Fi Tunneled Direct Link Setup
- </h4>
- <p>
- Device implementations SHOULD include support for <a href="http://developer.android.com/reference/android/net/wifi/WifiManager.html">Wi-Fi Tunneled Direct Link Setup (TDLS)</a> as described in the Android SDK Documentation. If a device implementation does include support for TDLS and TDLS is enabled by the WiFiManager API, the device:
- </p>
- <ul>
- <li>SHOULD use TDLS only when it is possible AND beneficial.
- </li>
- <li>SHOULD have some heuristic and NOT use TDLS when its performance might be worse than going through the Wi-Fi access point.
- </li>
- </ul>
- <h3>
- 7.4.3. Bluetooth
- </h3>
- <div class="note">
- Android Watch implementations MUST support Bluetooth. Android Television implementations MUST support Bluetooth and Bluetooth LE. Android Automotive implementations MUST support Bluetooth and SHOULD support Bluetooth LE.
- </div>
- <p>
- Device implementations that support <code>android.hardware.vr.high_performance</code> feature MUST support Bluetooth 4.2 and Bluetooth LE Data Length Extension.
- </p>
- <p>
- Android includes support for <a href="http://developer.android.com/reference/android/bluetooth/package-summary.html">Bluetooth and Bluetooth Low Energy</a>. Device implementations that include support for Bluetooth and Bluetooth Low Energy MUST declare the relevant platform features (android.hardware.bluetooth and android.hardware.bluetooth_le respectively) and implement the platform APIs. Device implementations SHOULD implement relevant Bluetooth profiles such as A2DP, AVCP, OBEX, etc. as appropriate for the device.
- </p>
- <p>
- Android Automotive implementations SHOULD support Message Access Profile (MAP). Android Automotive implementations MUST support the following Bluetooth profiles:
- </p>
- <ul>
- <li>Phone calling over Hands-Free Profile (HFP).
- </li>
- <li>Media playback over Audio Distribution Profile (A2DP).
- </li>
- <li>Media playback control over Remote Control Profile (AVRCP).
- </li>
- <li>Contact sharing using the Phone Book Access Profile (PBAP).
- </li>
- </ul>
- <p>
- Device implementations including support for Bluetooth Low Energy:
- </p>
- <ul>
- <li>MUST declare the hardware feature android.hardware.bluetooth_le.
- </li>
- <li>MUST enable the GATT (generic attribute profile) based Bluetooth APIs as described in the SDK documentation and <a href="http://developer.android.com/reference/android/bluetooth/package-summary.html">android.bluetooth</a>.
- </li>
- <li>are STRONGLY RECOMMENDED to implement a Resolvable Private Address (RPA) timeout no longer than 15 minutes and rotate the address at timeout to protect user privacy.
- </li>
- <li>SHOULD support offloading of the filtering logic to the bluetooth chipset when implementing the <a href="https://developer.android.com/reference/android/bluetooth/le/ScanFilter.html">ScanFilter API</a>, and MUST report the correct value of where the filtering logic is implemented whenever queried via the android.bluetooth.BluetoothAdapter.isOffloadedFilteringSupported() method.
- </li>
- <li>SHOULD support offloading of the batched scanning to the bluetooth chipset, but if not supported, MUST report ‘false’ whenever queried via the android.bluetooth.BluetoothAdapter.isOffloadedScanBatchingSupported() method.
- </li>
- <li>SHOULD support multi advertisement with at least 4 slots, but if not supported, MUST report ‘false’ whenever queried via the android.bluetooth.BluetoothAdapter.isMultipleAdvertisementSupported() method.
- </li>
- </ul>
- <h3>
- 7.4.4. Near-Field Communications
- </h3>
- <p>
- Device implementations SHOULD include a transceiver and related hardware for Near-Field Communications (NFC). If a device implementation does include NFC hardware and plans to make it available to third-party apps, then it:
- </p>
- <ul>
- <li>MUST report the android.hardware.nfc feature from the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager.hasSystemFeature() method</a>.
- </li>
- <li>MUST be capable of reading and writing NDEF messages via the following NFC standards:
- <ul>
- <li>MUST be capable of acting as an NFC Forum reader/writer (as defined by the NFC Forum technical specification NFCForum-TS-DigitalProtocol-1.0) via the following NFC standards:
- <ul>
- <li>NfcA (ISO14443-3A)
- </li>
- <li>NfcB (ISO14443-3B)
- </li>
- <li>NfcF (JIS X 6319-4)
- </li>
- <li>IsoDep (ISO 14443-4)
- </li>
- <li>NFC Forum Tag Types 1, 2, 3, 4 (defined by the NFC Forum)
- </li>
- </ul>
- </li>
- <li>STRONGLY RECOMMENDED to be capable of reading and writing NDEF messages as well as raw data via the following NFC standards. Note that while the NFC standards below are stated as STRONGLY RECOMMENDED, the Compatibility Definition for a future version is planned to change these to MUST. These standards are optional in this version but will be required in future versions. Existing and new devices that run this version of Android are very strongly encouraged to meet these requirements now so they will be able to upgrade to the future platform releases.
- <ul>
- <li>NfcV (ISO 15693)
- </li>
- </ul>
- </li>
- <li>SHOULD be capable of reading the barcode and URL (if encoded) of <a href="http://developer.android.com/reference/android/nfc/tech/NfcBarcode.html">Thinfilm NFC Barcode</a> products.
- </li>
- <li>MUST be capable of transmitting and receiving data via the following peer-to-peer standards and protocols:
- <ul>
- <li>ISO 18092
- </li>
- <li>LLCP 1.2 (defined by the NFC Forum)
- </li>
- <li>SDP 1.0 (defined by the NFC Forum)
- </li>
- <li>
- <a href="http://static.googleusercontent.com/media/source.android.com/en/us/compatibility/ndef-push-protocol.pdf">NDEF Push Protocol</a>
- </li>
- <li>SNEP 1.0 (defined by the NFC Forum)
- </li>
- </ul>
- </li>
- <li>MUST include support for <a href="http://developer.android.com/guide/topics/connectivity/nfc/nfc.html">Android Beam</a>.
- </li>
- <li>MUST implement the SNEP default server. Valid NDEF messages received by the default SNEP server MUST be dispatched to applications using the android.nfc.ACTION_NDEF_DISCOVERED intent. Disabling Android Beam in settings MUST NOT disable dispatch of incoming NDEF message.
- </li>
- <li>MUST honor the android.settings.NFCSHARING_SETTINGS intent to show <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_NFCSHARING_SETTINGS">NFC sharing settings</a>.
- </li>
- <li>MUST implement the NPP server. Messages received by the NPP server MUST be processed the same way as the SNEP default server.
- </li>
- <li>MUST implement a SNEP client and attempt to send outbound P2P NDEF to the default SNEP server when Android Beam is enabled. If no default SNEP server is found then the client MUST attempt to send to an NPP server.
- </li>
- <li>MUST allow foreground activities to set the outbound P2P NDEF message using android.nfc.NfcAdapter.setNdefPushMessage, and android.nfc.NfcAdapter.setNdefPushMessageCallback, and android.nfc.NfcAdapter.enableForegroundNdefPush.
- </li>
- <li>SHOULD use a gesture or on-screen confirmation, such as 'Touch to Beam', before sending outbound P2P NDEF messages.
- </li>
- <li>SHOULD enable Android Beam by default and MUST be able to send and receive using Android Beam, even when another proprietary NFC P2p mode is turned on.
- </li>
- <li>MUST support NFC Connection handover to Bluetooth when the device supports Bluetooth Object Push Profile. Device implementations MUST support connection handover to Bluetooth when using android.nfc.NfcAdapter.setBeamPushUris, by implementing the “<a href="http://members.nfc-forum.org/specs/spec_list/#conn_handover">Connection Handover version 1.2</a>” and “<a href="http://members.nfc-forum.org/apps/group_public/download.php/18688/NFCForum-AD-BTSSP_1_1.pdf">Bluetooth Secure Simple Pairing Using NFC version 1.0</a>” specs from the NFC Forum. Such an implementation MUST implement the handover LLCP service with service name “urn:nfc:sn:handover” for exchanging the handover request/select records over NFC, and it MUST use the Bluetooth Object Push Profile for the actual Bluetooth data transfer. For legacy reasons (to remain compatible with Android 4.1 devices), the implementation SHOULD still accept SNEP GET requests for exchanging the handover request/select records over NFC. However an implementation itself SHOULD NOT send SNEP GET requests for performing connection handover.
- </li>
- <li>MUST poll for all supported technologies while in NFC discovery mode.
- </li>
- <li>SHOULD be in NFC discovery mode while the device is awake with the screen active and the lock-screen unlocked.
- </li>
- </ul>
- </li>
- </ul>
- <p>
- (Note that publicly available links are not available for the JIS, ISO, and NFC Forum specifications cited above.)
- </p>
- <p>
- Android includes support for NFC Host Card Emulation (HCE) mode. If a device implementation does include an NFC controller chipset capable of HCE (for NfcA and/or NfcB) and it supports Application ID (AID) routing, then it:
- </p>
- <ul>
- <li>MUST report the android.hardware.nfc.hce feature constant.
- </li>
- <li>MUST support <a href="http://developer.android.com/guide/topics/connectivity/nfc/hce.html">NFC HCE APIs</a> as defined in the Android SDK.
- </li>
- </ul>
- <p>
- If a device implementation does include an NFC controller chipset capable of HCE for NfcF, and it implements the feature for third-party applications, then it:
- </p>
- <ul>
- <li>MUST report the android.hardware.nfc.hcef feature constant.
- </li>
- <li>MUST implement the [NfcF Card Emulation APIs] (https://developer.android.com/reference/android/nfc/cardemulation/NfcFCardEmulation.html) as defined in the Android SDK.
- </li>
- </ul>
- <p>
- Additionally, device implementations MAY include reader/writer support for the following MIFARE technologies.
- </p>
- <ul>
- <li>MIFARE Classic
- </li>
- <li>MIFARE Ultralight
- </li>
- <li>NDEF on MIFARE Classic
- </li>
- </ul>
- <p>
- Note that Android includes APIs for these MIFARE types. If a device implementation supports MIFARE in the reader/writer role, it:
- </p>
- <ul>
- <li>MUST implement the corresponding Android APIs as documented by the Android SDK.
- </li>
- <li>MUST report the feature com.nxp.mifare from the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager.hasSystemFeature()</a> method. Note that this is not a standard Android feature and as such does not appear as a constant in the android.content.pm.PackageManager class.
- </li>
- <li>MUST NOT implement the corresponding Android APIs nor report the com.nxp.mifare feature unless it also implements general NFC support as described in this section.
- </li>
- </ul>
- <p>
- If a device implementation does not include NFC hardware, it MUST NOT declare the android.hardware.nfc feature from the <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">android.content.pm.PackageManager.hasSystemFeature()</a> method, and MUST implement the Android NFC API as a no-op.
- </p>
- <p>
- As the classes android.nfc.NdefMessage and android.nfc.NdefRecord represent a protocol-independent data representation format, device implementations MUST implement these APIs even if they do not include support for NFC or declare the android.hardware.nfc feature.
- </p>
- <h3>
- 7.4.5. Minimum Network Capability
- </h3>
- <p>
- Device implementations MUST include support for one or more forms of data networking. Specifically, device implementations MUST include support for at least one data standard capable of 200Kbit/sec or greater. Examples of technologies that satisfy this requirement include EDGE, HSPA, EV-DO, 802.11g, Ethernet, Bluetooth PAN, etc.
- </p>
- <p>
- Device implementations where a physical networking standard (such as Ethernet) is the primary data connection SHOULD also include support for at least one common wireless data standard, such as 802.11 (Wi-Fi).
- </p>
- <p>
- Devices MAY implement more than one form of data connectivity.
- </p>
- <p>
- Devices MUST include an IPv6 networking stack and support IPv6 communication using the managed APIs, such as <code>java.net.Socket</code> and <code>java.net.URLConnection</code>, as well as the native APIs, such as <code>AF_INET6</code> sockets. The required level of IPv6 support depends on the network type, as follows:
- </p>
- <ul>
- <li>Devices that support Wi-Fi networks MUST support dual-stack and IPv6-only operation on Wi-Fi.
- </li>
- <li>Devices that support Ethernet networks MUST support dual-stack operation on Ethernet.
- </li>
- <li>Devices that support cellular data SHOULD support IPv6 operation (IPv6-only and possibly dual-stack) on cellular data.
- </li>
- <li>When a device is simultaneously connected to more than one network (e.g., Wi-Fi and cellular data), it MUST simultaneously meet these requirements on each network to which it is connected.
- </li>
- </ul>
- <p>
- IPv6 MUST be enabled by default.
- </p>
- <p>
- In order to ensure that IPv6 communication is as reliable as IPv4, unicast IPv6 packets sent to the device MUST NOT be dropped, even when the screen is not in an active state. Redundant multicast IPv6 packets, such as repeated identical Router Advertisements, MAY be rate-limited in hardware or firmware if doing so is necessary to save power. In such cases, rate-limiting MUST NOT cause the device to lose IPv6 connectivity on any IPv6-compliant network that uses RA lifetimes of at least 180 seconds.
- </p>
- <p>
- IPv6 connectivity MUST be maintained in doze mode.
- </p>
- <h3>
- 7.4.6. Sync Settings
- </h3>
- <p>
- Device implementations MUST have the master auto-sync setting on by default so that the method <a href="http://developer.android.com/reference/android/content/ContentResolver.html">getMasterSyncAutomatically()</a> returns “true”.
- </p>
- <h3>
- 7.4.7. Data Saver
- </h3>
- <p>
- Device implementations with a metered connection are STRONGLY RECOMMENDED to provide the data saver mode.
- </p>
- <p>
- If a device implementation provides the data saver mode, it:
- </p>
- <ul>
- <li>
- <p>
- MUST support all the APIs in the <code>ConnectivityManager</code> class as described in the <a href="https://developer.android.com/training/basics/network-ops/data-saver.html">SDK documentation</a>
- </p>
- </li>
- <li>
- <p>
- MUST provide a user interface in the settings, allowing users to add applications to or remove applications from the whitelist.
- </p>
- </li>
- </ul>
- <p>
- Conversely if a device implementation does not provide the data saver mode, it:
- </p>
- <ul>
- <li>
- <p>
- MUST return the value <code>RESTRICT_BACKGROUND_STATUS_DISABLED</code> for <a href="https://developer.android.com/reference/android/net/ConnectivityManager.html#getRestrictBackgroundStatus%28%29"><code>ConnectivityManager.getRestrictBackgroundStatus()</code></a>
- </p>
- </li>
- <li>
- <p>
- MUST not broadcast <code>ConnectivityManager.ACTION_RESTRICT_BACKGROUND_CHANGED</code>
- </p>
- </li>
+ See
+ <a href="#5_1_1_audio_codecs">
+ section 5.1.1
+ </a>
+ for details on AAC and its variants.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ AAC with ADTS framing and ID3 tags
+ </td>
+ <td>
+ <a href="http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43345">
+ ISO 13818-7
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#5_1_1_audio_codecs">
+ section 5.1.1
+ </a>
+ for details on AAC and its variants
+ </td>
+ </tr>
+ <tr>
+ <td>
+ WebVTT
+ </td>
+ <td>
+ <a href="http://dev.w3.org/html5/webvtt/">
+ WebVTT
+ </a>
+ </td>
+ <td>
+ </td>
+ </tr>
+ </table>
+ <ul>
+ <li>
+ <p>
+ RTSP (RTP, SDP)
+ </p>
+ <p>
+ The following RTP audio video profile and related codecs MUST be supported.
+For exceptions please see the table footnotes in
+ <a href="#5_1_media_codecs">
+ section 5.1
+ </a>.
+ </p>
+ </li>
+ </ul>
+ <table>
+ <tr>
+ <th>
+ Profile name
+ </th>
+ <th>
+ Reference(s)
+ </th>
+ <th>
+ Required codec support
+ </th>
+ </tr>
+ <tr>
+ <td>
+ H264 AVC
+ </td>
+ <td>
+ <a href="https://tools.ietf.org/html/rfc6184">
+ RFC 6184
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#5_1_3_video_codecs">
+ section 5.1.3
+ </a>
+ for details on H264 AVC
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MP4A-LATM
+ </td>
+ <td>
+ <a href="https://tools.ietf.org/html/rfc6416">
+ RFC 6416
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#5_1_1_audio_codecs">
+ section 5.1.1
+ </a>
+ for details on AAC and its variants
+ </td>
+ </tr>
+ <tr>
+ <td>
+ H263-1998
+ </td>
+ <td>
+ <a href="https://tools.ietf.org/html/rfc3551">
+ RFC 3551
+ </a>
+ <br/>
+ <a href="https://tools.ietf.org/html/rfc4629">
+ RFC 4629
+ </a>
+ <br/>
+ <a href="https://tools.ietf.org/html/rfc2190">
+ RFC 2190
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#5_1_3_video_codecs">
+ section 5.1.3
+ </a>
+ for details on H263
+ </td>
+ </tr>
+ <tr>
+ <td>
+ H263-2000
+ </td>
+ <td>
+ <a href="https://tools.ietf.org/html/rfc4629">
+ RFC 4629
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#5_1_3_video_codecs">
+ section 5.1.3
+ </a>
+ for details on H263
+ </td>
+ </tr>
+ <tr>
+ <td>
+ AMR
+ </td>
+ <td>
+ <a href="https://tools.ietf.org/html/rfc4867">
+ RFC 4867
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#5_1_1_audio_codecs">
+ section 5.1.1
+ </a>
+ for details on AMR-NB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ AMR-WB
+ </td>
+ <td>
+ <a href="https://tools.ietf.org/html/rfc4867">
+ RFC 4867
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#5_1_1_audio_codecs">
+ section 5.1.1
+ </a>
+ for details on AMR-WB
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MP4V-ES
+ </td>
+ <td>
+ <a href="https://tools.ietf.org/html/rfc6416">
+ RFC 6416
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#5_1_3_video_codecs">
+ section 5.1.3
+ </a>
+ for details on MPEG-4 SP
+ </td>
+ </tr>
+ <tr>
+ <td>
+ mpeg4-generic
+ </td>
+ <td>
+ <a href="https://tools.ietf.org/html/rfc3640">
+ RFC 3640
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#5_1_1_audio_codecs">
+ section 5.1.1
+ </a>
+ for details on AAC and its variants
+ </td>
+ </tr>
+ <tr>
+ <td>
+ MP2T
+ </td>
+ <td>
+ <a href="https://tools.ietf.org/html/rfc2250">
+ RFC 2250
+ </a>
+ </td>
+ <td>
+ See
+ <a href="#mp2t">
+ MPEG-2 Transport Stream
+ </a>
+ underneath HTTP Live Streaming for details
+ </td>
+ </tr>
+ </table>
+ <h3 id="5_8_secure_media">
+ 5.8. Secure Media
+ </h3>
+ <p>
+ Device implementations that support secure video output and are capable of
+supporting secure surfaces MUST declare support for Display.FLAG_SECURE. Device
+implementations that declare support for Display.FLAG_SECURE, if they support a
+wireless display protocol, MUST secure the link with a cryptographically strong
+mechanism such as HDCP 2.x or higher for Miracast wireless displays. Similarly
+if they support a wired external display, the device implementations MUST
+support HDCP 1.2 or higher. Android Television device implementations MUST
+support HDCP 2.2 for devices supporting 4K resolution and HDCP 1.4 or above for
+lower resolutions. The upstream Android open source implementation includes
+support for wireless (Miracast) and wired (HDMI) displays that satisfies this
+requirement.
+ </p>
+ <h3 id="5_9_musical_instrument_digital_interface_(midi)">
+ 5.9. Musical Instrument Digital Interface (MIDI)
+ </h3>
+ <p>
+ If a device implementation supports the inter-app MIDI software transport
+(virtual MIDI devices), and it supports MIDI over
+ <em>
+ all
+ </em>
+ of the following
+MIDI-capable hardware transports for which it provides generic non-MIDI
+connectivity, it is STRONGLY RECOMMENDED to report support for feature
+android.software.midi via the
+ <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">
+ android.content.pm.PackageManager
+ </a>
+ class.
+ </p>
+ <p>
+ The MIDI-capable hardware transports are:
+ </p>
+ <ul>
+ <li>
+ USB host mode (section 7.7 USB)
+ </li>
+ <li>
+ USB peripheral mode (section 7.7 USB)
+ </li>
+ <li>
+ MIDI over Bluetooth LE acting in central role (section 7.4.3 Bluetooth)
+ </li>
+ </ul>
+ <p>
+ Conversely, if the device implementation provides generic non-MIDI connectivity
+over a particular MIDI-capable hardware transport listed above, but does not
+support MIDI over that hardware transport, it MUST NOT report support for
+feature android.software.midi.
+ </p>
+ <h3 id="5_10_professional_audio">
+ 5.10. Professional Audio
+ </h3>
+ <p>
+ If a device implementation meets
+ <em>
+ all
+ </em>
+ of the following requirements, it is
+STRONGLY RECOMMENDED to report support for feature android.hardware.audio.pro
+via the
+ <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">
+ android.content.pm.PackageManager
+ </a>
+ class.
+ </p>
+ <ul>
+ <li>
+ The device implementation MUST report support for feature
+android.hardware.audio.low_latency.
+ </li>
+ <li>
+ The continuous round-trip audio latency, as defined in section 5.6 Audio
+Latency, MUST be 20 milliseconds or less and SHOULD be 10 milliseconds or less
+over at least one supported path.
+ </li>
+ <li>
+ If the device includes a 4 conductor 3.5mm audio jack, the continuous
+round-trip audio latency MUST be 20 milliseconds or less over the audio jack
+path, and SHOULD be 10 milliseconds or less over at the audio jack path.
+ </li>
+ <li>
+ The device implementation MUST include a USB port(s) supporting USB host
+mode and USB peripheral mode.
+ </li>
+ <li>
+ The USB host mode MUST implement the USB audio class.
+ </li>
+ <li>
+ If the device includes an HDMI port, the device implementation MUST support
+output in stereo and eight channels at 20-bit or 24-bit depth and 192 kHz
+without bit-depth loss or resampling.
+ </li>
+ <li>
+ The device implementation MUST report support for feature
+android.software.midi.
+ </li>
+ <li>
+ If the device includes a 4 conductor 3.5mm audio jack, the device
+implementation is STRONGLY RECOMMENDED to comply with section
+ <a href="https://source.android.com/accessories/headset/specification.html#mobile_device_jack_specifications">
+ Mobile device
+(jack) specifications
+ </a>
+ of the
+ <a href="https://source.android.com/accessories/headset/specification.html">
+ Wired Audio Headset Specification (v1.1)
+ </a>.
+ </li>
+ </ul>
+ <p>
+ Latencies and USB audio requirements MUST be met using the
+ <a href="https://developer.android.com/ndk/guides/audio/opensl-for-android.html">
+ OpenSL ES
+ </a>
+ PCM buffer queue API.
+ </p>
+ <p>
+ In addition, a device implementation that reports support for this feature SHOULD:
+ </p>
+ <ul>
+ <li>
+ Provide a sustainable level of CPU performance while audio is active.
+ </li>
+ <li>
+ Minimize audio clock inaccuracy and drift relative to standard time.
+ </li>
+ <li>
+ Minimize audio clock drift relative to the CPU
+ <code>
+ CLOCK_MONOTONIC
+ </code>
+ when both are active.
+ </li>
+ <li>
+ Minimize audio latency over on-device transducers.
+ </li>
+ <li>
+ Minimize audio latency over USB digital audio.
+ </li>
+ <li>
+ Document audio latency measurements over all paths.
+ </li>
+ <li>
+ Minimize jitter in audio buffer completion callback entry times, as this affects usable percentage of full CPU bandwidth by the callback.
+ </li>
+ <li>
+ Provide zero audio underruns (output) or overruns (input) under normal use at reported latency.
+ </li>
+ <li>
+ Provide zero inter-channel latency difference.
+ </li>
+ <li>
+ Minimize MIDI mean latency over all transports.
+ </li>
+ <li>
+ Minimize MIDI latency variability under load (jitter) over all transports.
+ </li>
+ <li>
+ Provide accurate MIDI timestamps over all transports.
+ </li>
+ <li>
+ Minimize audio signal noise over on-device transducers, including the period immediately after cold start.
+ </li>
+ <li>
+ Provide zero audio clock difference between the input and output sides of corresponding
+ end-points, when both are active. Examples of corresponding end-points include
+ the on-device microphone and speaker, or the audio jack input and output.
+ </li>
+ <li>
+ Handle audio buffer completion callbacks for the input and output sides of corresponding
+ end-points on the same thread when both are active, and enter the output callback immediately
+ after the return from the input callback. Or if it is not feasible to handle the callbacks
+ on the same thread, then enter the output callback shortly after entering the input callback
+ to permit the application to have a consistent timing of the input and output sides.
+ </li>
+ <li>
+ Minimize the phase difference between HAL audio buffering for the input and output
+ sides of corresponding end-points.
+ </li>
+ <li>
+ Minimize touch latency.
+ </li>
+ <li>
+ Minimize touch latency variability under load (jitter).
+ </li>
+ </ul>
+ <h3 id="5_11_capture_for_unprocessed">
+ 5.11. Capture for Unprocessed
+ </h3>
+ <p>
+ Starting from Android 7.0,
+a new recording source has been added. It can be accessed using
+the
+ <code>
+ android.media.MediaRecorder.AudioSource.UNPROCESSED
+ </code>
+ audio
+source. In OpenSL ES, it can be accessed with the record preset
+ <code>
+ SL_ANDROID_RECORDING_PRESET_UNPROCESSED
+ </code>
+ .
+ </p>
+ <p>
+ A device MUST satisfy all of the following requirements to report support
+of the unprocessed audio source via the
+ <code>
+ android.media.AudioManager
+ </code>
+ property
+ <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED">
+ PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED
+ </a>:
+ </p>
+ <ul>
+ <li>
+ <p>
+ The device MUST exhibit approximately flat amplitude-versus-frequency
+characteristics in the mid-frequency range: specifically ±10dB from
+100 Hz to 7000 Hz.
+ </p>
+ </li>
+ <li>
+ <p>
+ The device MUST exhibit amplitude levels in the low frequency range:
+specifically from ±20 dB from 5 Hz to 100 Hz compared to the mid-frequency range.
+ </p>
+ </li>
+ <li>
+ <p>
+ The device MUST exhibit amplitude levels in the high frequency range:
+specifically from ±30 dB from 7000 Hz to 22 KHz compared to the mid-frequency range.
+ </p>
+ </li>
+ <li>
+ <p>
+ Audio input sensitivity MUST be set such that a 1000 Hz sinusoidal tone
+source played at 94 dB Sound Pressure Level (SPL)
+yields a response with RMS of 520 for 16
+bit-samples (or -36 dB Full Scale for floating point/double precision
+samples).
+ </p>
+ </li>
+ <li>
+ <p>
+ SNR > 60 dB (difference between 94 dB SPL and equivalent SPL of self
+noise, A-weighted).
+ </p>
+ </li>
+ <li>
+ <p>
+ Total harmonic distortion MUST be less than 1% for 1 kHZ at 90 dB SPL
+input level at the microphone.
+ </p>
+ </li>
+ <li>
+ <p>
+ The only signal processing allowed in the path is a level multiplier
+to bring the level to desired range. This level multiplier MUST NOT
+introduce delay or latency to the signal path.
+ </p>
+ </li>
+ <li>
+ <p>
+ No other signal processing is allowed in the path, such as Automatic Gain
+Control, High Pass Filter, or Echo Cancellation. If any signal processing
+is present in the architecture for any reason, it MUST be disabled and
+effectively introduce zero delay or extra latency to the signal path.
+ </p>
+ </li>
+ </ul>
+ <p>
+ All SPL measurements are made directly next to the microphone under test.
+ </p>
+ <p>
+ For multiple microphone configurations, these requirements apply to each
+microphone.
+ </p>
+ <p>
+ It is STRONGLY RECOMMENDED that a device satisfy as many of the requirements for the signal
+path for the unprocessed recording source; however, a device must satisfy
+ <em>
+ all
+ </em>
+ of these
+requirements, listed above, if it claims to support the unprocessed audio source.
+ </p>
+ <h2 id="6_developer_tools_and_options_compatibility">
+ 6. Developer Tools and Options Compatibility
+ </h2>
+ <h3 id="6_1_developer_tools">
+ 6.1. Developer Tools
+ </h3>
+ <p>
+ Device implementations MUST support the Android Developer Tools provided in the
+Android SDK. Android compatible devices MUST be compatible with:
+ </p>
+ <ul>
+ <li>
+ <a href="http://developer.android.com/tools/help/adb.html">
+ <strong>
+ Android Debug Bridge (adb)
+ </strong>
+ </a>
+ <ul>
+ <li>
+ Device implementations MUST support all adb functions as documented in
+the Android SDK including
+ <a href="https://source.android.com/devices/input/diagnostics.html">
+ dumpsys
+ </a>.
+ </li>
+ <li>
+ The device-side adb daemon MUST be inactive by default and there MUST
+be a user-accessible mechanism to turn on the Android Debug Bridge. If a device
+implementation omits USB peripheral mode, it MUST implement the Android Debug
+Bridge via local-area network (such as Ethernet or 802.11).
+ </li>
+ <li>
+ Android includes support for secure adb. Secure adb enables adb on
+known authenticated hosts. Device implementations MUST support secure adb.
+ </li>
+ </ul>
+ </li>
+ <li>
+ <a href="http://developer.android.com/tools/debugging/ddms.html">
+ <strong>
+ Dalvik Debug Monitor Service (ddms)
+ </strong>
+ </a>
+ <ul>
+ <li>
+ Device implementations MUST support all ddms features as documented in the Android SDK.
+ </li>
+ <li>
+ As ddms uses adb, support for ddms SHOULD be inactive by default, but MUST be supported whenever the user has activated the Android Debug Bridge, as above.
+ </li>
+ </ul>
+ </li>
+ <li>
+ <a href="http://developer.android.com/tools/help/monkey.html">
+ <strong>
+ Monkey
+ </strong>
+ </a>
+ Device
+implementations MUST include the Monkey framework, and make it available for
+applications to use.
+ </li>
+ <li>
+ <a href="http://developer.android.com/tools/help/systrace.html">
+ <strong>
+ SysTrace
+ </strong>
+ </a>
+ <ul>
+ <li>
+ Device implementations MUST support systrace tool as documented in the
+Android SDK. Systrace must be inactive by default, and there MUST be a
+user-accessible mechanism to turn on Systrace.
+ </li>
+ <li>
+ Most Linux-based systems and Apple Macintosh systems recognize Android
+devices using the standard Android SDK tools, without additional support;
+however Microsoft Windows systems typically require a driver for new Android
+devices. (For instance, new vendor IDs and sometimes new device IDs require
+custom USB drivers for Windows systems.)
+ </li>
+ <li>
+ If a device implementation is unrecognized by the adb tool as provided
+in the standard Android SDK, device implementers MUST provide Windows drivers
+allowing developers to connect to the device using the adb protocol. These
+drivers MUST be provided for Windows XP, Windows Vista, Windows 7, Windows 8,
+and Windows 10 in both 32-bit and 64-bit versions.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <h3 id="6_2_developer_options">
+ 6.2. Developer Options
+ </h3>
+ <p>
+ Android includes support for developers to configure application
+development-related settings. Device implementations MUST honor the
+ <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_APPLICATION_DEVELOPMENT_SETTINGS">
+ android.settings.APPLICATION_DEVELOPMENT_SETTINGS
+ </a>
+ intent to show application development-related settings The upstream Android
+implementation hides the Developer Options menu by default and enables users to
+launch Developer Options after pressing seven (7) times on the
+ <strong>
+ Settings
+ </strong>
+ >
+ <strong>
+ About Device
+ </strong>
+ >
+ <strong>
+ Build Number
+ </strong>
+ menu item. Device implementations MUST
+provide a consistent experience for Developer Options. Specifically, device
+implementations MUST hide Developer Options by default and MUST provide a
+mechanism to enable Developer Options that is consistent with the upstream
+Android implementation.
+ </p>
+ <div class="note">
+ Android Automotive implementations MAY limit access to the Developer Options
+menu by visually hiding or disabling the menu when the vehicle is in motion.
+ </div>
+ <h2 id="7_hardware_compatibility">
+ 7. Hardware Compatibility
+ </h2>
+ <p>
+ If a device includes a particular hardware component that has a corresponding
+API for third-party developers, the device implementation MUST implement that
+API as described in the Android SDK documentation. If an API in the SDK
+interacts with a hardware component that is stated to be optional and the
+device implementation does not possess that component:
+ </p>
+ <ul>
+ <li>
+ Complete class definitions (as documented by the SDK) for the component
+APIs MUST still be presented.
+ </li>
+ <li>
+ The API’s behaviors MUST be implemented as no-ops in some reasonable
+fashion.
+ </li>
+ <li>
+ API methods MUST return null values where permitted by the SDK
+documentation.
+ </li>
+ <li>
+ API methods MUST return no-op implementations of classes where null values
+are not permitted by the SDK documentation.
+ </li>
+ <li>
+ API methods MUST NOT throw exceptions not documented by the SDK
+documentation.
+ </li>
+ </ul>
+ <p>
+ A typical example of a scenario where these requirements apply is the telephony
+API: Even on non-phone devices, these APIs must be implemented as reasonable
+no-ops.
+ </p>
+ <p>
+ Device implementations MUST consistently report accurate hardware configuration
+information via the getSystemAvailableFeatures() and hasSystemFeature(String)
+methods on the
+ <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">
+ android.content.pm.PackageManager
+ </a>
+ class for the same build fingerprint.
+ </p>
+ <h3 id="7_1_display_and_graphics">
+ 7.1. Display and Graphics
+ </h3>
+ <p>
+ Android includes facilities that automatically adjust application assets and UI
+layouts appropriately for the device to ensure that third-party applications
+run well on a
+ <a href="http://developer.android.com/guide/practices/screens_support.html">
+ variety of hardware configurations
+ </a>.
+Devices MUST properly implement these APIs and behaviors, as detailed in this
+section.
+ </p>
+ <p>
+ The units referenced by the requirements in this section are defined as follows:
+ </p>
+ <ul>
+ <li>
+ <strong>
+ physical diagonal size
+ </strong>
+ . The distance in inches between two opposing
+corners of the illuminated portion of the display.
+ </li>
+ <li>
+ <strong>
+ dots per inch (dpi)
+ </strong>
+ . The number of pixels encompassed by a linear
+horizontal or vertical span of 1”. Where dpi values are listed, both horizontal
+and vertical dpi must fall within the range.
+ </li>
+ <li>
+ <strong>
+ aspect ratio
+ </strong>
+ . The ratio of the pixels of the longer dimension to the
+shorter dimension of the screen. For example, a display of 480x854 pixels would
+be 854/480 = 1.779, or roughly “16:9”.
+ </li>
+ <li>
+ <strong>
+ density-independent pixel (dp)
+ </strong>
+ . The virtual pixel unit normalized to a
+160 dpi screen, calculated as: pixels = dps * (density/160).
+ </li>
+ </ul>
+ <h4 id="7_1_1_screen_configuration">
+ 7.1.1. Screen Configuration
+ </h4>
+ <h5 id="7_1_1_1_screen_size">
+ 7.1.1.1. Screen Size
+ </h5>
+ <div class="note">
+ Android Watch devices (detailed in
+ <a href="#2_device_types">
+ section 2
+ </a>
+ ) MAY have
+smaller screen sizes as described in this section.
+ </div>
+ <p>
+ The Android UI framework supports a variety of different screen sizes, and
+allows applications to query the device screen size (aka “screen layout") via
+android.content.res.Configuration.screenLayout with the SCREENLAYOUT_SIZE_MASK.
+Device implementations MUST report the correct
+ <a href="http://developer.android.com/guide/practices/screens_support.html">
+ screen size
+ </a>
+ as
+defined in the Android SDK documentation and determined by the upstream Android
+platform. Specifically, device implementations MUST report the correct screen
+size according to the following logical density-independent pixel (dp) screen
+dimensions.
+ </p>
+ <ul>
+ <li>
+ Devices MUST have screen sizes of at least 426 dp x 320 dp (‘small’),
+unless it is an Android Watch device.
+ </li>
+ <li>
+ Devices that report screen size ‘normal’ MUST have screen sizes of at least
+480 dp x 320 dp.
+ </li>
+ <li>
+ Devices that report screen size ‘large’ MUST have screen sizes of at least
+640 dp x 480 dp.
+ </li>
+ <li>
+ Devices that report screen size ‘xlarge’ MUST have screen sizes of at least
+960 dp x 720 dp.
+ </li>
+ </ul>
+ <p>
+ In addition:
+ </p>
+ <ul>
+ <li>
+ Android Watch devices MUST have a screen with the physical diagonal size in
+the range from 1.1 to 2.5 inches.
+ </li>
+ <li>
+ Android Automotive devices MUST have a screen with the physical diagonal
+size greater than or equal to 6 inches.
+ </li>
+ <li>
+ Android Automotive devices MUST have a screen size of at least 750 dp x
+480 dp.
+ </li>
+ <li>
+ Other types of Android device implementations, with a physically integrated
+screen, MUST have a screen at least 2.5 inches in physical diagonal size.
+ </li>
+ </ul>
+ <p>
+ Devices MUST NOT change their reported screen size at any time.
+ </p>
+ <p>
+ Applications optionally indicate which screen sizes they support via the
+<supports-screens> attribute in the AndroidManifest.xml file. Device
+implementations MUST correctly honor applications' stated support for small,
+normal, large, and xlarge screens, as described in the Android SDK
+documentation.
+ </p>
+ <h5 id="7_1_1_2_screen_aspect_ratio">
+ 7.1.1.2. Screen Aspect Ratio
+ </h5>
+ <p>
+ While there is no restriction to the screen aspect ratio value of the physical
+screen display, the screen aspect ratio of the surface that third-party apps
+are rendered on and which can be derived from the values reported via the
+ <a href="https://developer.android.com/reference/android/util/DisplayMetrics.html">
+ DisplayMetrics
+ </a>
+ MUST meet the following requirements:
+ </p>
+ <ul>
+ <li>
+ If the
+ <a href="https://developer.android.com/reference/android/content/res/Configuration.html#uiMode">
+ uiMode
+ </a>
+ is configured as UI_MODE_TYPE_WATCH, the aspect ratio value MAY be set as
+1.0 (1:1).
+ </li>
+ <li>
+ If the third-party app indicates that it is resizeable via the
+ <a href="https://developer.android.com/guide/topics/ui/multi-window.html#configuring">
+ android:resizeableActivity
+ </a>
+ attribute, there are no restrictions to the aspect ratio value.
+ </li>
+ <li>
+ For all other cases, the aspect ratio MUST be a value between 1.3333 (4:3)
+and 1.86 (roughly 16:9) unless the app has indicated explicitly that it
+supports a higher screen aspect ratio through the
+ <a href="https://developer.android.com/guide/practices/screens_support.html#MaxAspectRatio">
+ maxAspectRatio
+ </a>
+ metadata value.
+ </li>
+ </ul>
+ <h5 id="7_1_1_3_screen_density">
+ 7.1.1.3. Screen Density
+ </h5>
+ <p>
+ The Android UI framework defines a set of standard logical densities to help
+application developers target application resources. By default, device
+implementations MUST report only one of the following logical Android framework
+densities through the
+ <a href="https://developer.android.com/reference/android/util/DisplayMetrics.html#DENSITY_DEVICE_STABLE">
+ DENSITY_DEVICE_STABLE
+ </a>
+ API and this value MUST NOT change at any time; however, the device MAY report
+a different arbitrary density according to the display configuration changes
+made by the user (for example, display size) set after initial boot.
+ </p>
+ <ul>
+ <li>
+ 120 dpi (ldpi)
+ </li>
+ <li>
+ 160 dpi (mdpi)
+ </li>
+ <li>
+ 213 dpi (tvdpi)
+ </li>
+ <li>
+ 240 dpi (hdpi)
+ </li>
+ <li>
+ 260 dpi (260dpi)
+ </li>
+ <li>
+ 280 dpi (280dpi)
+ </li>
+ <li>
+ 300 dpi (300dpi)
+ </li>
+ <li>
+ 320 dpi (xhdpi)
+ </li>
+ <li>
+ 340 dpi (340dpi)
+ </li>
+ <li>
+ 360 dpi (360dpi)
+ </li>
+ <li>
+ 400 dpi (400dpi)
+ </li>
+ <li>
+ 420 dpi (420dpi)
+ </li>
+ <li>
+ 480 dpi (xxhdpi)
+ </li>
+ <li>
+ 560 dpi (560dpi)
+ </li>
+ <li>
+ 640 dpi (xxxhdpi)
+ </li>
+ </ul>
+ <p>
+ Device implementations SHOULD define the standard Android framework density
+that is numerically closest to the physical density of the screen, unless that
+logical density pushes the reported screen size below the minimum supported. If
+the standard Android framework density that is numerically closest to the
+physical density results in a screen size that is smaller than the smallest
+supported compatible screen size (320 dp width), device implementations SHOULD
+report the next lowest standard Android framework density.
+ </p>
+ <p>
+ Device implementations are STRONGLY RECOMMENDED to provide users a setting to change
+the display size. If there is an implementation to change the display size of the device,
+it MUST align with the AOSP implementation as indicated below:
+ </p>
+ <ul>
+ <li>
+ The display size MUST NOT be scaled any larger than 1.5 times the native density or
+ produce an effective minimum screen dimension smaller than 320dp (equivalent
+ to resource qualifier sw320dp), whichever comes first.
+ </li>
+ <li>
+ Display size MUST NOT be scaled any smaller than 0.85 times the native density.
+ </li>
+ <li>
+ To ensure good usability and consistent font sizes, it is RECOMMENDED that the
+ following scaling of Native Display options be provided (while complying with the limits
+ specified above)
+ </li>
+ <li>
+ Small: 0.85x
+ </li>
+ <li>
+ Default: 1x (Native display scale)
+ </li>
+ <li>
+ Large: 1.15x
+ </li>
+ <li>
+ Larger: 1.3x
+ </li>
+ <li>
+ Largest 1.45x
+ </li>
+ </ul>
+ <h4 id="7_1_2_display_metrics">
+ 7.1.2. Display Metrics
+ </h4>
+ <p>
+ Device implementations MUST report correct values for all display metrics
+defined in
+ <a href="http://developer.android.com/reference/android/util/DisplayMetrics.html">
+ android.util.DisplayMetrics
+ </a>
+ and MUST report the same values regardless of whether the embedded or external
+screen is used as the default display.
+ </p>
+ <h4 id="7_1_3_screen_orientation">
+ 7.1.3. Screen Orientation
+ </h4>
+ <p>
+ Devices MUST report which screen orientations they support
+(android.hardware.screen.portrait and/or android.hardware.screen.landscape) and
+MUST report at least one supported orientation. For example, a device with a
+fixed orientation landscape screen, such as a television or laptop, SHOULD only
+report android.hardware.screen.landscape.
+ </p>
+ <p>
+ Devices that report both screen orientations MUST support dynamic orientation
+by applications to either portrait or landscape screen orientation. That is,
+the device must respect the application’s request for a specific screen
+orientation. Device implementations MAY select either portrait or landscape
+orientation as the default.
+ </p>
+ <p>
+ Devices MUST report the correct value for the device’s current orientation,
+whenever queried via the android.content.res.Configuration.orientation,
+android.view.Display.getOrientation(), or other APIs.
+ </p>
+ <p>
+ Devices MUST NOT change the reported screen size or density when changing orientation.
+ </p>
+ <h4 id="7_1_4_2d_and_3d_graphics_acceleration">
+ 7.1.4. 2D and 3D Graphics Acceleration
+ </h4>
+ <p>
+ Device implementations MUST support both OpenGL ES 1.0 and 2.0, as embodied and
+detailed in the Android SDK documentations. Device implementations SHOULD
+support OpenGL ES 3.0, 3.1, or 3.2 on devices capable of supporting it. Device
+implementations MUST also support
+ <a href="http://developer.android.com/guide/topics/renderscript/">
+ Android RenderScript
+ </a>,
+as detailed in the Android SDK documentation.
+ </p>
+ <p>
+ Device implementations MUST also correctly identify themselves as supporting
+OpenGL ES 1.0, OpenGL ES 2.0, OpenGL ES 3.0, OpenGL 3.1, or OpenGL 3.2. That is:
+ </p>
+ <ul>
+ <li>
+ The managed APIs (such as via the GLES10.getString() method) MUST report
+support for OpenGL ES 1.0 and OpenGL ES 2.0.
+ </li>
+ <li>
+ The native C/C++ OpenGL APIs (APIs available to apps via libGLES_v1CM.so,
+libGLES_v2.so, or libEGL.so) MUST report support for OpenGL ES 1.0 and OpenGL
+ES 2.0.
+ </li>
+ <li>
+ Device implementations that declare support for OpenGL ES 3.0, 3.1, or 3.2 MUST
+support the corresponding managed APIs and include support for native C/C++
+APIs. On device implementations that declare support for OpenGL ES 3.0, 3.1, or
+3.2 libGLESv2.so MUST export the corresponding function symbols in addition to
+the OpenGL ES 2.0 function symbols.
+ </li>
+ </ul>
+ <p>
+ Android provides an OpenGL ES
+ <a href="https://developer.android.com/reference/android/opengl/GLES31Ext.html">
+ extension pack
+ </a>
+ with Java interfaces and native support for advanced graphics functionality
+such as tessellation and the ASTC texture compression format. Android device
+implementations MUST support the extension pack if the device supports OpenGL
+ES 3.2 and MAY support it otherwise. If the extension pack is supported in its
+entirety, the device MUST identify the support through the
+ <code>
+ android.hardware.opengles.aep
+ </code>
+ feature flag.
+ </p>
+ <p>
+ Also, device implementations MAY implement any desired OpenGL ES extensions.
+However, device implementations MUST report via the OpenGL ES managed and
+native APIs all extension strings that they do support, and conversely MUST NOT
+report extension strings that they do not support.
+ </p>
+ <p>
+ Note that Android includes support for applications to optionally specify that
+they require specific OpenGL texture compression formats. These formats are
+typically vendor-specific. Device implementations are not required by Android
+to implement any specific texture compression format. However, they SHOULD
+accurately report any texture compression formats that they do support, via the
+getString() method in the OpenGL API.
+ </p>
+ <p>
+ Android includes a mechanism for applications to declare that they want to
+enable hardware acceleration for 2D graphics at the Application, Activity,
+Window, or View level through the use of a manifest tag
+ <a href="http://developer.android.com/guide/topics/graphics/hardware-accel.html">
+ android:hardwareAccelerated
+ </a>
+ or direct API calls.
+ </p>
+ <p>
+ Device implementations MUST enable hardware acceleration by default, and MUST
+disable hardware acceleration if the developer so requests by setting
+android:hardwareAccelerated="false” or disabling hardware acceleration directly
+through the Android View APIs.
+ </p>
+ <p>
+ In addition, device implementations MUST exhibit behavior consistent with the
+Android SDK documentation on
+ <a href="http://developer.android.com/guide/topics/graphics/hardware-accel.html">
+ hardware
+acceleration
+ </a>.
+ </p>
+ <p>
+ Android includes a TextureView object that lets developers directly integrate
+hardware-accelerated OpenGL ES textures as rendering targets in a UI hierarchy.
+Device implementations MUST support the TextureView API, and MUST exhibit
+consistent behavior with the upstream Android implementation.
+ </p>
+ <p>
+ Android includes support for EGL_ANDROID_RECORDABLE, an EGLConfig attribute
+that indicates whether the EGLConfig supports rendering to an ANativeWindow
+that records images to a video. Device implementations MUST support
+ <a href="https://www.khronos.org/registry/egl/extensions/ANDROID/EGL_ANDROID_recordable.txt">
+ EGL_ANDROID_RECORDABLE
+ </a>
+ extension.
+ </p>
+ <h4 id="7_1_5_legacy_application_compatibility_mode">
+ 7.1.5. Legacy Application Compatibility Mode
+ </h4>
+ <p>
+ Android specifies a “compatibility mode” in which the framework operates in a
+'normal' screen size equivalent (320dp width) mode for the benefit of legacy
+applications not developed for old versions of Android that pre-date
+screen-size independence.
+ </p>
+ <ul>
+ <li>
+ Android Automotive does not support legacy compatibility mode.
+ </li>
+ <li>
+ All other device implementations MUST include support for legacy
+application compatibility mode as implemented by the upstream Android open
+source code. That is, device implementations MUST NOT alter the triggers or
+thresholds at which compatibility mode is activated, and MUST NOT alter the
+behavior of the compatibility mode itself.
+ </li>
+ </ul>
+ <h4 id="7_1_6_screen_technology">
+ 7.1.6. Screen Technology
+ </h4>
+ <p>
+ The Android platform includes APIs that allow applications to render rich
+graphics to the display. Devices MUST support all of these APIs as defined by
+the Android SDK unless specifically allowed in this document.
+ </p>
+ <ul>
+ <li>
+ Devices MUST support displays capable of rendering 16-bit color graphics
+and SHOULD support displays capable of 24-bit color graphics.
+ </li>
+ <li>
+ Devices MUST support displays capable of rendering animations.
+ </li>
+ <li>
+ The display technology used MUST have a pixel aspect ratio (PAR) between
+0.9 and 1.15. That is, the pixel aspect ratio MUST be near square (1.0) with a
+10 ~ 15% tolerance.
+ </li>
+ </ul>
+ <h4 id="7_1_7_secondary_displays">
+ 7.1.7. Secondary Displays
+ </h4>
+ <p>
+ Android includes support for secondary display to enable media sharing
+capabilities and developer APIs for accessing external displays. If a device
+supports an external display either via a wired, wireless, or an embedded
+additional display connection then the device implementation MUST implement the
+ <a href="http://developer.android.com/reference/android/hardware/display/DisplayManager.html">
+ display manager
+API
+ </a>
+ as described in the Android SDK documentation.
+ </p>
+ <h3 id="7_2_input_devices">
+ 7.2. Input Devices
+ </h3>
+ <p>
+ Devices MUST support a touchscreen or meet the requirements listed in 7.2.2 for
+non-touch navigation.
+ </p>
+ <h4 id="7_2_1_keyboard">
+ 7.2.1. Keyboard
+ </h4>
+ <div class="note">
+ Android Watch and Android Automotive implementations MAY implement a soft
+keyboard. All other device implementations MUST implement a soft keyboard and:
+ </div>
+ <p>
+ Device implementations:
+ </p>
+ <ul>
+ <li>
+ MUST include support for the Input Management Framework (which allows
+third-party developers to create Input Method Editors—i.e. soft keyboard) as
+detailed at
+ <a href="http://developer.android.com">
+ http://developer.android.com
+ </a>.
+ </li>
+ <li>
+ MUST provide at least one soft keyboard implementation (regardless of
+whether a hard keyboard is present) except for Android Watch devices where the
+screen size makes it less reasonable to have a soft keyboard.
+ </li>
+ <li>
+ MAY include additional soft keyboard implementations.
+ </li>
+ <li>
+ MAY include a hardware keyboard.
+ </li>
+ <li>
+ MUST NOT include a hardware keyboard that does not match one of the formats
+specified in
+ <a href="http://developer.android.com/reference/android/content/res/Configuration.html">
+ android.content.res.Configuration.keyboard
+ </a>
+ (QWERTY or 12-key).
+ </li>
+ </ul>
+ <h4 id="7_2_2_non-touch_navigation">
+ 7.2.2. Non-touch Navigation
+ </h4>
+ <div class="note">
+ Android Television devices MUST support D-pad.
+ </div>
+ <p>
+ Device implementations:
+ </p>
+ <ul>
+ <li>
+ MAY omit a non-touch navigation option (trackball, d-pad, or wheel) if the
+device implementation is not an Android Television device.
+ </li>
+ <li>
+ MUST report the correct value for
+ <a href="http://developer.android.com/reference/android/content/res/Configuration.html">
+ android.content.res.Configuration.navigation
+ </a>.
+ </li>
+ <li>
+ MUST provide a reasonable alternative user interface mechanism for the
+selection and editing of text, compatible with Input Management Engines. The
+upstream Android open source implementation includes a selection mechanism
+suitable for use with devices that lack non-touch navigation inputs.
+ </li>
+ </ul>
+ <h4 id="7_2_3_navigation_keys">
+ 7.2.3. Navigation Keys
+ </h4>
+ <div class="note">
+ The availability and visibility requirement of the Home, Recents, and Back
+functions differ between device types as described in this section.
+ </div>
+ <p>
+ The Home, Recents, and Back functions (mapped to the key events KEYCODE_HOME,
+KEYCODE_APP_SWITCH, KEYCODE_BACK, respectively) are essential to the Android
+navigation paradigm and therefore:
+ </p>
+ <ul>
+ <li>
+ Android Handheld device implementations MUST provide the Home, Recents, and
+ Back functions.
+ </li>
+ <li>
+ Android Television device implementations MUST provide the Home and Back
+ functions.
+ </li>
+ <li>
+ Android Watch device implementations MUST have the Home function available
+ to the user, and the Back function except for when it is in
+ <code>
+ UI_MODE_TYPE_WATCH
+ </code>
+ .
+ </li>
+ <li>
+ Android Watch device implementations, and no other Android device types,
+ MAY consume the long press event on the key event
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BACK">
+ <code>
+ KEYCODE_BACK
+ </code>
+ </a>
+ and omit it from being sent to the foreground application.
+ </li>
+ <li>
+ Android Automotive implementations MUST provide the Home function and MAY
+ provide Back and Recent functions.
+ </li>
+ <li>
+ All other types of device implementations MUST provide the Home and Back
+ functions.
+ </li>
+ </ul>
+ <p>
+ These functions MAY be implemented via dedicated physical buttons (such as
+mechanical or capacitive touch buttons), or MAY be implemented using dedicated
+software keys on a distinct portion of the screen, gestures, touch panel, etc.
+Android supports both implementations. All of these functions MUST be accessible
+with a single action (e.g. tap, double-click or gesture) when visible.
+ </p>
+ <p>
+ Recents function, if provided, MUST have a visible button or icon unless hidden
+together with other navigation functions in full-screen mode. This does not
+apply to devices upgrading from earlier Android versions that have physical
+buttons for navigation and no recents key.
+ </p>
+ <p>
+ The Home and Back functions, if provided, MUST each have a visible button or
+icon unless hidden together with other navigation functions in full-screen mode
+or when the uiMode UI_MODE_TYPE_MASK is set to UI_MODE_TYPE_WATCH.
+ </p>
+ <p>
+ The Menu function is deprecated in favor of action bar since Android 4.0.
+Therefore the new device implementations shipping with Android 7.1
+and later MUST NOT implement a dedicated physical button for the Menu function.
+Older device implementations SHOULD NOT implement a dedicated physical button
+for the Menu function, but if the physical Menu button is implemented and the
+device is running applications with targetSdkVersion > 10, the device
+implementation:
+ </p>
+ <ul>
+ <li>
+ MUST display the action overflow button on the action bar when it is visible
+and the resulting action overflow menu popup is not empty. For a device
+implementation launched before Android 4.4 but upgrading to Android
+7.1, this is RECOMMENDED.
+ </li>
+ <li>
+ MUST NOT modify the position of the action overflow popup displayed by
+selecting the overflow button in the action bar.
+ </li>
+ <li>
+ MAY render the action overflow popup at a modified position on the screen
+when it is displayed by selecting the physical menu button.
+ </li>
+ </ul>
+ <p>
+ For backwards compatibility, device implementations MUST make the Menu function
+available to applications when targetSdkVersion is less than 10, either by a
+physical button, a software key, or gestures. This Menu function should be
+presented unless hidden together with other navigation functions.
+ </p>
+ <p>
+ Android device implementations supporting the
+ <a href="http://developer.android.com/reference/android/content/Intent.html#ACTION_ASSIST">
+ Assist action
+ </a>
+ and/or
+ <a href="https://developer.android.com/reference/android/service/voice/VoiceInteractionService.html">
+ <code>
+ VoiceInteractionService
+ </code>
+ </a>
+ MUST be able to launch an assist app with a single interaction (e.g. tap,
+double-click, or gesture) when other navigation keys are visible. It is STRONGLY
+RECOMMENDED to use long press on home as this interaction. The designated
+interaction MUST launch the user-selected assist app, in other words the app
+that implements a VoiceInteractionService, or an activity handling the ACTION_ASSIST intent.
+ </p>
+ <p>
+ Device implementations MAY use a distinct portion of the screen to display the
+navigation keys, but if so, MUST meet these requirements:
+ </p>
+ <ul>
+ <li>
+ Device implementation navigation keys MUST use a distinct portion of the
+screen, not available to applications, and MUST NOT obscure or otherwise
+interfere with the portion of the screen available to applications.
+ </li>
+ <li>
+ Device implementations MUST make available a portion of the display to
+applications that meets the requirements defined in
+ <a href="#7_1_1_screen_configuration">
+ section
+7.1.1
+ </a>.
+ </li>
+ <li>
+ Device implementations MUST display the navigation keys when applications do
+not specify a system UI mode, or specify SYSTEM_UI_FLAG_VISIBLE.
+ </li>
+ <li>
+ Device implementations MUST present the navigation keys in an unobtrusive
+“low profile” (eg. dimmed) mode when applications specify
+SYSTEM_UI_FLAG_LOW_PROFILE.
+ </li>
+ <li>
+ Device implementations MUST hide the navigation keys when applications
+specify SYSTEM_UI_FLAG_HIDE_NAVIGATION.
+ </li>
+ </ul>
+ <h4 id="7_2_4_touchscreen_input">
+ 7.2.4. Touchscreen Input
+ </h4>
+ <div class="note">
+ Android Handhelds and Watch Devices MUST support touchscreen input.
+ </div>
+ <p>
+ Device implementations SHOULD have a pointer input system of some kind (either
+mouse-like or touch). However, if a device implementation does not support a
+pointer input system, it MUST NOT report the android.hardware.touchscreen or
+android.hardware.faketouch feature constant. Device implementations that do
+include a pointer input system:
+ </p>
+ <ul>
+ <li>
+ SHOULD support fully independently tracked pointers, if the device input
+system supports multiple pointers.
+ </li>
+ <li>
+ MUST report the value of
+ <a href="http://developer.android.com/reference/android/content/res/Configuration.html">
+ android.content.res.Configuration.touchscreen
+ </a>
+ corresponding to the type of the specific touchscreen on the device.
+ </li>
+ </ul>
+ <p>
+ Android includes support for a variety of touchscreens, touch pads, and fake
+touch input devices.
+ <a href="http://source.android.com/devices/tech/input/touch-devices.html">
+ Touchscreen-based device implementations
+ </a>
+ are associated with a display such that the user has the impression of directly
+manipulating items on screen. Since the user is directly touching the screen,
+the system does not require any additional affordances to indicate the objects
+being manipulated. In contrast, a fake touch interface provides a user input
+system that approximates a subset of touchscreen capabilities. For example, a
+mouse or remote control that drives an on-screen cursor approximates touch, but
+requires the user to first point or focus then click. Numerous input devices
+like the mouse, trackpad, gyro-based air mouse, gyro-pointer, joystick, and
+multi-touch trackpad can support fake touch interactions. Android includes the
+feature constant android.hardware.faketouch, which corresponds to a
+high-fidelity non-touch (pointer-based) input device such as a mouse or trackpad
+that can adequately emulate touch-based input (including basic gesture support),
+and indicates that the device supports an emulated subset of touchscreen
+functionality. Device implementations that declare the fake touch feature MUST
+meet the fake touch requirements in
+ <a href="#7_2_5_fake_touch_input">
+ section 7.2.5
+ </a>.
+ </p>
+ <p>
+ Device implementations MUST report the correct feature corresponding to the type
+of input used. Device implementations that include a touchscreen (single-touch
+or better) MUST report the platform feature constant
+android.hardware.touchscreen. Device implementations that report the platform
+feature constant android.hardware.touchscreen MUST also report the platform
+feature constant android.hardware.faketouch. Device implementations that do not
+include a touchscreen (and rely on a pointer device only) MUST NOT report any
+touchscreen feature, and MUST report only android.hardware.faketouch if they
+meet the fake touch requirements in
+ <a href="#7_2_5_fake_touch_input">
+ section 7.2.5
+ </a>.
+ </p>
+ <h4 id="7_2_5_fake_touch_input">
+ 7.2.5. Fake Touch Input
+ </h4>
+ <p>
+ Device implementations that declare support for android.hardware.faketouch:
+ </p>
+ <ul>
+ <li>
+ MUST report the
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html">
+ absolute X and Y screen positions
+ </a>
+ of the pointer location and display a visual pointer on the screen.
+ </li>
+ <li>
+ MUST report touch event with the action code that specifies the state change
+that occurs on the pointer
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html">
+ going down or up on the
+screen
+ </a>.
+ </li>
+ <li>
+ MUST support pointer down and up on an object on the screen, which allows
+users to emulate tap on an object on the screen.
+ </li>
+ <li>
+ MUST support pointer down, pointer up, pointer down then pointer up in the
+same place on an object on the screen within a time threshold, which allows
+users to
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html">
+ emulate double tap
+ </a>
+ on an object on the screen.
+ </li>
+ <li>
+ MUST support pointer down on an arbitrary point on the screen, pointer move
+to any other arbitrary point on the screen, followed by a pointer up, which
+allows users to emulate a touch drag.
+ </li>
+ <li>
+ MUST support pointer down then allow users to quickly move the object to a
+different position on the screen and then pointer up on the screen, which allows
+users to fling an object on the screen.
+ </li>
+ </ul>
+ <p>
+ Devices that declare support for android.hardware.faketouch.multitouch.distinct
+MUST meet the requirements for faketouch above, and MUST also support distinct
+tracking of two or more independent pointer inputs.
+ </p>
+ <h4 id="7_2_6_game_controller_support">
+ 7.2.6. Game Controller Support
+ </h4>
+ <p>
+ Android Television device implementations MUST support button mappings for game
+controllers as listed below. The upstream Android implementation includes
+implementation for game controllers that satisfies this requirement.
+ </p>
+ <h5 id="7_2_6_1_button_mappings">
+ 7.2.6.1. Button Mappings
+ </h5>
+ <p>
+ Android Television device implementations MUST support the following key mappings:
+ </p>
+ <table>
+ <tr>
+ <th>
+ Button
+ </th>
+ <th>
+ HID Usage
+ <sup>
+ 2
+ </sup>
+ </th>
+ <th>
+ Android Button
+ </th>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_A">
+ A
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x09 0x0001
+ </td>
+ <td>
+ KEYCODE_BUTTON_A (96)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_B">
+ B
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x09 0x0002
+ </td>
+ <td>
+ KEYCODE_BUTTON_B (97)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_X">
+ X
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x09 0x0004
+ </td>
+ <td>
+ KEYCODE_BUTTON_X (99)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_Y">
+ Y
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x09 0x0005
+ </td>
+ <td>
+ KEYCODE_BUTTON_Y (100)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_UP">
+ D-pad up
+ </a>
+ <sup>
+ 1
+ </sup>
+ <br/>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_DOWN">
+ D-pad down
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x01 0x0039
+ <sup>
+ 3
+ </sup>
+ </td>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_HAT_Y">
+ AXIS_HAT_Y
+ </a>
+ <sup>
+ 4
+ </sup>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_LEFT">
+ D-pad left
+ </a>
+ 1
+ <br/>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_RIGHT">
+ D-pad right
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x01 0x0039
+ <sup>
+ 3
+ </sup>
+ </td>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_HAT_X">
+ AXIS_HAT_X
+ </a>
+ <sup>
+ 4
+ </sup>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_L1">
+ Left shoulder button
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x09 0x0007
+ </td>
+ <td>
+ KEYCODE_BUTTON_L1 (102)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_R1">
+ Right shoulder button
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x09 0x0008
+ </td>
+ <td>
+ KEYCODE_BUTTON_R1 (103)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_THUMBL">
+ Left stick click
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x09 0x000E
+ </td>
+ <td>
+ KEYCODE_BUTTON_THUMBL (106)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BUTTON_THUMBR">
+ Right stick click
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x09 0x000F
+ </td>
+ <td>
+ KEYCODE_BUTTON_THUMBR (107)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_HOME">
+ Home
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x0c 0x0223
+ </td>
+ <td>
+ KEYCODE_HOME (3)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_BACK">
+ Back
+ </a>
+ <sup>
+ 1
+ </sup>
+ </td>
+ <td>
+ 0x0c 0x0224
+ </td>
+ <td>
+ KEYCODE_BACK (4)
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html">
+ KeyEvent
+ </a>
+ </p>
+ <p class="table_footnote">
+ 2 The above HID usages must be declared within a Game
+pad CA (0x01 0x0005).
+ </p>
+ <p class="table_footnote">
+ 3 This usage must have a Logical Minimum of 0, a
+Logical Maximum of 7, a Physical Minimum of 0, a Physical Maximum of 315, Units
+in Degrees, and a Report Size of 4. The logical value is defined to be the
+clockwise rotation away from the vertical axis; for example, a logical value of
+0 represents no rotation and the up button being pressed, while a logical value
+of 1 represents a rotation of 45 degrees and both the up and left keys being
+pressed.
+ </p>
+ <p class="table_footnote">
+ 4
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html">
+ MotionEvent
+ </a>
+ </p>
+ <table>
+ <tr>
+ <th>
+ Analog Controls
+ <sup>
+ 1
+ </sup>
+ </th>
+ <th>
+ HID Usage
+ </th>
+ <th>
+ Android Button
+ </th>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_LTRIGGER">
+ Left Trigger
+ </a>
+ </td>
+ <td>
+ 0x02 0x00C5
+ </td>
+ <td>
+ AXIS_LTRIGGER
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_THROTTLE">
+ Right Trigger
+ </a>
+ </td>
+ <td>
+ 0x02 0x00C4
+ </td>
+ <td>
+ AXIS_RTRIGGER
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_Y">
+ Left Joystick
+ </a>
+ </td>
+ <td>
+ 0x01 0x0030
+ <br/>
+ 0x01 0x0031
+ </td>
+ <td>
+ AXIS_X
+ <br/>
+ AXIS_Y
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_Z">
+ Right Joystick
+ </a>
+ </td>
+ <td>
+ 0x01 0x0032
+ <br/>
+ 0x01 0x0035
+ </td>
+ <td>
+ AXIS_Z
+ <br/>
+ AXIS_RZ
+ </td>
+ </tr>
+ </table>
+ <p class="table_footnote">
+ 1
+ <a href="http://developer.android.com/reference/android/view/MotionEvent.html">
+ MotionEvent
+ </a>
+ </p>
+ <h4 id="7_2_7_remote_control">
+ 7.2.7. Remote Control
+ </h4>
+ <p>
+ Android Television device implementations SHOULD provide a remote control to
+allow users to access the TV interface. The remote control MAY be a physical
+remote or can be a software-based remote that is accessible from a mobile phone
+or tablet. The remote control MUST meet the requirements defined below.
+ </p>
+ <ul>
+ <li>
+ <strong>
+ Search affordance
+ </strong>
+ . Device implementations MUST fire KEYCODE_SEARCH
+(or KEYCODE_ASSIST if the device supports an assistant) when the user
+invokes voice search on either the physical or software-based remote.
+ </li>
+ <li>
+ <strong>
+ Navigation
+ </strong>
+ . All Android Television remotes MUST include
+ <a href="http://developer.android.com/reference/android/view/KeyEvent.html">
+ Back, Home, and Select buttons and support for D-pad events
+ </a>.
+ </li>
+ </ul>
+ <h3 id="7_3_sensors">
+ 7.3. Sensors
+ </h3>
+ <p>
+ Android includes APIs for accessing a variety of sensor types. Devices
+implementations generally MAY omit these sensors, as provided for in the
+following subsections. If a device includes a particular sensor type that has a
+corresponding API for third-party developers, the device implementation MUST
+implement that API as described in the Android SDK documentation and the
+Android Open Source documentation on
+ <a href="http://source.android.com/devices/sensors/">
+ sensors
+ </a>. For example, device
+implementations:
+ </p>
+ <ul>
+ <li>
+ MUST accurately report the presence or absence of sensors per the
+ <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">
+ android.content.pm.PackageManager
+ </a>
+ class.
+ </li>
+ <li>
+ MUST return an accurate list of supported sensors via the
+SensorManager.getSensorList() and similar methods.
+ </li>
+ <li>
+ MUST behave reasonably for all other sensor APIs (for example, by returning
+true or false as appropriate when applications attempt to register listeners,
+not calling sensor listeners when the corresponding sensors are not present;
+etc.).
+ </li>
+ <li>
+ MUST
+ <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html">
+ report all sensor measurements
+ </a>
+ using the relevant International System of Units (metric) values for each
+sensor type as defined in the Android SDK documentation.
+ </li>
+ <li>
+ SHOULD
+ <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html#timestamp">
+ report the event time
+ </a>
+ in nanoseconds as defined in the Android SDK documentation, representing the
+time the event happened and synchronized with the
+SystemClock.elapsedRealtimeNano() clock. Existing and new Android devices are
+ <strong>
+ STRONGLY RECOMMENDED
+ </strong>
+ to meet these requirements so they will be able to
+upgrade to the future platform releases where this might become a REQUIRED
+component. The synchronization error SHOULD be below 100 milliseconds.
+ </li>
+ <li>
+ MUST report sensor data with a maximum latency of 100 milliseconds + 2 *
+sample_time for the case of a sensor streamed with a minimum required latency
+of 5 ms + 2 * sample_time when the application processor is active. This delay
+does not include any filtering delays.
+ </li>
+ <li>
+ MUST report the first sensor sample within 400 milliseconds + 2 *
+sample_time of the sensor being activated. It is acceptable for this sample to
+have an accuracy of 0.
+ </li>
+ </ul>
+ <p>
+ The list above is not comprehensive; the documented behavior of the Android SDK
+and the Android Open Source Documentations on
+ <a href="http://source.android.com/devices/sensors/">
+ sensors
+ </a>
+ is to be considered
+authoritative.
+ </p>
+ <p>
+ Some sensor types are composite, meaning they can be derived from data provided
+by one or more other sensors. (Examples include the orientation sensor and the
+linear acceleration sensor.) Device implementations SHOULD implement these
+sensor types, when they include the prerequisite physical sensors as described
+in
+ <a href="https://source.android.com/devices/sensors/sensor-types.html">
+ sensor types
+ </a>. If a
+device implementation includes a composite sensor it MUST implement the sensor
+as described in the Android Open Source documentation on
+ <a href="https://source.android.com/devices/sensors/sensor-types.html#composite_sensor_type_summary">
+ composite sensors
+ </a>.
+ </p>
+ <p>
+ Some Android sensors support a
+ <a href="https://source.android.com/devices/sensors/report-modes.html#continuous">
+ “continuous” trigger mode
+ </a>,
+which returns data continuously. For any API indicated by the Android SDK
+documentation to be a continuous sensor, device implementations MUST
+continuously provide periodic data samples that SHOULD have a jitter below 3%,
+where jitter is defined as the standard deviation of the difference of the
+reported timestamp values between consecutive events.
+ </p>
+ <p>
+ Note that the device implementations MUST ensure that the sensor event stream
+MUST NOT prevent the device CPU from entering a suspend state or waking up from
+a suspend state.
+ </p>
+ <p>
+ Finally, when several sensors are activated, the power consumption SHOULD NOT
+exceed the sum of the individual sensor’s reported power consumption.
+ </p>
+ <h4 id="7_3_1_accelerometer">
+ 7.3.1. Accelerometer
+ </h4>
+ <p>
+ Device implementations SHOULD include a 3-axis accelerometer. Android Handheld
+devices, Android Automotive implementations, and Android Watch devices are STRONGLY
+RECOMMENDED to include this sensor. If a device implementation does include a
+3-axis accelerometer, it:
+ </p>
+ <ul>
+ <li>
+ MUST implement and report
+ <a href="http://developer.android.com/reference/android/hardware/Sensor.html#TYPE_ACCELEROMETER">
+ TYPE_ACCELEROMETER sensor
+ </a>.
+ </li>
+ <li>
+ MUST be able to report events up to a frequency of at least 50 Hz for
+Android Watch devices as such devices have a stricter power constraint and 100
+Hz for all other device types.
+ </li>
+ <li>
+ SHOULD report events up to at least 200 Hz.
+ </li>
+ <li>
+ MUST comply with the
+ <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html">
+ Android sensor coordinate system
+ </a>
+ as detailed in the Android APIs. Android Automotive implementations MUST comply
+with the Android
+ <a href="http://source.android.com/devices/sensors/sensor-types.html#auto_axes">
+ car sensor coordinate system
+ </a>.
+ </li>
+ <li>
+ MUST be capable of measuring from freefall up to four times the gravity
+(4g) or more on any axis.
+ </li>
+ <li>
+ MUST have a resolution of at least 12-bits and SHOULD have a resolution of
+at least 16-bits.
+ </li>
+ <li>
+ SHOULD be calibrated while in use if the characteristics changes over the
+life cycle and compensated, and preserve the compensation parameters between
+device reboots.
+ </li>
+ <li>
+ SHOULD be temperature compensated.
+ </li>
+ <li>
+ MUST have a standard deviation no greater than 0.05 m/s^, where the
+standard deviation should be calculated on a per axis basis on samples
+collected over a period of at least 3 seconds at the fastest sampling rate.
+ </li>
+ <li>
+ SHOULD implement the TYPE_SIGNIFICANT_MOTION, TYPE_TILT_DETECTOR,
+TYPE_STEP_DETECTOR, TYPE_STEP_COUNTER composite sensors as described in the
+Android SDK document. Existing and new Android devices are
+ <strong>
+ STRONGLY
+RECOMMENDED
+ </strong>
+ to implement the TYPE_SIGNIFICANT_MOTION composite sensor. If any
+of these sensors are implemented, the sum of their power consumption MUST
+always be less than 4 mW and SHOULD each be below 2 mW and 0.5 mW for when the
+device is in a dynamic or static condition.
+ </li>
+ <li>
+ If a gyroscope sensor is included, MUST implement the TYPE_GRAVITY and
+TYPE_LINEAR_ACCELERATION composite sensors and SHOULD implement the
+TYPE_GAME_ROTATION_VECTOR composite sensor. Existing and new Android devices
+are STRONGLY RECOMMENDED to implement the TYPE_GAME_ROTATION_VECTOR sensor.
+ </li>
+ <li>
+ MUST implement a TYPE_ROTATION_VECTOR composite sensor, if a gyroscope
+sensor and a magnetometer sensor is also included.
+ </li>
+ </ul>
+ <h4 id="7_3_2_magnetometer">
+ 7.3.2. Magnetometer
+ </h4>
+ <p>
+ Device implementations SHOULD include a 3-axis magnetometer (compass). If a
+device does include a 3-axis magnetometer, it:
+ </p>
+ <ul>
+ <li>
+ MUST implement the TYPE_MAGNETIC_FIELD sensor and SHOULD also implement
+TYPE_MAGNETIC_FIELD_UNCALIBRATED sensor. Existing and new Android devices are
+STRONGLY RECOMMENDED to implement the TYPE_MAGNETIC_FIELD_UNCALIBRATED sensor.
+ </li>
+ <li>
+ MUST be able to report events up to a frequency of at least 10 Hz and
+SHOULD report events up to at least 50 Hz.
+ </li>
+ <li>
+ MUST comply with the
+ <a href="http://developer.android.com/reference/android/hardware/SensorEvent.html">
+ Android sensor coordinate system
+ </a>
+ as detailed in the Android APIs.
+ </li>
+ <li>
+ MUST be capable of measuring between -900 µT and +900 µT on each axis
+before saturating.
+ </li>
+ <li>
+ MUST have a hard iron offset value less than 700 µT and SHOULD have a value
+below 200 µT, by placing the magnetometer far from dynamic (current-induced)
+and static (magnet-induced) magnetic fields.
+ </li>
+ <li>
+ MUST have a resolution equal or denser than 0.6 µT and SHOULD have a
+resolution equal or denser than 0.2 µT.
+ </li>
+ <li>
+ SHOULD be temperature compensated.
+ </li>
+ <li>
+ MUST support online calibration and compensation of the hard iron bias, and
+preserve the compensation parameters between device reboots.
+ </li>
+ <li>
+ MUST have the soft iron compensation applied—the calibration can be done
+either while in use or during the production of the device.
+ </li>
+ <li>
+ SHOULD have a standard deviation, calculated on a per axis basis on samples
+collected over a period of at least 3 seconds at the fastest sampling rate, no
+greater than 0.5 µT.
+ </li>
+ <li>
+ MUST implement a TYPE_ROTATION_VECTOR composite sensor, if an accelerometer
+sensor and a gyroscope sensor is also included.
+ </li>
+ <li>
+ MAY implement the TYPE_GEOMAGNETIC_ROTATION_VECTOR sensor if an
+accelerometer sensor is also implemented. However if implemented, it MUST
+consume less than 10 mW and SHOULD consume less than 3 mW when the sensor is
+registered for batch mode at 10 Hz.
+ </li>
+ </ul>
+ <h4 id="7_3_3_gps">
+ 7.3.3. GPS
+ </h4>
+ <p>
+ Device implementations SHOULD include a GPS/GNSS receiver. If a device implementation
+does include a GPS/GNSS receiver and reports the capability to applications through the
+ <code>
+ android.hardware.location.gps
+ </code>
+ feature flag:
+ </p>
+ <ul>
+ <li>
+ It is STRONGLY RECOMMENDED that the device continue to deliver normal GPS/GNSS
+ outputs to applications during an emergency phone call and that location output
+ not be blocked during an emergency phone call.
+ </li>
+ <li>
+ It MUST support location outputs at a rate of at least 1 Hz when requested via
+ <code>
+ LocationManager#requestLocationUpdate
+ </code>
+ .
+ </li>
+ <li>
+ It MUST be able to determine the location in open-sky conditions (strong signals,
+ negligible multipath, HDOP < 2) within 10 seconds (fast time to first fix), when
+ connected to a 0.5 Mbps or faster data speed internet connection. This requirement
+ is typically met by the use of some form of Assisted or Predicted GPS/GNSS technique
+ to minimize GPS/GNSS lock-on time (Assistance data includes Reference Time, Reference
+ Location and Satellite Ephemeris/Clock).
+ <ul>
+ <li>
+ After making such a location calculation, it is STRONGLY RECOMMENDED for the device to
+ be able to determine its location, in open sky, within 10 seconds, when location
+ requests are restarted, up to an hour after the initial location calculation,
+ even when the subsequent request is made without a data connection, and/or after a power
+ cycle.
+ </li>
+ </ul>
+ </li>
+ <li>
+ In open sky conditions after determining the location, while stationary or moving with less
+ than 1 meter per second squared of acceleration:
+ <ul>
+ <li>
+ It MUST be able to determine location within 20 meters, and speed within 0.5 meters
+ per second, at least 95% of the time.
+ </li>
+ <li>
+ It MUST simultaneously track and report via
+ <a href="https://developer.android.com/reference/android/location/GnssStatus.Callback.html#GnssStatus.Callback()'">
+ GnssStatus.Callback
+ </a>
+ at least 8 satellites from one constellation.
+ </li>
+ <li>
+ It SHOULD be able to simultaneously track at least 24 satellites, from multiple
+ constellations (e.g. GPS + at least one of Glonass, Beidou, Galileo).
+ </li>
+ </ul>
+ </li>
+ <li>
+ It MUST report the GNSS technology generation through the test API ‘getGnssYearOfHardware’.
+ </li>
+ <li>
+ It is STRONGLY RECOMMENDED to meet and MUST meet all requirements below if the GNSS technology
+ generation is reported as the year "2016" or newer.
+ <ul>
+ <li>
+ It MUST report GPS measurements, as soon as they are found, even if a location calculated
+ from GPS/GNSS is not yet reported.
+ </li>
+ <li>
+ It MUST report GPS pseudoranges and pseudorange rates, that, in open-sky conditions
+ after determining the location, while stationary or moving with less than 0.2 meter
+ per second squared of acceleration, are sufficient to calculate position within
+ 20 meters, and speed within 0.2 meters per second, at least 95% of the time.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <p>
+ Note that while some of the GPS requirements above are stated as STRONGLY RECOMMENDED, the
+Compatibility Definition for the next major version is expected to change these to a MUST.
+ </p>
+ <h4 id="7_3_4_gyroscope">
+ 7.3.4. Gyroscope
+ </h4>
+ <p>
+ Device implementations SHOULD include a gyroscope (angular change sensor).
+Devices SHOULD NOT include a gyroscope sensor unless a 3-axis accelerometer is
+also included. If a device implementation includes a gyroscope, it:
+ </p>
+ <ul>
+ <li>
+ MUST implement the TYPE_GYROSCOPE sensor and SHOULD also implement
+TYPE_GYROSCOPE_UNCALIBRATED sensor. Existing and new Android devices are
+STRONGLY RECOMMENDED to implement the SENSOR_TYPE_GYROSCOPE_UNCALIBRATED
+sensor.
+ </li>
+ <li>
+ MUST be capable of measuring orientation changes up to 1,000 degrees per
+second.
+ </li>
+ <li>
+ MUST be able to report events up to a frequency of at least 50 Hz for
+Android Watch devices as such devices have a stricter power constraint and 100
+Hz for all other device types.
+ </li>
+ <li>
+ SHOULD report events up to at least 200 Hz.
+ </li>
+ <li>
+ MUST have a resolution of 12-bits or more and SHOULD have a resolution of
+16-bits or more.
+ </li>
+ <li>
+ MUST be temperature compensated.
+ </li>
+ <li>
+ MUST be calibrated and compensated while in use, and preserve the
+compensation parameters between device reboots.
+ </li>
+ <li>
+ MUST have a variance no greater than 1e-7 rad^2 / s^2 per Hz (variance per
+Hz, or rad^2 / s). The variance is allowed to vary with the sampling rate, but
+must be constrained by this value. In other words, if you measure the variance
+of the gyro at 1 Hz sampling rate it should be no greater than 1e-7 rad^2/s^2.
+ </li>
+ <li>
+ MUST implement a TYPE_ROTATION_VECTOR composite sensor, if an accelerometer
+sensor and a magnetometer sensor is also included.
+ </li>
+ <li>
+ If an accelerometer sensor is included, MUST implement the TYPE_GRAVITY and
+TYPE_LINEAR_ACCELERATION composite sensors and SHOULD implement the
+TYPE_GAME_ROTATION_VECTOR composite sensor. Existing and new Android devices
+are STRONGLY RECOMMENDED to implement the TYPE_GAME_ROTATION_VECTOR sensor.
+ </li>
+ </ul>
+ <h4 id="7_3_5_barometer">
+ 7.3.5. Barometer
+ </h4>
+ <p>
+ Device implementations SHOULD include a barometer (ambient air pressure
+sensor). If a device implementation includes a barometer, it:
+ </p>
+ <ul>
+ <li>
+ MUST implement and report TYPE_PRESSURE sensor.
+ </li>
+ <li>
+ MUST be able to deliver events at 5 Hz or greater.
+ </li>
+ <li>
+ MUST have adequate precision to enable estimating altitude.
+ </li>
+ <li>
+ MUST be temperature compensated.
+ </li>
+ </ul>
+ <h4 id="7_3_6_thermometer">
+ 7.3.6. Thermometer
+ </h4>
+ <p>
+ Device implementations MAY include an ambient thermometer (temperature sensor).
+If present, it MUST be defined as SENSOR_TYPE_AMBIENT_TEMPERATURE and it MUST
+measure the ambient (room) temperature in degrees Celsius.
+ </p>
+ <p>
+ Device implementations MAY but SHOULD NOT include a CPU temperature sensor. If
+present, it MUST be defined as SENSOR_TYPE_TEMPERATURE, it MUST measure the
+temperature of the device CPU, and it MUST NOT measure any other temperature.
+Note the SENSOR_TYPE_TEMPERATURE sensor type was deprecated in Android 4.0.
+ </p>
+ <div class="note">
+ For Android Automotive implementations, SENSOR_TYPE_AMBIENT_TEMPERATURE MUST
+measure the temperature inside the vehicle cabin.
+ </div>
+ <h4 id="7_3_7_photometer">
+ 7.3.7. Photometer
+ </h4>
+ <p>
+ Device implementations MAY include a photometer (ambient light sensor).
+ </p>
+ <h4 id="7_3_8_proximity_sensor">
+ 7.3.8. Proximity Sensor
+ </h4>
+ <p>
+ Device implementations MAY include a proximity sensor. Devices that can make a
+voice call and indicate any value other than PHONE_TYPE_NONE in getPhoneType
+SHOULD include a proximity sensor. If a device implementation does include a
+proximity sensor, it:
+ </p>
+ <ul>
+ <li>
+ MUST measure the proximity of an object in the same direction as the
+screen. That is, the proximity sensor MUST be oriented to detect objects close
+to the screen, as the primary intent of this sensor type is to detect a phone
+in use by the user. If a device implementation includes a proximity sensor with
+any other orientation, it MUST NOT be accessible through this API.
+ </li>
+ <li>
+ MUST have 1-bit of accuracy or more.
+ </li>
+ </ul>
+ <h4 id="7_3_9_high_fidelity_sensors">
+ 7.3.9. High Fidelity Sensors
+ </h4>
+ <p>
+ Device implementations supporting a set of higher quality sensors that can meet
+all the requirements listed in this section MUST identify the support through
+the
+ <code>
+ android.hardware.sensor.hifi_sensors
+ </code>
+ feature flag.
+ </p>
+ <p>
+ A device declaring android.hardware.sensor.hifi_sensors MUST support all of the
+following sensor types meeting the quality requirements as below:
+ </p>
+ <ul>
+ <li>
+ SENSOR_TYPE_ACCELEROMETER
+ <ul>
+ <li>
+ MUST have a measurement range between at least -8g and +8g.
+ </li>
+ <li>
+ MUST have a measurement resolution of at least 1024 LSB/G.
+ </li>
+ <li>
+ MUST have a minimum measurement frequency of 12.5 Hz or lower.
+ </li>
+ <li>
+ MUST have a maximum measurement frequency of 400 Hz or higher.
+ </li>
+ <li>
+ MUST have a measurement noise not above 400 uG/√Hz.
+ </li>
+ <li>
+ MUST implement a non-wake-up form of this sensor with a buffering
+ capability of at least 3000 sensor events.
+ </li>
+ <li>
+ MUST have a batching power consumption not worse than 3 mW.
+ </li>
+ <li>
+ SHOULD have a stationary noise bias stability of \<15 μg √Hz from 24hr static
+ dataset.
+ </li>
+ <li>
+ SHOULD have a bias change vs. temperature of ≤ +/- 1mg / °C.
+ </li>
+ <li>
+ SHOULD have a best-fit line non-linearity of ≤ 0.5%, and sensitivity change vs. temperature of ≤
+ 0.03%/C°.
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ SENSOR_TYPE_GYROSCOPE
+ </p>
+ <ul>
+ <li>
+ MUST have a measurement range between at least -1000 and +1000 dps.
+ </li>
+ <li>
+ MUST have a measurement resolution of at least 16 LSB/dps.
+ </li>
+ <li>
+ MUST have a minimum measurement frequency of 12.5 Hz or lower.
+ </li>
+ <li>
+ MUST have a maximum measurement frequency of 400 Hz or higher.
+ </li>
+ <li>
+ MUST have a measurement noise not above 0.014°/s/√Hz.
+ </li>
+ <li>
+ SHOULD have a stationary bias stability of < 0.0002 °/s √Hz from 24-hour static dataset.
+ </li>
+ <li>
+ SHOULD have a bias change vs. temperature of ≤ +/- 0.05 °/ s / °C.
+ </li>
+ <li>
+ SHOULD have a sensitivity change vs. temperature of ≤ 0.02% / °C.
+ </li>
+ <li>
+ SHOULD have a best-fit line non-linearity of ≤ 0.2%.
+ </li>
+ <li>
+ SHOULD have a noise density of ≤ 0.007 °/s/√Hz.
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ SENSOR_TYPE_GYROSCOPE_UNCALIBRATED with the same quality requirements as
+ SENSOR_TYPE_GYROSCOPE.
+ </p>
+ </li>
+ <li>
+ SENSOR_TYPE_GEOMAGNETIC_FIELD
+ <ul>
+ <li>
+ MUST have a measurement range between at least -900 and +900 uT.
+ </li>
+ <li>
+ MUST have a measurement resolution of at least 5 LSB/uT.
+ </li>
+ <li>
+ MUST have a minimum measurement frequency of 5 Hz or lower.
+ </li>
+ <li>
+ MUST have a maximum measurement frequency of 50 Hz or higher.
+ </li>
+ <li>
+ MUST have a measurement noise not above 0.5 uT.
+ </li>
+ </ul>
+ </li>
+ <li>
+ SENSOR_TYPE_MAGNETIC_FIELD_UNCALIBRATED with the same quality requirements
+ as SENSOR_TYPE_GEOMAGNETIC_FIELD and in addition:
+ <ul>
+ <li>
+ MUST implement a non-wake-up form of this sensor with a buffering
+ capability of at least 600 sensor events.
+ </li>
+ </ul>
+ </li>
+ <li>
+ SENSOR_TYPE_PRESSURE
+ <ul>
+ <li>
+ MUST have a measurement range between at least 300 and 1100 hPa.
+ </li>
+ <li>
+ MUST have a measurement resolution of at least 80 LSB/hPa.
+ </li>
+ <li>
+ MUST have a minimum measurement frequency of 1 Hz or lower.
+ </li>
+ <li>
+ MUST have a maximum measurement frequency of 10 Hz or higher.
+ </li>
+ <li>
+ MUST have a measurement noise not above 2 Pa/√Hz.
+ </li>
+ <li>
+ MUST implement a non-wake-up form of this sensor with a buffering
+ capability of at least 300 sensor events.
+ </li>
+ <li>
+ MUST have a batching power consumption not worse than 2 mW.
+ </li>
+ </ul>
+ </li>
+ <li>
+ SENSOR_TYPE_GAME_ROTATION_VECTOR
+ <ul>
+ <li>
+ MUST implement a non-wake-up form of this sensor with a buffering
+ capability of at least 300 sensor events.
+ </li>
+ <li>
+ MUST have a batching power consumption not worse than 4 mW.
+ </li>
+ </ul>
+ </li>
+ <li>
+ SENSOR_TYPE_SIGNIFICANT_MOTION
+ <ul>
+ <li>
+ MUST have a power consumption not worse than 0.5 mW when device is
+ static and 1.5 mW when device is moving.
+ </li>
+ </ul>
+ </li>
+ <li>
+ SENSOR_TYPE_STEP_DETECTOR
+ <ul>
+ <li>
+ MUST implement a non-wake-up form of this sensor with a buffering
+ capability of at least 100 sensor events.
+ </li>
+ <li>
+ MUST have a power consumption not worse than 0.5 mW when device is
+ static and 1.5 mW when device is moving.
+ </li>
+ <li>
+ MUST have a batching power consumption not worse than 4 mW.
+ </li>
+ </ul>
+ </li>
+ <li>
+ SENSOR_TYPE_STEP_COUNTER
+ <ul>
+ <li>
+ MUST have a power consumption not worse than 0.5 mW when device is
+ static and 1.5 mW when device is moving.
+ </li>
+ </ul>
+ </li>
+ <li>
+ SENSOR_TILT_DETECTOR
+ <ul>
+ <li>
+ MUST have a power consumption not worse than 0.5 mW when device is
+ static and 1.5 mW when device is moving.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <p>
+ Also such a device MUST meet the following sensor subsystem requirements:
+ </p>
+ <ul>
+ <li>
+ The event timestamp of the same physical event reported by the
+Accelerometer, Gyroscope sensor and Magnetometer MUST be within 2.5
+milliseconds of each other.
+ </li>
+ <li>
+ The Gyroscope sensor event timestamps MUST be on the same time base as the
+camera subsystem and within 1 milliseconds of error.
+ </li>
+ <li>
+ High Fidelity sensors MUST deliver samples to applications within 5
+milliseconds from the time when the data is available on the physical sensor
+to the application.
+ </li>
+ <li>
+ The power consumption MUST not be higher than 0.5 mW when device is static
+and 2.0 mW when device is moving when any combination of the following sensors
+are enabled:
+ <ul>
+ <li>
+ SENSOR_TYPE_SIGNIFICANT_MOTION
+ </li>
+ <li>
+ SENSOR_TYPE_STEP_DETECTOR
+ </li>
+ <li>
+ SENSOR_TYPE_STEP_COUNTER
+ </li>
+ <li>
+ SENSOR_TILT_DETECTORS
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <p>
+ Note that all power consumption requirements in this section do not include the
+power consumption of the Application Processor. It is inclusive of the power
+drawn by the entire sensor chain—the sensor, any supporting circuitry, any
+dedicated sensor processing system, etc.
+ </p>
+ <p>
+ The following sensor types MAY also be supported on a device implementation
+declaring android.hardware.sensor.hifi_sensors, but if these sensor types are
+present they MUST meet the following minimum buffering capability requirement:
+ </p>
+ <ul>
+ <li>
+ SENSOR_TYPE_PROXIMITY: 100 sensor events
+ </li>
+ </ul>
+ <h4 id="7_3_10_fingerprint_sensor">
+ 7.3.10. Fingerprint Sensor
+ </h4>
+ <p>
+ Device implementations with a secure lock screen SHOULD include a fingerprint
+sensor. If a device implementation includes a fingerprint sensor and has a
+corresponding API for third-party developers, it:
+ </p>
+ <ul>
+ <li>
+ MUST declare support for the android.hardware.fingerprint feature.
+ </li>
+ <li>
+ MUST fully implement the
+ <a href="https://developer.android.com/reference/android/hardware/fingerprint/package-summary.html">
+ corresponding API
+ </a>
+ as described in the Android SDK documentation.
+ </li>
+ <li>
+ MUST have a false acceptance rate not higher than 0.002%.
+ </li>
+ <li>
+ Is STRONGLY RECOMMENDED to have a false rejection rate of less than 10%, as
+measured on the device
+ </li>
+ <li>
+ Is STRONGLY RECOMMENDED to have a latency below 1 second, measured from
+when the fingerprint sensor is touched until the screen is unlocked, for one
+enrolled finger.
+ </li>
+ <li>
+ MUST rate limit attempts for at least 30 seconds after five false trials
+for fingerprint verification.
+ </li>
+ <li>
+ MUST have a hardware-backed keystore implementation, and perform the
+fingerprint matching in a Trusted Execution Environment (TEE) or on a chip with
+a secure channel to the TEE.
+ </li>
+ <li>
+ MUST have all identifiable fingerprint data encrypted and cryptographically
+authenticated such that they cannot be acquired, read or altered outside of the
+Trusted Execution Environment (TEE) as documented in the
+ <a href="https://source.android.com/devices/tech/security/authentication/fingerprint-hal.html">
+ implementation guidelines
+ </a>
+ on the Android Open Source Project site.
+ </li>
+ <li>
+ MUST prevent adding a fingerprint without first establishing a chain of
+trust by having the user confirm existing or add a new device credential
+(PIN/pattern/password) that's secured by TEE; the Android Open Source Project
+ implementation provides the mechanism in the framework to do so.
+ </li>
+ <li>
+ MUST NOT enable 3rd-party applications to distinguish between individual
+fingerprints.
+ </li>
+ <li>
+ MUST honor the DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT flag.
+ </li>
+ <li>
+ MUST, when upgraded from a version earlier than Android 6.0, have the
+fingerprint data securely migrated to meet the above requirements or removed.
+ </li>
+ <li>
+ SHOULD use the Android Fingerprint icon provided in the Android Open Source
+Project.
+ </li>
+ </ul>
+ <h4 id="7_3_11_android_automotive-only_sensors">
+ 7.3.11. Android Automotive-only sensors
+ </h4>
+ <p>
+ Automotive-specific sensors are defined in the
+ <code>
+ android.car.CarSensorManager API
+ </code>
+ .
+ </p>
+ <h5 id="7_3_11_1_current_gear">
+ 7.3.11.1. Current Gear
+ </h5>
+ <p>
+ Android Automotive implementations SHOULD provide current gear as SENSOR_TYPE_GEAR.
+ </p>
+ <h5 id="7_3_11_2_day_night_mode">
+ 7.3.11.2. Day Night Mode
+ </h5>
+ <p>
+ Android Automotive implementations MUST support day/night mode defined as
+SENSOR_TYPE_NIGHT. The value of this flag MUST be consistent with dashboard
+day/night mode and SHOULD be based on ambient light sensor input. The
+underlying ambient light sensor MAY be the same as
+ <a href="#7_3_7_photometer">
+ Photometer
+ </a>.
+ </p>
+ <h5 id="7_3_11_3_driving_status">
+ 7.3.11.3. Driving Status
+ </h5>
+ <p>
+ Android Automotive implementations MUST support driving status defined as
+SENSOR_TYPE_DRIVING_STATUS, with a default value of DRIVE_STATUS_UNRESTRICTED
+when the vehicle is fully stopped and parked. It is the responsibility of device
+manufacturers to configure SENSOR_TYPE_DRIVING_STATUS in compliance with all
+laws and regulations that apply to markets where the product is shipping.
+ </p>
+ <h5 id="7_3_11_4_wheel_speed">
+ 7.3.11.4. Wheel Speed
+ </h5>
+ <p>
+ Android Automotive implementations MUST provide vehicle speed defined as
+SENSOR_TYPE_CAR_SPEED.
+ </p>
+ <h3 id="7_3_12_pose_sensor">
+ 7.3.12. Pose Sensor
+ </h3>
+ <p>
+ Device implementations MAY support pose sensor with 6 degrees of freedom. Android Handheld
+devices are RECOMMENDED to support this sensor. If a device implementation does support pose
+sensor with 6 degrees of freedom, it:
+ </p>
+ <ul>
+ <li>
+ MUST implement and report
+ <a href="https://developer.android.com/reference/android/hardware/Sensor.html#TYPE_POSE_6DOF">
+ <code>
+ TYPE_POSE_6DOF
+ </code>
+ </a>
+ sensor.
+ </li>
+ <li>
+ MUST be more accurate than the rotation vector alone.
+ </li>
+ </ul>
+ <h3 id="7_4_data_connectivity">
+ 7.4. Data Connectivity
+ </h3>
+ <h4 id="7_4_1_telephony">
+ 7.4.1. Telephony
+ </h4>
+ <p>
+ “Telephony” as used by the Android APIs and this document refers specifically
+to hardware related to placing voice calls and sending SMS messages via a GSM
+or CDMA network. While these voice calls may or may not be packet-switched,
+they are for the purposes of Android considered independent of any data
+connectivity that may be implemented using the same network. In other words,
+the Android “telephony” functionality and APIs refer specifically to voice
+calls and SMS. For instance, device implementations that cannot place calls or
+send/receive SMS messages MUST NOT report the android.hardware.telephony
+feature or any subfeatures, regardless of whether they use a cellular network
+for data connectivity.
+ </p>
+ <p>
+ Android MAY be used on devices that do not include telephony hardware. That is,
+Android is compatible with devices that are not phones. However, if a device
+implementation does include GSM or CDMA telephony, it MUST implement full
+support for the API for that technology. Device implementations that do not
+include telephony hardware MUST implement the full APIs as no-ops.
+ </p>
+ <h5 id="7_4_1_1_number_blocking_compatibility">
+ 7.4.1.1. Number Blocking Compatibility
+ </h5>
+ <p>
+ Android Telephony device implementations MUST include number blocking support
+and:
+ </p>
+ <ul>
+ <li>
+ MUST fully implement
+ <a href="http://developer.android.com/reference/android/provider/BlockedNumberContract.html">
+ BlockedNumberContract
+ </a>
+ and the corresponding API as described in the SDK documentation.
+ </li>
+ <li>
+ MUST block all calls and messages from a phone number in
+'BlockedNumberProvider' without any interaction with apps. The only exception
+is when number blocking is temporarily lifted as described in the SDK
+documentation.
+ </li>
+ <li>
+ MUST NOT write to the
+ <a href="http://developer.android.com/reference/android/provider/CallLog.html">
+ platform call log provider
+ </a>
+ for a blocked call.
+ </li>
+ <li>
+ MUST NOT write to the
+ <a href="http://developer.android.com/reference/android/provider/Telephony.html">
+ Telephony provider
+ </a>
+ for a blocked message.
+ </li>
+ <li>
+ MUST implement a blocked numbers management UI, which is opened with the
+intent returned by TelecomManager.createManageBlockedNumbersIntent() method.
+ </li>
+ <li>
+ MUST NOT allow secondary users to view or edit the blocked numbers on the
+device as the Android platform assumes the primary user to have full control
+of the telephony services, a single instance, on the device. All blocking
+related UI MUST be hidden for secondary users and the blocked list MUST still
+be respected.
+ </li>
+ <li>
+ SHOULD migrate the blocked numbers into the provider when a device updates
+to Android 7.0.
+ </li>
+ </ul>
+ <h4 id="7_4_2_ieee_802_11_(wi-fi)">
+ 7.4.2. IEEE 802.11 (Wi-Fi)
+ </h4>
+ <p>
+ All Android device implementations SHOULD include support for one or more forms
+of 802.11. If a device implementation does include support for 802.11 and exposes the
+functionality to a third-party application, it MUST implement the corresponding
+Android API and:
+ </p>
+ <ul>
+ <li>
+ MUST report the hardware feature flag android.hardware.wifi.
+ </li>
+ <li>
+ MUST implement the
+ <a href="http://developer.android.com/reference/android/net/wifi/WifiManager.MulticastLock.html">
+ multicast API
+ </a>
+ as described in the SDK documentation.
+ </li>
+ <li>
+ MUST support multicast DNS (mDNS) and MUST NOT filter mDNS packets
+(224.0.0.251) at any time of operation including:
+ <ul>
+ <li>
+ Even when the screen is not in an active state.
+ </li>
+ <li>
+ For Android Television device implementations, even when in standby
+power states.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <h5 id="7_4_2_1_wi-fi_direct">
+ 7.4.2.1. Wi-Fi Direct
+ </h5>
+ <p>
+ Device implementations SHOULD include support for Wi-Fi Direct (Wi-Fi
+peer-to-peer). If a device implementation does include support for Wi-Fi
+Direct, it MUST implement the
+ <a href="http://developer.android.com/reference/android/net/wifi/p2p/WifiP2pManager.html">
+ corresponding Android API
+ </a>
+ as described in the SDK documentation. If a device implementation includes
+support for Wi-Fi Direct, then it:
+ </p>
+ <ul>
+ <li>
+ MUST report the hardware feature android.hardware.wifi.direct.
+ </li>
+ <li>
+ MUST support regular Wi-Fi operation.
+ </li>
+ <li>
+ SHOULD support concurrent Wi-Fi and Wi-Fi Direct operation.
+ </li>
+ </ul>
+ <h5 id="7_4_2_2_wi-fi_tunneled_direct_link_setup">
+ 7.4.2.2. Wi-Fi Tunneled Direct Link Setup
+ </h5>
+ <p>
+ Device implementations SHOULD include support for
+ <a href="http://developer.android.com/reference/android/net/wifi/WifiManager.html">
+ Wi-Fi
+Tunneled Direct Link Setup (TDLS)
+ </a>
+ as described in the Android SDK Documentation. If a device
+implementation does include support for TDLS and TDLS is enabled by the
+WiFiManager API, the device:
+ </p>
+ <ul>
+ <li>
+ SHOULD use TDLS only when it is possible AND beneficial.
+ </li>
+ <li>
+ SHOULD have some heuristic and NOT use TDLS when its performance might be
+worse than going through the Wi-Fi access point.
+ </li>
+ </ul>
+ <h4 id="7_4_3_bluetooth">
+ 7.4.3. Bluetooth
+ </h4>
+ <div class="note">
+ Android Watch implementations MUST support Bluetooth. Android Television
+implementations MUST support Bluetooth and Bluetooth LE. Android Automotive
+implementations MUST support Bluetooth and SHOULD support Bluetooth LE.
+ </div>
+ <p>
+ Device implementations that support
+ <code>
+ android.hardware.vr.high_performance
+ </code>
+ feature MUST
+support Bluetooth 4.2 and Bluetooth LE Data Length Extension.
+ </p>
+ <p>
+ Android includes support for
+ <a href="http://developer.android.com/reference/android/bluetooth/package-summary.html">
+ Bluetooth and Bluetooth Low Energy
+ </a>.
+Device implementations that include support for Bluetooth and Bluetooth Low
+Energy MUST declare the relevant platform features (android.hardware.bluetooth
+and android.hardware.bluetooth_le respectively) and implement the platform APIs.
+Device implementations SHOULD implement relevant Bluetooth profiles such as
+A2DP, AVCP, OBEX, etc. as appropriate for the device.
+ </p>
+ <p>
+ Android Automotive implementations SHOULD support Message Access Profile (MAP).
+Android Automotive implementations MUST support the following Bluetooth
+profiles:
+ </p>
+ <ul>
+ <li>
+ Phone calling over Hands-Free Profile (HFP).
+ </li>
+ <li>
+ Media playback over Audio Distribution Profile (A2DP).
+ </li>
+ <li>
+ Media playback control over Remote Control Profile (AVRCP).
+ </li>
+ <li>
+ Contact sharing using the Phone Book Access Profile (PBAP).
+ </li>
+ </ul>
+ <p>
+ Device implementations including support for Bluetooth Low Energy:
+ </p>
+ <ul>
+ <li>
+ MUST declare the hardware feature android.hardware.bluetooth_le.
+ </li>
+ <li>
+ MUST enable the GATT (generic attribute profile) based Bluetooth APIs as
+described in the SDK documentation and
+ <a href="http://developer.android.com/reference/android/bluetooth/package-summary.html">
+ android.bluetooth
+ </a>.
+ </li>
+ <li>
+ are STRONGLY RECOMMENDED to implement a Resolvable Private Address (RPA)
+timeout no longer than 15 minutes and rotate the address at timeout to protect
+user privacy.
+ </li>
+ <li>
+ SHOULD support offloading of the filtering logic to the bluetooth chipset
+when implementing the
+ <a href="https://developer.android.com/reference/android/bluetooth/le/ScanFilter.html">
+ ScanFilter API
+ </a>,
+and MUST report the correct value of where the filtering logic is implemented
+whenever queried via the
+android.bluetooth.BluetoothAdapter.isOffloadedFilteringSupported() method.
+ </li>
+ <li>
+ SHOULD support offloading of the batched scanning to the bluetooth chipset,
+but if not supported, MUST report ‘false’ whenever queried via the
+android.bluetooth.BluetoothAdapter.isOffloadedScanBatchingSupported() method.
+ </li>
+ <li>
+ SHOULD support multi advertisement with at least 4 slots, but if not
+supported, MUST report ‘false’ whenever queried via the
+android.bluetooth.BluetoothAdapter.isMultipleAdvertisementSupported() method.
+ </li>
+ </ul>
+ <h4 id="7_4_4_near-field_communications">
+ 7.4.4. Near-Field Communications
+ </h4>
+ <p>
+ Device implementations SHOULD include a transceiver and related hardware for
+Near-Field Communications (NFC). If a device implementation does include NFC
+hardware and plans to make it available to third-party apps, then it:
+ </p>
+ <ul>
+ <li>
+ MUST report the android.hardware.nfc feature from the
+ <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">
+ android.content.pm.PackageManager.hasSystemFeature() method
+ </a>.
+ </li>
+ <li>
+ MUST be capable of reading and writing NDEF messages via the following NFC
+standards:
+ <ul>
+ <li>
+ MUST be capable of acting as an NFC Forum reader/writer (as defined by
+the NFC Forum technical specification NFCForum-TS-DigitalProtocol-1.0) via the
+following NFC standards:
+ <ul>
<li>
- <p>
- MUST have an activity that handles the <code>Settings.ACTION_IGNORE_BACKGROUND_DATA_RESTRICTIONS_SETTINGS</code> intent but MAY implement it as a no-op.
- </p>
- </li>
- </ul>
- <h2>
- 7.5. Cameras
- </h2>
- <p>
- Device implementations SHOULD include a rear-facing camera and MAY include a front-facing camera. A rear-facing camera is a camera located on the side of the device opposite the display; that is, it images scenes on the far side of the device, like a traditional camera. A front-facing camera is a camera located on the same side of the device as the display; that is, a camera typically used to image the user, such as for video conferencing and similar applications.
- </p>
- <p>
- If a device implementation includes at least one camera, it MUST be possible for an application to simultaneously allocate 3 RGBA_8888 bitmaps equal to the size of the images produced by the largest-resolution camera sensor on the device, while camera is open for the purpose of basic preview and still capture.
- </p>
- <h3>
- 7.5.1. Rear-Facing Camera
- </h3>
- <p>
- Device implementations SHOULD include a rear-facing camera. If a device implementation includes at least one rear-facing camera, it:
- </p>
- <ul>
- <li>MUST report the feature flag android.hardware.camera and android.hardware.camera.any.
- </li>
- <li>MUST have a resolution of at least 2 megapixels.
- </li>
- <li>SHOULD have either hardware auto-focus or software auto-focus implemented in the camera driver (transparent to application software).
- </li>
- <li>MAY have fixed-focus or EDOF (extended depth of field) hardware.
- </li>
- <li>MAY include a flash. If the Camera includes a flash, the flash lamp MUST NOT be lit while an android.hardware.Camera.PreviewCallback instance has been registered on a Camera preview surface, unless the application has explicitly enabled the flash by enabling the FLASH_MODE_AUTO or FLASH_MODE_ON attributes of a Camera.Parameters object. Note that this constraint does not apply to the device’s built-in system camera application, but only to third-party applications using Camera.PreviewCallback.
- </li>
- </ul>
- <h3>
- 7.5.2. Front-Facing Camera
- </h3>
- <p>
- Device implementations MAY include a front-facing camera. If a device implementation includes at least one front-facing camera, it:
- </p>
- <ul>
- <li>MUST report the feature flag android.hardware.camera.any and android.hardware.camera.front.
- </li>
- <li>MUST have a resolution of at least VGA (640x480 pixels).
- </li>
- <li>MUST NOT use a front-facing camera as the default for the Camera API. The camera API in Android has specific support for front-facing cameras and device implementations MUST NOT configure the API to to treat a front-facing camera as the default rear-facing camera, even if it is the only camera on the device.
- </li>
- <li>MAY include features (such as auto-focus, flash, etc.) available to rear-facing cameras as described in <a href="#7_5_1_rear-facing_camera">section 7.5.1</a>.
- </li>
- <li>MUST horizontally reflect (i.e. mirror) the stream displayed by an app in a CameraPreview, as follows:
- <ul>
- <li>If the device implementation is capable of being rotated by user (such as automatically via an accelerometer or manually via user input), the camera preview MUST be mirrored horizontally relative to the device’s current orientation.
- </li>
- <li>If the current application has explicitly requested that the Camera display be rotated via a call to the <a href="http://developer.android.com/reference/android/hardware/Camera.html#setDisplayOrientation(int)">android.hardware.Camera.setDisplayOrientation()</a> method, the camera preview MUST be mirrored horizontally relative to the orientation specified by the application.
- </li>
- <li>Otherwise, the preview MUST be mirrored along the device’s default horizontal axis.
- </li>
- </ul>
- </li>
- <li>MUST mirror the image displayed by the postview in the same manner as the camera preview image stream. If the device implementation does not support postview, this requirement obviously does not apply.
- </li>
- <li>MUST NOT mirror the final captured still image or video streams returned to application callbacks or committed to media storage.
- </li>
- </ul>
- <h3>
- 7.5.3. External Camera
- </h3>
- <p>
- Device implementations MAY include support for an external camera that is not necessarily always connected. If a device includes support for an external camera, it:
- </p>
- <ul>
- <li>MUST declare the platform feature flag <code>android.hardware.camera.external</code> and <code>android.hardware camera.any</code>.
- </li>
- <li>MAY support multiple cameras.
- </li>
- <li>MUST support USB Video Class (UVC 1.0 or higher) if the external camera connects through the USB port.
- </li>
- <li>SHOULD support video compressions such as MJPEG to enable transfer of high-quality unencoded streams (i.e. raw or independently compressed picture streams).
- </li>
- <li>MAY support camera-based video encoding. If supported, a simultaneous unencoded / MJPEG stream (QVGA or greater resolution) MUST be accessible to the device implementation.
- </li>
- </ul>
- <h3>
- 7.5.4. Camera API Behavior
- </h3>
- <p>
- Android includes two API packages to access the camera, the newer android.hardware.camera2 API expose lower-level camera control to the app, including efficient zero-copy burst/streaming flows and per-frame controls of exposure, gain, white balance gains, color conversion, denoising, sharpening, and more.
- </p>
- <p>
- The older API package, android.hardware.Camera, is marked as deprecated in Android 5.0 but as it should still be available for apps to use Android device implementations MUST ensure the continued support of the API as described in this section and in the Android SDK.
- </p>
- <p>
- Device implementations MUST implement the following behaviors for the camera-related APIs, for all available cameras:
- </p>
- <ul>
- <li>If an application has never called android.hardware.Camera.Parameters.setPreviewFormat(int), then the device MUST use android.hardware.PixelFormat.YCbCr_420_SP for preview data provided to application callbacks.
- </li>
- <li>If an application registers an android.hardware.Camera.PreviewCallback instance and the system calls the onPreviewFrame() method when the preview format is YCbCr_420_SP, the data in the byte[] passed into onPreviewFrame() must further be in the NV21 encoding format. That is, NV21 MUST be the default.
- </li>
- <li>For android.hardware.Camera, device implementations MUST support the YV12 format (as denoted by the android.graphics.ImageFormat.YV12 constant) for camera previews for both front- and rear-facing cameras. (The hardware video encoder and camera may use any native pixel format, but the device implementation MUST support conversion to YV12.)
- </li>
- <li>For android.hardware.camera2, device implementations must support the android.hardware.ImageFormat.YUV_420_888 and android.hardware.ImageFormat.JPEG formats as outputs through the android.media.ImageReader API.
- </li>
- </ul>
- <p>
- Device implementations MUST still implement the full <a href="http://developer.android.com/reference/android/hardware/Camera.html">Camera API</a> included in the Android SDK documentation, regardless of whether the device includes hardware autofocus or other capabilities. For instance, cameras that lack autofocus MUST still call any registered android.hardware.Camera.AutoFocusCallback instances (even though this has no relevance to a non-autofocus camera.) Note that this does apply to front-facing cameras; for instance, even though most front-facing cameras do not support autofocus, the API callbacks must still be “faked” as described.
- </p>
- <p>
- Device implementations MUST recognize and honor each parameter name defined as a constant on the <a href="http://developer.android.com/reference/android/hardware/Camera.Parameters.html">android.hardware.Camera.Parameters</a> class, if the underlying hardware supports the feature. If the device hardware does not support a feature, the API must behave as documented. Conversely, device implementations MUST NOT honor or recognize string constants passed to the android.hardware.Camera.setParameters() method other than those documented as constants on the android.hardware.Camera.Parameters. That is, device implementations MUST support all standard Camera parameters if the hardware allows, and MUST NOT support custom Camera parameter types. For instance, device implementations that support image capture using high dynamic range (HDR) imaging techniques MUST support camera parameter Camera.SCENE_MODE_HDR.
- </p>
- <p>
- Because not all device implementations can fully support all the features of the android.hardware.camera2 API, device implementations MUST report the proper level of support with the <a href="https://developer.android.com/reference/android/hardware/camera2/CameraCharacteristics.html#INFO_SUPPORTED_HARDWARE_LEVEL">android.info.supportedHardwareLevel</a> property as described in the Android SDK and report the appropriate <a href="http://source.android.com/devices/camera/versioning.html">framework feature flags</a>.
- </p>
- <p>
- Device implementations MUST also declare its Individual camera capabilities of android.hardware.camera2 via the android.request.availableCapabilities property and declare the appropriate <a href="http://source.android.com/devices/camera/versioning.html">feature flags</a>; a device must define the feature flag if any of its attached camera devices supports the feature.
- </p>
- <p>
- Device implementations MUST broadcast the Camera.ACTION_NEW_PICTURE intent whenever a new picture is taken by the camera and the entry of the picture has been added to the media store.
- </p>
- <p>
- Device implementations MUST broadcast the Camera.ACTION_NEW_VIDEO intent whenever a new video is recorded by the camera and the entry of the picture has been added to the media store.
- </p>
- <h3>
- 7.5.5. Camera Orientation
- </h3>
- <p>
- Both front- and rear-facing cameras, if present, MUST be oriented so that the long dimension of the camera aligns with the screen’s long dimension. That is, when the device is held in the landscape orientation, cameras MUST capture images in the landscape orientation. This applies regardless of the device’s natural orientation; that is, it applies to landscape-primary devices as well as portrait-primary devices.
- </p>
- <h2>
- 7.6. Memory and Storage
- </h2>
- <h3>
- 7.6.1. Minimum Memory and Storage
- </h3>
- <div class="note">
- Android Television devices MUST have at least 4GB of non-volatile storage available for application private data.
- </div>
- <p>
- The memory available to the kernel and userspace on device implementations MUST be at least equal or larger than the minimum values specified by the following table. (See <a href="#7_1_1_screen_configuration">section 7.1.1</a> for screen size and density definitions.)
- </p>
- <table>
- <tr>
- <th>
- Density and screen size
- </th>
- <th>
- 32-bit device
- </th>
- <th>
- 64-bit device
- </th>
- </tr>
- <tr>
- <td>
- Android Watch devices (due to smaller screens)
- </td>
- <td>
- 416MB
- </td>
- <td>
- Not applicable
- </td>
- </tr>
- <tr>
- <td>
- <ul>
- <li class="table_list">280dpi or lower on small/normal screens
- </li>
- <li class="table_list">mdpi or lower on large screens
- </li>
- <li class="table_list">ldpi or lower on extra large screens
- </li>
- </ul>
- </td>
- <td>
- 512MB
- </td>
- <td>
- 816MB
- </td>
- </tr>
- <tr>
- <td>
- <ul>
- <li class="table_list">xhdpi or higher on small/normal screens
- </li>
- <li class="table_list">hdpi or higher on large screens
- </li>
- <li class="table_list">mdpi or higher on extra large screens
- </li>
- </ul>
- </td>
- <td>
- 608MB
- </td>
- <td>
- 944MB
- </td>
- </tr>
- <tr>
- <td>
- <ul>
- <li class="table_list">400dpi or higher on small/normal screens
- </li>
- <li class="table_list">xhdpi or higher on large screens
- </li>
- <li class="table_list">tvdpi or higher on extra large screens
- </li>
- </ul>
- </td>
- <td>
- 896MB
- </td>
- <td>
- 1280MB
- </td>
- </tr>
- <tr>
- <td>
- <ul>
- <li class="table_list">560dpi or higher on small/normal screens
- </li>
- <li class="table_list">400dpi or higher on large screens
- </li>
- <li class="table_list">xhdpi or higher on extra large screens
- </li>
- </ul>
- </td>
- <td>
- 1344MB
- </td>
- <td>
- 1824MB
- </td>
- </tr>
- </table>
- <p>
- The minimum memory values MUST be in addition to any memory space already dedicated to hardware components such as radio, video, and so on that is not under the kernel’s control.
- </p>
- <p>
- Device implementations with less than 512MB of memory available to the kernel and userspace, unless an Android Watch, MUST return the value "true" for ActivityManager.isLowRamDevice().
- </p>
- <p>
- Android Television devices MUST have at least 4GB and other device implementations MUST have at least 3GB of non-volatile storage available for application private data. That is, the /data partition MUST be at least 4GB for Android Television devices and at least 3GB for other device implementations. Device implementations that run Android are <strong>STRONGLY RECOMMENDED</strong> to have at least 4GB of non-volatile storage for application private data so they will be able to upgrade to the future platform releases.
- </p>
- <p>
- The Android APIs include a <a href="http://developer.android.com/reference/android/app/DownloadManager.html">Download Manager</a> that applications MAY use to download data files. The device implementation of the Download Manager MUST be capable of downloading individual files of at least 100MB in size to the default “cache” location.
- </p>
- <h3>
- 7.6.2. Application Shared Storage
- </h3>
- <p>
- Device implementations MUST offer shared storage for applications also often referred as “shared external storage”.
- </p>
- <p>
- Device implementations MUST be configured with shared storage mounted by default, “out of the box”. If the shared storage is not mounted on the Linuxpath /sdcard, then the device MUST include a Linux symbolic link from /sdcard to the actual mount point.
- </p>
- <p>
- Device implementations MAY have hardware for user-accessible removable storage, such as a Secure Digital (SD) card slot. If this slot is used to satisfy the shared storage requirement, the device implementation:
- </p>
- <ul>
- <li>MUST implement a toast or pop-up user interface warning the user when there is no SD card.
- </li>
- <li>MUST include a FAT-formatted SD card 1GB in size or larger OR show on the box and other material available at time of purchase that the SD card has to be separately purchased.
- </li>
- <li>MUST mount the SD card by default.
- </li>
- </ul>
- <p>
- Alternatively, device implementations MAY allocate internal (non-removable) storage as shared storage for apps as included in the upstream Android Open Source Project; device implementations SHOULD use this configuration and software implementation. If a device implementation uses internal (non-removable) storage to satisfy the shared storage requirement, while that storage MAY share space with the application private data, it MUST be at least 1GB in size and mounted on /sdcard (or /sdcard MUST be a symbolic link to the physical location if it is mounted elsewhere).
- </p>
- <p>
- Device implementations MUST enforce as documented the android.permission.WRITE_EXTERNAL_STORAGE permission on this shared storage. Shared storage MUST otherwise be writable by any application that obtains that permission.
- </p>
- <p>
- Device implementations that include multiple shared storage paths (such as both an SD card slot and shared internal storage) MUST allow only pre-installed & privileged Android applications with the WRITE_EXTERNAL_STORAGE permission to write to the secondary external storage, except when writing to their package-specific directories or within the <code>URI</code> returned by firing the <code>ACTION_OPEN_DOCUMENT_TREE</code> intent.
- </p>
- <p>
- However, device implementations SHOULD expose content from both storage paths transparently through Android’s media scanner service and android.provider.MediaStore.
- </p>
- <p>
- Regardless of the form of shared storage used, if the device implementation has a USB port with USB peripheral mode support, it MUST provide some mechanism to access the contents of shared storage from a host computer. Device implementations MAY use USB mass storage, but SHOULD use Media Transfer Protocol to satisfy this requirement. If the device implementation supports Media Transfer Protocol, it:
- </p>
- <ul>
- <li>SHOULD be compatible with the reference Android MTP host, <a href="http://www.android.com/filetransfer">Android File Transfer</a>.
- </li>
- <li>SHOULD report a USB device class of 0x00.
- </li>
- <li>SHOULD report a USB interface name of 'MTP'.
- </li>
- </ul>
- <h3>
- 7.6.3. Adoptable Storage
- </h3>
- <p>
- Device implementations are STRONGLY RECOMMENDED to implement <a href="http://source.android.com/devices/storage/adoptable.html">adoptable storage</a> if the removable storage device port is in a long-term stable location, such as within the battery compartment or other protective cover.
- </p>
- <p>
- Device implementations such as a television, MAY enable adoption through USB ports as the device is expected to be static and not mobile. But for other device implementations that are mobile in nature, it is STRONGLY RECOMMENDED to implement the adoptable storage in a long-term stable location, since accidentally disconnecting them can cause data loss/corruption.
- </p>
- <h2>
- 7.7. USB
- </h2>
- <p>
- Device implementations SHOULD support USB peripheral mode and SHOULD support USB host mode.
- </p>
- <h3>
- 7.7.1. USB peripheral mode
- </h3>
- <p>
- If a device implementation includes a USB port supporting peripheral mode:
- </p>
- <ul>
- <li>The port MUST be connectable to a USB host that has a standard type-A or type-C USB port.
- </li>
- <li>The port SHOULD use micro-B, micro-AB or Type-C USB form factor. Existing and new Android devices are <strong>STRONGLY RECOMMENDED to meet these requirements</strong> so they will be able to upgrade to the future platform releases.
- </li>
- <li>The port SHOULD be located on the bottom of the device (according to natural orientation) or enable software screen rotation for all apps (including home screen), so that the display draws correctly when the device is oriented with the port at bottom. Existing and new Android devices are <strong>STRONGLY RECOMMENDED to meet these requirements</strong> so they will be able to upgrade to future platform releases.
- </li>
- <li>It MUST allow a USB host connected with the Android device to access the contents of the shared storage volume using either USB mass storage or Media Transfer Protocol.
- </li>
- <li>It SHOULD implement the Android Open Accessory (AOA) API and specification as documented in the Android SDK documentation, and if it is an Android Handheld device it MUST implement the AOA API. Device implementations implementing the AOA specification:
- <ul>
- <li>MUST declare support for the hardware feature <a href="http://developer.android.com/guide/topics/connectivity/usb/accessory.html">android.hardware.usb.accessory</a>.
- </li>
- <li>MUST implement the <a href="http://developer.android.com/reference/android/hardware/usb/UsbConstants.html#USB_CLASS_AUDIO">USB audio class</a> as documented in the Android SDK documentation.
- </li>
- <li>The USB mass storage class MUST include the string "android" at the end of the interface description <code>iInterface</code> string of the USB mass storage
- </li>
- </ul>
- </li>
- <li>It SHOULD implement support to draw 1.5 A current during HS chirp and traffic as specified in the <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">USB Battery Charging specification, revision 1.2</a>. Existing and new Android devices are <strong>STRONGLY RECOMMENDED to meet these requirements</strong> so they will be able to upgrade to the future platform releases.
- </li>
- <li>Type-C devices MUST detect 1.5A and 3.0A chargers per the Type-C resistor standard and it must detect changes in the advertisement.
- </li>
- <li>Type-C devices also supporting USB host mode are STRONGLY RECOMMENDED to support Power Delivery for data and power role swapping.
- </li>
- <li>Type-C devices SHOULD support Power Delivery for high-voltage charging and support for Alternate Modes such as display out.
- </li>
- <li>The value of iSerialNumber in USB standard device descriptor MUST be equal to the value of android.os.Build.SERIAL.
- </li>
- <li>Type-C devices are STRONGLY RECOMMENDED to not support proprietary charging methods that modify Vbus voltage beyond default levels, or alter sink/source roles as such may result in interoperability issues with the chargers or devices that support the standard USB Power Delivery methods. While this is called out as "STRONGLY RECOMMENDED", in future Android versions we might REQUIRE all type-C devices to support full interoperability with standard type-C chargers.
- </li>
- </ul>
- <h3>
- 7.7.2. USB host mode
- </h3>
- <p>
- If a device implementation includes a USB port supporting host mode, it:
- </p>
- <ul>
- <li>SHOULD use a type-C USB port, if the device implementation supports USB 3.1.
- </li>
- <li>MAY use a non-standard port form factor, but if so MUST ship with a cable or cables adapting the port to a standard type-A or type-C USB port.
- </li>
- <li>MAY use a micro-AB USB port, but if so SHOULD ship with a cable or cables adapting the port to a standard type-A or type-C USB port.
- </li>
- <li>is <strong>STRONGLY RECOMMENDED</strong> to implement the <a href="http://developer.android.com/reference/android/hardware/usb/UsbConstants.html#USB_CLASS_AUDIO">USB audio class</a> as documented in the Android SDK documentation.
- </li>
- <li>MUST implement the Android USB host API as documented in the Android SDK, and MUST declare support for the hardware feature <a href="http://developer.android.com/guide/topics/connectivity/usb/host.html">android.hardware.usb.host</a>.
- </li>
- <li>SHOULD support device charging while in host mode; advertising a source current of at least 1.5A as specified in the Termination Parameters section of the [USB Type-C Cable and Connector Specification Revision 1.2] (http://www.usb.org/developers/docs/usb_31_021517.zip) for USB Type-C connectors or using Charging Downstream Port(CDP) output current range as specified in the <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">USB Battery Charging specifications, revision 1.2</a> for Micro-AB connectors.
- </li>
- <li>USB Type-C devices are STRONGLY RECOMMENDED to support DisplayPort, SHOULD support USB SuperSpeed Data Rates, and are STRONGLY RECOMMENDED to support Power Delivery for data and power role swapping.
- </li>
- <li>Devices with any type-A or type-AB ports MUST NOT ship with an adapter converting from this port to a type-C receptacle.
- </li>
- <li>MUST recognize any remotely connected MTP (Media Transfer Protocol) devices and make their contents accessible through the <code>ACTION_GET_CONTENT</code>, <code>ACTION_OPEN_DOCUMENT</code>, and <code>ACTION_CREATE_DOCUMENT</code> intents, if the Storage Access Framework (SAF) is supported.
- </li>
- <li>MUST, if using a Type-C USB port and including support for peripheral mode, implement Dual Role Port functionality as defined by the USB Type-C specification (section 4.5.1.3.3).
- </li>
- <li>SHOULD, if the Dual Role Port functionality is supported, implement the Try.* model that is most appropriate for the device form factor. For example a handheld device SHOULD implement the Try.SNK model.
- </li>
- </ul>
- <h2>
- 7.8. Audio
- </h2>
- <h3>
- 7.8.1. Microphone
- </h3>
- <div class="note">
- Android Handheld, Watch, and Automotive implementations MUST include a microphone.
- </div>
- <p>
- Device implementations MAY omit a microphone. However, if a device implementation omits a microphone, it MUST NOT report the android.hardware.microphone feature constant, and MUST implement the audio recording API at least as no-ops, per <a href="#7_hardware_compatibility">section 7</a>. Conversely, device implementations that do possess a microphone:
- </p>
- <ul>
- <li>MUST report the android.hardware.microphone feature constant.
- </li>
- <li>MUST meet the audio recording requirements in <a href="#5_4_audio_recording">section 5.4</a>.
- </li>
- <li>MUST meet the audio latency requirements in <a href="#5_6_audio_latency">section 5.6</a>.
- </li>
- <li>STRONGLY RECOMMENDED to support near-ultrasound recording as described in <a href="#7_8_3_near_ultrasound">section 7.8.3</a>.
- </li>
- </ul>
- <h3>
- 7.8.2. Audio Output
- </h3>
- <div class="note">
- Android Watch devices MAY include an audio output.
- </div>
- <p>
- Device implementations including a speaker or with an audio/multimedia output port for an audio output peripheral as a headset or an external speaker:
- </p>
- <ul>
- <li>MUST report the android.hardware.audio.output feature constant.
- </li>
- <li>MUST meet the audio playback requirements in <a href="#5_5_audio_playback">section 5.5</a>.
- </li>
- <li>MUST meet the audio latency requirements in <a href="#5_6_audio_latency">section 5.6</a>.
- </li>
- <li>STRONGLY RECOMMENDED to support near-ultrasound playback as described in <a href="#7_8_3_near_ultrasound">section 7.8.3</a>.
- </li>
- </ul>
- <p>
- Conversely, if a device implementation does not include a speaker or audio output port, it MUST NOT report the android.hardware.audio output feature, and MUST implement the Audio Output related APIs as no-ops at least.
- </p>
- <p>
- Android Watch device implementation MAY but SHOULD NOT have audio output, but other types of Android device implementations MUST have an audio output and declare android.hardware.audio.output.
- </p>
- <h4>
- 7.8.2.1. Analog Audio Ports
- </h4>
- <p>
- In order to be compatible with the <a href="http://source.android.com/accessories/headset-spec.html">headsets and other audio accessories</a> using the 3.5mm audio plug across the Android ecosystem, if a device implementation includes one or more analog audio ports, at least one of the audio port(s) SHOULD be a 4 conductor 3.5mm audio jack. If a device implementation has a 4 conductor 3.5mm audio jack, it:
- </p>
- <ul>
- <li>MUST support audio playback to stereo headphones and stereo headsets with a microphone, and SHOULD support audio recording from stereo headsets with a microphone.
- </li>
- <li>MUST support TRRS audio plugs with the CTIA pin-out order, and SHOULD support audio plugs with the OMTP pin-out order.
- </li>
- <li>MUST support the detection of microphone on the plugged in audio accessory, if the device implementation supports a microphone, and broadcast the android.intent.action.HEADSET_PLUG with the extra value microphone set as 1.
- </li>
- <li>MUST support the detection and mapping to the keycodes for the following 3 ranges of equivalent impedance between the microphone and ground conductors on the audio plug:
- <ul>
- <li>
- <strong>70 ohm or less</strong>: KEYCODE_HEADSETHOOK
- </li>
- <li>
- <strong>210-290 Ohm</strong>: KEYCODE_VOLUME_UP
- </li>
- <li>
- <strong>360-680 Ohm</strong>: KEYCODE_VOLUME_DOWN
- </li>
- </ul>
- </li>
- <li>STRONGLY RECOMMENDED to detect and map to the keycode for the following range of equivalent impedance between the microphone and ground conductors on the audio plug:
- <ul>
- <li>
- <strong>110-180 Ohm:</strong> KEYCODE_VOICE_ASSIST
- </li>
- </ul>
- </li>
- <li>MUST trigger ACTION_HEADSET_PLUG upon a plug insert, but only after all contacts on plug are touching their relevant segments on the jack.
- </li>
- <li>MUST be capable of driving at least 150mV ± 10% of output voltage on a 32 Ohm speaker impedance.
- </li>
- <li>MUST have a microphone bias voltage between 1.8V ~ 2.9V.
- </li>
- </ul>
- <h3>
- 7.8.3. Near-Ultrasound
- </h3>
- <p>
- Near-Ultrasound audio is the 18.5 kHz to 20 kHz band. Device implementations MUST correctly report the support of near-ultrasound audio capability via the <a href="http://developer.android.com/reference/android/media/AudioManager.html#getProperty%28java.lang.String%29">AudioManager.getProperty</a> API as follows:
- </p>
- <ul>
- <li>If <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_MIC_NEAR_ULTRASOUND">PROPERTY_SUPPORT_MIC_NEAR_ULTRASOUND</a> is "true", then the following requirements must be met by the VOICE_RECOGNITION and UNPROCESSED audio sources:
- <ul>
- <li>The microphone's mean power response in the 18.5 kHz to 20 kHz band MUST be no more than 15 dB below the response at 2 kHz.
- </li>
- <li>The microphone's unweighted signal to noise ratio over 18.5 kHz to 20 kHz for a 19 kHz tone at -26 dBFS MUST be no lower than 50 dB.
- </li>
- </ul>
- </li>
- <li>If <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_SPEAKER_NEAR_ULTRASOUND">PROPERTY_SUPPORT_SPEAKER_NEAR_ULTRASOUND</a> is "true", then the speaker's mean response in 18.5 kHz - 20 kHz MUST be no lower than 40 dB below the response at 2 kHz.
- </li>
- </ul>
- <h2>
- 7.9. Virtual Reality
- </h2>
- <p>
- Android includes APIs and facilities to build "Virtual Reality" (VR) applications including high quality mobile VR experiences. Device implementations MUST properly implement these APIs and behaviors, as detailed in this section.
- </p>
- <h3>
- 7.9.1. Virtual Reality Mode
- </h3>
- <p>
- Android handheld device implementations that support a mode for VR applications that handles stereoscopic rendering of notifications and disable monocular system UI components while a VR application has user focus MUST declare <code>android.software.vr.mode</code> feature. Devices declaring this feature MUST include an application implementing <code>android.service.vr.VrListenerService</code> that can be enabled by VR applications via <code>android.app.Activity#setVrModeEnabled</code>.
- </p>
- <h3>
- 7.9.2. Virtual Reality High Performance
- </h3>
- <p>
- Android handheld device implementations MUST identify the support of high performance virtual reality for longer user periods through the <code>android.hardware.vr.high_performance</code> feature flag and meet the following requirements.
- </p>
- <ul>
- <li>Device implementations MUST have at least 2 physical cores.
- </li>
- <li>Device implementations MUST declare android.software.vr.mode feature.
- </li>
- <li>Device implementations MAY provide an exclusive core to the foreground application and MAY support the Process.getExclusiveCores API to return the numbers of the cpu cores that are exclusive to the top foreground application. If exclusive core is supported then the core MUST not allow any other userspace processes to run on it (except device drivers used by the application), but MAY allow some kernel processes to run as necessary.
- </li>
- <li>Device implementations MUST support sustained performance mode.
- </li>
- <li>Device implementations MUST support OpenGL ES 3.2.
- </li>
- <li>Device implementations MUST support Vulkan Hardware Level 0 and SHOULD support Vulkan Hardware Level 1.
- </li>
- <li>Device implementations MUST implement EGL_KHR_mutable_render_buffer and EGL_ANDROID_front_buffer_auto_refresh, EGL_ANDROID_create_native_client_buffer, EGL_KHR_fence_sync and EGL_KHR_wait_sync so that they may be used for Shared Buffer Mode, and expose the extensions in the list of available EGL extensions.
- </li>
- <li>The GPU and display MUST be able to synchronize access to the shared front buffer such that alternating-eye rendering of VR content at 60fps with two render contexts will be displayed with no visible tearing artifacts.
- </li>
- <li>Device implementations MUST implement EGL_IMG_context_priority, and expose the extension in the list of available EGL extensions.
- </li>
- <li>Device implementations MUST implement GL_EXT_multisampled_render_to_texture, GL_OVR_multiview, GL_OVR_multiview2 and GL_OVR_multiview_multisampled_render_to_texture, and expose the extensions in the list of available GL extensions.
- </li>
- <li>Device implementations MUST implement EGL_EXT_protected_content and GL_EXT_protected_textures so that it may be used for Secure Texture Video Playback, and expose the extensions in the list of available EGL and GL extensions.
- </li>
- <li>Device implementations MUST support H.264 decoding at least 3840x2160@30fps-40Mbps (equivalent to 4 instances of 1920x1080@30fps-10Mbps or 2 instances of 1920x1080@60fps-20Mbps).
- </li>
- <li>Device implementations MUST support HEVC and VP9, MUST be capable to decode at least 1920x1080@30fps-10Mbps and SHOULD be capable to decode 3840x2160@30fps-20Mbps (equivalent to 4 instances of 1920x1080@30fps-5Mbps).
- </li>
- <li>The device implementations are STRONGLY RECOMMENDED to support android.hardware.sensor.hifi_sensors feature and MUST meet the gyroscope, accelerometer, and magnetometer related requirements for android.hardware.hifi_sensors.
- </li>
- <li>Device implementations MUST support HardwarePropertiesManager.getDeviceTemperatures API and return accurate values for skin temperature.
- </li>
- <li>The device implementation MUST have an embedded screen, and its resolution MUST be at least be FullHD(1080p) and STRONGLY RECOMMENDED TO BE be QuadHD (1440p) or higher.
- </li>
- <li>The display MUST measure between 4.7" and 6" diagonal.
- </li>
- <li>The display MUST update at least 60 Hz while in VR Mode.
- </li>
- <li>The display latency on Gray-to-Gray, White-to-Black, and Black-to-White switching time MUST be ≤ 3 ms.
- </li>
- <li>The display MUST support a low-persistence mode with ≤5 ms persistence,persistence being defined as the amount of time for which a pixel is emitting light.
- </li>
- <li>Device implementations MUST support Bluetooth 4.2 and Bluetooth LE Data Length Extension <a href="#7_4_3_bluetooth">section 7.4.3</a>.
+ NfcA (ISO14443-3A)
</li>
- </ul>
- <h1>
- 8. Performance and Power
- </h1>
- <p>
- Some minimum performance and power criteria are critical to the user experience and impact the baseline assumptions developers would have when developing an app. Android Watch devices SHOULD and other type of device implementations MUST meet the following criteria.
- </p>
- <h2>
- 8.1. User Experience Consistency
- </h2>
- <p>
- Device implementations MUST provide a smooth user interface by ensuring a consistent frame rate and response times for applications and games. Device implementations MUST meet the following requirements:
- </p>
- <ul>
<li>
- <strong>Consistent frame latency</strong>. Inconsistent frame latency or a delay to render frames MUST NOT happen more often than 5 frames in a second, and SHOULD be below 1 frames in a second.
+ NfcB (ISO14443-3B)
</li>
<li>
- <strong>User interface latency</strong>. Device implementations MUST ensure low latency user experience by scrolling a list of 10K list entries as defined by the Android Compatibility Test Suite (CTS) in less than 36 secs.
+ NfcF (JIS X 6319-4)
</li>
<li>
- <strong>Task switching</strong>. When multiple applications have been launched, re-launching an already-running application after it has been launched MUST take less than 1 second.
+ IsoDep (ISO 14443-4)
</li>
- </ul>
- <h2>
- 8.2. File I/O Access Performance
- </h2>
- <p>
- Device implementations MUST ensure internal storage file access performance consistency for read and write operations.
- </p>
- <ul>
<li>
- <strong>Sequential write</strong>. Device implementations MUST ensure a sequential write performance of at least 5MB/s for a 256MB file using 10MB write buffer.
+ NFC Forum Tag Types 1, 2, 3, 4 (defined by the NFC Forum)
</li>
+ </ul>
+ </li>
+ <li>
+ STRONGLY RECOMMENDED to be capable of reading and writing NDEF messages
+as well as raw data via the following NFC standards. Note that while the NFC
+standards below are stated as STRONGLY RECOMMENDED, the Compatibility
+Definition for a future version is planned to change these to MUST. These
+standards are optional in this version but will be required in future versions.
+Existing and new devices that run this version of Android are very strongly
+encouraged to meet these requirements now so they will be able to upgrade to
+the future platform releases.
+ <ul>
<li>
- <strong>Random write</strong>. Device implementations MUST ensure a random write performance of at least 0.5MB/s for a 256MB file using 4KB write buffer.
+ NfcV (ISO 15693)
</li>
+ </ul>
+ </li>
+ <li>
+ SHOULD be capable of reading the barcode and URL (if encoded) of
+ <a href="http://developer.android.com/reference/android/nfc/tech/NfcBarcode.html">
+ Thinfilm NFC Barcode
+ </a>
+ products.
+ </li>
+ <li>
+ MUST be capable of transmitting and receiving data via the following
+peer-to-peer standards and protocols:
+ <ul>
<li>
- <strong>Sequential read</strong>. Device implementations MUST ensure a sequential read performance of at least 15MB/s for a 256MB file using 10MB write buffer.
+ ISO 18092
</li>
<li>
- <strong>Random read</strong>. Device implementations MUST ensure a random read performance of at least 3.5MB/s for a 256MB file using 4KB write buffer.
- </li>
- </ul>
- <h2>
- 8.3. Power-Saving Modes
- </h2>
- <p>
- Android 6.0 introduced App Standby and Doze power-saving modes to optimize battery usage. All Apps exempted from these modes MUST be made visible to the end user. Further, the triggering, maintenance, wakeup algorithms and the use of global system settings of these power-saving modes MUST not deviate from the Android Open Source Project.
- </p>
- <p>
- In addition to the power-saving modes, Android device implementations MAY implement any or all of the 4 sleeping power states as defined by the Advanced Configuration and Power Interface (ACPI), but if it implements S3 and S4 power states, it can only enter these states when closing a lid that is physically part of the device.
- </p>
- <h2>
- 8.4. Power Consumption Accounting
- </h2>
- <p>
- A more accurate accounting and reporting of the power consumption provides the app developer both the incentives and the tools to optimize the power usage pattern of the application. Therefore, device implementations:
- </p>
- <ul>
- <li>MUST be able to track hardware component power usage and attribute that power usage to specific applications. Specifically, implementations:
- <ul>
- <li>MUST provide a per-component power profile that defines the <a href="http://source.android.com/devices/tech/power/values.html">current consumption value</a> for each hardware component and the approximate battery drain caused by the components over time as documented in the Android Open Source Project site.
- </li>
- <li>MUST report all power consumption values in milliampere hours (mAh).
- </li>
- <li>SHOULD be attributed to the hardware component itself if unable to attribute hardware component power usage to an application.
- </li>
- <li>MUST report CPU power consumption per each process's UID. The Android Open Source Project meets the requirement through the <code>uid_cputime</code> kernel module implementation.
- </li>
- </ul>
- </li>
- <li>MUST make this power usage available via the <a href="http://source.android.com/devices/tech/power/batterystats.html"><code>adb shell dumpsys batterystats</code></a> shell command to the app developer.
- </li>
- <li>MUST honor the <a href="http://developer.android.com/reference/android/content/Intent.html#ACTION_POWER_USAGE_SUMMARY">android.intent.action.POWER_USAGE_SUMMARY</a> intent and display a settings menu that shows this power usage.
- </li>
- </ul>
- <h2>
- 8.5. Consistent Performance
- </h2>
- <p>
- Performance can fluctuate dramatically for high-performance long-running apps, either because of the other apps running in the background or the CPU throttling due to temperature limits. Android includes programmatic interfaces so that when the device is capable, the top foreground application can request that the system optimize the allocation of the resources to address such fluctuations.
- </p>
- <p>
- Device implementations SHOULD support Sustained Performance Mode which can provide the top foreground application a consistent level of performance for a prolonged amount of time when requested through the <a href="https://developer.android.com/reference/android/view/Window.html#setSustainedPerformanceMode%28boolean%29"><code>Window.setSustainedPerformanceMode()</code></a> API method. A Device implementation MUST report the support of Sustained Performance Mode accurately through the <a href="https://developer.android.com/reference/android/os/PowerManager.html#isSustainedPerformanceModeSupported%28%29"><code>PowerManager.isSustainedPerformanceModeSupported()</code></a> API method.
- </p>
- <p>
- Device implementations with two or more CPU cores SHOULD provide at least one exclusive core that can be reserved by the top foreground application. If provided, implementations MUST meet the following requirements:
- </p>
- <ul>
- <li>Implementations MUST report through the <a href="https://developer.android.com/reference/android/os/Process.html#getExclusiveCores%28%29"><code>Process.getExclusiveCores()</code></a> API method the id numbers of the exclusive cores that can be reserved by the top foreground application.
- </li>
- <li>Device implementations MUST not allow any user space processes except the device drivers used by the application to run on the exclusive cores, but MAY allow some kernel processes to run as necessary.
- </li>
- </ul>
- <p>
- If a device implementation does not support an exclusive core, it MUST return an empty list through the <a href="https://developer.android.com/reference/android/os/Process.html#getExclusiveCores%28%29"><code>Process.getExclusiveCores()</code></a> API method.
- </p>
- <h1>
- 9. Security Model Compatibility
- </h1>
- <p>
- Device implementations MUST implement a security model consistent with the Android platform security model as defined in <a href="http://developer.android.com/guide/topics/security/permissions.html">Security and Permissions reference document</a> in the APIs in the Android developer documentation. Device implementations MUST support installation of self-signed applications without requiring any additional permissions/certificates from any third parties/authorities. Specifically, compatible devices MUST support the security mechanisms described in the follow subsections.
- </p>
- <h2>
- 9.1. Permissions
- </h2>
- <p>
- Device implementations MUST support the <a href="http://developer.android.com/guide/topics/security/permissions.html">Android permissions model</a> as defined in the Android developer documentation. Specifically, implementations MUST enforce each permission defined as described in the SDK documentation; no permissions may be omitted, altered, or ignored. Implementations MAY add additional permissions, provided the new permission ID strings are not in the android.* namespace.
- </p>
- <p>
- Permissions with a <code>protectionLevel</code> of <a href="https://developer.android.com/reference/android/content/pm/PermissionInfo.html#PROTECTION_FLAG_PRIVILEGED">'PROTECTION_FLAG_PRIVILEGED'</a> MUST only be granted to apps preloaded in the whitelisted privileged path(s) of the system image, such as the <code>system/priv-app</code> path in the AOSP implementation.
- </p>
- <p>
- Permissions with a protection level of dangerous are runtime permissions. Applications with targetSdkVersion > 22 request them at runtime. Device implementations:
- </p>
- <ul>
- <li>MUST show a dedicated interface for the user to decide whether to grant the requested runtime permissions and also provide an interface for the user to manage runtime permissions.
- </li>
- <li>MUST have one and only one implementation of both user interfaces.
- </li>
- <li>MUST NOT grant any runtime permissions to preinstalled apps unless:
- <ul>
- <li>the user's consent can be obtained before the application uses it
- </li>
- <li>the runtime permissions are associated with an intent pattern for which the preinstalled application is set as the default handler
- </li>
- </ul>
- </li>
- </ul>
- <h2>
- 9.2. UID and Process Isolation
- </h2>
- <p>
- Device implementations MUST support the Android application sandbox model, in which each application runs as a unique Unixstyle UID and in a separate process. Device implementations MUST support running multiple applications as the same Linux user ID, provided that the applications are properly signed and constructed, as defined in the <a href="http://developer.android.com/guide/topics/security/permissions.html">Security and Permissions reference</a>.
- </p>
- <h2>
- 9.3. Filesystem Permissions
- </h2>
- <p>
- Device implementations MUST support the Android file access permissions model as defined in the <a href="http://developer.android.com/guide/topics/security/permissions.html">Security and Permissions reference</a>.
- </p>
- <h2>
- 9.4. Alternate Execution Environments
- </h2>
- <p>
- Device implementations MAY include runtime environments that execute applications using some other software or technology than the Dalvik Executable Format or native code. However, such alternate execution environments MUST NOT compromise the Android security model or the security of installed Android applications, as described in this section.
- </p>
- <p>
- Alternate runtimes MUST themselves be Android applications, and abide by the standard Android security model, as described elsewhere in <a href="#9_security_model_compatibility">section 9</a>.
- </p>
- <p>
- Alternate runtimes MUST NOT be granted access to resources protected by permissions not requested in the runtime’s AndroidManifest.xml file via the <uses-permission> mechanism.
- </p>
- <p>
- Alternate runtimes MUST NOT permit applications to make use of features protected by Android permissions restricted to system applications.
- </p>
- <p>
- Alternate runtimes MUST abide by the Android sandbox model. Specifically, alternate runtimes:
- </p>
- <ul>
- <li>SHOULD install apps via the PackageManager into separate Android sandboxes (Linux user IDs, etc.).
- </li>
- <li>MAY provide a single Android sandbox shared by all applications using the alternate runtime.
- </li>
- <li>Installed applications using an alternate runtime MUST NOT reuse the sandbox of any other app installed on the device, except through the standard Android mechanisms of shared user ID and signing certificate.
- </li>
- <li>MUST NOT launch with, grant, or be granted access to the sandboxes corresponding to other Android applications.
- </li>
- <li>MUST NOT be launched with, be granted, or grant to other applications any privileges of the superuser (root), or of any other user ID.
- </li>
- </ul>
- <p>
- The .apk files of alternate runtimes MAY be included in the system image of a device implementation, but MUST be signed with a key distinct from the key used to sign other applications included with the device implementation.
- </p>
- <p>
- When installing applications, alternate runtimes MUST obtain user consent for the Android permissions used by the application. If an application needs to make use of a device resource for which there is a corresponding Android permission (such as Camera, GPS, etc.), the alternate runtime MUST inform the user that the application will be able to access that resource. If the runtime environment does not record application capabilities in this manner, the runtime environment MUST list all permissions held by the runtime itself when installing any application using that runtime.
- </p>
- <h2>
- 9.5. Multi-User Support
- </h2>
- <div class="note">
- This feature is optional for all device types.
- </div>
- <p>
- Android includes <a href="http://developer.android.com/reference/android/os/UserManager.html">support for multiple users</a> and provides support for full user isolation. Device implementations MAY enable multiple users, but when enabled MUST meet the following requirements related to <a href="http://source.android.com/devices/storage/traditional.html">multi-user support</a>:
- </p>
- <ul>
- <li>Android Automotive device implementations with multi-user support enabled MUST include a guest account that allows all functions provided by the vehicle system without requiring a user to log in.
- </li>
- <li>Device implementations that do not declare the android.hardware.telephony feature flag MUST support restricted profiles, a feature that allows device owners to manage additional users and their capabilities on the device. With restricted profiles, device owners can quickly set up separate environments for additional users to work in, with the ability to manage finer-grained restrictions in the apps that are available in those environments.
- </li>
- <li>Conversely device implementations that declare the android.hardware.telephony feature flag MUST NOT support restricted profiles but MUST align with the AOSP implementation of controls to enable /disable other users from accessing the voice calls and SMS.
- </li>
- <li>Device implementations MUST, for each user, implement a security model consistent with the Android platform security model as defined in <a href="http://developer.android.com/guide/topics/security/permissions.html">Security and Permissions reference document</a> in the APIs.
- </li>
- <li>Each user instance on an Android device MUST have separate and isolated external storage directories. Device implementations MAY store multiple users' data on the same volume or filesystem. However, the device implementation MUST ensure that applications owned by and running on behalf a given user cannot list, read, or write to data owned by any other user. Note that removable media, such as SD card slots, can allow one user to access another’s data by means of a host PC. For this reason, device implementations that use removable media for the external storage APIs MUST encrypt the contents of the SD card if multiuser is enabled using a key stored only on non-removable media accessible only to the system. As this will make the media unreadable by a host PC, device implementations will be required to switch to MTP or a similar system to provide host PCs with access to the current user’s data. Accordingly, device implementations MAY but SHOULD NOT enable multi-user if they use <a href="http://developer.android.com/reference/android/os/Environment.html">removable media</a> for primary external storage.
- </li>
- </ul>
- <h2>
- 9.6. Premium SMS Warning
- </h2>
- <p>
- Android includes support for warning users of any outgoing <a href="http://en.wikipedia.org/wiki/Short_code">premium SMS message</a>. Premium SMS messages are text messages sent to a service registered with a carrier that may incur a charge to the user. Device implementations that declare support for android.hardware.telephony MUST warn users before sending a SMS message to numbers identified by regular expressions defined in /data/misc/sms/codes.xml file in the device. The upstream Android Open Source Project provides an implementation that satisfies this requirement.
- </p>
- <h2>
- 9.7. Kernel Security Features
- </h2>
- <p>
- The Android Sandbox includes features that use the Security-Enhanced Linux (SELinux) mandatory access control (MAC) system, seccomp sandboxing, and other security features in the Linux kernel. SELinux or any other security features implemented below the Android framework:
- </p>
- <ul>
- <li>MUST maintain compatibility with existing applications.
- </li>
- <li>MUST NOT have a visible user interface when a security violation is detected and successfully blocked, but MAY have a visible user interface when an unblocked security violation occurs resulting in a successful exploit.
- </li>
- <li>SHOULD NOT be user or developer configurable.
- </li>
- </ul>
- <p>
- If any API for configuration of policy is exposed to an application that can affect another application (such as a Device Administration API), the API MUST NOT allow configurations that break compatibility.
- </p>
- <p>
- Devices MUST implement SELinux or, if using a kernel other than Linux, an equivalent mandatory access control system. Devices MUST also meet the following requirements, which are satisfied by the reference implementation in the upstream Android Open Source Project.
- </p>
- <p>
- Device implementations:
- </p>
- <ul>
- <li>MUST set SELinux to global enforcing mode.
- </li>
- <li>MUST configure all domains in enforcing mode. No permissive mode domains are allowed, including domains specific to a device/vendor.
- </li>
- <li>MUST NOT modify, omit, or replace the neverallow rules present within the system/sepolicy folder provided in the upstream Android Open Source Project (AOSP) and the policy MUST compile with all neverallow rules present, for both AOSP SELinux domains as well as device/vendor specific domains.
- </li>
- <li>MUST split the media framework into multiple processes so that it is possible to more narrowly grant access for each process as <a href="https://source.android.com/devices/media/framework-hardening.html#arch_changes">described</a> in the Android Open Source Project site.
- </li>
- </ul>
- <p>
- Device implementations SHOULD retain the default SELinux policy provided in the system/sepolicy folder of the upstream Android Open Source Project and only further add to this policy for their own device-specific configuration. Device implementations MUST be compatible with the upstream Android Open Source Project.
- </p>
- <p>
- Devices MUST implement a kernel application sandboxing mechanism which allows filtering of system calls using a configurable policy from multithreaded programs. The upstream Android Open Source Project meets this requirement through enabling the seccomp-BPF with threadgroup synchronization (TSYNC) as described <a href="http://source.android.com/devices/tech/config/kernel.html#Seccomp-BPF-TSYNC">in the Kernel Configuration section of source.android.com</a>.
- </p>
- <h2>
- 9.8. Privacy
- </h2>
- <p>
- If the device implements functionality in the system that captures the contents displayed on the screen and/or records the audio stream played on the device, it MUST continuously notify the user whenever this functionality is enabled and actively capturing/recording.
- </p>
- <p>
- If a device implementation has a mechanism that routes network data traffic through a proxy server or VPN gateway by default (for example, preloading a VPN service with android.permission.CONTROL_VPN granted), the device implementation MUST ask for the user's consent before enabling that mechanism, unless that VPN is enabled by the Device Policy Controller via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setAlwaysOnVpnPackage(android.content.ComponentName,%20java.lang.String,%20boolean)"><code>DevicePolicyManager.setAlwaysOnVpnPackage()</code></a> , in which case the user does not need to provide a separate consent, but MUST only be notified.
- </p>
- <p>
- Device implementations MUST ship with an empty user-added Certificate Authority (CA) store, and MUST preinstall the same root certificates for the system-trusted CA store as <a href="https://source.android.com/security/overview/app-security.html#certificate-authorities">provided</a> in the upstream Android Open Source Project.
- </p>
- <p>
- When devices are routed through a VPN, or a user root CA is installed, the implementation MUST display a warning indicating the network traffic may be monitored to the user.
- </p>
- <p>
- If a device implementation has a USB port with USB peripheral mode support, it MUST present a user interface asking for the user's consent before allowing access to the contents of the shared storage over the USB port.
- </p>
- <h2>
- 9.9. Data Storage Encryption
- </h2>
- <div class="note">
- Optional for Android device implementations without a secure lock screen.
- </div>
- <p>
- If the device implementation supports a secure lock screen as described in section 9.11.1, then the device MUST support data storage encryption of the application private data (/data partition), as well as the application shared storage partition (/sdcard partition) if it is a permanent, non-removable part of the device.
- </p>
- <p>
- For device implementations supporting data storage encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the data storage encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience. If a device implementation is already launched on an earlier Android version with encryption disabled by default, such a device cannot meet the requirement through a system software update and thus MAY be exempted.
- </p>
- <p>
- Device implementations SHOULD meet the above data storage encryption requirement via implementing <a href="https://source.android.com/security/encryption/file-based.html">File Based Encryption</a> (FBE).
- </p>
- <h3>
- 9.9.1. Direct Boot
- </h3>
- <p>
- All devices MUST implement the <a href="http://developer.android.com/preview/features/direct-boot.html">Direct Boot mode</a> APIs even if they do not support Storage Encryption. In particular, the <a href="https://developer.android.com/reference/android/content/Intent.html#LOCKED_BOOT_COMPLETED">LOCKED_BOOT_COMPLETED</a> and <a href="https://developer.android.com/reference/android/content/Intent.html#ACTION_USER_UNLOCKED">ACTION_USER_UNLOCKED</a> Intents must still be broadcast to signal Direct Boot aware applications that Device Encrypted (DE) and Credential Encrypted (CE) storage locations are available for user.
- </p>
- <h3>
- 9.9.2. File Based Encryption
- </h3>
- <p>
- Device implementations supporting FBE:
- </p>
- <ul>
- <li>MUST boot up without challenging the user for credentials and allow Direct Boot aware apps to access to the Device Encrypted (DE) storage after the LOCKED_BOOT_COMPLETED message is broadcasted.
- </li>
- <li>MUST only allow access to Credential Encrypted (CE) storage after the user has unlocked the device by supplying their credentials (eg. passcode, pin, pattern or fingerprint) and the ACTION_USER_UNLOCKED message is broadcasted. Device implementations MUST NOT offer any method to unlock the CE protected storage without the user supplied credentials.
- </li>
- <li>MUST support Verified Boot and ensure that DE keys are cryptographically bound to the device's hardware root of trust.
- </li>
- <li>MUST support encrypting file contents using AES with a key length of 256-bits in XTS mode.
- </li>
- <li>MUST support encrypting file name using AES with a key length of 256-bits in CBC-CTS mode.
- </li>
- <li>MAY support alternative ciphers, key lengths and modes for file content and file name encryption, but MUST use the mandatorily supported ciphers, key lengths and modes by default.
- </li>
- <li>SHOULD make preloaded essential apps (e.g. Alarm, Phone, Messenger) Direct Boot aware.
- </li>
- </ul>
- <p>
- The keys protecting CE and DE storage areas:
- </p>
- <ul>
- <li>MUST be cryptographically bound to a hardware-backed Keystore. CE keys must be bound to a user's lock screen credentials. If the user has specified no lock screen credentials then the CE keys MUST be bound to a default passcode.
- </li>
- <li>MUST be unique and distinct, in other words no user's CE or DE key may match any other user's CE or DE keys.
- </li>
- </ul>
- <p>
- The upstream Android Open Source project provides a preferred implementation of this feature based on the Linux kernel ext4 encryption feature.
- </p>
- <h3>
- 9.9.3. Full Disk Encryption
- </h3>
- <p>
- Device implementations supporting <a href="http://source.android.com/devices/tech/security/encryption/index.html">full disk encryption</a> (FDE). MUST use AES with a key of 128-bits (or greater) and a mode designed for storage (for example, AES-XTS, AES-CBC-ESSIV). The encryption key MUST NOT be written to storage at any time without being encrypted. The user MUST be provided with the possibility to AES encrypt the encryption key, except when it is in active use, with the lock screen credentials stretched using a slow stretching algorithm (e.g. PBKDF2 or scrypt). If the user has not specified a lock screen credentials or has disabled use of the passcode for encryption, the system SHOULD use a default passcode to wrap the encryption key. If the device provides a hardware-backed keystore, the password stretching algorithm MUST be cryptographically bound to that keystore. The encryption key MUST NOT be sent off the device (even when wrapped with the user passcode and/or hardware bound key). The upstream Android Open Source project provides a preferred implementation of this feature based on the Linux kernel feature dm-crypt.
- </p>
- <h2>
- 9.10. Device Integrity
- </h2>
- <p>
- The following requirements ensures there is transparancy to the status of the device integrity.
- </p>
- <p>
- Device implementations MUST correctly report through the System API method PersistentDataBlockManager.getFlashLockState() whether their bootloader state permits flashing of the system image. The <code>FLASH_LOCK_UNKNOWN</code> state is reserved for device implementations upgrading from an earlier version of Android where this new system API method did not exist.
- </p>
- <p>
- Verified boot is a feature that guarantees the integrity of the device software. If a device implementation supports the feature, it MUST:
- </p>
- <ul>
- <li>Declare the platform feature flag android.software.verified_boot.
- </li>
- <li>Perform verification on every boot sequence.
- </li>
- <li>Start verification from an immutable hardware key that is the root of trust and go all the way up to the system partition.
- </li>
- <li>Implement each stage of verification to check the integrity and authenticity of all the bytes in the next stage before executing the code in the next stage.
- </li>
- <li>Use verification algorithms as strong as current recommendations from NIST for hashing algorithms (SHA-256) and public key sizes (RSA-2048).
- </li>
- <li>MUST NOT allow boot to complete when system verification fails, unless the user consents to attempt booting anyway, in which case the data from any non-verified storage blocks MUST not be used.
- </li>
- <li>MUST NOT allow verified partitions on the device to be modified unless the user has explicitly unlocked the boot loader.
- </li>
- </ul>
- <p>
- The upstream Android Open Source Project provides a preferred implementation of this feature based on the Linux kernel feature dm-verity.
- </p>
- <p>
- Starting from Android 6.0, device implementations with Advanced Encryption Standard (AES) crypto performance above 50 MiB/seconds MUST support verified boot for device integrity.
- </p>
- <p>
- If a device implementation is already launched without supporting verified boot on an earlier version of Android, such a device can not add support for this feature with a system software update and thus are exempted from the requirement.
- </p>
- <h2>
- 9.11. Keys and Credentials
- </h2>
- <p>
- The <a href="https://developer.android.com/training/articles/keystore.html">Android Keystore System</a> allows app developers to store cryptographic keys in a container and use them in cryptographic operations through the <a href="https://developer.android.com/reference/android/security/KeyChain.html">KeyChain API</a> or the <a href="https://developer.android.com/reference/java/security/KeyStore.html">Keystore API</a>.
- </p>
- <p>
- All Android device implementations MUST meet the following requirements:
- </p>
- <ul>
- <li>SHOULD not limit the number of keys that can be generated, and MUST at least allow more than 8,192 keys to be imported.
- </li>
- <li>The lock screen authentication MUST rate limit attempts and MUST have an exponential backoff algorithm. Beyond 150 failed attempts, the delay MUST be at least 24 hours per attempt.
- </li>
- <li>When the device implementation supports a secure lock screen it MUST back up the keystore implementation with secure hardware and meet following requirements:
- <ul>
- <li>MUST have hardware backed implementations of RSA, AES, ECDSA and HMAC cryptographic algorithms and MD5, SHA1, SHA-2 Family hash functions to properly support the <a href="https://developer.android.com/training/articles/keystore.html#SupportedAlgorithms">Android Keystore system's supported algorithms</a>.
- </li>
- <li>MUST perform the lock screen authentication in the secure hardware and only when successful allow the authentication-bound keys to be used. The upstream Android Open Source Project provides the <a href="http://source.android.com/devices/tech/security/authentication/gatekeeper.html">Gatekeeper Hardware Abstraction Layer (HAL)</a> that can be used to satisfy this requirement.
- </li>
- </ul>
- </li>
- </ul>
- <p>
- Note that if a device implementation is already launched on an earlier Android version, such a device is exempted from the requirement to have a hardware-backed keystore, unless it declares the <code>android.hardware.fingerprint</code> feature which requires a hardware-backed keystore.
- </p>
- <h3>
- 9.11.1. Secure Lock Screen
- </h3>
- <p>
- Device implementations MAY add or modify the authentication methods to unlock the lock screen, but MUST still meet the following requirements:
- </p>
- <ul>
- <li>The authentication method, if based on a known secret, MUST NOT be treated as a secure lock screen unless it meets all following requirements:
- <ul>
- <li>The entropy of the shortest allowed length of inputs MUST be greater than 10 bits.
- </li>
- <li>The maximum entropy of all possible inputs MUST be greater than 18 bits.
- </li>
- <li>MUST not replace any of the existing authentication methods (PIN, pattern, password) implemented and provided in AOSP.
- </li>
- <li>MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_SOMETHING</code>.
- </li>
- </ul>
- </li>
- <li>The authenticaion method, if based on a physical token or the location, MUST NOT be treated as a secure lock screen unless it meets all following requirements:
- <ul>
- <li>It MUST have a fall-back mechanism to use one of the primary authentication methods which is based on a known secret and meets the requirements to be treated as a secure lock screen.
- </li>
- <li>It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the policy with either the <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setKeyguardDisabledFeatures%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_TRUST_AGENTS)</code></a> method or the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_UNSPECIFIED</code>.
- </li>
- </ul>
- </li>
- <li>The authentication method, if based on biometrics, MUST NOT be treated as a secure lock screen unless it meets all following requirements:
- <ul>
- <li>It MUST have a fall-back mechanism to use one of the primary authentication methods which is based on a known secret and meets the requirements to be treated as a secure lock screen.
- </li>
- <li>It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the keguard feature policy by calling the method <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setKeyguardDisabledFeatures%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_FINGERPRINT)</code></a>.
- </li>
- <li>It MUST have a false acceptance rate that is equal or stronger than what is required for a fingerprint sensor as described in section 7.3.10, or otherwise MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the password quality policy via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_BIOMETRIC_WEAK</code>.
- </li>
- </ul>
- </li>
- <li>If the authentication method can not be treated as a secure lock screen, it:
- <ul>
- <li>MUST return <code>false</code> for both the <a href="http://developer.android.com/reference/android/app/KeyguardManager.html#isKeyguardSecure%28%29"><code>KeyguardManager.isKeyguardSecure()</code></a> and the <a href="https://developer.android.com/reference/android/app/KeyguardManager.html#isDeviceSecure%28%29"><code>KeyguardManager.isDeviceSecure()</code></a> methods.
- </li>
- <li>MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29"><code>DevicePolicyManager.setPasswordQuality()</code></a> method with a more restrictive quality constant than <code>PASSWORD_QUALITY_UNSPECIFIED</code>.
- </li>
- <li>MUST NOT reset the password expiration timers set by <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordExpirationTimeout%28android.content.ComponentName,%20long%29"><code>DevicePolicyManager.setPasswordExpirationTimeout()</code></a>.
- </li>
- <li>MUST NOT authenticate access to keystores if the application has called <a href="https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUserAuthenticationRequired%28boolean%29"><code>KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true)</code></a>).
- </li>
- </ul>
- </li>
- <li>If the authentication method is based on a physical token, the location, or biometrics that has higher false acceptance rate than what is required for fingerprint sensors as described in section 7.3.10, then it:
- <ul>
- <li>MUST NOT reset the password expiration timers set by <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordExpirationTimeout%28android.content.ComponentName,%20long%29"><code>DevicePolicyManager.setPasswordExpirationTimeout()</code></a>.
- </li>
- <li>MUST NOT authenticate access to keystores if the application has called <a href="https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUserAuthenticationRequired%28boolean%29"><code>KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true)</code></a>.
- </li>
- </ul>
- </li>
- </ul>
- <h2>
- 9.12. Data Deletion
- </h2>
- <p>
- Devices MUST provide users with a mechanism to perform a "Factory Data Reset" that allows logical and physical deletion of all data except for the following:
- </p>
- <ul>
- <li>The system image
- </li>
- <li>Any operating system files required by the system image
+ LLCP 1.2 (defined by the NFC Forum)
</li>
- </ul>
- <p>
- All user-generated data MUST be deleted. This MUST satisfy relevant industry standards for data deletion such as NIST SP800-88. This MUST be used for the implementation of the wipeData() API (part of the Android Device Administration API) described in <a href="#3_9_device_administration">section 3.9 Device Administration</a>.
- </p>
- <p>
- Devices MAY provide a fast data wipe that conducts a logical data erase.
- </p>
- <h2>
- 9.13. Safe Boot Mode
- </h2>
- <p>
- Android provides a mode enabling users to boot up into a mode where only preinstalled system apps are allowed to run and all third-party apps are disabled. This mode, known as "Safe Boot Mode", provides the user the capability to uninstall potentially harmful third-party apps.
- </p>
- <p>
- Android device implementations are STRONGLY RECOMENDED to implement Safe Boot Mode and meet following requirements:
- </p>
- <ul>
<li>
- <p>
- Device implementations SHOULD provide the user an option to enter Safe Boot Mode from the boot menu which is reachable through a workflow that is different from that of normal boot.
- </p>
+ SDP 1.0 (defined by the NFC Forum)
</li>
<li>
- <p>
- Device implementations MUST provide the user an option to enter Safe Boot Mode in such a way that is uninterruptible from third-party apps installed on the device, except for when the third party app is a Device Policy Controller and has set the <a href="https://developer.android.com/reference/android/os/UserManager.html#DISALLOW_SAFE_BOOT"><code>UserManager.DISALLOW_SAFE_BOOT</code></a> flag as true.
- </p>
+ <a href="http://static.googleusercontent.com/media/source.android.com/en/us/compatibility/ndef-push-protocol.pdf">
+ NDEF Push Protocol
+ </a>
</li>
<li>
- <p>
- Device implementations MUST provide the user the capability to uninstall any third-party apps within Safe Mode.
- </p>
+ SNEP 1.0 (defined by the NFC Forum)
</li>
- </ul>
- <h2>
- 9.14. Automotive Vehicle System Isolation
- </h2>
- <p>
- Android Automotive devices are expected to exchange data with critical vehicle subsystems, e.g., by using the <a href="http://source.android.com/devices/automotive.html">vehicle HAL</a> to send and receive messages over vehicle networks such as CAN bus. Android Automotive device implementations MUST implement security features below the Android framework layers to prevent malicious or unintentional interaction between the Android framework or third-party apps and vehicle subsystems. These security features are as follows:
- </p>
+ </ul>
+ </li>
+ <li>
+ MUST include support for
+ <a href="http://developer.android.com/guide/topics/connectivity/nfc/nfc.html">
+ Android Beam
+ </a>.
+ </li>
+ <li>
+ MUST implement the SNEP default server. Valid NDEF messages
+received by the default SNEP server MUST be dispatched to applications using
+the android.nfc.ACTION_NDEF_DISCOVERED intent. Disabling Android Beam in
+settings MUST NOT disable dispatch of incoming NDEF message.
+ </li>
+ <li>
+ MUST honor the android.settings.NFCSHARING_SETTINGS intent to show
+ <a href="http://developer.android.com/reference/android/provider/Settings.html#ACTION_NFCSHARING_SETTINGS">
+ NFC sharing settings
+ </a>.
+ </li>
+ <li>
+ MUST implement the NPP server. Messages received by the NPP server
+MUST be processed the same way as the SNEP default server.
+ </li>
+ <li>
+ MUST implement a SNEP client and attempt to send outbound P2P NDEF
+to the default SNEP server when Android Beam is enabled. If no default SNEP
+server is found then the client MUST attempt to send to an NPP server.
+ </li>
+ <li>
+ MUST allow foreground activities to set the outbound P2P NDEF
+message using android.nfc.NfcAdapter.setNdefPushMessage, and
+android.nfc.NfcAdapter.setNdefPushMessageCallback, and
+android.nfc.NfcAdapter.enableForegroundNdefPush.
+ </li>
+ <li>
+ SHOULD use a gesture or on-screen confirmation, such as 'Touch to
+Beam', before sending outbound P2P NDEF messages.
+ </li>
+ <li>
+ SHOULD enable Android Beam by default and MUST be able to send and
+receive using Android Beam, even when another proprietary NFC P2p mode is
+turned on.
+ </li>
+ <li>
+ MUST support NFC Connection handover to Bluetooth when the device
+supports Bluetooth Object Push Profile. Device implementations MUST support
+connection handover to Bluetooth when using
+android.nfc.NfcAdapter.setBeamPushUris, by implementing the
+“
+ <a href="http://members.nfc-forum.org/specs/spec_list/#conn_handover">
+ Connection Handover version 1.2
+ </a>
+ ” and
+“
+ <a href="http://members.nfc-forum.org/apps/group_public/download.php/18688/NFCForum-AD-BTSSP_1_1.pdf">
+ Bluetooth Secure Simple Pairing Using NFC version 1.0
+ </a>
+ ”
+specs from the NFC Forum. Such an implementation MUST implement the handover
+LLCP service with service name “urn:nfc:sn:handover” for exchanging the
+handover request/select records over NFC, and it MUST use the Bluetooth Object
+Push Profile for the actual Bluetooth data transfer. For legacy reasons (to
+remain compatible with Android 4.1 devices), the implementation SHOULD still
+accept SNEP GET requests for exchanging the handover request/select records
+over NFC. However an implementation itself SHOULD NOT send SNEP GET requests
+for performing connection handover.
+ </li>
+ <li>
+ MUST poll for all supported technologies while in NFC discovery mode.
+ </li>
+ <li>
+ SHOULD be in NFC discovery mode while the device is awake with the
+screen active and the lock-screen unlocked.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <p>
+ (Note that publicly available links are not available for the JIS, ISO, and NFC
+Forum specifications cited above.)
+ </p>
+ <p>
+ Android includes support for NFC Host Card Emulation (HCE) mode. If a device
+implementation does include an NFC controller chipset capable of HCE (for NfcA
+and/or NfcB) and it supports Application ID (AID) routing, then it:
+ </p>
+ <ul>
+ <li>
+ MUST report the android.hardware.nfc.hce feature constant.
+ </li>
+ <li>
+ MUST support
+ <a href="http://developer.android.com/guide/topics/connectivity/nfc/hce.html">
+ NFC HCE
+APIs
+ </a>
+ as
+defined in the Android SDK.
+ </li>
+ </ul>
+ <p>
+ If a device implementation does include an NFC controller chipset capable of HCE
+for NfcF, and it implements the feature for third-party applications, then it:
+ </p>
+ <ul>
+ <li>
+ MUST report the android.hardware.nfc.hcef feature constant.
+ </li>
+ <li>
+ MUST implement the [NfcF Card Emulation APIs]
+(https://developer.android.com/reference/android/nfc/cardemulation/NfcFCardEmulation.html)
+as defined in the Android SDK.
+ </li>
+ </ul>
+ <p>
+ Additionally, device implementations MAY include reader/writer support for the
+following MIFARE technologies.
+ </p>
+ <ul>
+ <li>
+ MIFARE Classic
+ </li>
+ <li>
+ MIFARE Ultralight
+ </li>
+ <li>
+ NDEF on MIFARE Classic
+ </li>
+ </ul>
+ <p>
+ Note that Android includes APIs for these MIFARE types. If a device
+implementation supports MIFARE in the reader/writer role, it:
+ </p>
+ <ul>
+ <li>
+ MUST implement the corresponding Android APIs as documented by the Android SDK.
+ </li>
+ <li>
+ MUST report the feature com.nxp.mifare from the
+ <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">
+ android.content.pm.PackageManager.hasSystemFeature()
+ </a>
+ method. Note that this is not a standard Android feature and as such does not
+appear as a constant in the android.content.pm.PackageManager class.
+ </li>
+ <li>
+ MUST NOT implement the corresponding Android APIs nor report the
+com.nxp.mifare feature unless it also implements general NFC support as
+described in this section.
+ </li>
+ </ul>
+ <p>
+ If a device implementation does not include NFC hardware, it MUST NOT declare
+the android.hardware.nfc feature from the
+ <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">
+ android.content.pm.PackageManager.hasSystemFeature()
+ </a>
+ method, and MUST implement the Android NFC API as a no-op.
+ </p>
+ <p>
+ As the classes android.nfc.NdefMessage and android.nfc.NdefRecord represent a
+protocol-independent data representation format, device implementations MUST
+implement these APIs even if they do not include support for NFC or declare the
+android.hardware.nfc feature.
+ </p>
+ <h4 id="7_4_5_minimum_network_capability">
+ 7.4.5. Minimum Network Capability
+ </h4>
+ <p>
+ Device implementations MUST include support for one or more forms of data
+networking. Specifically, device implementations MUST include support for at
+least one data standard capable of 200Kbit/sec or greater. Examples of
+technologies that satisfy this requirement include EDGE, HSPA, EV-DO, 802.11g,
+Ethernet, Bluetooth PAN, etc.
+ </p>
+ <p>
+ Device implementations where a physical networking standard (such as Ethernet)
+is the primary data connection SHOULD also include support for at least one
+common wireless data standard, such as 802.11 (Wi-Fi).
+ </p>
+ <p>
+ Devices MAY implement more than one form of data connectivity.
+ </p>
+ <p>
+ Devices MUST include an IPv6 networking stack and support IPv6 communication
+using the managed APIs, such as
+ <code>
+ java.net.Socket
+ </code>
+ and
+ <code>
+ java.net.URLConnection
+ </code>
+ ,
+as well as the native APIs, such as
+ <code>
+ AF_INET6
+ </code>
+ sockets. The required level of
+IPv6 support depends on the network type, as follows:
+ </p>
+ <ul>
+ <li>
+ Devices that support Wi-Fi networks MUST support dual-stack and IPv6-only
+operation on Wi-Fi.
+ </li>
+ <li>
+ Devices that support Ethernet networks MUST support dual-stack operation on
+Ethernet.
+ </li>
+ <li>
+ Devices that support cellular data SHOULD support IPv6 operation (IPv6-only
+and possibly dual-stack) on cellular data.
+ </li>
+ <li>
+ When a device is simultaneously connected to more than one network (e.g.,
+Wi-Fi and cellular data), it MUST simultaneously meet these requirements on
+each network to which it is connected.
+ </li>
+ </ul>
+ <p>
+ IPv6 MUST be enabled by default.
+ </p>
+ <p>
+ In order to ensure that IPv6 communication is as reliable as IPv4, unicast IPv6
+packets sent to the device MUST NOT be dropped, even when the screen is not in
+an active state. Redundant multicast IPv6 packets, such as repeated identical
+Router Advertisements, MAY be rate-limited in hardware or firmware if doing so
+is necessary to save power. In such cases, rate-limiting MUST NOT cause the
+device to lose IPv6 connectivity on any IPv6-compliant network that uses RA
+lifetimes of at least 180 seconds.
+ </p>
+ <p>
+ IPv6 connectivity MUST be maintained in doze mode.
+ </p>
+ <h4 id="7_4_6_sync_settings">
+ 7.4.6. Sync Settings
+ </h4>
+ <p>
+ Device implementations MUST have the master auto-sync setting on by default so
+that the method
+ <a href="http://developer.android.com/reference/android/content/ContentResolver.html">
+ getMasterSyncAutomatically()
+ </a>
+ returns “true”.
+ </p>
+ <h4 id="7_4_7_data_saver">
+ 7.4.7. Data Saver
+ </h4>
+ <p>
+ Device implementations with a metered connection are STRONGLY RECOMMENDED to provide the
+data saver mode.
+ </p>
+ <p>
+ If a device implementation provides the data saver mode, it:
+ </p>
+ <ul>
+ <li>
+ <p>
+ MUST support all the APIs in the
+ <code>
+ ConnectivityManager
+ </code>
+ class as described in the
+ <a href="https://developer.android.com/training/basics/network-ops/data-saver.html">
+ SDK documentation
+ </a>
+ </p>
+ </li>
+ <li>
+ <p>
+ MUST provide a user interface in the settings, allowing users to add
+ applications to or remove applications from the whitelist.
+ </p>
+ </li>
+ </ul>
+ <p>
+ Conversely if a device implementation does not provide the data saver mode, it:
+ </p>
+ <ul>
+ <li>
+ <p>
+ MUST return the value
+ <code>
+ RESTRICT_BACKGROUND_STATUS_DISABLED
+ </code>
+ for
+ <a href="https://developer.android.com/reference/android/net/ConnectivityManager.html#getRestrictBackgroundStatus%28%29">
+ <code>
+ ConnectivityManager.getRestrictBackgroundStatus()
+ </code>
+ </a>
+ </p>
+ </li>
+ <li>
+ <p>
+ MUST not broadcast
+ <code>
+ ConnectivityManager.ACTION_RESTRICT_BACKGROUND_CHANGED
+ </code>
+ </p>
+ </li>
+ <li>
+ <p>
+ MUST have an activity that handles the
+ <code>
+ Settings.ACTION_IGNORE_BACKGROUND_DATA_RESTRICTIONS_SETTINGS
+ </code>
+ intent but MAY implement it as a no-op.
+ </p>
+ </li>
+ </ul>
+ <h3 id="7_5_cameras">
+ 7.5. Cameras
+ </h3>
+ <p>
+ Device implementations SHOULD include a rear-facing camera and MAY include a
+front-facing camera. A rear-facing camera is a camera located on the side of
+the device opposite the display; that is, it images scenes on the far side of
+the device, like a traditional camera. A front-facing camera is a camera
+located on the same side of the device as the display; that is, a camera
+typically used to image the user, such as for video conferencing and similar
+applications.
+ </p>
+ <p>
+ If a device implementation includes at least one camera, it MUST be possible for
+an application to simultaneously allocate 3 RGBA_8888 bitmaps equal to the size
+of the images produced by the largest-resolution camera sensor on the device,
+while camera is open for the purpose of basic preview and still capture.
+ </p>
+ <h4 id="7_5_1_rear-facing_camera">
+ 7.5.1. Rear-Facing Camera
+ </h4>
+ <p>
+ Device implementations SHOULD include a rear-facing camera. If a device
+implementation includes at least one rear-facing camera, it:
+ </p>
+ <ul>
+ <li>
+ MUST report the feature flag android.hardware.camera and
+android.hardware.camera.any.
+ </li>
+ <li>
+ MUST have a resolution of at least 2 megapixels.
+ </li>
+ <li>
+ SHOULD have either hardware auto-focus or software auto-focus implemented
+in the camera driver (transparent to application software).
+ </li>
+ <li>
+ MAY have fixed-focus or EDOF (extended depth of field) hardware.
+ </li>
+ <li>
+ MAY include a flash. If the Camera includes a flash, the flash lamp MUST
+NOT be lit while an android.hardware.Camera.PreviewCallback instance has been
+registered on a Camera preview surface, unless the application has explicitly
+enabled the flash by enabling the FLASH_MODE_AUTO or FLASH_MODE_ON attributes
+of a Camera.Parameters object. Note that this constraint does not apply to the
+device’s built-in system camera application, but only to third-party
+applications using Camera.PreviewCallback.
+ </li>
+ </ul>
+ <h4 id="7_5_2_front-facing_camera">
+ 7.5.2. Front-Facing Camera
+ </h4>
+ <p>
+ Device implementations MAY include a front-facing camera. If a device
+implementation includes at least one front-facing camera, it:
+ </p>
+ <ul>
+ <li>
+ MUST report the feature flag android.hardware.camera.any and
+android.hardware.camera.front.
+ </li>
+ <li>
+ MUST have a resolution of at least VGA (640x480 pixels).
+ </li>
+ <li>
+ MUST NOT use a front-facing camera as the default for the Camera API. The
+camera API in Android has specific support for front-facing cameras and device
+implementations MUST NOT configure the API to to treat a front-facing camera as
+the default rear-facing camera, even if it is the only camera on the device.
+ </li>
+ <li>
+ MAY include features (such as auto-focus, flash, etc.) available to
+rear-facing cameras as described in
+ <a href="#7_5_1_rear-facing_camera">
+ section 7.5.1
+ </a>.
+ </li>
+ <li>
+ MUST horizontally reflect (i.e. mirror) the stream displayed by an app in a
+CameraPreview, as follows:
+ <ul>
+ <li>
+ If the device implementation is capable of being rotated by user (such
+as automatically via an accelerometer or manually via user input), the camera
+preview MUST be mirrored horizontally relative to the device’s current
+orientation.
+ </li>
+ <li>
+ If the current application has explicitly requested that the Camera
+display be rotated via a call to the
+ <a href="http://developer.android.com/reference/android/hardware/Camera.html#setDisplayOrientation(int)">
+ android.hardware.Camera.setDisplayOrientation()
+ </a>
+ method, the camera preview MUST be mirrored horizontally relative to the
+orientation specified by the application.
+ </li>
+ <li>
+ Otherwise, the preview MUST be mirrored along the device’s default
+horizontal axis.
+ </li>
+ </ul>
+ </li>
+ <li>
+ MUST mirror the image displayed by the postview in the same manner as the
+camera preview image stream. If the device implementation does not support
+postview, this requirement obviously does not apply.
+ </li>
+ <li>
+ MUST NOT mirror the final captured still image or video streams returned to
+application callbacks or committed to media storage.
+ </li>
+ </ul>
+ <h4 id="7_5_3_external_camera">
+ 7.5.3. External Camera
+ </h4>
+ <p>
+ Device implementations MAY include support for an external camera that is not
+necessarily always connected. If a device includes support for an external camera,
+it:
+ </p>
+ <ul>
+ <li>
+ MUST declare the platform feature flag
+ <code>
+ android.hardware.camera.external
+ </code>
+ and
+ <code>
+ android.hardware camera.any
+ </code>
+ .
+ </li>
+ <li>
+ MAY support multiple cameras.
+ </li>
+ <li>
+ MUST support USB Video Class (UVC 1.0 or higher) if the external camera
+ connects through the USB port.
+ </li>
+ <li>
+ SHOULD support video compressions such as MJPEG to enable transfer of
+ high-quality unencoded streams (i.e. raw or independently compressed picture
+ streams).
+ </li>
+ <li>
+ MAY support camera-based video encoding. If supported, a simultaneous
+ unencoded / MJPEG stream (QVGA or greater resolution) MUST be accessible to
+ the device implementation.
+ </li>
+ </ul>
+ <h4 id="7_5_4_camera_api_behavior">
+ 7.5.4. Camera API Behavior
+ </h4>
+ <p>
+ Android includes two API packages to access the camera, the newer
+android.hardware.camera2 API expose lower-level camera control to the app,
+including efficient zero-copy burst/streaming flows and per-frame controls of
+exposure, gain, white balance gains, color conversion, denoising, sharpening,
+and more.
+ </p>
+ <p>
+ The older API package, android.hardware.Camera, is marked as deprecated in
+Android 5.0 but as it should still be available for apps to use Android device
+implementations MUST ensure the continued support of the API as described in
+this section and in the Android SDK.
+ </p>
+ <p>
+ Device implementations MUST implement the following behaviors for the
+camera-related APIs, for all available cameras:
+ </p>
+ <ul>
+ <li>
+ If an application has never called
+android.hardware.Camera.Parameters.setPreviewFormat(int), then the device MUST
+use android.hardware.PixelFormat.YCbCr_420_SP for preview data provided to
+application callbacks.
+ </li>
+ <li>
+ If an application registers an android.hardware.Camera.PreviewCallback
+instance and the system calls the onPreviewFrame() method when the preview
+format is YCbCr_420_SP, the data in the byte[] passed into onPreviewFrame()
+must further be in the NV21 encoding format. That is, NV21 MUST be the default.
+ </li>
+ <li>
+ For android.hardware.Camera, device implementations MUST support the YV12
+format (as denoted by the android.graphics.ImageFormat.YV12 constant) for
+camera previews for both front- and rear-facing cameras. (The hardware video
+encoder and camera may use any native pixel format, but the device
+implementation MUST support conversion to YV12.)
+ </li>
+ <li>
+ For android.hardware.camera2, device implementations must support the
+android.hardware.ImageFormat.YUV_420_888 and android.hardware.ImageFormat.JPEG
+formats as outputs through the android.media.ImageReader API.
+ </li>
+ </ul>
+ <p>
+ Device implementations MUST still implement the full
+ <a href="http://developer.android.com/reference/android/hardware/Camera.html">
+ Camera
+API
+ </a>
+ included in the Android SDK documentation, regardless of whether the device
+includes hardware autofocus or other capabilities. For instance, cameras that
+lack autofocus MUST still call any registered
+android.hardware.Camera.AutoFocusCallback instances (even though this has no
+relevance to a non-autofocus camera.) Note that this does apply to front-facing
+cameras; for instance, even though most front-facing cameras do not support
+autofocus, the API callbacks must still be “faked” as described.
+ </p>
+ <p>
+ Device implementations MUST recognize and honor each parameter name defined as
+a constant on the
+ <a href="http://developer.android.com/reference/android/hardware/Camera.Parameters.html">
+ android.hardware.Camera.Parameters
+ </a>
+ class, if the underlying hardware supports the feature. If the device hardware
+does not support a feature, the API must behave as documented. Conversely,
+device implementations MUST NOT honor or recognize string constants passed to
+the android.hardware.Camera.setParameters() method other than those documented
+as constants on the android.hardware.Camera.Parameters. That is, device
+implementations MUST support all standard Camera parameters if the hardware
+allows, and MUST NOT support custom Camera parameter types. For instance,
+device implementations that support image capture using high dynamic range
+(HDR) imaging techniques MUST support camera parameter Camera.SCENE_MODE_HDR.
+ </p>
+ <p>
+ Because not all device implementations can fully support all the features of
+the android.hardware.camera2 API, device implementations MUST report the proper
+level of support with the
+ <a href="https://developer.android.com/reference/android/hardware/camera2/CameraCharacteristics.html#INFO_SUPPORTED_HARDWARE_LEVEL">
+ android.info.supportedHardwareLevel
+ </a>
+ property as described in the Android SDK and report the appropriate
+ <a href="http://source.android.com/devices/camera/versioning.html">
+ framework feature flags
+ </a>.
+ </p>
+ <p>
+ Device implementations MUST also declare its Individual camera capabilities of
+android.hardware.camera2 via the android.request.availableCapabilities property
+and declare the appropriate
+ <a href="http://source.android.com/devices/camera/versioning.html">
+ feature flags
+ </a>;
+a device must define the feature flag if any of its attached camera devices
+supports the feature.
+ </p>
+ <p>
+ Device implementations MUST broadcast the Camera.ACTION_NEW_PICTURE intent
+whenever a new picture is taken by the camera and the entry of the picture has
+been added to the media store.
+ </p>
+ <p>
+ Device implementations MUST broadcast the Camera.ACTION_NEW_VIDEO intent
+whenever a new video is recorded by the camera and the entry of the picture has
+been added to the media store.
+ </p>
+ <h4 id="7_5_5_camera_orientation">
+ 7.5.5. Camera Orientation
+ </h4>
+ <p>
+ Both front- and rear-facing cameras, if present, MUST be oriented so that the
+long dimension of the camera aligns with the screen’s long dimension. That is,
+when the device is held in the landscape orientation, cameras MUST capture
+images in the landscape orientation. This applies regardless of the device’s
+natural orientation; that is, it applies to landscape-primary devices as well
+as portrait-primary devices.
+ </p>
+ <h3 id="7_6_memory_and_storage">
+ 7.6. Memory and Storage
+ </h3>
+ <h4 id="7_6_1_minimum_memory_and_storage">
+ 7.6.1. Minimum Memory and Storage
+ </h4>
+ <div class="note">
+ Android Television devices MUST have at least 4GB of non-volatile storage
+available for application private data.
+ </div>
+ <p>
+ The memory available to the kernel and userspace on device implementations MUST
+be at least equal or larger than the minimum values specified by the following
+table. (See
+ <a href="#7_1_1_screen_configuration">
+ section 7.1.1
+ </a>
+ for screen size and
+density definitions.)
+ </p>
+ <table>
+ <tr>
+ <th>
+ Density and screen size
+ </th>
+ <th>
+ 32-bit device
+ </th>
+ <th>
+ 64-bit device
+ </th>
+ </tr>
+ <tr>
+ <td>
+ Android Watch devices (due to smaller screens)
+ </td>
+ <td>
+ 416MB
+ </td>
+ <td>
+ Not applicable
+ </td>
+ </tr>
+ <tr>
+ <td>
<ul>
- <li>Gatekeeping messages from Android framework vehicle subsystems, e.g., whitelisting permitted message types and message sources.
- </li>
- <li>Watchdog against denial of service attacks from the Android framework or third-party apps. This guards against malicious software flooding the vehicle network with traffic, which may lead to malfunctioning vehicle subsystems.
- </li>
+ <li class="table_list">
+ 280dpi or lower on small/normal screens
+ </li>
+ <li class="table_list">
+ mdpi or lower on large screens
+ </li>
+ <li class="table_list">
+ ldpi or lower on extra large screens
+ </li>
</ul>
- <h1>
- 10. Software Compatibility Testing
- </h1>
- <p>
- Device implementations MUST pass all tests described in this section.
- </p>
- <p>
- However, note that no software test package is fully comprehensive. For this reason, device implementers are <strong>STRONGLY RECOMMENDED</strong> to make the minimum number of changes as possible to the reference and preferred implementation of Android available from the Android Open Source Project. This will minimize the risk of introducing bugs that create incompatibilities requiring rework and potential device updates.
- </p>
- <h2>
- 10.1. Compatibility Test Suite
- </h2>
- <p>
- Device implementations MUST pass the <a href="http://source.android.com/compatibility/index.html">Android Compatibility Test Suite (CTS)</a> available from the Android Open Source Project, using the final shipping software on the device. Additionally, device implementers SHOULD use the reference implementation in the Android Open Source tree as much as possible, and MUST ensure compatibility in cases of ambiguity in CTS and for any reimplementations of parts of the reference source code.
- </p>
- <p>
- The CTS is designed to be run on an actual device. Like any software, the CTS may itself contain bugs. The CTS will be versioned independently of this Compatibility Definition, and multiple revisions of the CTS may be released for Android 7.1. Device implementations MUST pass the latest CTS version available at the time the device software is completed.
- </p>
- <h2>
- 10.2. CTS Verifier
- </h2>
- <p>
- Device implementations MUST correctly execute all applicable cases in the CTS Verifier. The CTS Verifier is included with the Compatibility Test Suite, and is intended to be run by a human operator to test functionality that cannot be tested by an automated system, such as correct functioning of a camera and sensors.
- </p>
- <p>
- The CTS Verifier has tests for many kinds of hardware, including some hardware that is optional. Device implementations MUST pass all tests for hardware that they possess; for instance, if a device possesses an accelerometer, it MUST correctly execute the Accelerometer test case in the CTS Verifier. Test cases for features noted as optional by this Compatibility Definition Document MAY be skipped or omitted.
- </p>
- <p>
- Every device and every build MUST correctly run the CTS Verifier, as noted above. However, since many builds are very similar, device implementers are not expected to explicitly run the CTS Verifier on builds that differ only in trivial ways. Specifically, device implementations that differ from an implementation that has passed the CTS Verifier only by the set of included locales, branding, etc. MAY omit the CTS Verifier test.
- </p>
- <h1>
- 11. Updatable Software
- </h1>
- <p>
- Device implementations MUST include a mechanism to replace the entirety of the system software. The mechanism need not perform “live” upgrades—that is, a device restart MAY be required.
- </p>
- <p>
- Any method can be used, provided that it can replace the entirety of the software preinstalled on the device. For instance, any of the following approaches will satisfy this requirement:
- </p>
+ </td>
+ <td>
+ 512MB
+ </td>
+ <td>
+ 816MB
+ </td>
+ </tr>
+ <tr>
+ <td>
<ul>
- <li>“Over-the-air (OTA)” downloads with offline update via reboot.
- </li>
- <li>“Tethered” updates over USB from a host PC.
- </li>
- <li>“Offline” updates via a reboot and update from a file on removable storage.
- </li>
+ <li class="table_list">
+ xhdpi or higher on small/normal screens
+ </li>
+ <li class="table_list">
+ hdpi or higher on large screens
+ </li>
+ <li class="table_list">
+ mdpi or higher on extra large screens
+ </li>
</ul>
- <p>
- However, if the device implementation includes support for an unmetered data connection such as 802.11 or Bluetooth PAN (Personal Area Network) profile, it MUST support OTA downloads with offline update via reboot.
- </p>
- <p>
- The update mechanism used MUST support updates without wiping user data. That is, the update mechanism MUST preserve application private data and application shared data. Note that the upstream Android software includes an update mechanism that satisfies this requirement.
- </p>
- <p>
- For device implementations that are launching with Android 6.0 and later, the update mechanism SHOULD support verifying that the system image is binary identical to expected result following an OTA. The block-based OTA implementation in the upstream Android Open Source Project, added since Android 5.1, satisfies this requirement.
- </p>
- <p>
- Also, device implementations SHOULD support <a href="https://source.android.com/devices/tech/ota/ab_updates.html">A/B system updates</a>. The AOSP implements this feature using the boot control HAL.
- </p>
- <p>
- If an error is found in a device implementation after it has been released but within its reasonable product lifetime that is determined in consultation with the Android Compatibility Team to affect the compatibility of third-party applications, the device implementer MUST correct the error via a software update available that can be applied per the mechanism just described.
- </p>
- <p>
- Android includes features that allow the Device Owner app (if present) to control the installation of system updates. To facilitate this, the system update subsystem for devices that report android.software.device_admin MUST implement the behavior described in the <a href="http://developer.android.com/reference/android/app/admin/SystemUpdatePolicy.html">SystemUpdatePolicy</a> class.
- </p>
- <h1>
- 12. Document Changelog
- </h1>
- <p>
- For a summary of changes to the Compatibility Definition in this release:
- </p>
+ </td>
+ <td>
+ 608MB
+ </td>
+ <td>
+ 944MB
+ </td>
+ </tr>
+ <tr>
+ <td>
<ul>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/?pretty=full&no-merges">Document changelog</a>
- </li>
+ <li class="table_list">
+ 400dpi or higher on small/normal screens
+ </li>
+ <li class="table_list">
+ xhdpi or higher on large screens
+ </li>
+ <li class="table_list">
+ tvdpi or higher on extra large screens
+ </li>
</ul>
- <p>
- For a summary of changes to individuals sections:
- </p>
- <ol>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/1_introduction?pretty=full&no-merges">Introduction</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/2_device_types?pretty=full&no-merges">Device Types</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/3_software?pretty=full&no-merges">Software</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/4_application-packaging?pretty=full&no-merges">Application Packaging</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/5_multimedia?pretty=full&no-merges">Multimedia</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/6_dev-tools-and-options?pretty=full&no-merges">Developer Tools and Options</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/7_hardware-compatibility?pretty=full&no-merges">Hardware Compatibility</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/8_performance-and-power?pretty=full&no-merges">Performance and Power</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/9_security-model?pretty=full&no-merges">Security Model</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/10_software-compatibility-testing?pretty=full&no-merges">Software Compatibility Testing</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/11_updatable-software?pretty=full&no-merges">Updatable Software</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/12_document-changelog?pretty=full&no-merges">Document Changelog</a>
- </li>
- <li>
- <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/13_contact-us?pretty=full&no-merges">Contact Us</a>
- </li>
- </ol>
- <h2>
- 12.1. Changelog Viewing Tips
- </h2>
- <p>
- Changes are marked as follows:
- </p>
+ </td>
+ <td>
+ 896MB
+ </td>
+ <td>
+ 1280MB
+ </td>
+ </tr>
+ <tr>
+ <td>
<ul>
- <li>
- <p>
- <strong>CDD</strong><br />
- Substantive changes to the compatibility requirements.
- </p>
- </li>
- <li>
- <p>
- <strong>Docs</strong><br />
- Cosmetic or build related changes.
- </p>
- </li>
+ <li class="table_list">
+ 560dpi or higher on small/normal screens
+ </li>
+ <li class="table_list">
+ 400dpi or higher on large screens
+ </li>
+ <li class="table_list">
+ xhdpi or higher on extra large screens
+ </li>
</ul>
- <p>
- For best viewing, append the <code>pretty=full</code> and <code>no-merges</code> URL parameters to your changelog URLs.
- </p>
- <h1>
- 13. Contact Us
- </h1>
- <p>
- You can join the <a href="https://groups.google.com/forum/#!forum/android-compatibility">android-compatibility forum</a> and ask for clarifications or bring up any issues that you think the document does not cover.
- </p>
+ </td>
+ <td>
+ 1344MB
+ </td>
+ <td>
+ 1824MB
+ </td>
+ </tr>
+ </table>
+ <p>
+ The minimum memory values MUST be in addition to any memory space already
+dedicated to hardware components such as radio, video, and so on that is not
+under the kernel’s control.
+ </p>
+ <p>
+ Device implementations with less than 512MB of memory available to the kernel
+and userspace, unless an Android Watch, MUST return the value "true" for
+ActivityManager.isLowRamDevice().
+ </p>
+ <p>
+ Android Television devices MUST have at least 4GB and other device
+implementations MUST have at least 3GB of non-volatile storage available for
+application private data. That is, the /data partition MUST be at least 4GB for
+Android Television devices and at least 3GB for other device implementations.
+Device implementations that run Android are
+ <strong>
+ STRONGLY RECOMMENDED
+ </strong>
+ to have at
+least 4GB of non-volatile storage for application private data so they will be
+able to upgrade to the future platform releases.
+ </p>
+ <p>
+ The Android APIs include a
+ <a href="http://developer.android.com/reference/android/app/DownloadManager.html">
+ Download Manager
+ </a>
+ that applications MAY use to download data files. The device implementation of
+the Download Manager MUST be capable of downloading individual files of at
+least 100MB in size to the default “cache” location.
+ </p>
+ <h4 id="7_6_2_application_shared_storage">
+ 7.6.2. Application Shared Storage
+ </h4>
+ <p>
+ Device implementations MUST offer shared storage for applications also often
+referred as “shared external storage”.
+ </p>
+ <p>
+ Device implementations MUST be configured with shared storage mounted by
+default, “out of the box”. If the shared storage is not mounted on the
+Linuxpath /sdcard, then the device MUST include a Linux symbolic link from
+/sdcard to the actual mount point.
+ </p>
+ <p>
+ Device implementations MAY have hardware for user-accessible removable storage,
+such as a Secure Digital (SD) card slot. If this slot is used to satisfy the
+shared storage requirement, the device implementation:
+ </p>
+ <ul>
+ <li>
+ MUST implement a toast or pop-up user interface warning the user when there
+is no SD card.
+ </li>
+ <li>
+ MUST include a FAT-formatted SD card 1GB in size or larger OR show on the
+box and other material available at time of purchase that the SD card has to be
+separately purchased.
+ </li>
+ <li>
+ MUST mount the SD card by default.
+ </li>
+ </ul>
+ <p>
+ Alternatively, device implementations MAY allocate internal (non-removable)
+storage as shared storage for apps as included in the upstream Android Open
+Source Project; device implementations SHOULD use this configuration and
+software implementation. If a device implementation uses internal
+(non-removable) storage to satisfy the shared storage requirement, while that
+storage MAY share space with the application private data, it MUST be at least
+1GB in size and mounted on /sdcard (or /sdcard MUST be a symbolic link to the
+physical location if it is mounted elsewhere).
+ </p>
+ <p>
+ Device implementations MUST enforce as documented the
+android.permission.WRITE_EXTERNAL_STORAGE permission on this shared storage.
+Shared storage MUST otherwise be writable by any application that obtains that
+permission.
+ </p>
+ <p>
+ Device implementations that include multiple shared storage paths (such as both
+an SD card slot and shared internal storage) MUST allow only pre-installed &
+privileged Android applications with the WRITE_EXTERNAL_STORAGE permission to
+write to the secondary external storage, except when writing to their
+package-specific directories or within the
+ <code>
+ URI
+ </code>
+ returned by firing the
+ <code>
+ ACTION_OPEN_DOCUMENT_TREE
+ </code>
+ intent.
+ </p>
+ <p>
+ However, device implementations SHOULD expose content from both storage paths
+transparently through Android’s media scanner service and
+android.provider.MediaStore.
+ </p>
+ <p>
+ Regardless of the form of shared storage used, if the device implementation has
+a USB port with USB peripheral mode support, it MUST provide some mechanism to
+access the contents of shared storage from a host computer. Device
+implementations MAY use USB mass storage, but SHOULD use Media Transfer
+Protocol to satisfy this requirement. If the device implementation supports
+Media Transfer Protocol, it:
+ </p>
+ <ul>
+ <li>
+ SHOULD be compatible with the reference Android MTP host,
+ <a href="http://www.android.com/filetransfer">
+ Android File Transfer
+ </a>.
+ </li>
+ <li>
+ SHOULD report a USB device class of 0x00.
+ </li>
+ <li>
+ SHOULD report a USB interface name of 'MTP'.
+ </li>
+ </ul>
+ <h4 id="7_6_3_adoptable_storage">
+ 7.6.3. Adoptable Storage
+ </h4>
+ <p>
+ Device implementations are STRONGLY RECOMMENDED to implement
+ <a href="http://source.android.com/devices/storage/adoptable.html">
+ adoptable storage
+ </a>
+ if the
+removable storage device port is in a long-term stable location, such as within
+the battery compartment or other protective cover.
+ </p>
+ <p>
+ Device implementations such as a television, MAY enable adoption through USB
+ports as the device is expected to be static and not mobile. But for other
+device implementations that are mobile in nature, it is STRONGLY RECOMMENDED to
+implement the adoptable storage in a long-term stable location, since
+accidentally disconnecting them can cause data loss/corruption.
+ </p>
+ <h3 id="7_7_usb">
+ 7.7. USB
+ </h3>
+ <p>
+ Device implementations SHOULD support USB peripheral mode and SHOULD support USB
+host mode.
+ </p>
+ <h4 id="7_7_1_usb_peripheral_mode">
+ 7.7.1. USB peripheral mode
+ </h4>
+ <p>
+ If a device implementation includes a USB port supporting peripheral mode:
+ </p>
+ <ul>
+ <li>
+ The port MUST be connectable to a USB host that has a standard type-A or
+ type-C USB port.
+ </li>
+ <li>
+ The port SHOULD use micro-B, micro-AB or Type-C USB form factor. Existing
+ and new Android devices are
+ <strong>
+ STRONGLY RECOMMENDED to meet these
+ requirements
+ </strong>
+ so they will be able to upgrade to the future platform
+ releases.
+ </li>
+ <li>
+ The port SHOULD be located on the bottom of the device
+ (according to natural orientation) or enable software screen rotation for
+ all apps (including home screen), so that the display draws correctly when
+ the device is oriented with the port at bottom. Existing and new Android
+ devices are
+ <strong>
+ STRONGLY RECOMMENDED to meet these requirements
+ </strong>
+ so they will
+ be able to upgrade to future platform releases.
+ </li>
+ <li>
+ It MUST allow a USB host connected with the Android device to access the
+ contents of the shared storage volume using either USB mass storage or Media
+ Transfer Protocol.
+ </li>
+ <li>
+ It SHOULD implement the Android Open Accessory (AOA) API and specification
+ as documented in the Android SDK documentation, and if it is an Android
+ Handheld device it MUST implement the AOA API. Device implementations
+ implementing the AOA specification:
+ <ul>
+ <li>
+ MUST declare support for the hardware feature
+ <a href="http://developer.android.com/guide/topics/connectivity/usb/accessory.html">
+ android.hardware.usb.accessory
+ </a>.
+ </li>
+ <li>
+ MUST implement the
+ <a href="http://developer.android.com/reference/android/hardware/usb/UsbConstants.html#USB_CLASS_AUDIO">
+ USB audio class
+ </a>
+ as documented in the Android SDK documentation.
+ </li>
+ <li>
+ The USB mass storage class MUST include the string "android" at the end
+ of the interface description
+ <code>
+ iInterface
+ </code>
+ string of the USB mass storage
+ </li>
+ </ul>
+ </li>
+ <li>
+ It SHOULD implement support to draw 1.5 A current during HS chirp and
+ traffic as specified in the
+ <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">
+ USB Battery Charging specification, revision 1.2
+ </a>.
+ Existing and new Android devices are
+ <strong>
+ STRONGLY RECOMMENDED to meet these
+ requirements
+ </strong>
+ so they will be able to upgrade to the future platform
+ releases.
+ </li>
+ <li>
+ Type-C devices MUST detect 1.5A and 3.0A chargers per the Type-C resistor
+ standard and it must detect changes in the advertisement.
+ </li>
+ <li>
+ Type-C devices also supporting USB host mode are STRONGLY RECOMMENDED to
+ support Power Delivery for data and power role swapping.
+ </li>
+ <li>
+ Type-C devices SHOULD support Power Delivery for high-voltage charging and
+ support for Alternate Modes such as display out.
+ </li>
+ <li>
+ The value of iSerialNumber in USB standard device descriptor MUST be equal
+ to the value of android.os.Build.SERIAL.
+ </li>
+ <li>
+ Type-C devices are STRONGLY RECOMMENDED to not support proprietary charging
+ methods that modify Vbus voltage beyond default levels, or alter sink/source
+ roles as such may result in interoperability issues with the chargers or
+ devices that support the standard USB Power Delivery methods. While this is
+ called out as "STRONGLY RECOMMENDED", in future Android versions we might
+ REQUIRE all type-C devices to support full interoperability with standard
+ type-C chargers.
+ </li>
+ </ul>
+ <h4 id="7_7_2_usb_host_mode">
+ 7.7.2. USB host mode
+ </h4>
+ <p>
+ If a device implementation includes a USB port supporting host mode, it:
+ </p>
+ <ul>
+ <li>
+ SHOULD use a type-C USB port, if the device implementation supports USB 3.1.
+ </li>
+ <li>
+ MAY use a non-standard port form factor, but if so MUST ship with a cable or
+ cables adapting the port to a standard type-A or type-C USB port.
+ </li>
+ <li>
+ MAY use a micro-AB USB port, but if so SHOULD ship with a cable or cables adapting the port to a standard type-A or type-C USB port.
+ </li>
+ <li>
+ is
+ <strong>
+ STRONGLY RECOMMENDED
+ </strong>
+ to implement the
+ <a href="http://developer.android.com/reference/android/hardware/usb/UsbConstants.html#USB_CLASS_AUDIO">
+ USB audio class
+ </a>
+ as documented in the Android SDK documentation.
+ </li>
+ <li>
+ MUST implement the Android USB host API as documented in the Android SDK,
+ and MUST declare support for the hardware feature
+ <a href="http://developer.android.com/guide/topics/connectivity/usb/host.html">
+ android.hardware.usb.host
+ </a>.
+ </li>
+ <li>
+ SHOULD support device charging while in host mode; advertising a source
+ current of at least 1.5A as specified in the Termination Parameters section
+ of the [USB Type-C Cable and Connector Specification Revision 1.2] (http://www.usb.org/developers/docs/usb_31_021517.zip)
+ for USB Type-C connectors or using Charging Downstream Port(CDP) output
+ current range as specified in the
+ <a href="http://www.usb.org/developers/docs/devclass_docs/BCv1.2_070312.zip">
+ USB Battery Charging specifications, revision 1.2
+ </a>
+ for Micro-AB connectors.
+ </li>
+ <li>
+ USB Type-C devices are STRONGLY RECOMMENDED to support DisplayPort, SHOULD
+ support USB SuperSpeed Data Rates, and are STRONGLY RECOMMENDED to support
+ Power Delivery for data and power role swapping.
+ </li>
+ <li>
+ Devices with any type-A or type-AB ports MUST NOT ship with an adapter converting
+ from this port to a type-C receptacle.
+ </li>
+ <li>
+ MUST recognize any remotely connected MTP (Media Transfer Protocol) devices
+ and make their contents accessible through the
+ <code>
+ ACTION_GET_CONTENT
+ </code>
+ ,
+ <code>
+ ACTION_OPEN_DOCUMENT
+ </code>
+ , and
+ <code>
+ ACTION_CREATE_DOCUMENT
+ </code>
+ intents, if the Storage Access
+ Framework (SAF) is supported.
+ </li>
+ <li>
+ MUST, if using a Type-C USB port and including support for peripheral mode,
+ implement Dual Role Port functionality as defined by the USB Type-C
+ specification (section 4.5.1.3.3).
+ </li>
+ <li>
+ SHOULD, if the Dual Role Port functionality is supported, implement the
+ Try.* model that is most appropriate for the device form factor. For
+ example a handheld device SHOULD implement the Try.SNK model.
+ </li>
+ </ul>
+ <h3 id="7_8_audio">
+ 7.8. Audio
+ </h3>
+ <h4 id="7_8_1_microphone">
+ 7.8.1. Microphone
+ </h4>
+ <div class="note">
+ Android Handheld, Watch, and Automotive implementations MUST include a
+microphone.
+ </div>
+ <p>
+ Device implementations MAY omit a microphone. However, if a device
+implementation omits a microphone, it MUST NOT report the
+android.hardware.microphone feature constant, and MUST implement the audio
+recording API at least as no-ops, per
+ <a href="#7_hardware_compatibility">
+ section 7
+ </a>.
+Conversely, device implementations that do possess a microphone:
+ </p>
+ <ul>
+ <li>
+ MUST report the android.hardware.microphone feature constant.
+ </li>
+ <li>
+ MUST meet the audio recording requirements in
+ <a href="#5_4_audio_recording">
+ section 5.4
+ </a>.
+ </li>
+ <li>
+ MUST meet the audio latency requirements in
+ <a href="#5_6_audio_latency">
+ section 5.6
+ </a>.
+ </li>
+ <li>
+ STRONGLY RECOMMENDED to support near-ultrasound recording as described in
+ <a href="#7_8_3_near_ultrasound">
+ section 7.8.3
+ </a>.
+ </li>
+ </ul>
+ <h4 id="7_8_2_audio_output">
+ 7.8.2. Audio Output
+ </h4>
+ <div class="note">
+ Android Watch devices MAY include an audio output.
+ </div>
+ <p>
+ Device implementations including a speaker or with an audio/multimedia output
+port for an audio output peripheral as a headset or an external speaker:
+ </p>
+ <ul>
+ <li>
+ MUST report the android.hardware.audio.output feature constant.
+ </li>
+ <li>
+ MUST meet the audio playback requirements in
+ <a href="#5_5_audio_playback">
+ section 5.5
+ </a>.
+ </li>
+ <li>
+ MUST meet the audio latency requirements in
+ <a href="#5_6_audio_latency">
+ section 5.6
+ </a>.
+ </li>
+ <li>
+ STRONGLY RECOMMENDED to support near-ultrasound playback as described in
+ <a href="#7_8_3_near_ultrasound">
+ section 7.8.3
+ </a>.
+ </li>
+ </ul>
+ <p>
+ Conversely, if a device implementation does not include a speaker or audio
+output port, it MUST NOT report the android.hardware.audio output feature, and
+MUST implement the Audio Output related APIs as no-ops at least.
+ </p>
+ <p>
+ Android Watch device implementation MAY but SHOULD NOT have audio output, but
+other types of Android device implementations MUST have an audio output and
+declare android.hardware.audio.output.
+ </p>
+ <h5 id="7_8_2_1_analog_audio_ports">
+ 7.8.2.1. Analog Audio Ports
+ </h5>
+ <p>
+ In order to be compatible with the
+ <a href="http://source.android.com/accessories/headset-spec.html">
+ headsets and other audio accessories
+ </a>
+ using the 3.5mm audio plug across the Android ecosystem, if a device
+implementation includes one or more analog audio ports, at least one of the
+audio port(s) SHOULD be a 4 conductor 3.5mm audio jack. If a device
+implementation has a 4 conductor 3.5mm audio jack, it:
+ </p>
+ <ul>
+ <li>
+ MUST support audio playback to stereo headphones and stereo headsets with a
+microphone, and SHOULD support audio recording from stereo headsets with a
+microphone.
+ </li>
+ <li>
+ MUST support TRRS audio plugs with the CTIA pin-out order, and SHOULD
+support audio plugs with the OMTP pin-out order.
+ </li>
+ <li>
+ MUST support the detection of microphone on the plugged in audio accessory,
+if the device implementation supports a microphone, and broadcast the
+android.intent.action.HEADSET_PLUG with the extra value microphone set as 1.
+ </li>
+ <li>
+ MUST support the detection and mapping to the keycodes for the following
+3 ranges of equivalent impedance between the microphone and ground conductors
+on the audio plug:
+ <ul>
+ <li>
+ <strong>
+ 70 ohm or less
+ </strong>
+ : KEYCODE_HEADSETHOOK
+ </li>
+ <li>
+ <strong>
+ 210-290 Ohm
+ </strong>
+ : KEYCODE_VOLUME_UP
+ </li>
+ <li>
+ <strong>
+ 360-680 Ohm
+ </strong>
+ : KEYCODE_VOLUME_DOWN
+ </li>
+ </ul>
+ </li>
+ <li>
+ STRONGLY RECOMMENDED to detect and map to the keycode for the following
+range of equivalent impedance between the microphone and ground conductors
+on the audio plug:
+ <ul>
+ <li>
+ <strong>
+ 110-180 Ohm:
+ </strong>
+ KEYCODE_VOICE_ASSIST
+ </li>
+ </ul>
+ </li>
+ <li>
+ MUST trigger ACTION_HEADSET_PLUG upon a plug insert, but only after all
+contacts on plug are touching their relevant segments on the jack.
+ </li>
+ <li>
+ MUST be capable of driving at least 150mV ± 10% of output voltage on a 32
+Ohm speaker impedance.
+ </li>
+ <li>
+ MUST have a microphone bias voltage between 1.8V ~ 2.9V.
+ </li>
+ </ul>
+ <h4 id="7_8_3_near-ultrasound">
+ 7.8.3. Near-Ultrasound
+ </h4>
+ <p>
+ Near-Ultrasound audio is the 18.5 kHz to 20 kHz band. Device implementations
+MUST correctly report the support of near-ultrasound audio capability via the
+ <a href="http://developer.android.com/reference/android/media/AudioManager.html#getProperty%28java.lang.String%29">
+ AudioManager.getProperty
+ </a>
+ API as follows:
+ </p>
+ <ul>
+ <li>
+ If
+ <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_MIC_NEAR_ULTRASOUND">
+ PROPERTY_SUPPORT_MIC_NEAR_ULTRASOUND
+ </a>
+ is "true", then the following requirements must be met by the
+VOICE_RECOGNITION and UNPROCESSED audio sources:
+ <ul>
+ <li>
+ The microphone's mean power response in the 18.5 kHz to 20 kHz band
+MUST be no more than 15 dB below the response at 2 kHz.
+ </li>
+ <li>
+ The microphone's unweighted signal to noise ratio over 18.5 kHz to 20 kHz
+for a 19 kHz tone at -26 dBFS MUST be no lower than 50 dB.
+ </li>
+ </ul>
+ </li>
+ <li>
+ If
+ <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_SPEAKER_NEAR_ULTRASOUND">
+ PROPERTY_SUPPORT_SPEAKER_NEAR_ULTRASOUND
+ </a>
+ is "true", then the speaker's mean response in 18.5 kHz - 20 kHz MUST be no
+lower than 40 dB below the response at 2 kHz.
+ </li>
+ </ul>
+ <h3 id="7_9_virtual_reality">
+ 7.9. Virtual Reality
+ </h3>
+ <p>
+ Android includes APIs and facilities to build "Virtual Reality" (VR) applications including high
+quality mobile VR experiences. Device implementations MUST properly implement these APIs and
+behaviors, as detailed in this section.
+ </p>
+ <h4 id="7_9_1_virtual_reality_mode">
+ 7.9.1. Virtual Reality Mode
+ </h4>
+ <p>
+ Android handheld device implementations that support a mode for VR applications that handles
+stereoscopic rendering of notifications and disable monocular system UI components while a VR
+application has user focus MUST declare
+ <code>
+ android.software.vr.mode
+ </code>
+ feature. Devices declaring this
+feature MUST include an application implementing
+ <code>
+ android.service.vr.VrListenerService
+ </code>
+ that can be
+enabled by VR applications via
+ <code>
+ android.app.Activity#setVrModeEnabled
+ </code>
+ .
+ </p>
+ <h4 id="7_9_2_virtual_reality_high_performance">
+ 7.9.2. Virtual Reality High Performance
+ </h4>
+ <p>
+ Android handheld device implementations MUST identify the support of high performance virtual
+reality for longer user periods through the
+ <code>
+ android.hardware.vr.high_performance
+ </code>
+ feature flag and
+meet the following requirements.
+ </p>
+ <ul>
+ <li>
+ Device implementations MUST have at least 2 physical cores.
+ </li>
+ <li>
+ Device implementations MUST declare android.software.vr.mode feature.
+ </li>
+ <li>
+ Device implementations MAY provide an exclusive core to the foreground
+ application and MAY support the Process.getExclusiveCores API to return
+ the numbers of the cpu cores that are exclusive to the top foreground
+ application. If exclusive core is supported then the core MUST not allow
+ any other userspace processes to run on it (except device drivers used
+ by the application), but MAY allow some kernel processes to run as
+ necessary.
+ </li>
+ <li>
+ Device implementations MUST support sustained performance mode.
+ </li>
+ <li>
+ Device implementations MUST support OpenGL ES 3.2.
+ </li>
+ <li>
+ Device implementations MUST support Vulkan Hardware Level 0 and SHOULD support
+ Vulkan Hardware Level 1.
+ </li>
+ <li>
+ Device implementations MUST implement EGL_KHR_mutable_render_buffer and
+ EGL_ANDROID_front_buffer_auto_refresh, EGL_ANDROID_create_native_client_buffer,
+ EGL_KHR_fence_sync and EGL_KHR_wait_sync so that they may be used for Shared Buffer Mode, and
+ expose the extensions in the list of available EGL extensions.
+ </li>
+ <li>
+ The GPU and display MUST be able to synchronize access to the shared front buffer such that
+ alternating-eye rendering of VR content at 60fps with two render contexts will be displayed with
+ no visible tearing artifacts.
+ </li>
+ <li>
+ Device implementations MUST implement EGL_IMG_context_priority, and expose the extension in the
+ list of available EGL extensions.
+ </li>
+ <li>
+ Device implementations MUST implement GL_EXT_multisampled_render_to_texture, GL_OVR_multiview,
+ GL_OVR_multiview2 and GL_OVR_multiview_multisampled_render_to_texture, and expose the extensions
+ in the list of available GL extensions.
+ </li>
+ <li>
+ Device implementations MUST implement EGL_EXT_protected_content and GL_EXT_protected_textures so
+ that it may be used for Secure Texture Video Playback, and expose the extensions in the list of
+ available EGL and GL extensions.
+ </li>
+ <li>
+ Device implementations MUST support H.264 decoding at least 3840x2160@30fps-40Mbps (equivalent
+ to 4 instances of 1920x1080@30fps-10Mbps or 2 instances of 1920x1080@60fps-20Mbps).
+ </li>
+ <li>
+ Device implementations MUST support HEVC and VP9, MUST be capable to decode at least
+ 1920x1080@30fps-10Mbps and SHOULD be capable to decode 3840x2160@30fps-20Mbps (equivalent to
+ 4 instances of 1920x1080@30fps-5Mbps).
+ </li>
+ <li>
+ The device implementations are STRONGLY RECOMMENDED to support
+ android.hardware.sensor.hifi_sensors feature and MUST meet the gyroscope, accelerometer, and
+ magnetometer related requirements for android.hardware.hifi_sensors.
+ </li>
+ <li>
+ Device implementations MUST support HardwarePropertiesManager.getDeviceTemperatures API and
+ return accurate values for skin temperature.
+ </li>
+ <li>
+ The device implementation MUST have an embedded screen, and its resolution MUST be at least be
+ FullHD(1080p) and STRONGLY RECOMMENDED TO BE be QuadHD (1440p) or higher.
+ </li>
+ <li>
+ The display MUST measure between 4.7" and 6" diagonal.
+ </li>
+ <li>
+ The display MUST update at least 60 Hz while in VR Mode.
+ </li>
+ <li>
+ The display latency on Gray-to-Gray, White-to-Black, and Black-to-White switching time MUST
+ be ≤ 3 ms.
+ </li>
+ <li>
+ The display MUST support a low-persistence mode with ≤5 ms persistence,persistence being
+ defined as the amount of time for which a pixel is emitting light.
+ </li>
+ <li>
+ Device implementations MUST support Bluetooth 4.2 and Bluetooth LE Data Length Extension
+ <a href="#7_4_3_bluetooth">
+ section 7.4.3
+ </a>.
+ </li>
+ </ul>
+ <h2 id="8_performance_and_power">
+ 8. Performance and Power
+ </h2>
+ <p>
+ Some minimum performance and power criteria are critical to the user experience
+and impact the baseline assumptions developers would have when developing an
+app. Android Watch devices SHOULD and other type of device implementations MUST
+meet the following criteria.
+ </p>
+ <h3 id="8_1_user_experience_consistency">
+ 8.1. User Experience Consistency
+ </h3>
+ <p>
+ Device implementations MUST provide a smooth user interface by ensuring a
+consistent frame rate and response times for applications and games. Device
+implementations MUST meet the following requirements:
+ </p>
+ <ul>
+ <li>
+ <strong>
+ Consistent frame latency
+ </strong>
+ . Inconsistent frame latency or a delay to
+render frames MUST NOT happen more often than 5 frames in a second, and SHOULD
+be below 1 frames in a second.
+ </li>
+ <li>
+ <strong>
+ User interface latency
+ </strong>
+ . Device implementations MUST ensure low latency
+user experience by scrolling a list of 10K list entries as defined by the
+Android Compatibility Test Suite (CTS) in less than 36 secs.
+ </li>
+ <li>
+ <strong>
+ Task switching
+ </strong>
+ . When multiple applications have been launched,
+re-launching an already-running application after it has been launched MUST
+take less than 1 second.
+ </li>
+ </ul>
+ <h3 id="8_2_file_i/o_access_performance">
+ 8.2. File I/O Access Performance
+ </h3>
+ <p>
+ Device implementations MUST ensure internal storage file access performance
+consistency for read and write operations.
+ </p>
+ <ul>
+ <li>
+ <strong>
+ Sequential write
+ </strong>
+ . Device implementations MUST ensure a sequential write
+performance of at least 5MB/s for a 256MB file using 10MB write buffer.
+ </li>
+ <li>
+ <strong>
+ Random write
+ </strong>
+ . Device implementations MUST ensure a random write
+performance of at least 0.5MB/s for a 256MB file using 4KB write buffer.
+ </li>
+ <li>
+ <strong>
+ Sequential read
+ </strong>
+ . Device implementations MUST ensure a sequential read
+performance of at least 15MB/s for a 256MB file using 10MB write buffer.
+ </li>
+ <li>
+ <strong>
+ Random read
+ </strong>
+ . Device implementations MUST ensure a random read
+performance of at least 3.5MB/s for a 256MB file using 4KB write buffer.
+ </li>
+ </ul>
+ <h3 id="8_3_power-saving_modes">
+ 8.3. Power-Saving Modes
+ </h3>
+ <p>
+ Android 6.0 introduced App Standby and Doze power-saving modes to optimize
+battery usage. All Apps exempted from these modes MUST be made visible to the
+end user. Further, the triggering, maintenance, wakeup algorithms and the use of
+global system settings of these power-saving modes MUST not deviate from the
+Android Open Source Project.
+ </p>
+ <p>
+ In addition to the power-saving modes, Android device implementations MAY
+implement any or all of the 4 sleeping power states as defined by the Advanced
+Configuration and Power Interface (ACPI), but if it implements S3 and S4
+power states, it can only enter these states when closing a lid that is
+physically part of the device.
+ </p>
+ <h3 id="8_4_power_consumption_accounting">
+ 8.4. Power Consumption Accounting
+ </h3>
+ <p>
+ A more accurate accounting and reporting of the power consumption provides the
+app developer both the incentives and the tools to optimize the power usage
+pattern of the application. Therefore, device implementations:
+ </p>
+ <ul>
+ <li>
+ MUST be able to track hardware component power usage and attribute that
+power usage to specific applications. Specifically, implementations:
+ <ul>
+ <li>
+ MUST provide a per-component power profile that defines the
+ <a href="http://source.android.com/devices/tech/power/values.html">
+ current consumption value
+ </a>
+ for each hardware component and the approximate battery drain caused by the
+components over time as documented in the Android Open Source Project site.
+ </li>
+ <li>
+ MUST report all power consumption values in milliampere hours (mAh).
+ </li>
+ <li>
+ SHOULD be attributed to the hardware component itself if unable to
+attribute hardware component power usage to an application.
+ </li>
+ <li>
+ MUST report CPU power consumption per each process's UID. The Android
+Open Source Project meets the requirement through the
+ <code>
+ uid_cputime
+ </code>
+ kernel
+module implementation.
+ </li>
+ </ul>
+ </li>
+ <li>
+ MUST make this power usage available via the
+ <a href="http://source.android.com/devices/tech/power/batterystats.html">
+ <code>
+ adb shell dumpsys batterystats
+ </code>
+ </a>
+ shell command to the app developer.
+ </li>
+ <li>
+ MUST honor the
+ <a href="http://developer.android.com/reference/android/content/Intent.html#ACTION_POWER_USAGE_SUMMARY">
+ android.intent.action.POWER_USAGE_SUMMARY
+ </a>
+ intent and display a settings menu that shows this power usage.
+ </li>
+ </ul>
+ <h3 id="8_5_consistent_performance">
+ 8.5. Consistent Performance
+ </h3>
+ <p>
+ Performance can fluctuate dramatically for high-performance long-running apps,
+either because of the other apps running in the background or the CPU throttling
+due to temperature limits. Android includes programmatic interfaces so that when
+the device is capable, the top foreground application can request that the system
+optimize the allocation of the resources to address such fluctuations.
+ </p>
+ <p>
+ Device implementations SHOULD support Sustained Performance Mode which can
+provide the top foreground application a consistent level of performance for a
+prolonged amount of time when requested through the
+ <a href="https://developer.android.com/reference/android/view/Window.html#setSustainedPerformanceMode%28boolean%29">
+ <code>
+ Window.setSustainedPerformanceMode()
+ </code>
+ </a>
+ API method. A Device implementation MUST report the support of Sustained
+Performance Mode accurately through the
+ <a href="https://developer.android.com/reference/android/os/PowerManager.html#isSustainedPerformanceModeSupported%28%29">
+ <code>
+ PowerManager.isSustainedPerformanceModeSupported()
+ </code>
+ </a>
+ API method.
+ </p>
+ <p>
+ Device implementations with two or more CPU cores SHOULD provide at least one exclusive core that
+can be reserved by the top foreground application. If provided, implementations MUST meet the
+following requirements:
+ </p>
+ <ul>
+ <li>
+ Implementations MUST report through the
+ <a href="https://developer.android.com/reference/android/os/Process.html#getExclusiveCores%28%29">
+ <code>
+ Process.getExclusiveCores()
+ </code>
+ </a>
+ API method the id numbers of the exclusive cores that can be reserved by the top foreground
+ application.
+ </li>
+ <li>
+ Device implementations MUST not allow any user space processes except the device drivers used
+ by the application to run on the exclusive cores, but MAY allow some kernel processes to run
+ as necessary.
+ </li>
+ </ul>
+ <p>
+ If a device implementation does not support an exclusive core, it MUST return an
+empty list through the
+ <a href="https://developer.android.com/reference/android/os/Process.html#getExclusiveCores%28%29">
+ <code>
+ Process.getExclusiveCores()
+ </code>
+ </a>
+ API method.
+ </p>
+ <h2 id="9_security_model_compatibility">
+ 9. Security Model Compatibility
+ </h2>
+ <p>
+ Device implementations MUST implement a security model consistent with the
+Android platform security model as defined in
+ <a href="http://developer.android.com/guide/topics/security/permissions.html">
+ Security and Permissions reference document
+ </a>
+ in the APIs in the Android developer documentation. Device implementations MUST
+support installation of self-signed applications without requiring any
+additional permissions/certificates from any third parties/authorities.
+Specifically, compatible devices MUST support the security mechanisms described
+in the follow subsections.
+ </p>
+ <h3 id="9_1_permissions">
+ 9.1. Permissions
+ </h3>
+ <p>
+ Device implementations MUST support the
+ <a href="http://developer.android.com/guide/topics/security/permissions.html">
+ Android permissions model
+ </a>
+ as
+defined in the Android developer documentation. Specifically, implementations
+MUST enforce each permission defined as described in the SDK documentation; no
+permissions may be omitted, altered, or ignored. Implementations MAY add
+additional permissions, provided the new permission ID strings are not in the
+android.* namespace.
+ </p>
+ <p>
+ Permissions with a
+ <code>
+ protectionLevel
+ </code>
+ of
+ <a href="https://developer.android.com/reference/android/content/pm/PermissionInfo.html#PROTECTION_FLAG_PRIVILEGED">
+ 'PROTECTION_FLAG_PRIVILEGED'
+ </a>
+ MUST only be granted to apps preloaded in the whitelisted privileged path(s)
+of the system image, such as the
+ <code>
+ system/priv-app
+ </code>
+ path in the AOSP
+implementation.
+ </p>
+ <p>
+ Permissions with a protection level of dangerous are runtime permissions.
+Applications with targetSdkVersion > 22 request them at runtime. Device
+implementations:
+ </p>
+ <ul>
+ <li>
+ MUST show a dedicated interface for the user to decide whether to grant the
+requested runtime permissions and also provide an interface for the user to
+manage runtime permissions.
+ </li>
+ <li>
+ MUST have one and only one implementation of both user interfaces.
+ </li>
+ <li>
+ MUST NOT grant any runtime permissions to preinstalled apps unless:
+ <ul>
+ <li>
+ the user's consent can be obtained before the application uses it
+ </li>
+ <li>
+ the runtime permissions are associated with an intent pattern for which
+the preinstalled application is set as the default handler
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <h3 id="9_2_uid_and_process_isolation">
+ 9.2. UID and Process Isolation
+ </h3>
+ <p>
+ Device implementations MUST support the Android application sandbox model, in
+which each application runs as a unique Unixstyle UID and in a separate
+process. Device implementations MUST support running multiple applications as
+the same Linux user ID, provided that the applications are properly signed and
+constructed, as defined in the
+ <a href="http://developer.android.com/guide/topics/security/permissions.html">
+ Security and Permissions reference
+ </a>.
+ </p>
+ <h3 id="9_3_filesystem_permissions">
+ 9.3. Filesystem Permissions
+ </h3>
+ <p>
+ Device implementations MUST support the Android file access permissions model
+as defined in the
+ <a href="http://developer.android.com/guide/topics/security/permissions.html">
+ Security and Permissions reference
+ </a>.
+ </p>
+ <h3 id="9_4_alternate_execution_environments">
+ 9.4. Alternate Execution Environments
+ </h3>
+ <p>
+ Device implementations MAY include runtime environments that execute
+applications using some other software or technology than the Dalvik Executable
+Format or native code. However, such alternate execution environments MUST NOT
+compromise the Android security model or the security of installed Android
+applications, as described in this section.
+ </p>
+ <p>
+ Alternate runtimes MUST themselves be Android applications, and abide by the
+standard Android security model, as described elsewhere in
+ <a href="#9_security_model_compatibility">
+ section 9
+ </a>.
+ </p>
+ <p>
+ Alternate runtimes MUST NOT be granted access to resources protected by
+permissions not requested in the runtime’s AndroidManifest.xml file via the
+<uses-permission> mechanism.
+ </p>
+ <p>
+ Alternate runtimes MUST NOT permit applications to make use of features
+protected by Android permissions restricted to system applications.
+ </p>
+ <p>
+ Alternate runtimes MUST abide by the Android sandbox model. Specifically,
+alternate runtimes:
+ </p>
+ <ul>
+ <li>
+ SHOULD install apps via the PackageManager into separate Android sandboxes
+(Linux user IDs, etc.).
+ </li>
+ <li>
+ MAY provide a single Android sandbox shared by all applications using the
+alternate runtime.
+ </li>
+ <li>
+ Installed applications using an alternate runtime MUST NOT reuse the
+sandbox of any other app installed on the device, except through the standard
+Android mechanisms of shared user ID and signing certificate.
+ </li>
+ <li>
+ MUST NOT launch with, grant, or be granted access to the sandboxes
+corresponding to other Android applications.
+ </li>
+ <li>
+ MUST NOT be launched with, be granted, or grant to other applications any
+privileges of the superuser (root), or of any other user ID.
+ </li>
+ </ul>
+ <p>
+ The .apk files of alternate runtimes MAY be included in the system image of a
+device implementation, but MUST be signed with a key distinct from the key used
+to sign other applications included with the device implementation.
+ </p>
+ <p>
+ When installing applications, alternate runtimes MUST obtain user consent for
+the Android permissions used by the application. If an application needs to
+make use of a device resource for which there is a corresponding Android
+permission (such as Camera, GPS, etc.), the alternate runtime MUST inform the
+user that the application will be able to access that resource. If the runtime
+environment does not record application capabilities in this manner, the
+runtime environment MUST list all permissions held by the runtime itself when
+installing any application using that runtime.
+ </p>
+ <h3 id="9_5_multi-user_support">
+ 9.5. Multi-User Support
+ </h3>
+ <div class="note">
+ This feature is optional for all device types.
+ </div>
+ <p>
+ Android includes
+ <a href="http://developer.android.com/reference/android/os/UserManager.html">
+ support for multiple users
+ </a>
+ and
+provides support for full user isolation. Device implementations MAY enable
+multiple users, but when enabled MUST meet the following requirements related
+to
+ <a href="http://source.android.com/devices/storage/traditional.html">
+ multi-user support
+ </a>:
+ </p>
+ <ul>
+ <li>
+ Android Automotive device implementations with multi-user support enabled
+MUST include a guest account that allows all functions provided by the vehicle
+system without requiring a user to log in.
+ </li>
+ <li>
+ Device implementations that do not declare the android.hardware.telephony
+feature flag MUST support restricted profiles, a feature that allows device
+owners to manage additional users and their capabilities on the device. With
+restricted profiles, device owners can quickly set up separate environments for
+additional users to work in, with the ability to manage finer-grained
+restrictions in the apps that are available in those environments.
+ </li>
+ <li>
+ Conversely device implementations that declare the
+android.hardware.telephony feature flag MUST NOT support restricted profiles
+but MUST align with the AOSP implementation of controls to enable /disable
+other users from accessing the voice calls and SMS.
+ </li>
+ <li>
+ Device implementations MUST, for each user, implement a security model
+consistent with the Android platform security model as defined in
+ <a href="http://developer.android.com/guide/topics/security/permissions.html">
+ Security and Permissions reference document
+ </a>
+ in the APIs.
+ </li>
+ <li>
+ Each user instance on an Android device MUST have separate and isolated
+external storage directories. Device implementations MAY store multiple users'
+data on the same volume or filesystem. However, the device implementation MUST
+ensure that applications owned by and running on behalf a given user cannot
+list, read, or write to data owned by any other user. Note that removable
+media, such as SD card slots, can allow one user to access another’s data by
+means of a host PC. For this reason, device implementations that use removable
+media for the external storage APIs MUST encrypt the contents of the SD card if
+multiuser is enabled using a key stored only on non-removable media accessible
+only to the system. As this will make the media unreadable by a host PC, device
+implementations will be required to switch to MTP or a similar system to
+provide host PCs with access to the current user’s data. Accordingly, device
+implementations MAY but SHOULD NOT enable multi-user if they use
+ <a href="http://developer.android.com/reference/android/os/Environment.html">
+ removable media
+ </a>
+ for
+primary external storage.
+ </li>
+ </ul>
+ <h3 id="9_6_premium_sms_warning">
+ 9.6. Premium SMS Warning
+ </h3>
+ <p>
+ Android includes support for warning users of any outgoing
+ <a href="http://en.wikipedia.org/wiki/Short_code">
+ premium SMS message
+ </a>. Premium SMS
+messages are text messages sent to a service registered with a carrier that may
+incur a charge to the user. Device implementations that declare support for
+android.hardware.telephony MUST warn users before sending a SMS message to
+numbers identified by regular expressions defined in /data/misc/sms/codes.xml
+file in the device. The upstream Android Open Source Project provides an
+implementation that satisfies this requirement.
+ </p>
+ <h3 id="9_7_kernel_security_features">
+ 9.7. Kernel Security Features
+ </h3>
+ <p>
+ The Android Sandbox includes features that use the Security-Enhanced Linux
+(SELinux) mandatory access control (MAC) system, seccomp sandboxing, and other
+security features in the Linux kernel. SELinux or any other security features
+implemented below the Android framework:
+ </p>
+ <ul>
+ <li>
+ MUST maintain compatibility with existing applications.
+ </li>
+ <li>
+ MUST NOT have a visible user interface when a security violation is
+detected and successfully blocked, but MAY have a visible user interface when
+an unblocked security violation occurs resulting in a successful exploit.
+ </li>
+ <li>
+ SHOULD NOT be user or developer configurable.
+ </li>
+ </ul>
+ <p>
+ If any API for configuration of policy is exposed to an application that can
+affect another application (such as a Device Administration API), the API MUST
+NOT allow configurations that break compatibility.
+ </p>
+ <p>
+ Devices MUST implement SELinux or, if using a kernel other than Linux, an
+equivalent mandatory access control system. Devices MUST also meet the
+following requirements, which are satisfied by the reference implementation in
+the upstream Android Open Source Project.
+ </p>
+ <p>
+ Device implementations:
+ </p>
+ <ul>
+ <li>
+ MUST set SELinux to global enforcing mode.
+ </li>
+ <li>
+ MUST configure all domains in enforcing mode. No permissive mode domains
+are allowed, including domains specific to a device/vendor.
+ </li>
+ <li>
+ MUST NOT modify, omit, or replace the neverallow rules present within the
+system/sepolicy folder provided in the upstream Android Open Source Project
+(AOSP) and the policy MUST compile with all neverallow rules present, for both
+AOSP SELinux domains as well as device/vendor specific domains.
+ </li>
+ <li>
+ MUST split the media framework into multiple processes so that it
+is possible to more narrowly grant access for each process as
+ <a href="https://source.android.com/devices/media/framework-hardening.html#arch_changes">
+ described
+ </a>
+ in the Android Open Source Project site.
+ </li>
+ </ul>
+ <p>
+ Device implementations SHOULD retain the default SELinux policy provided in the
+system/sepolicy folder of the upstream Android Open Source Project and only
+further add to this policy for their own device-specific configuration. Device
+implementations MUST be compatible with the upstream Android Open Source
+Project.
+ </p>
+ <p>
+ Devices MUST implement a kernel application sandboxing mechanism which allows
+filtering of system calls using a configurable policy from multithreaded
+programs. The upstream Android Open Source Project meets this requirement
+through enabling the seccomp-BPF with threadgroup synchronization (TSYNC) as
+described
+ <a href="http://source.android.com/devices/tech/config/kernel.html#Seccomp-BPF-TSYNC">
+ in the Kernel Configuration section of source.android.com
+ </a>.
+ </p>
+ <h3 id="9_8_privacy">
+ 9.8. Privacy
+ </h3>
+ <p>
+ If the device implements functionality in the system that captures the contents
+displayed on the screen and/or records the audio stream played on the device,
+it MUST continuously notify the user whenever this functionality is enabled and
+actively capturing/recording.
+ </p>
+ <p>
+ If a device implementation has a mechanism that routes network data traffic
+through a proxy server or VPN gateway by default (for example, preloading a VPN
+service with android.permission.CONTROL_VPN granted), the device implementation
+MUST ask for the user's consent before enabling that mechanism, unless that
+VPN is enabled by the Device Policy Controller via the
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String, boolean)">
+ <code>
+ DevicePolicyManager.setAlwaysOnVpnPackage()
+ </code>
+ </a>, in which case the user does not need to provide a separate consent, but MUST
+only be notified.
+ </p>
+ <p>
+ Device implementations MUST ship with an empty user-added Certificate Authority
+(CA) store, and MUST preinstall the same root certificates for the system-trusted
+CA store as
+ <a href="https://source.android.com/security/overview/app-security.html#certificate-authorities">
+ provided
+ </a>
+ in the upstream Android Open Source Project.
+ </p>
+ <p>
+ When devices are routed through a VPN, or a user root CA is installed, the
+implementation MUST display a warning indicating the network traffic may be
+monitored to the user.
+ </p>
+ <p>
+ If a device implementation has a USB port with USB peripheral mode support, it
+MUST present a user interface asking for the user's consent before allowing
+access to the contents of the shared storage over the USB port.
+ </p>
+ <h3 id="9_9_data_storage_encryption">
+ 9.9. Data Storage Encryption
+ </h3>
+ <div class="note">
+ Optional for Android device implementations without a secure lock screen.
+ </div>
+ <p>
+ If the device implementation supports a secure lock screen as described in section 9.11.1,
+then the device MUST support data storage encryption of the application private data (/data partition), as well as the
+application shared storage partition (/sdcard partition) if it is a permanent,
+non-removable part of the device.
+ </p>
+ <p>
+ For device implementations supporting data storage encryption and with Advanced
+Encryption Standard (AES) crypto performance above 50MiB/sec, the data storage
+encryption MUST be enabled by default at the time the user has completed the
+out-of-box setup experience. If a device implementation is already launched on
+an earlier Android version with encryption disabled by default, such
+a device cannot meet the requirement through a system software update and thus
+MAY be exempted.
+ </p>
+ <p>
+ Device implementations SHOULD meet the above data storage encryption requirement
+via implementing
+ <a href="https://source.android.com/security/encryption/file-based.html">
+ File Based Encryption
+ </a>
+ (FBE).
+ </p>
+ <h4 id="9_9_1_direct_boot">
+ 9.9.1. Direct Boot
+ </h4>
+ <p>
+ All devices MUST implement the
+ <a href="http://developer.android.com/preview/features/direct-boot.html">
+ Direct Boot mode
+ </a>
+ APIs even
+if they do not support Storage Encryption. In particular, the
+ <a href="https://developer.android.com/reference/android/content/Intent.html#LOCKED_BOOT_COMPLETED">
+ LOCKED_BOOT_COMPLETED
+ </a>
+ and
+ <a href="https://developer.android.com/reference/android/content/Intent.html#ACTION_USER_UNLOCKED">
+ ACTION_USER_UNLOCKED
+ </a>
+ Intents must still be broadcast to signal Direct Boot aware applications that
+Device Encrypted (DE) and Credential Encrypted (CE) storage locations are
+available for user.
+ </p>
+ <h4 id="9_9_2_file_based_encryption">
+ 9.9.2. File Based Encryption
+ </h4>
+ <p>
+ Device implementations supporting FBE:
+ </p>
+ <ul>
+ <li>
+ MUST boot up without challenging the user for credentials and allow Direct
+ Boot aware apps to access to the Device Encrypted (DE) storage after the
+ LOCKED_BOOT_COMPLETED message is broadcasted.
+ </li>
+ <li>
+ MUST only allow access to Credential Encrypted (CE) storage after the user
+ has unlocked the device by supplying their credentials (eg. passcode, pin,
+ pattern or fingerprint) and the ACTION_USER_UNLOCKED message is broadcasted.
+ Device implementations MUST NOT offer any
+ method to unlock the CE protected storage without the user supplied
+ credentials.
+ </li>
+ <li>
+ MUST support Verified Boot and ensure that DE keys are cryptographically
+ bound to the device's hardware root of trust.
+ </li>
+ <li>
+ MUST support encrypting file contents using AES with a key length of 256-bits
+ in XTS mode.
+ </li>
+ <li>
+ MUST support encrypting file name using AES with a key length of 256-bits in
+ CBC-CTS mode.
+ </li>
+ <li>
+ MAY support alternative ciphers, key lengths and modes for file content and
+ file name encryption, but MUST use the mandatorily supported ciphers,
+ key lengths and modes by default.
+ </li>
+ <li>
+ SHOULD make preloaded essential apps (e.g. Alarm, Phone, Messenger)
+ Direct Boot aware.
+ </li>
+ </ul>
+ <p>
+ The keys protecting CE and DE storage areas:
+ </p>
+ <ul>
+ <li>
+ MUST be cryptographically bound to a hardware-backed Keystore. CE keys
+ must be bound to a user's lock screen credentials. If the user has
+ specified no lock screen credentials then the CE keys MUST be bound to
+ a default passcode.
+ </li>
+ <li>
+ MUST be unique and distinct, in other words no user's CE or DE key
+ may match any other user's CE or DE keys.
+ </li>
+ </ul>
+ <p>
+ The upstream Android Open Source project provides a preferred implementation of
+this feature based on the Linux kernel ext4 encryption feature.
+ </p>
+ <h4 id="9_9_3_full_disk_encryption">
+ 9.9.3. Full Disk Encryption
+ </h4>
+ <p>
+ Device implementations supporting
+ <a href="http://source.android.com/devices/tech/security/encryption/index.html">
+ full disk encryption
+ </a>
+ (FDE). MUST use AES with a key of 128-bits
+ (or greater) and a mode designed for storage (for example, AES-XTS,
+ AES-CBC-ESSIV). The encryption key MUST NOT be written to storage at any time
+ without being encrypted. The user MUST be provided with the possibility to AES
+ encrypt the encryption key, except when it is in active use, with the lock
+ screen credentials stretched using a slow stretching algorithm
+ (e.g. PBKDF2 or scrypt). If the user has not specified a lock screen
+ credentials or has disabled use of the passcode for encryption, the system
+ SHOULD use a default passcode to wrap the encryption key. If the device
+ provides a hardware-backed keystore, the password stretching algorithm MUST
+ be cryptographically bound to that keystore. The encryption key MUST NOT be
+ sent off the device (even when wrapped with the user passcode and/or hardware
+ bound key). The upstream Android Open Source project provides a preferred
+ implementation of this feature based on the Linux kernel feature dm-crypt.
+ </p>
+ <h3 id="9_10_device_integrity">
+ 9.10. Device Integrity
+ </h3>
+ <p>
+ The following requirements ensures there is transparancy to the status of the
+device integrity.
+ </p>
+ <p>
+ Device implementations MUST correctly report through the System API method
+PersistentDataBlockManager.getFlashLockState() whether their bootloader state
+permits flashing of the system image. The
+ <code>
+ FLASH_LOCK_UNKNOWN
+ </code>
+ state is reserved
+for device implementations upgrading from an earlier version of Android where this
+new system API method did not exist.
+ </p>
+ <p>
+ Verified boot is a feature that guarantees the integrity of the device
+software. If a device implementation supports the feature, it MUST:
+ </p>
+ <ul>
+ <li>
+ Declare the platform feature flag android.software.verified_boot.
+ </li>
+ <li>
+ Perform verification on every boot sequence.
+ </li>
+ <li>
+ Start verification from an immutable hardware key that is the root of trust
+and go all the way up to the system partition.
+ </li>
+ <li>
+ Implement each stage of verification to check the integrity and
+authenticity of all the bytes in the next stage before executing the code in
+the next stage.
+ </li>
+ <li>
+ Use verification algorithms as strong as current recommendations from NIST
+for hashing algorithms (SHA-256) and public key sizes (RSA-2048).
+ </li>
+ <li>
+ MUST NOT allow boot to complete when system verification fails, unless the
+user consents to attempt booting anyway, in which case the data from any
+non-verified storage blocks MUST not be used.
+ </li>
+ <li>
+ MUST NOT allow verified partitions on the device to be modified unless the
+user has explicitly unlocked the boot loader.
+ </li>
+ </ul>
+ <p>
+ The upstream Android Open Source Project provides a preferred implementation of
+this feature based on the Linux kernel feature dm-verity.
+ </p>
+ <p>
+ Starting from Android 6.0, device implementations with Advanced Encryption
+Standard (AES) crypto performance above 50 MiB/seconds MUST support verified boot
+for device integrity.
+ </p>
+ <p>
+ If a device implementation is already launched without supporting verified boot
+on an earlier version of Android, such a device can not add support for this feature
+with a system software update and thus are exempted from the requirement.
+ </p>
+ <h3 id="9_11_keys_and_credentials">
+ 9.11. Keys and Credentials
+ </h3>
+ <p>
+ The
+ <a href="https://developer.android.com/training/articles/keystore.html">
+ Android Keystore System
+ </a>
+ allows
+app developers to store cryptographic keys in a container and use them in
+cryptographic operations through the
+ <a href="https://developer.android.com/reference/android/security/KeyChain.html">
+ KeyChain API
+ </a>
+ or
+the
+ <a href="https://developer.android.com/reference/java/security/KeyStore.html">
+ Keystore API
+ </a>.
+ </p>
+ <p>
+ All Android device implementations MUST meet the following requirements:
+ </p>
+ <ul>
+ <li>
+ SHOULD not limit the number of keys that can be generated, and MUST at
+ least allow more than 8,192 keys to be imported.
+ </li>
+ <li>
+ The lock screen authentication MUST rate limit attempts and MUST have an
+ exponential backoff algorithm. Beyond 150 failed attempts, the delay MUST be
+ at least 24 hours per attempt.
+ </li>
+ <li>
+ When the device implementation supports a secure lock screen it MUST back up the
+ keystore implementation with secure hardware and meet following requirements:
+ <ul>
+ <li>
+ MUST have implementations of RSA, AES, ECDSA and HMAC cryptographic
+ algorithms and MD5, SHA1, and SHA-2 family hash functions to properly
+ support the Android Keystore system's supported algorithms in an area
+ that is securely isolated from the code running on the kernel and
+ above. Secure isolation MUST block all potential mechanisms by which
+ kernel or userspace code might access the internal state of the
+ isolated environment, including DMA. The upstream Android Open Source
+ Project (AOSP) meets this requirement by using the
+ <a href="https://source.android.com/security/trusty/">
+ Trusty
+ </a>
+ implementation, but another ARM TrustZone-based solution or a
+ third-party reviewed secure implementation of a proper
+ hypervisor-based isolation are alternative options.
+ </li>
+ <li>
+ MUST perform the lock screen authentication in the isolated execution
+ environment and only when successful, allow the authentication-bound
+ keys to be used. The upstream Android Open Source Project provides
+ the
+ <a href="http://source.android.com/devices/tech/security/authentication/gatekeeper.html">
+ Gatekeeper Hardware Abstraction Layer (HAL)
+ </a>
+ and Trusty, which can be used to satisfy this requirement.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <p>
+ Note that if a device implementation is already launched on an earlier Android
+version, such a device is exempted from the requirement to have a
+hardware-backed keystore, unless it declares the
+ <code>
+ android.hardware.fingerprint
+ </code>
+ feature which requires a hardware-backed keystore.
+ </p>
+ <h4 id="9_11_1_secure_lock_screen">
+ 9.11.1. Secure Lock Screen
+ </h4>
+ <p>
+ Device implementations MAY add or modify the authentication methods to unlock
+the lock screen, but MUST still meet the following requirements:
+ </p>
+ <ul>
+ <li>
+ The authentication method, if based on a known secret, MUST NOT be treated
+ as a secure lock screen unless it meets all following requirements:
+ <ul>
+ <li>
+ The entropy of the shortest allowed length of inputs MUST be greater
+ than 10 bits.
+ </li>
+ <li>
+ The maximum entropy of all possible inputs MUST be greater than 18 bits.
+ </li>
+ <li>
+ MUST not replace any of the existing authentication methods (PIN,
+ pattern, password) implemented and provided in AOSP.
+ </li>
+ <li>
+ MUST be disabled when the Device Policy Controller (DPC) application
+ has set the password quality policy via the
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29">
+ <code>
+ DevicePolicyManager.setPasswordQuality()
+ </code>
+ </a>
+ method with a more restrictive quality constant than
+ <code>
+ PASSWORD_QUALITY_SOMETHING
+ </code>
+ .
+ </li>
+ </ul>
+ </li>
+ <li>
+ The authenticaion method, if based on a physical token or the location,
+ MUST NOT be treated as a secure lock screen unless it meets all following
+ requirements:
+ <ul>
+ <li>
+ It MUST have a fall-back mechanism to use one of the primary
+ authentication methods which is based on a known secret and meets
+ the requirements to be treated as a secure lock screen.
+ </li>
+ <li>
+ It MUST be disabled and only allow the primary authentication to
+ unlock the screen when the Device Policy Controller (DPC) application
+ has set the policy with either the
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setKeyguardDisabledFeatures%28android.content.ComponentName,%20int%29">
+ <code>
+ DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_TRUST_AGENTS)
+ </code>
+ </a>
+ method or the
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29">
+ <code>
+ DevicePolicyManager.setPasswordQuality()
+ </code>
+ </a>
+ method with a more restrictive quality constant than
+ <code>
+ PASSWORD_QUALITY_UNSPECIFIED
+ </code>
+ .
+ </li>
+ </ul>
+ </li>
+ <li>
+ The authentication method, if based on biometrics, MUST NOT be treated as a
+ secure lock screen unless it meets all following requirements:
+ <ul>
+ <li>
+ It MUST have a fall-back mechanism to use one of the primary
+ authentication methods which is based on a known secret and meets
+ the requirements to be treated as a secure lock screen.
+ </li>
+ <li>
+ It MUST be disabled and only allow the primary authentication to
+ unlock the screen when the Device Policy Controller (DPC) application
+ has set the keguard feature policy by calling the method
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setKeyguardDisabledFeatures%28android.content.ComponentName,%20int%29">
+ <code>
+ DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_FINGERPRINT)
+ </code>
+ </a>.
+ </li>
+ <li>
+ It MUST have a false acceptance rate that is equal or stronger than
+ what is required for a fingerprint sensor as described in
+ section 7.3.10, or otherwise MUST be disabled and only allow the
+ primary authentication to unlock the screen when the Device Policy
+ Controller (DPC) application has set the password quality policy
+ via the
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29">
+ <code>
+ DevicePolicyManager.setPasswordQuality()
+ </code>
+ </a>
+ method with a more restrictive quality constant than
+ <code>
+ PASSWORD_QUALITY_BIOMETRIC_WEAK
+ </code>
+ .
+ </li>
+ </ul>
+ </li>
+ <li>
+ If the authentication method can not be treated as a secure lock screen,
+ it:
+ <ul>
+ <li>
+ MUST return
+ <code>
+ false
+ </code>
+ for both the
+ <a href="http://developer.android.com/reference/android/app/KeyguardManager.html#isKeyguardSecure%28%29">
+ <code>
+ KeyguardManager.isKeyguardSecure()
+ </code>
+ </a>
+ and the
+ <a href="https://developer.android.com/reference/android/app/KeyguardManager.html#isDeviceSecure%28%29">
+ <code>
+ KeyguardManager.isDeviceSecure()
+ </code>
+ </a>
+ methods.
+ </li>
+ <li>
+ MUST be disabled when the Device Policy Controller (DPC) application
+ has set the password quality policy via the
+ <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordQuality%28android.content.ComponentName,%20int%29">
+ <code>
+ DevicePolicyManager.setPasswordQuality()
+ </code>
+ </a>
+ method with a more restrictive quality constant than
+ <code>
+ PASSWORD_QUALITY_UNSPECIFIED
+ </code>
+ .
+ </li>
+ <li>
+ MUST NOT reset the password expiration timers set by
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordExpirationTimeout%28android.content.ComponentName,%20long%29">
+ <code>
+ DevicePolicyManager.setPasswordExpirationTimeout()
+ </code>
+ </a>.
+ </li>
+ <li>
+ MUST NOT authenticate access to keystores if the application has called
+ <a href="https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUserAuthenticationRequired%28boolean%29">
+ <code>
+ KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true)
+ </code>
+ </a>
+ ).
+ </li>
+ </ul>
+ </li>
+ <li>
+ If the authentication method is based on a physical token, the location,
+ or biometrics that has higher false acceptance rate than what is required
+ for fingerprint sensors as described in section 7.3.10, then it:
+ <ul>
+ <li>
+ MUST NOT reset the password expiration timers set by
+ <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setPasswordExpirationTimeout%28android.content.ComponentName,%20long%29">
+ <code>
+ DevicePolicyManager.setPasswordExpirationTimeout()
+ </code>
+ </a>.
+ </li>
+ <li>
+ MUST NOT authenticate access to keystores if the application has called
+ <a href="https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUserAuthenticationRequired%28boolean%29">
+ <code>
+ KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true)
+ </code>
+ </a>.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <h3 id="9_12_data_deletion">
+ 9.12. Data Deletion
+ </h3>
+ <p>
+ Devices MUST provide users with a mechanism to perform a "Factory Data Reset"
+that allows logical and physical deletion of all data except for the following:
+ </p>
+ <ul>
+ <li>
+ The system image
+ </li>
+ <li>
+ Any operating system files required by the system image
+ </li>
+ </ul>
+ <p>
+ All user-generated data MUST be deleted. This MUST satisfy relevant industry
+standards for data deletion such as NIST SP800-88. This MUST be used for the
+implementation of the wipeData() API (part of the Android Device Administration
+API) described in
+ <a href="#3_9_device_administration">
+ section 3.9 Device Administration
+ </a>.
+ </p>
+ <p>
+ Devices MAY provide a fast data wipe that conducts a logical data erase.
+ </p>
+ <h3 id="9_13_safe_boot_mode">
+ 9.13. Safe Boot Mode
+ </h3>
+ <p>
+ Android provides a mode enabling users to boot up into a mode where only
+preinstalled system apps are allowed to run and all third-party apps are
+disabled. This mode, known as "Safe Boot Mode", provides the user the
+capability to uninstall potentially harmful third-party apps.
+ </p>
+ <p>
+ Android device implementations are STRONGLY RECOMENDED to implement Safe Boot
+Mode and meet following requirements:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Device implementations SHOULD provide the user an option to enter Safe Boot
+ Mode from the boot menu which is reachable through a workflow that is different
+ from that of normal boot.
+ </p>
+ </li>
+ <li>
+ <p>
+ Device implementations MUST provide the user an option to enter Safe Boot Mode
+ in such a way that is uninterruptible from third-party apps installed on
+ the device, except for when the third party app is a Device Policy Controller
+ and has set the
+ <a href="https://developer.android.com/reference/android/os/UserManager.html#DISALLOW_SAFE_BOOT">
+ <code>
+ UserManager.DISALLOW_SAFE_BOOT
+ </code>
+ </a>
+ flag as true.
+ </p>
+ </li>
+ <li>
+ <p>
+ Device implementations MUST provide the user the capability to uninstall
+ any third-party apps within Safe Mode.
+ </p>
+ </li>
+ </ul>
+ <h3 id="9_14_automotive_vehicle_system_isolation">
+ 9.14. Automotive Vehicle System Isolation
+ </h3>
+ <p>
+ Android Automotive devices are expected to exchange data with critical vehicle
+subsystems, e.g., by using the
+ <a href="http://source.android.com/devices/automotive.html">
+ vehicle HAL
+ </a>
+ to send and receive messages over vehicle networks such as CAN bus. Android
+Automotive device implementations MUST implement security features below the
+Android framework layers to prevent malicious or unintentional interaction
+between the Android framework or third-party apps and vehicle subsystems. These
+security features are as follows:
+ </p>
+ <ul>
+ <li>
+ Gatekeeping messages from Android framework vehicle subsystems, e.g.,
+ whitelisting permitted message types and message sources.
+ </li>
+ <li>
+ Watchdog against denial of service attacks from the Android framework or
+ third-party apps. This guards against malicious software flooding the vehicle
+ network with traffic, which may lead to malfunctioning vehicle subsystems.
+ </li>
+ </ul>
+ <h2 id="10_software_compatibility_testing">
+ 10. Software Compatibility Testing
+ </h2>
+ <p>
+ Device implementations MUST pass all tests described in this section.
+ </p>
+ <p>
+ However, note that no software test package is fully comprehensive. For this
+reason, device implementers are
+ <strong>
+ STRONGLY RECOMMENDED
+ </strong>
+ to make the minimum
+number of changes as possible to the reference and preferred implementation of
+Android available from the Android Open Source Project. This will minimize the
+risk of introducing bugs that create incompatibilities requiring rework and
+potential device updates.
+ </p>
+ <h3 id="10_1_compatibility_test_suite">
+ 10.1. Compatibility Test Suite
+ </h3>
+ <p>
+ Device implementations MUST pass the
+ <a href="http://source.android.com/compatibility/index.html">
+ Android Compatibility Test Suite (CTS)
+ </a>
+ available from the Android Open Source Project, using the final shipping
+software on the device. Additionally, device implementers SHOULD use the
+reference implementation in the Android Open Source tree as much as possible,
+and MUST ensure compatibility in cases of ambiguity in CTS and for any
+reimplementations of parts of the reference source code.
+ </p>
+ <p>
+ The CTS is designed to be run on an actual device. Like any software, the CTS
+may itself contain bugs. The CTS will be versioned independently of this
+Compatibility Definition, and multiple revisions of the CTS may be released for
+Android 7.1. Device implementations MUST pass the latest CTS
+version available at the time the device software is completed.
+ </p>
+ <h3 id="10_2_cts_verifier">
+ 10.2. CTS Verifier
+ </h3>
+ <p>
+ Device implementations MUST correctly execute all applicable cases in the CTS
+Verifier. The CTS Verifier is included with the Compatibility Test Suite, and
+is intended to be run by a human operator to test functionality that cannot be
+tested by an automated system, such as correct functioning of a camera and
+sensors.
+ </p>
+ <p>
+ The CTS Verifier has tests for many kinds of hardware, including some hardware
+that is optional. Device implementations MUST pass all tests for hardware that
+they possess; for instance, if a device possesses an accelerometer, it MUST
+correctly execute the Accelerometer test case in the CTS Verifier. Test cases
+for features noted as optional by this Compatibility Definition Document MAY be
+skipped or omitted.
+ </p>
+ <p>
+ Every device and every build MUST correctly run the CTS Verifier, as noted
+above. However, since many builds are very similar, device implementers are not
+expected to explicitly run the CTS Verifier on builds that differ only in
+trivial ways. Specifically, device implementations that differ from an
+implementation that has passed the CTS Verifier only by the set of included
+locales, branding, etc. MAY omit the CTS Verifier test.
+ </p>
+ <h2 id="11_updatable_software">
+ 11. Updatable Software
+ </h2>
+ <p>
+ Device implementations MUST include a mechanism to replace the entirety of the
+system software. The mechanism need not perform “live” upgrades—that is, a
+device restart MAY be required.
+ </p>
+ <p>
+ Any method can be used, provided that it can replace the entirety of the
+software preinstalled on the device. For instance, any of the following
+approaches will satisfy this requirement:
+ </p>
+ <ul>
+ <li>
+ “Over-the-air (OTA)” downloads with offline update via reboot.
+ </li>
+ <li>
+ “Tethered” updates over USB from a host PC.
+ </li>
+ <li>
+ “Offline” updates via a reboot and update from a file on removable storage.
+ </li>
+ </ul>
+ <p>
+ However, if the device implementation includes support for an unmetered data
+connection such as 802.11 or Bluetooth PAN (Personal Area Network) profile, it
+MUST support OTA downloads with offline update via reboot.
+ </p>
+ <p>
+ The update mechanism used MUST support updates without wiping user data. That
+is, the update mechanism MUST preserve application private data and application
+shared data. Note that the upstream Android software includes an update
+mechanism that satisfies this requirement.
+ </p>
+ <p>
+ For device implementations that are launching with Android 6.0 and
+later, the update mechanism SHOULD support verifying that the system image is
+binary identical to expected result following an OTA. The block-based OTA
+implementation in the upstream Android Open Source Project, added since Android
+5.1, satisfies this requirement.
+ </p>
+ <p>
+ Also, device implementations SHOULD support
+ <a href="https://source.android.com/devices/tech/ota/ab_updates.html">
+ A/B system updates
+ </a>.
+The AOSP implements this feature using the boot control HAL.
+ </p>
+ <p>
+ If an error is found in a device implementation after it has been released but
+within its reasonable product lifetime that is determined in consultation with
+the Android Compatibility Team to affect the compatibility of third-party
+applications, the device implementer MUST correct the error via a software
+update available that can be applied per the mechanism just described.
+ </p>
+ <p>
+ Android includes features that allow the Device Owner app (if present) to
+control the installation of system updates. To facilitate this, the system
+update subsystem for devices that report android.software.device_admin MUST
+implement the behavior described in the
+ <a href="http://developer.android.com/reference/android/app/admin/SystemUpdatePolicy.html">
+ SystemUpdatePolicy
+ </a>
+ class.
+ </p>
+ <h2 id="12_document_changelog">
+ 12. Document Changelog
+ </h2>
+ <p>
+ For a summary of changes to the Compatibility Definition in this release:
+ </p>
+ <ul>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/?pretty=full&no-merges">
+ Document changelog
+ </a>
+ </li>
+ </ul>
+ <p>
+ For a summary of changes to individuals sections:
+ </p>
+ <ol>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/1_introduction?pretty=full&no-merges">
+ Introduction
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/2_device_types?pretty=full&no-merges">
+ Device Types
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/3_software?pretty=full&no-merges">
+ Software
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/4_application-packaging?pretty=full&no-merges">
+ Application Packaging
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/5_multimedia?pretty=full&no-merges">
+ Multimedia
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/6_dev-tools-and-options?pretty=full&no-merges">
+ Developer Tools and Options
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/7_hardware-compatibility?pretty=full&no-merges">
+ Hardware Compatibility
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/8_performance-and-power?pretty=full&no-merges">
+ Performance and Power
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/9_security-model?pretty=full&no-merges">
+ Security Model
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/10_software-compatibility-testing?pretty=full&no-merges">
+ Software Compatibility Testing
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/11_updatable-software?pretty=full&no-merges">
+ Updatable Software
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/12_document-changelog?pretty=full&no-merges">
+ Document Changelog
+ </a>
+ </li>
+ <li>
+ <a href="https://android.googlesource.com/platform/compatibility/cdd/+log/nougat-mr1-dev/13_contact-us?pretty=full&no-merges">
+ Contact Us
+ </a>
+ </li>
+ </ol>
+ <h3 id="12_1_changelog_viewing_tips">
+ 12.1. Changelog Viewing Tips
+ </h3>
+ <p>
+ Changes are marked as follows:
+ </p>
+ <ul>
+ <li>
+ <p>
+ <strong>
+ CDD
+ </strong>
+ <br/>
+ Substantive changes to the compatibility requirements.
+ </p>
+ </li>
+ <li>
+ <p>
+ <strong>
+ Docs
+ </strong>
+ <br/>
+ Cosmetic or build related changes.
+ </p>
+ </li>
+ </ul>
+ <p>
+ For best viewing, append the
+ <code>
+ pretty=full
+ </code>
+ and
+ <code>
+ no-merges
+ </code>
+ URL parameters to your
+changelog URLs.
+ </p>
+ <h2 id="13_contact_us">
+ 13. Contact Us
+ </h2>
+ <p>
+ You can join the
+ <a href="https://groups.google.com/forum/#!forum/android-compatibility">
+ android-compatibility forum
+ </a>
+ and ask for clarifications or bring up any issues that you think the document does not
+cover.
+ </p>
+</body>
</body>
</html>
diff --git a/en/compatibility/cts/downloads.html b/en/compatibility/cts/downloads.html
index c71ccb7..466bb6c 100644
--- a/en/compatibility/cts/downloads.html
+++ b/en/compatibility/cts/downloads.html
@@ -31,77 +31,77 @@
<h2 id="android-71">Android 7.1</h2>
<p>Android 7.1 is the release of the development milestone code-named Nougat-MR1.
The source code for the following tests can be synced with the
-'android-cts-7.1_r6' tag in the open-source tree.</p>
+'android-cts-7.1_r7' tag in the open-source tree.</p>
<ul>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-7.1_r6-linux_x86-arm.zip">Android
-7.1 R6 Compatibility Test Suite (CTS) - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-7.1_r7-linux_x86-arm.zip">Android
+7.1 R7 Compatibility Test Suite (CTS) - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-7.1_r6-linux_x86-x86.zip">Android
-7.1 R6 Compatibility Test Suite (CTS) - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-7.1_r7-linux_x86-x86.zip">Android
+7.1 R7 Compatibility Test Suite (CTS) - x86</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r6-linux_x86-arm.zip">Android
-7.1 R6 CTS Verifier - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r7-linux_x86-arm.zip">Android
+7.1 R7 CTS Verifier - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r6-linux_x86-x86.zip">Android
-7.1 R6 CTS Verifier - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r7-linux_x86-x86.zip">Android
+7.1 R7 CTS Verifier - x86</a></li>
</ul>
<h2 id="android-70">Android 7.0</h2>
<p>Android 7.0 is the release of the development milestone code-named Nougat.
The source code for the following tests can be synced with the
-'android-cts-7.0_r10' tag in the open-source tree.</p>
+'android-cts-7.0_r11' tag in the open-source tree.</p>
<ul>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-7.0_r10-linux_x86-arm.zip">Android
-7.0 R10 Compatibility Test Suite (CTS) - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-7.0_r11-linux_x86-arm.zip">Android
+7.0 R11 Compatibility Test Suite (CTS) - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-7.0_r10-linux_x86-x86.zip">Android
-7.0 R10 Compatibility Test Suite (CTS) - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-7.0_r11-linux_x86-x86.zip">Android
+7.0 R11 Compatibility Test Suite (CTS) - x86</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r10-linux_x86-arm.zip">Android
-7.0 R10 CTS Verifier - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r11-linux_x86-arm.zip">Android
+7.0 R11 CTS Verifier - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r10-linux_x86-x86.zip">Android
-7.0 R10 CTS Verifier - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r11-linux_x86-x86.zip">Android
+7.0 R11 CTS Verifier - x86</a></li>
</ul>
<h2 id="android-60">Android 6.0</h2>
<p>Android 6.0 is the release of the development milestone code-named Marshmallow.
The source code for the following tests can be synced with the
-'android-cts-6.0_r19' tag in the open-source tree.</p>
+'android-cts-6.0_r20' tag in the open-source tree.</p>
<ul>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-6.0_r19-linux_x86-arm.zip">Android
-6.0 R19 Compatibility Test Suite (CTS) - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-6.0_r20-linux_x86-arm.zip">Android
+6.0 R20 Compatibility Test Suite (CTS) - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-6.0_r19-linux_x86-x86.zip">Android
-6.0 R19 Compatibility Test Suite (CTS) - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-6.0_r20-linux_x86-x86.zip">Android
+6.0 R20 Compatibility Test Suite (CTS) - x86</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r19-linux_x86-arm.zip">Android
-6.0 R19 CTS Verifier - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r20-linux_x86-arm.zip">Android
+6.0 R20 CTS Verifier - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r19-linux_x86-x86.zip">Android
-6.0 R19 CTS Verifier - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r20-linux_x86-x86.zip">Android
+6.0 R20 CTS Verifier - x86</a></li>
</ul>
<h2 id="android-51">Android 5.1</h2>
<p>Android 5.1 is the release of the development milestone code-named Lollipop-MR1.
The source code for the following tests can be synced with the
-'android-cts-5.1_r20' tag in the open source tree.</p>
+'android-cts-5.1_r21' tag in the open source tree.</p>
<ul>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-5.1_r20-linux_x86-arm.zip">Android
-5.1 R20 Compatibility Test Suite (CTS) - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-5.1_r21-linux_x86-arm.zip">Android
+5.1 R21 Compatibility Test Suite (CTS) - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-5.1_r20-linux_x86-x86.zip">Android
-5.1 R20 Compatibility Test Suite (CTS) - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-5.1_r21-linux_x86-x86.zip">Android
+5.1 R21 Compatibility Test Suite (CTS) - x86</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.1_r20-linux_x86-arm.zip">Android
-5.1 R20 CTS Verifier - ARM</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.1_r21-linux_x86-arm.zip">Android
+5.1 R21 CTS Verifier - ARM</a></li>
<li><a
-href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.1_r20-linux_x86-x86.zip">Android
-5.1 R20 CTS Verifier - x86</a></li>
+href="https://dl.google.com/dl/android/cts/android-cts-verifier-5.1_r21-linux_x86-x86.zip">Android
+5.1 R21 CTS Verifier - x86</a></li>
</ul>
<h2 id="android-50">Android 5.0</h2>
diff --git a/en/devices/_toc-interfaces.yaml b/en/devices/_toc-interfaces.yaml
index a4331e1..148c563 100644
--- a/en/devices/_toc-interfaces.yaml
+++ b/en/devices/_toc-interfaces.yaml
@@ -1,41 +1,14 @@
toc:
- title: Overview
path: /devices/
-- title: Accessories
- path: /devices/accessories
+- title: Architecture
section:
- - title: Audio Accessories
- section:
- - title: Overview
- path: /devices/accessories/audio
- - title: Headset
- section:
- - title: Overview
- path: /devices/accessories/headset/
- - title: 3.5 mm Headset Spec
- path: /devices/accessories/headset/plug-headset-spec
- - title: 3.5 mm Jack Spec
- path: /devices/accessories/headset/jack-headset-spec
- - title: USB Headset Spec
- path: /devices/accessories/headset/usb-headset-spec
- - title: Expected Behavior
- path: /devices/accessories/headset/expected-behavior
- - title: Testing
- path: /devices/accessories/headset/testing
- - title: Custom Accessories
- section:
- - title: Overview
- path: /devices/accessories/custom
- - title: AOA
- section:
- - title: Overview
- path: /devices/accessories/protocol
- - title: AOA 2.0
- path: /devices/accessories/aoa2
- - title: AOA 1.0
- path: /devices/accessories/aoa
- - title: Stylus
- path: /devices/accessories/stylus
+ - title: Overview
+ path: /devices/architecture/
+ - title: Hardware Abstraction Layer (HAL)
+ path: /devices/architecture/hal
+ - title: Treble
+ path: /devices/architecture/treble
- title: Audio
section:
- title: Overview
@@ -95,7 +68,11 @@
- title: TV Audio
path: /devices/audio/tv
- title: Automotive
- path: /devices/automotive
+ section:
+ - title: Overview
+ path: /devices/automotive/
+ - title: Vehicle Properties
+ path: /devices/automotive/properties
- title: Bluetooth
path: /devices/bluetooth
- title: Camera
@@ -206,6 +183,41 @@
path: /devices/media/soc
- title: OEM Dependencies
path: /devices/media/oem
+- title: Peripherals
+ path: /devices/accessories
+ section:
+ - title: Audio Accessories
+ section:
+ - title: Overview
+ path: /devices/accessories/audio
+ - title: Headset
+ section:
+ - title: Overview
+ path: /devices/accessories/headset/
+ - title: 3.5 mm Headset Spec
+ path: /devices/accessories/headset/plug-headset-spec
+ - title: 3.5 mm Jack Spec
+ path: /devices/accessories/headset/jack-headset-spec
+ - title: USB Headset Spec
+ path: /devices/accessories/headset/usb-headset-spec
+ - title: Expected Behavior
+ path: /devices/accessories/headset/expected-behavior
+ - title: Testing
+ path: /devices/accessories/headset/testing
+ - title: Custom Accessories
+ section:
+ - title: Overview
+ path: /devices/accessories/custom
+ - title: AOA
+ section:
+ - title: Overview
+ path: /devices/accessories/protocol
+ - title: AOA 2.0
+ path: /devices/accessories/aoa2
+ - title: AOA 1.0
+ path: /devices/accessories/aoa
+ - title: Stylus
+ path: /devices/accessories/stylus
- title: Sensors
section:
- title: Overview
diff --git a/en/devices/architecture/hal.html b/en/devices/architecture/hal.html
new file mode 100644
index 0000000..17ccea7
--- /dev/null
+++ b/en/devices/architecture/hal.html
@@ -0,0 +1,140 @@
+<html devsite>
+ <head>
+ <title>Hardware Abstraction Layer (HAL)</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+
+<p>A HAL defines a standard interface for hardware vendors to implement,
+which enables Android to be agnostic about lower-level driver implementations.
+Using a HAL allows you to implement functionality without affecting or modifying
+the higher level system. HAL implementations are packaged into modules and
+loaded by the Android system at the appropriate time.</p>
+
+<img src="../images/ape_fwk_hal.png">
+
+<p class="img-caption"><strong>Figure 1.</strong> HAL components</p>
+
+<p>You must implement the corresponding HAL (and driver) for the specific
+hardware your product provides. HAL implementations are typically built into
+shared library modules (<code>.so</code> files), but as Android does not mandate
+a standard interaction between a HAL implementation and device drivers, you can
+do what is best for your situation. However, to enable the Android system to
+correctly interact with your hardware, you <strong>must</strong> abide by the
+contract defined in each hardware-specific HAL interface.</p>
+
+<p>To guarantee that HALs have a predictable structure, each hardware-specific
+HAL interface has properties defined in
+<code>hardware/libhardware/include/hardware/hardware.h</code>. This interface
+allows the Android system to load correct versions of your HAL modules in a
+consistent way. A HAL interface consists of two components: modules and devices.
+</p>
+
+<h2 id="hal-module">HAL modules</h2>
+<p>A module represents your packaged HAL implementation, which is stored as a
+shared library (<code>.so file</code>). The
+<code>hardware/libhardware/include/hardware/hardware.h</code> header file
+defines a struct (<code>hw_module_t</code>) that represents a module and
+contains metadata such as the version, name, and author of the module. Android
+uses this metadata to find and load the HAL module correctly.</p>
+
+<p>In addition, the <code>hw_module_t</code> struct contains a pointer to
+another struct, <code>hw_module_methods_t</code>, that contains a pointer to
+an open function for the module. This open function is used to initiate
+communication with the hardware for which the HAL is serving as an abstraction.
+Each hardware-specific HAL usually extends the generic <code>hw_module_t</code>
+struct with additional information for that specific piece of hardware. For
+example, in the camera HAL, the <code>camera_module_t</code> struct contains a
+<code>hw_module_t</code> struct along with other camera-specific function
+pointers:</p>
+
+<pre class="devsite-click-to-copy">
+typedef struct camera_module {
+ hw_module_t common;
+ int (*get_number_of_cameras)(void);
+ int (*get_camera_info)(int camera_id, struct camera_info *info);
+} camera_module_t;
+</pre>
+
+<p>When you implement a HAL and create the module struct, you must name it
+<code>HAL_MODULE_INFO_SYM</code>. Example from the Nexus 9 audio HAL:</p>
+
+<pre class="devsite-click-to-copy">
+struct audio_module HAL_MODULE_INFO_SYM = {
+ .common = {
+ .tag = HARDWARE_MODULE_TAG,
+ .module_api_version = AUDIO_MODULE_API_VERSION_0_1,
+ .hal_api_version = HARDWARE_HAL_API_VERSION,
+ .id = AUDIO_HARDWARE_MODULE_ID,
+ .name = "NVIDIA Tegra Audio HAL",
+ .author = "The Android Open Source Project",
+ .methods = &hal_module_methods,
+ },
+};
+</pre>
+
+<h2 id="hal-device">HAL devices</h2>
+<p>A device abstracts the hardware of your product. For example, an audio
+module can contain a primary audio device, a USB audio device, or a Bluetooth
+A2DP audio device.</p>
+
+<p>A device is represented by the <code>hw_device_t</code> struct. Similar to a
+module, each type of device defines a detailed version of the generic
+<code>hw_device_t</code> that contains function pointers for specific features
+of the hardware. For example, the <code>audio_hw_device_t</code> struct type
+contains function pointers to audio device operations:</p>
+
+<pre class="devsite-click-to-copy">
+struct audio_hw_device {
+ struct hw_device_t common;
+
+ /**
+ * used by audio flinger to enumerate what devices are supported by
+ * each audio_hw_device implementation.
+ *
+ * Return value is a bitmask of 1 or more values of audio_devices_t
+ */
+ uint32_t (*get_supported_devices)(const struct audio_hw_device *dev);
+ ...
+};
+typedef struct audio_hw_device audio_hw_device_t;
+</pre>
+
+<p>In addition to these standard properties, each hardware-specific HAL
+interface can define more of its own features and requirements. For details,
+see the <a href="/reference/hal/">HAL reference documentation</a> as well as
+the individual instructions for each HAL.</p>
+
+<h2 id="hal-building">Building HAL modules</h2>
+<p>HAL implementations are built into modules (<code>.so</code>) files and are
+dynamically linked by Android when appropriate. You can build your modules by
+creating <code>Android.mk</code> files for each of your HAL implementations
+and pointing to your source files. In general, your shared libraries must be
+named in a specific format so they can be found and loaded properly. The naming
+scheme varies slightly from module to module, but follows the general pattern
+of: <code><module_type>.<device_name></code>.
+</p>
+
+<p>For details on setting up the build for each HAL, see the HAL-specific
+documentation through the Porting section of this website.</p>
+
+ </body>
+</html>
diff --git a/en/devices/architecture/images/ape_fwk_hal.png b/en/devices/architecture/images/ape_fwk_hal.png
new file mode 100644
index 0000000..0b93119
--- /dev/null
+++ b/en/devices/architecture/images/ape_fwk_hal.png
Binary files differ
diff --git a/en/devices/architecture/images/treble_blog_after.png b/en/devices/architecture/images/treble_blog_after.png
new file mode 100644
index 0000000..c82bc0a
--- /dev/null
+++ b/en/devices/architecture/images/treble_blog_after.png
Binary files differ
diff --git a/en/devices/architecture/images/treble_blog_before.png b/en/devices/architecture/images/treble_blog_before.png
new file mode 100644
index 0000000..47affe2
--- /dev/null
+++ b/en/devices/architecture/images/treble_blog_before.png
Binary files differ
diff --git a/en/devices/architecture/index.html b/en/devices/architecture/index.html
new file mode 100644
index 0000000..a4a415e
--- /dev/null
+++ b/en/devices/architecture/index.html
@@ -0,0 +1,79 @@
+<html devsite>
+ <head>
+ <title>Architecture</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+
+<p>
+Android system architecture contains the following components:
+</p>
+
+<img src="../images/ape_fwk_all.png">
+
+<p class="img-caption"><strong>Figure 1.</strong> Android system architecture</p>
+
+<h2 id="application-framework">Application framework</h2>
+
+<p>The application framework is used most often by application developers. As a
+hardware developer, you should be aware of developer APIs as many map directly
+to the underlying HAL interfaces and can provide helpful information about
+implementing drivers.</p>
+
+<h2 id="binder-ipc">Binder IPC</h2>
+<p>The Binder Inter-Process Communication (IPC) mechanism allows the application
+framework to cross process boundaries and call into the Android system services
+code. This enables high level framework APIs to interact with Android system
+services. At the application framework level, this communication is hidden from
+the developer and things appear to "just work".</p>
+
+<h2 id="system-services">System services</h2>
+<p>System services are modular, focused components such as Window Manager,
+Search Service, or Notification Manager. Functionality exposed by application
+framework APIs communicates with system services to access the underlying
+hardware. Android includes two groups of services: <em>system</em> (such as
+Window Manager and Notification Manager) and <em>media</em> (services involved
+in playing and recording media).</p>
+
+<h2 id="hal">Hardware abstraction layer (HAL)</h2>
+<p>A HAL defines a standard interface for hardware vendors to implement,
+which enables Android to be agnostic about lower-level driver implementations.
+Using a HAL allows you to implement functionality without affecting or modifying
+the higher level system. HAL implementations are packaged into modules and
+loaded by the Android system at the appropriate time. For details, see
+<a href="/devices/architecture/hal.html">Hardware Abstraction Layer (HAL)</a>.
+</p>
+
+<h2 id="Linux-kernel">Linux kernel</h2>
+<p>Developing your device drivers is similar to developing a typical Linux
+device driver. Android uses a version of the Linux kernel with a few special
+additions such as wake locks (a memory management system that is more aggressive
+in preserving memory), the Binder IPC driver, and other features important for a
+mobile embedded platform. These additions are primarily for system functionality
+and do not affect driver development.</p>
+
+<p>You can use any version of the kernel as long as it supports the required
+features (such as the binder driver). However, we recommend using the latest
+version of the Android kernel. For details, see
+<a href="/source/building-kernels.html">Building Kernels</a>.</p>
+
+ </body>
+</html>
diff --git a/en/devices/architecture/treble.html b/en/devices/architecture/treble.html
new file mode 100644
index 0000000..343858d
--- /dev/null
+++ b/en/devices/architecture/treble.html
@@ -0,0 +1,73 @@
+<html devsite>
+ <head>
+ <title>Treble</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+<p>The upcoming Android O release includes Project Treble, a major re-architect
+of the Android OS framework designed to make it easier, faster, and less costly
+for manufacturers to update devices to a new version of Android.</p>
+
+<h2 id=about-treble>Android updates</h2>
+<p>Project Treble separates the vendor implementation (device-specific,
+lower-level software written by silicon manufacturers) from the Android OS
+framework via a new vendor interface.</p>
+
+<p>In Android 7.x and earlier, no formal vendor interface exists so device
+makers must update large portions of the Android code to move a device to a
+newer version of Android:</p>
+
+<img src="images/treble_blog_before.png">
+
+<p class="img-caption"><strong>Figure 1.</strong> Pre-Treble Android update
+environment</p>
+
+<p>With Treble, a new stable vendor interface provides access to the
+hardware-specific parts of Android, enabling device makers to deliver new
+Android releases simply by updating the Android OS framework—without any
+additional work required from the silicon manufacturers:</p>
+
+<img src="images/treble_blog_after.png">
+
+<p class="img-caption"><strong>Figure 2.</strong> Treble Android update
+environment</p>
+
+<h2 id=testing-treble>Testing Treble</h2>
+<p>To ensure forward compatibility of the vendor implementation, the new vendor
+interface will be validated by the Vendor Test Suite (VTS), which is analogous
+to the <a href="/compatibility/cts/">Compatibility Test Suite (CTS)</a>. VTS is
+already launched and can be used to automate HAL and OS kernel testing even in
+pre-Treble environments; for details, see
+<a href="/devices/tech/test_infra/tradefed/fundamentals/vts">Systems Testing
+With VTS</a>.</p>
+
+<h2 id=launching-treble>Coming soon</h2>
+<p>Project Treble is coming to all new devices launching with Android O and
+beyond, and the new architecture is already running on the Developer Preview of
+O for Pixel phones. When Android O launches, we'll have full details here (on
+<a href="https://source.android.com/">source.android.com</a>). In the interim,
+you can find more details on Treble over at the
+<a href="https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html">Android
+Developers Blog</a>.</p>
+
+
+ </body>
+</html>
diff --git a/en/devices/automotive.html b/en/devices/automotive.html
deleted file mode 100644
index d77e564..0000000
--- a/en/devices/automotive.html
+++ /dev/null
@@ -1,295 +0,0 @@
-<html devsite>
- <head>
- <title>Automotive</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-
-<img style="float: right; margin: 0px 15px 15px 15px;"
-src="images/ape_fwk_hal_vehicle.png" alt="Android vehicle HAL icon"/>
-
-<p>Many car subsystems interconnect with each other and the in-vehicle
-infotainment (IVI) system via various bus topologies. The exact bus type and
-protocols vary widely between manufacturers (and even between different vehicle
-models of the same brand); examples include Controller Area Network (CAN) bus,
-Local Interconnect Network (LIN) bus, Media Oriented Systems Transport (MOST),
-as well as automotive-grade Ethernet and TCP/IP networks such as BroadR-Reach.
-</p>
-<p>Android Automotive has a hardware abstraction layer (HAL) that provides a
-consistent interface to the Android framework regardless of physical transport
-layer. This vehicle HAL is the interface for developing Android Automotive
-implementations.</p>
-<p>System integrators can implement a vehicle HAL module by connecting
-function-specific platform HAL interfaces (e.g. HVAC) with technology-specific
-network interfaces (e.g. CAN bus). Typical implementations may include a
-dedicated Microcontroller Unit (MCU) running a proprietary real-time operating
-system (RTOS) for CAN bus access or similar, which may be connected via a serial
-link to the CPU running Android Automotive. Instead of a dedicated MCU, it may
-also be possible to implement the bus access as a virtualized CPU. It is up to
-each partner to choose the architecture suitable for the hardware as long as the
-implementation fulfills the interface requirements for the vehicle HAL.</p>
-
-<h2 id=arch>Architecture</h2>
-<p>The vehicle HAL is the interface definition between the car and the vehicle
-network service:</p>
-
-<img src="images/vehicle_hal_arch.png" alt="Android vehicle HAL architecture">
-<p class="img-caption"><strong>Figure 1</strong>. Vehicle HAL and Android
-automotive architecture</p>
-
-<ul>
-<li><strong>Car API</strong>. Contains the APIs such as CarHvacManager,
-CarSensorManager, and CarCameraManager. For details on all supported APIs,
-refer to <code>/platform/packages/services/Car/car-lib</code>.</li>
-<li><strong>CarService</strong>. Located at
-<code>/platform/packages/services/Car/</code>.</li>
-<li><strong>VehicleNetworkService</strong>. Controls vehicle HAL with built-in
-security. Access restricted to system components only (non-system components
-such as third party apps should use car API instead). OEMs can control access
-using <code>vns_policy.xml</code> and <code>vendor_vns_policy.xml</code>.
-Located at <code>/platform/packages/services/Car/vehicle_network_service/</code>;
-for libraries to access the vehicle network, refer to
-<code>/platform/packages/services/Car/libvehiclenetwork/</code>.</li>
-<li><strong>Vehicle HAL</strong>. Interface that defines the properties OEMs can
-implement and contains property metadata (for example, whether the property is
-an int and which change modes are allowed). Located at
-<code>hardware/libhardware/include/hardware/vehicle.h</code>. For a basic
-reference implementation, refer to
-<code>hardware/libhardware/modules/vehicle/</code>.</li>
-</ul>
-
-<h2 id=prop>Vehicle properties</h2>
-<p>The vehicle HAL interface is based on accessing (read, write, subscribe) a
-property, which is an abstraction for a specific function. Properties can be
-read-only, write-only (used to pass information to vehicle HAL level), or read
-and write. Support of most properties is optional.</p>
-<p>Each property is uniquely identified by an int32 key and has a predefined
-type (<code>value_type</code>):</p>
-
-<ul>
-<li><code>INT32</code> (and array), <code>INT64</code>, <code>BOOLEAN</code>,
-<code>FLOAT</code> (and array), string, bytes.</li>
-<li>Zoned type has zone in addition to value.</li>
-</ul>
-
-<h3 id-=zone_type>Zone types</h3>
-<p>The vehicle HAL defines three zone types:</p>
-<ul>
-<li><code>vehicle_zone</code>: Zone based on rows.</li>
-<li><code>vehicle_seat</code>: Zone based on seats.</li>
-<li><code>vehicle_window</code>: Zone based on windows.</li>
-</ul>
-<p>Each zoned property should use pre-defined zone type. If necessary, you can
-use a custom zone type for each property (for details, see
-<a href=#prop_custom>Handling custom properties</a>).</p>
-
-<h3 id=prop_config>Configuring a property</h3>
-<p>Use <code>vehicle_prop_config_t</code> to provide configuration information
-for each property. Information includes:</p>
-<ul>
-<li><code>access</code> (r, w, rw)</li>
-<li><code>change_mode</code> (represents how property is monitored: on change vs
-continuous)</li>
-<li><code>min_value</code> (int32, float, int64), <code>max_value</code> (int32,
-float, int64)</li>
-<li><code>min_sample_rate</code>, <code>max_sample_rate</code></li>
-<li><code>permission_model</code></li>
-<li><code>prop</code> (Property ID, int)</li>
-<li><code>value_type</code></li>
-<li><code>zone_flags</code> (represents supported zones as bit flags)</li>
-</ul>
-<p>In addition, some properties have specific configuration flags to represent
-capability.</p>
-
-<h2 id=interfaces>HAL interfaces</h2>
-<p>The vehicle HAL uses the following interfaces:</p>
-<ul>
-<li><code>vehicle_prop_config_t const *(*list_properties)(..., int*
-num_properties)</code>. List configuration of all properties supported by the
-vehicle HAL. Only supported properties will be used by vehicle network service.
-</li>
-<li><code>(*get)(..., vehicle_prop_value_t *data)</code>. Read the current value
-of the property. For zoned property, each zone may have different value.</li>
-<li><code>(*set)(..., const vehicle_prop_value_t *data)</code>. Write a value to
-property. Result of write is defined per each property.</li>
-<li><code>(*subscribe)(..., int32_t prop, float sample_rate, int32_t
-zones)</code>.<ul>
-<li>Start monitoring property value's change. For zoned property, subscription
-applies to requested zones. Zones = 0 is used to request all zones supported.
-</li>
-<li>Vehicle HAL should call separate callback when the property's value changes
-(=on change) or in const interval (=continuous type).</ul></li>
-<li><code>(*release_memory_from_get)(struct vehicle_hw_device* device,
-vehicle_prop_value_t *data)</code>. Release memory allocated from get call.</ul>
-</li>
-</ul>
-
-<p>The vehicle HAL uses the following callback interfaces:</p>
-<ul>
-<li><code>(*vehicle_event_callback_fn)(const vehicle_prop_value_t
-*event_data)</code>. Notifies vehicle property's value change. Should be done
-only for subscribed properties.</li>
-<li><code>(*vehicle_error_callback_fn)(int32_t error_code, int32_t property,
-int32_t operation).</code> Return global vehicle HAL level error or error per
-each property. Global error causes HAL restart, which can lead to restarting
-other components, including applications.</li>
-</ul>
-
-<h2 id=zone_prop>Handling zone properties</h2>
-<p>A zoned property is equivalent to a collection of multiple properties where
-each sub property is accessible by specified zone value.</p>
-<ul>
-<li><code>get</code> call for zoned property always includes zone in request, so
-only the current value for the requested zone should be returned.</li>
-<li><code>set</code> call for zoned property always includes zone in request, so
-only the requested zone should be changed.</li>
-<li><code>subscribe</code> call includes flags of all zones subscribed. Events
-from un-subscribed zones should not be reported.</li>
-</ul>
-
-<h3 id=get>Get calls</h3>
-<p>During initialization, the value for the property may not be available yet as
-the matching vehicle network message has not yet been received. In such cases,
-the <code>get</code> call should return <code>-EAGAIN</code>. Some properties
-(such as HVAC) have separate on/off power property. Calling <code>get</code> for
-such a property (when powered off) should return a special value
-<code>(VEHICLE_INT_OUT_OF_RANGE_OFF/VEHICLE_FLOAT_OUT_OF_RANGE_OFF)</code>
-rather than returning an error.</p>
-<p>In addition, some properties (such as HVAC temperature) can have a value to
-indicate it is in max power mode rather than in specific temperature value. In
-such cases, use special values to represent such state.</p>
-<ul>
-<li>VEHICLE_INT_OUT_OF_RANGE_MAX/MIN</li>
-<li>VEHICLE_FLOAT_OUT_OF_RANGE_MAX/MIN</li>
-</ul>
-
-<p>Example: get HVAC Temperature</p>
-<img src="images/vehicle_hvac_get.png" alt="Vehicle HAL get HVAC example">
-<p class="img-caption"><strong>Figure 2</strong>. Get HVAC temperature (CS =
-CarService, VNS = VehicleNetworkService, VHAL = Vehicle HAL)</p>
-
-<h3 id=set>Set calls</h3>
-<p>A <code>set</code> call is an asynchronous operation involving event
-notification after a requested change is made. In a typical operation, a
-<code>set</code> call leads to making a change request across vehicle network.
-When the change is performed by the electronic control unit (ECU) owning the
-property, the updated value is returned through vehicle network and the vehicle
-HAL sends an updated value as an event to vehicle network service (VNS).</p>
-<p>Some <code>set</code> calls may require initial data to be ready but during
-initialization, such data may not be available yet. In such cases, the
-<code>set</code> call should return <code>-EAGAIN</code>. Some properties with
-separate power on /off should return <code>-ESHUTDOWN</code> when the property
-is powered off and set cannot be done.</p>
-<p>Until <code>set</code> is made effective, <code>get</code> does not
-necessarily return the same value as what is set. The exception is a property
-with change mode of <code>VEHICLE_PROP_CHANGE_MODE_ON_SET.</code> This property
-notifies change only when it is set by external component outside Android (for
-example, clock properties such as <code>VEHICLE_PROPERTY_UNIX_TIME</code>).</p>
-
-<p>Example: set HVAC Temperature</p>
-<img src="images/vehicle_hvac_set.png" alt="Vehicle HAL set HVAC example">
-<p class="img-caption"><strong>Figure 3</strong>. Set HVAC temperature (CD =
-CarService, VNS = VehicleNetworkService, VHAL = Vehicle HAL)</p>
-
-<h2 id=prop_custom>Handling custom properties</h2>
-<p>To support partner-specific needs, the vehicle HAL allows custom properties
-that are restricted to system apps. Use the following guidelines when working
-with custom properties:</p>
-<ul>
-<li>Key should be in [<code>VEHICLE_PROPERTY_CUSTOM_START,
-VEHICLE_PROPERTY_CUSTOM_END</code>] range. Other ranges are reserved for future
-extension; using such ranges can cause conflicts in future Android releases.</li>
-<li>Use only defined <code>value_type</code>. BYTES type allows passing raw
-data, so this is enough in most cases. Sending big data frequently through
-custom properties can slow down the whole vehicle network access, so be careful
-when you add a big payload.</li>
-<li>Add access policy into <code>vendor_vns_policy.xml</code> (otherwise, all
-access will be rejected).</li>
-<li>Access via <code>VendorExtensionManager</code> (for Java components) or
-via Vehicle Network Service API (for native). Do not modify other car APIs as it
-can lead to compatibility issues in the future.</li>
-</ul>
-
-<h2 id=prop_hvac>Handling HVAC properties</h2>
-<p>You can use the vehicle HAL to control HVAC by setting HVAC-related
-properties. Most HVAC properties are zoned properties, but a few are non-zoned
-(global) properties. Example properties defined include:</p>
-<ul>
-<li><code>VEHICLE_PROPERTY_HVAC_TEMPERATURE_SET</code> (set temperature per each
-zone).</li>
-<li><code>VEHICLE_PROPERTY_HVAC_RECIRC_ON</code> (control recirculation per each
-zone).</li>
-</ul>
-<p>For full list of HVAC properties, search for
-<code>VEHICLE_PROPERTY_HVAC_*</code> in <code>vehicle.h</code>.</p>
-
-<h2 id=prop_sensor>Handling sensor properties</h2>
-<p>Vehicle HAL sensor properties represent real sensor data or policy
-information such as driving status. Some sensor information (such as driving
-status and day/night mode) is accessible by any app without restriction as the
-data is mandatory to build a safe vehicle application. Other sensor information
-(such as vehicle speed) is more sensitive and requires specific permissions that
-users can manage.</p>
-<p>Supported sensor properties include:</p>
-<ul>
-<li><code>DRIVING_STATUS</code> (should support). Represents allowed operations
-in the current driving state. This information is used to block unsafe
-applications while driving.</li>
-<li><code>NIGHT_MODE</code> (should support). Determines day/night mode of
-display.</li>
-<li><code>GEAR_SELECTION/CURRENT_GEAR</code>. Gear selected by driver vs.
-actual gear.</li>
-<li><code>VEHICLE_SPEED</code>. Vehicle speed. Protected with permission.</li>
-<li><code>ODOMETER</code>. Current odometer reading. Protected with permission.
-</li>
-<li><code>FUEL_LEVEL</code>. Current fuel level in %.</li>
-<li><code>FUEL_LEVEL_LOW</code>. Fuel level is low or not (boolean).</li>
-</ul>
-
-<h2 id=security>Security</h2>
-<p>The vehicle HAL supports three levels of security for accessing data:</p>
-<ul>
-<li>System only (controlled by <code>vns_policy.xml</code>)</li>
-<li>Accessible to app with permission (through car service)</li>
-<li>Accessible without permission (through car service)</li>
-</ul>
-<p>Direct access to vehicle properties is allowed only to selected system
-components with vehicle network service acting as the gatekeeper. Most
-applications go through additional gatekeeping by car service (for example, only
-system applications can control HVAC as it requires system permission granted
-only to system apps).</p>
-
-<h2 id=validation>Validation</h2>
-<p>AOSP includes the following testing resources for use in development:</p>
-<ul>
-<li><code>hardware/libhardware/tests/vehicle/vehicle-hal-tool.c</code>.
-Command-line native tool to load vehicle HAL and do simple operations. Useful
-for getting the system up and running in the early stages of development.</li>
-<li><code>packages/services/Car/tests/carservice_test/</code>. Contains car
-service testing with mocked vehicle HAL properties. For each property, expected
-behavior is implemented in the test. This can be a good starting point to
-understand expected behavior.</li>
-<li><code>hardware/libhardware/modules/vehicle/</code>. A basic reference
-implementation.</li>
-</ul>
-
- </body>
-</html>
diff --git a/en/devices/automotive/index.html b/en/devices/automotive/index.html
new file mode 100644
index 0000000..83a7a6e
--- /dev/null
+++ b/en/devices/automotive/index.html
@@ -0,0 +1,109 @@
+<html devsite>
+ <head>
+ <title>Automotive</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+
+<img style="float: right; margin: 0px 15px 15px 15px;"
+src="../images/ape_fwk_hal_vehicle.png" alt="Android vehicle HAL icon"/>
+
+<p>Many car subsystems interconnect with each other and the in-vehicle
+infotainment (IVI) system via various bus topologies. The exact bus type and
+protocols vary widely between manufacturers (and even between different vehicle
+models of the same brand); examples include Controller Area Network (CAN) bus,
+Local Interconnect Network (LIN) bus, Media Oriented Systems Transport (MOST),
+as well as automotive-grade Ethernet and TCP/IP networks such as BroadR-Reach.
+</p>
+<p>the Android Automotive hardware abstraction layer (HAL) provides a
+consistent interface to the Android framework regardless of physical transport
+layer. This vehicle HAL is the interface for developing Android Automotive
+implementations.</p>
+<p>System integrators can implement a vehicle HAL module by connecting
+function-specific platform HAL interfaces (e.g. HVAC) with technology-specific
+network interfaces (e.g. CAN bus). Typical implementations may include a
+dedicated Microcontroller Unit (MCU) running a proprietary real-time operating
+system (RTOS) for CAN bus access or similar, which may be connected via a serial
+link to the CPU running Android Automotive. Instead of a dedicated MCU, it may
+also be possible to implement the bus access as a virtualized CPU. It is up to
+each partner to choose the architecture suitable for the hardware as long as the
+implementation fulfills the interface requirements for the vehicle HAL.</p>
+
+<h2 id=arch>Architecture</h2>
+<p>The vehicle HAL is the interface definition between the car and the vehicle
+network service:</p>
+
+<img src="../images/vehicle_hal_arch.png" alt="Android vehicle HAL architecture">
+<p class="img-caption"><strong>Figure 1</strong>. Vehicle HAL and Android
+automotive architecture</p>
+
+<ul>
+<li><strong>Car API</strong>. Contains the APIs such as CarHvacManager,
+CarSensorManager, and CarCameraManager. For details on supported APIs,
+refer to <code>/platform/packages/services/Car/car-lib</code>.</li>
+<li><strong>CarService</strong>. Located at
+<code>/platform/packages/services/Car/</code>.</li>
+<li><strong>VehicleNetworkService</strong>. Controls vehicle HAL with built-in
+security. Access restricted to system components only (non-system components
+such as third party apps should use car API instead). OEMs can control access
+using <code>vns_policy.xml</code> and <code>vendor_vns_policy.xml</code>.
+Located at <code>/platform/packages/services/Car/vehicle_network_service/</code>;
+for libraries to access the vehicle network, refer to
+<code>/platform/packages/services/Car/libvehiclenetwork/</code>.</li>
+<li><strong>Vehicle HAL</strong>. Interface that defines the vehicle properties
+OEMs can implement. Contains property metadata (for example, whether the vehicle
+property is an int and which change modes are allowed). Located at
+<code>hardware/libhardware/include/hardware/vehicle.h</code>. For a basic
+reference implementation, refer to
+<code>hardware/libhardware/modules/vehicle/</code>.</li>
+</ul>
+<p>For more details, see <a href="/devices/automotive/properties.html">Vehicle
+Properties</a>.
+
+<h2 id=security>Security</h2>
+<p>The vehicle HAL supports three levels of security for accessing data:</p>
+<ul>
+<li>System only (controlled by <code>vns_policy.xml</code>)</li>
+<li>Accessible to app with permission (through car service)</li>
+<li>Accessible without permission (through car service)</li>
+</ul>
+<p>Direct access to vehicle properties is allowed only to selected system
+components with vehicle network service acting as the gatekeeper. Most
+applications go through additional gatekeeping by car service (for example, only
+system applications can control HVAC as it requires system permission granted
+only to system apps).</p>
+
+<h2 id=validation>Validation</h2>
+<p>AOSP includes the following testing resources for use in development:</p>
+<ul>
+<li><code>hardware/libhardware/tests/vehicle/vehicle-hal-tool.c</code><br>
+Command-line native tool to load vehicle HAL and do simple operations. Useful
+for getting the system up and running in the early stages of development.</li>
+<li><code>packages/services/Car/tests/carservice_test/</code><br>Contains car
+service testing with mocked vehicle HAL properties. For each property, expected
+behavior is implemented in the test. This can be a good starting point to
+understand expected behavior.</li>
+<li><code>hardware/libhardware/modules/vehicle/</code><br>A basic reference
+implementation.</li>
+</ul>
+
+ </body>
+</html>
diff --git a/en/devices/automotive/properties.html b/en/devices/automotive/properties.html
new file mode 100644
index 0000000..5a69ede
--- /dev/null
+++ b/en/devices/automotive/properties.html
@@ -0,0 +1,231 @@
+<html devsite>
+ <head>
+ <title>Vehicle Properties</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+<p>The vehicle HAL interface defines the properties OEMs can implement and
+contains property metadata (for example, whether the property is an int and
+which change modes are allowed). The vehicle HAL interface is based on accessing
+(read, write, subscribe) a property, which is an abstraction for a specific
+function.</p>
+
+<h2 id=interfaces>HAL interfaces</h2>
+<p>The vehicle HAL uses the following interfaces:</p>
+<ul>
+<li><code>vehicle_prop_config_t const *(*list_properties)(..., int*
+num_properties)</code>
+<br>List configuration of all properties supported by the vehicle HAL. Only
+supported properties are used by vehicle network service.
+</li>
+<li><code>(*get)(..., vehicle_prop_value_t *data)</code>
+<br>Read the current value of the property. For zoned property, each zone may
+have different value.</li>
+<li><code>(*set)(..., const vehicle_prop_value_t *data)</code>
+<br>Write a value to property. Result of write is defined per property.</li>
+<li><code>(*subscribe)(..., int32_t prop, float sample_rate, int32_t
+zones)</code>
+<ul>
+<li>Start monitoring a property value change. For zoned property, subscription
+applies to requested zones. Zones = 0 is used to request all zones supported.
+</li>
+<li>Vehicle HAL should call separate callback when the property's value changes
+(=on change) or in const interval (=continuous type).</li>
+</ul></li>
+<li><code>(*release_memory_from_get)(struct vehicle_hw_device* device,
+vehicle_prop_value_t *data)</code>
+<br>Release memory allocated from get call.</li>
+</ul>
+
+<p>The vehicle HAL uses the following callback interfaces:</p>
+<ul>
+<li><code>(*vehicle_event_callback_fn)(const vehicle_prop_value_t
+*event_data)</code>
+<br>Notifies vehicle property's value change. Should be done only for
+subscribed properties.</li>
+<li><code>(*vehicle_error_callback_fn)(int32_t error_code, int32_t property,
+int32_t operation)</code>
+<br>Return global vehicle HAL level error or error per property. Global error
+causes HAL restart, which can lead to restarting other components (including
+applications).</li>
+</ul>
+
+<h2 id=properties>Vehicle properties</h2>
+<p>Properties can be read-only, write-only (used to pass information to vehicle
+HAL level), or read and write (support of most properties is optional). Each
+property is uniquely identified by an int32 key and has a predefined type
+(<code>value_type</code>):</p>
+
+<ul>
+<li><code>INT32</code> (and array), <code>INT64</code>, <code>BOOLEAN</code>,
+<code>FLOAT</code> (and array), string, bytes.</li>
+<li>Zoned type has zone in addition to value.</li>
+</ul>
+
+<h2 id-=zone_type>Zone types</h2>
+<p>The vehicle HAL defines three zone types:</p>
+<ul>
+<li><code>vehicle_zone</code>
+<br>Zone based on rows.</li>
+<li><code>vehicle_seat</code>
+<br>Zone based on seats.</li>
+<li><code>vehicle_window</code>
+<br>Zone based on windows.</li>
+</ul>
+<p>Each zoned property should use pre-defined zone type. If necessary, you can
+use a custom zone type for each property (for details, see
+<a href=#prop_custom>Handling custom properties</a>).</p>
+
+<h2 id=prop_config>Configuring a property</h2>
+<p>Use <code>vehicle_prop_config_t</code> to provide configuration information
+for each property. Information includes:</p>
+<ul>
+<li><code>access</code> (r, w, rw)</li>
+<li><code>change_mode</code> (represents how property is monitored: on change vs
+continuous)</li>
+<li><code>min_value</code> (int32, float, int64), <code>max_value</code> (int32,
+float, int64)</li>
+<li><code>min_sample_rate</code>, <code>max_sample_rate</code></li>
+<li><code>permission_model</code></li>
+<li><code>prop</code> (Property ID, int)</li>
+<li><code>value_type</code></li>
+<li><code>zone_flags</code> (represents supported zones as bit flags)</li>
+</ul>
+<p>In addition, some properties have specific configuration flags to represent
+capability.</p>
+
+<h2 id=zone_prop>Handling zone properties</h2>
+<p>A zoned property is equivalent to a collection of multiple properties where
+each sub property is accessible by specified zone value.</p>
+<ul>
+<li><code>get</code> call for zoned property always includes zone in request, so
+only the current value for the requested zone should be returned.</li>
+<li><code>set</code> call for zoned property always includes zone in request, so
+only the requested zone should be changed.</li>
+<li><code>subscribe</code> call includes flags of all zones subscribed. Events
+from un-subscribed zones should not be reported.</li>
+</ul>
+
+<h3 id=get>Get calls</h3>
+<p>During initialization, the value for the property may not be available yet as
+the matching vehicle network message has not yet been received. In such cases,
+the <code>get</code> call should return <code>-EAGAIN</code>. Some properties
+(such as HVAC) have separate on/off power property. Calling <code>get</code> for
+such a property (when powered off) should return a special value
+<code>(VEHICLE_INT_OUT_OF_RANGE_OFF/VEHICLE_FLOAT_OUT_OF_RANGE_OFF)</code>
+rather than returning an error.</p>
+<p>In addition, some properties (such as HVAC temperature) can have a value to
+indicate it is in max power mode rather than in specific temperature value. In
+such cases, use special values to represent such state.</p>
+<ul>
+<li>VEHICLE_INT_OUT_OF_RANGE_MAX/MIN</li>
+<li>VEHICLE_FLOAT_OUT_OF_RANGE_MAX/MIN</li>
+</ul>
+
+<p>Example: get HVAC Temperature</p>
+<img src="../images/vehicle_hvac_get.png" alt="Vehicle HAL get HVAC example">
+<p class="img-caption"><strong>Figure 1</strong>. Get HVAC temperature (CS =
+CarService, VNS = VehicleNetworkService, VHAL = Vehicle HAL)</p>
+
+<h3 id=set>Set calls</h3>
+<p>A <code>set</code> call is an asynchronous operation involving event
+notification after a requested change is made. In a typical operation, a
+<code>set</code> call leads to making a change request across vehicle network.
+When the change is performed by the electronic control unit (ECU) owning the
+property, the updated value is returned through vehicle network and the vehicle
+HAL sends an updated value as an event to vehicle network service (VNS).</p>
+<p>Some <code>set</code> calls may require initial data to be ready but during
+initialization, such data may not be available yet. In such cases, the
+<code>set</code> call should return <code>-EAGAIN</code>. Some properties with
+separate power on /off should return <code>-ESHUTDOWN</code> when the property
+is powered off and set cannot be done.</p>
+<p>Until <code>set</code> is made effective, <code>get</code> does not
+necessarily return the same value as what is set. The exception is a property
+with change mode of <code>VEHICLE_PROP_CHANGE_MODE_ON_SET.</code> This property
+notifies change only when it is set by external component outside Android (for
+example, clock properties such as <code>VEHICLE_PROPERTY_UNIX_TIME</code>).</p>
+
+<p>Example: set HVAC Temperature</p>
+<img src="../images/vehicle_hvac_set.png" alt="Vehicle HAL set HVAC example">
+<p class="img-caption"><strong>Figure 2</strong>. Set HVAC temperature (CD =
+CarService, VNS = VehicleNetworkService, VHAL = Vehicle HAL)</p>
+
+<h2 id=prop_custom>Handling custom properties</h2>
+<p>To support partner-specific needs, the vehicle HAL allows custom properties
+that are restricted to system apps. Use the following guidelines when working
+with custom properties:</p>
+<ul>
+<li>Key should be in [<code>VEHICLE_PROPERTY_CUSTOM_START,
+VEHICLE_PROPERTY_CUSTOM_END</code>] range. Other ranges are reserved for future
+extension; using such ranges can cause conflicts in future Android releases.</li>
+<li>Use only defined <code>value_type</code>. BYTES type allows passing raw
+data, so this is enough in most cases. Sending big data frequently through
+custom properties can slow down the whole vehicle network access, so be careful
+when you add a big payload.</li>
+<li>Add access policy into <code>vendor_vns_policy.xml</code> (otherwise, all
+access will be rejected).</li>
+<li>Access via <code>VendorExtensionManager</code> (for Java components) or
+via Vehicle Network Service API (for native). Do not modify other car APIs as it
+can lead to compatibility issues in the future.</li>
+</ul>
+
+<h2 id=prop_hvac>Handling HVAC properties</h2>
+<p>You can use the vehicle HAL to control HVAC by setting HVAC-related
+properties. Most HVAC properties are zoned properties, but a few are non-zoned
+(global) properties. Example properties defined include:</p>
+<ul>
+<li><code>VEHICLE_PROPERTY_HVAC_TEMPERATURE_SET</code>
+<br>Set temperature per zone.</li>
+<li><code>VEHICLE_PROPERTY_HVAC_RECIRC_ON</code>
+<br>Control recirculation per zone).</li>
+</ul>
+<p>For full list of HVAC properties, search for
+<code>VEHICLE_PROPERTY_HVAC_*</code> in <code>vehicle.h</code>.</p>
+
+<h2 id=prop_sensor>Handling sensor properties</h2>
+<p>Vehicle HAL sensor properties represent real sensor data or policy
+information such as driving status. Some sensor information (such as driving
+status and day/night mode) is accessible by any app without restriction as the
+data is mandatory to build a safe vehicle application. Other sensor information
+(such as vehicle speed) is more sensitive and requires specific permissions that
+users can manage.</p>
+<p>Supported sensor properties include:</p>
+<ul>
+<li><code>DRIVING_STATUS</code>
+<br>Should support. Represents allowed operations in the current driving state.
+This information is used to block unsafe applications while driving.</li>
+<li><code>NIGHT_MODE</code>
+<br>Should support. Determines day/night mode of display.</li>
+<li><code>GEAR_SELECTION/CURRENT_GEAR</code>
+<br>Gear selected by driver vs. actual gear.</li>
+<li><code>VEHICLE_SPEED</code>
+<br>Vehicle speed. Protected with permission.</li>
+<li><code>ODOMETER</code>
+<br>Current odometer reading. Protected with permission.
+</li>
+<li><code>FUEL_LEVEL</code>
+<br>Current fuel level in %.</li>
+<li><code>FUEL_LEVEL_LOW</code>
+<br>Fuel level is low or not (boolean).</li>
+</ul>
+
+ </body>
+</html>
diff --git a/en/devices/images/ape_fwk_hal.png b/en/devices/images/ape_fwk_hal.png
index 03f27e9..c22b298 100644
--- a/en/devices/images/ape_fwk_hal.png
+++ b/en/devices/images/ape_fwk_hal.png
Binary files differ
diff --git a/en/devices/index.html b/en/devices/index.html
index 49bea63..e6d7b15 100644
--- a/en/devices/index.html
+++ b/en/devices/index.html
@@ -21,190 +21,27 @@
limitations under the License.
-->
-
-
-<p>
-Android gives you the freedom to implement your own device specifications and
+<p>Android gives you the freedom to implement your own device specifications and
drivers. The hardware abstraction layer (HAL) provides a standard method for
creating software hooks between the Android platform stack and your hardware.
The Android operating system is also open source, so you can contribute your own
-interfaces and enhancements.
-</p>
+interfaces and enhancements.</p>
-<p>
-To ensure devices maintain a high level of quality and offer a consistent user
-experience, each device must pass tests in the compatibility test suite (CTS).
-The CTS verifies devices meet a quality standard that ensures apps run reliably
-and users have a good experience. For details on the CTS, see
-<a href="/compatibility/index.html">Compatibility</a>.
-</p>
+<p>Before porting Android to your hardware, take a moment to understand the
+<a href="/devices/architecture/index.html">Android system architecture</a>.
+Because your drivers and the HAL interact with Android, knowing its structure
+can help you navigate the many layers of code in the Android Open Source Project
+(AOSP) source tree. When you are comfortable with the basic Android
+architecture, review the interface-specific documentation in this section to
+learn about specific HALs and how to build them for your device.</p>
-<p>
-Before porting Android to your hardware, take a moment to understand the Android
-system architecture at a high level. Because your drivers and the HAL interact
-with Android, knowing how Android works can help you navigate the many layers of
-code in the Android Open Source Project (AOSP) source tree.
-</p>
-
-<img src="images/ape_fwk_all.png">
-
-<p class="img-caption"><strong>Figure 1.</strong> Android System Architecture</p>
-
-<h2 id="Application-framework">Application framework</h2>
-<p>
-The application framework is used most often by application developers. As a
-hardware developer, you should be aware of developer APIs as many map directly
-to the underlying HAL interfaces and can provide helpful information about
-implementing drivers.
-</p>
-
-<h2 id="Binder-IPC">Binder IPC</h2>
-<p>
-The Binder Inter-Process Communication (IPC) mechanism allows the application
-framework to cross process boundaries and call into the Android system services
-code. This enables high level framework APIs to interact with Android system
-services. At the application framework level, this communication is hidden from
-the developer and things appear to "just work."
-</p>
-
-<h2 id="System-services">System services</h2>
-<p>
-Functionality exposed by application framework APIs communicates with system
-services to access the underlying hardware. Services are modular, focused
-components such as Window Manager, Search Service, or Notification Manager.
-Android includes two groups of services: <em>system</em> (services such as
-Window Manager and Notification Manager) and <em>media</em> (services involved
-in playing and recording media).
-</p>
-
-<h2 id="Hardware-Abstraction-Layer">Hardware abstraction layer (HAL)</h2>
-<p>
-The hardware abstraction layer (HAL) defines a standard interface for hardware
-vendors to implement and allows Android to be agnostic about lower-level driver
-implementations. The HAL allows you to implement functionality without
-affecting or modifying the higher level system. HAL implementations are
-packaged into modules (<code>.so</code>) file and loaded by the Android system
-at the appropriate time.
-</p>
-
-<img src="images/ape_fwk_hal.png">
-
-<p class="img-caption"><strong>Figure 2.</strong> Hardware abstraction layer
-(HAL) components</p>
-
-<p>
-You must implement the corresponding HAL (and driver) for the specific hardware
-your product provides. HAL implementations are typically built into shared
-library modules (<code>.so</code> files). Android does not mandate a standard
-interaction between your HAL implementation and your device drivers, so you have
-free reign to do what is best for your situation. However, to enable the Android
-system to correctly interact with your hardware, you <strong>must</strong> abide
-by the contract defined in each hardware-specific HAL interface.
-</p>
-
-<h3 id="structure">Standard HAL structure</h3>
-<p>
- Each hardware-specific HAL interface has properties that are defined in
- <code>hardware/libhardware/include/hardware/hardware.h</code>, which
- guarantee that HALs have a predictable structure.
- This interface allows the Android system to load the correct versions of your
- HAL modules in a consistent way. There are two general components
- that a HAL interface consists of: a module and a device.
-</p>
-<p>
- A module represents your packaged HAL implementation, which is stored as a shared library (<code>.so file</code>). It contains
- metadata such as the version, name, and author of the module, which helps Android find and load it correctly. The
- <code>hardware/libhardware/include/hardware/hardware.h</code> header file defines a
- struct, <code>hw_module_t</code>, that represents a module and contains information such as
- the module version, author, and name.</p>
-
- <p>In addition, the <code>hw_module_t</code> struct contains
- a pointer to another struct, <code>hw_module_methods_t</code>, that contains a pointer to
- an "open" function for the module. This open function is used to initiate communication with
- the hardware that the HAL is serving as an abstraction for. Each hardware-specific HAL usually
- extends the generic <code>hw_module_t</code> struct with additional information
- for that specific piece of hardware. For example in the camera HAL, the <code>camera_module_t</code> struct
- contains a <code>hw_module_t</code> struct along with other camera-specific function pointers:
-</p>
-
-<pre class="devsite-click-to-copy">
-typedef struct camera_module {
- hw_module_t common;
- int (*get_number_of_cameras)(void);
- int (*get_camera_info)(int camera_id, struct camera_info *info);
-} camera_module_t;
-</pre>
-
-<p>When you implement a HAL and create the module struct, you must name it
- <code>HAL_MODULE_INFO_SYM</code>. For instance, here is an example from the Nexus 9 audio HAL:</p>
-
-<pre class="devsite-click-to-copy">
-struct audio_module HAL_MODULE_INFO_SYM = {
- .common = {
- .tag = HARDWARE_MODULE_TAG,
- .module_api_version = AUDIO_MODULE_API_VERSION_0_1,
- .hal_api_version = HARDWARE_HAL_API_VERSION,
- .id = AUDIO_HARDWARE_MODULE_ID,
- .name = "NVIDIA Tegra Audio HAL",
- .author = "The Android Open Source Project",
- .methods = &hal_module_methods,
- },
-};
-</pre>
-<p>
- A device abstracts the actual hardware of your product. For example, an audio module can contain
- a primary audio device, a USB audio device, or a Bluetooth A2DP audio device. A device
- is represented by the <code>hw_device_t</code> struct. Like a module, each type of device
- defines a more-detailed version of the generic <code>hw_device_t</code> that contains
- function pointers for specific features of the hardware. For example, the
- <code>audio_hw_device_t</code> struct type contains function pointers to audio device operations:
-</p>
-
-<pre class="devsite-click-to-copy">
-struct audio_hw_device {
- struct hw_device_t common;
-
- /**
- * used by audio flinger to enumerate what devices are supported by
- * each audio_hw_device implementation.
- *
- * Return value is a bitmask of 1 or more values of audio_devices_t
- */
- uint32_t (*get_supported_devices)(const struct audio_hw_device *dev);
- ...
-};
-typedef struct audio_hw_device audio_hw_device_t;
-</pre>
-
-<p>
- In addition to these standard properties, each hardware-specific HAL interface can define more of its
- own features and requirements. See the <a href="/reference/hal/">HAL reference documentation</a>
- as well as the individual instructions for each HAL for more information on how to implement a specific interface.
-</p>
-
-<h3 id="modules">HAL modules</h3>
-<p>HAL implementations are built into modules (<code>.so</code>) files and are dynamically linked by Android when appropriate.
- You can build your modules by creating <code>Android.mk</code> files for each of your HAL implementations
- and pointing to your source files. In general, your shared libraries must be named in a certain format, so that
- they can be found and loaded properly. The naming scheme varies slightly from module to module, but they follow
- the general pattern of: <code><module_type>.<device_name></code>.</p>
-
- <p>For more information about setting up the build for each HAL, see its respective documentation.</p>
-
-<h2 id="Linux-kernel">Linux kernel</h2>
-<p>
-Developing your device drivers is similar to developing a typical Linux device
-driver. Android uses a version of the Linux kernel with a few special additions
-such as wake locks (a memory management system that is more aggressive in
-preserving memory), the Binder IPC driver, and other features important for a
-mobile embedded platform. These additions are primarily for system functionality
-and do not affect driver development.
-
-<p>
-You can use any version of the kernel as long as it supports the required
-features (such as the binder driver). However, we recommend using the latest
-version of the Android kernel. For details on the latest Android kernel, see <a href="/source/building-kernels.html" >Building Kernels</a>.
-</p>
+<p>To maintain a high level of quality and offer a consistent user experience,
+Android requires that all implementations meet the requirements stated in the
+<a href="/compatibility/cdd.html">Compatibility Definition Document (CDD)</a>
+and that all devices pass tests in the
+<a href="/compatibility/cts.html">Compatibility Test Suite (CTS)</a>. For
+details on the Android compatibility program, see
+<a href="/compatibility/index.html">Compatibility</a>.</p>
</body>
</html>
diff --git a/en/devices/input/diagnostics.html b/en/devices/input/diagnostics.html
deleted file mode 100644
index 160ceae..0000000
--- a/en/devices/input/diagnostics.html
+++ /dev/null
@@ -1,495 +0,0 @@
-<html devsite>
- <head>
- <title>Dumpsys Input Diagnostics</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-
-<p>The <code>dumpsys</code> input command dumps the state of the
-system’s input devices, such as keyboards and touchscreens, and the
-processing of input events.</p>
-
-<h2 id="input">Input</h2>
-<p>To dump the input system’s state, run the following command:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell dumpsys input
-</pre>
-
-<h2 id="output">Output</h2>
-
-<p>The set of information reported varies depending on the version of Android
-but consists of three sections:</p>
-
-<ul>
- <li> Event Hub State
- <li> Input Reader State
- <li> Input Dispatcher State
-</ul>
-
-<h3 id="event_hub_state">Event Hub State</h3>
-
-<pre class="devsite-click-to-copy">
-INPUT MANAGER (dumpsys input)
-
-Event Hub State:
- BuiltInKeyboardId: -2
- Devices:
- -1: Virtual
- Classes: 0x40000023
- Path: <virtual>
- Descriptor: a718a782d34bc767f4689c232d64d527998ea7fd
- Location:
- ControllerNumber: 0
- UniqueId: <virtual>
- Identifier: bus=0x0000, vendor=0x0000, product=0x0000, version=0x0000
- KeyLayoutFile: /system/usr/keylayout/Generic.kl
- KeyCharacterMapFile: /system/usr/keychars/Virtual.kcm
- ConfigurationFile:
- HaveKeyboardLayoutOverlay: false
- 1: msm8974-taiko-mtp-snd-card Headset Jack
- Classes: 0x00000080
- Path: /dev/input/event5
- Descriptor: c8e3782483b4837ead6602e20483c46ff801112c
- Location: ALSA
- ControllerNumber: 0
- UniqueId:
- Identifier: bus=0x0000, vendor=0x0000, product=0x0000, version=0x0000
- KeyLayoutFile:
- KeyCharacterMapFile:
- ConfigurationFile:
- HaveKeyboardLayoutOverlay: false
- 2: msm8974-taiko-mtp-snd-card Button Jack
- Classes: 0x00000001
- Path: /dev/input/event4
- Descriptor: 96fe62b244c555351ec576b282232e787fb42bab
- Location: ALSA
- ControllerNumber: 0
- UniqueId:
- Identifier: bus=0x0000, vendor=0x0000, product=0x0000, version=0x0000
- KeyLayoutFile: /system/usr/keylayout/msm8974-taiko-mtp-snd-card_Button_Jack.kl
- KeyCharacterMapFile: /system/usr/keychars/msm8974-taiko-mtp-snd-card_Button_Jack.kcm
- ConfigurationFile:
- HaveKeyboardLayoutOverlay: false
- 3: hs_detect
- Classes: 0x00000081
- Path: /dev/input/event3
- Descriptor: 485d69228e24f5e46da1598745890b214130dbc4
- Location:
- ControllerNumber: 0
- UniqueId:
- Identifier: bus=0x0000, vendor=0x0001, product=0x0001, version=0x0001
- KeyLayoutFile: /system/usr/keylayout/hs_detect.kl
- KeyCharacterMapFile: /system/usr/keychars/hs_detect.kcm
- ConfigurationFile:
- HaveKeyboardLayoutOverlay: false
- 4: touch_dev
- Classes: 0x00000014
- Path: /dev/input/event1
- Descriptor: 4e2720e99bd2b59adae8529881343531fff7c98e
- Location:
- ControllerNumber: 0
- UniqueId:
- Identifier: bus=0x0000, vendor=0x0000, product=0x0000, version=0x0000
- KeyLayoutFile:
- KeyCharacterMapFile:
- ConfigurationFile: /system/usr/idc/touch_dev.idc
- HaveKeyboardLayoutOverlay: false
- 5: qpnp_pon
- Classes: 0x00000001
- Path: /dev/input/event0
- Descriptor: fb60d4f4370f5dbe8267b63d38dea852987571ab
- Location: qpnp_pon/input0
- ControllerNumber: 0
- UniqueId:
- Identifier: bus=0x0000, vendor=0x0000, product=0x0000, version=0x0000
- KeyLayoutFile: /system/usr/keylayout/qpnp_pon.kl
- KeyCharacterMapFile: /system/usr/keychars/qpnp_pon.kcm
- ConfigurationFile:
- HaveKeyboardLayoutOverlay: false
- 6: gpio-keys
- Classes: 0x00000081
- Path: /dev/input/event2
- Descriptor: d2c52ff0f656fac4cd7b7a118d575e0109a9fe1c
- Location: gpio-keys/input0
- ControllerNumber: 0
- UniqueId:
- Identifier: bus=0x0019, vendor=0x0001, product=0x0001, version=0x0100
- KeyLayoutFile: /system/usr/keylayout/gpio-keys.kl
- KeyCharacterMapFile: /system/usr/keychars/gpio-keys.kcm
- ConfigurationFile:
- HaveKeyboardLayoutOverlay: false
-</code></pre>
-
-<h4 id="things-to-look-for">Things to check</h4>
-
-<ul>
- <li> All of the expected input devices are present.</li>
-
- <li> Each input device has an appropriate key layout file, key character map
- file and input device configuration file. If the files are missing or contain
- syntax errors, then they will not be loaded.</li>
-
- <li> Each input device is being classified correctly. The bits in the
- <code>Classes</code> field correspond to flags in <code>EventHub.h</code> such
- as <code>INPUT_DEVICE_CLASS_TOUCH_MT</code>.</li>
-
- <li> The <code>BuiltInKeyboardId</code> is correct. If the device does not
- have a built-in keyboard, then the id must be <code>-2</code>, otherwise it
- should be the id of the built-in keyboard.</li>
-
- <li>If you observe that the <code>BuiltInKeyboardId</code> is not
- <code>-2</code> but it should be, then you are missing a key character map file
- for a special function keypad somewhere. Special function keypad devices
- should have key character map files that contain just the line <code>type
- SPECIAL_FUNCTION</code> (that's what in the <code>tuna-gpio-keykad.kcm</code>
- file we see mentioned above).</li>
-</ul>
-
-<h3 id="input-reader-state">Input Reader State</h3>
-<p>The <code>InputReader</code> is responsible for decoding input events from the kernel.
-Its state dump shows information about how each input device is configured
-and recent state changes that have occurred, such as key presses or touches on
-the touch screen.</p>
-
-<p>As an example, this is what a special function keypad looks like:</p>
-
-<pre class="devsite-click-to-copy">
-Input Reader State
-...
- Device 3: tuna-gpio-keypad
- IsExternal: false
- Sources: 0x00000101
- KeyboardType: 1
- Keyboard Input Mapper:
- Parameters:
- AssociatedDisplayId: -1
- OrientationAware: false
- KeyboardType: 1
- Orientation: 0
- KeyDowns: 0 keys currently down
- MetaState: 0x0
- DownTime: 75816923828000
-</pre>
-
-<p>Here is a touch screen. Notice all of the information about the resolution of
-the device and the calibration parameters that were used.</p>
-
-<pre class="devsite-click-to-copy">
-Input Reader State
-...
- Device 6: Melfas MMSxxx Touchscreen
- IsExternal: false
- Sources: 0x00001002
- KeyboardType: 0
- Motion Ranges:
- X: source=0x00001002, min=0.000, max=719.001, flat=0.000, fuzz=0.999
- Y: source=0x00001002, min=0.000, max=1279.001, flat=0.000, fuzz=0.999
- PRESSURE: source=0x00001002, min=0.000, max=1.000, flat=0.000, fuzz=0.000
- SIZE: source=0x00001002, min=0.000, max=1.000, flat=0.000, fuzz=0.000
- TOUCH_MAJOR: source=0x00001002, min=0.000, max=1468.605, flat=0.000, fuzz=0.000
- TOUCH_MINOR: source=0x00001002, min=0.000, max=1468.605, flat=0.000, fuzz=0.000
- TOOL_MAJOR: source=0x00001002, min=0.000, max=1468.605, flat=0.000, fuzz=0.000
- TOOL_MINOR: source=0x00001002, min=0.000, max=1468.605, flat=0.000, fuzz=0.000
- Touch Input Mapper:
- Parameters:
- GestureMode: spots
- DeviceType: touchScreen
- AssociatedDisplay: id=0, isExternal=false
- OrientationAware: true
- Raw Touch Axes:
- X: min=0, max=720, flat=0, fuzz=0, resolution=0
- Y: min=0, max=1280, flat=0, fuzz=0, resolution=0
- Pressure: min=0, max=255, flat=0, fuzz=0, resolution=0
- TouchMajor: min=0, max=30, flat=0, fuzz=0, resolution=0
- TouchMinor: unknown range
- ToolMajor: unknown range
- ToolMinor: unknown range
- Orientation: unknown range
- Distance: unknown range
- TiltX: unknown range
- TiltY: unknown range
- TrackingId: min=0, max=65535, flat=0, fuzz=0, resolution=0
- Slot: min=0, max=9, flat=0, fuzz=0, resolution=0
- Calibration:
- touch.size.calibration: diameter
- touch.size.scale: 10.000
- touch.size.bias: 0.000
- touch.size.isSummed: false
- touch.pressure.calibration: amplitude
- touch.pressure.scale: 0.005
- touch.orientation.calibration: none
- touch.distance.calibration: none
- SurfaceWidth: 720px
- SurfaceHeight: 1280px
- SurfaceOrientation: 0
- Translation and Scaling Factors:
- XScale: 0.999
- YScale: 0.999
- XPrecision: 1.001
- YPrecision: 1.001
- GeometricScale: 0.999
- PressureScale: 0.005
- SizeScale: 0.033
- OrientationCenter: 0.000
- OrientationScale: 0.000
- DistanceScale: 0.000
- HaveTilt: false
- TiltXCenter: 0.000
- TiltXScale: 0.000
- TiltYCenter: 0.000
- TiltYScale: 0.000
- Last Button State: 0x00000000
- Last Raw Touch: pointerCount=0
- Last Cooked Touch: pointerCount=0
-</pre>
-
-<p>Here is an external keyboard / mouse combo HID device. (This device doesn't actually
-have a mouse but its HID descriptor says it does.)</p>
-
-<pre class="devsite-click-to-copy">
- Device 7: Motorola Bluetooth Wireless Keyboard
- IsExternal: true
- Sources: 0x00002103
- KeyboardType: 2
- Motion Ranges:
- X: source=0x00002002, min=0.000, max=719.000, flat=0.000, fuzz=0.000
- Y: source=0x00002002, min=0.000, max=1279.000, flat=0.000, fuzz=0.000
- PRESSURE: source=0x00002002, min=0.000, max=1.000, flat=0.000, fuzz=0.000
- VSCROLL: source=0x00002002, min=-1.000, max=1.000, flat=0.000, fuzz=0.000
- Keyboard Input Mapper:
- Parameters:
- AssociatedDisplayId: -1
- OrientationAware: false
- KeyboardType: 2
- Orientation: 0
- KeyDowns: 0 keys currently down
- MetaState: 0x0
- DownTime: 75868832946000
- Cursor Input Mapper:
- Parameters:
- AssociatedDisplayId: 0
- Mode: pointer
- OrientationAware: false
- XScale: 1.000
- YScale: 1.000
- XPrecision: 1.000
- YPrecision: 1.000
- HaveVWheel: true
- HaveHWheel: false
- VWheelScale: 1.000
- HWheelScale: 1.000
- Orientation: 0
- ButtonState: 0x00000000
- Down: false
- DownTime: 0
-</pre>
-<p>Here is a joystick. Notice how all of the axes have been scaled to a normalized
-range. The axis mapping can be configured using key layout files.</p>
-<pre class="devsite-click-to-copy">
-Device 18: Logitech Logitech Cordless RumblePad 2
- IsExternal: true
- Sources: 0x01000511
- KeyboardType: 1
- Motion Ranges:
- X: source=0x01000010, min=-1.000, max=1.000, flat=0.118, fuzz=0.000
- Y: source=0x01000010, min=-1.000, max=1.000, flat=0.118, fuzz=0.000
- Z: source=0x01000010, min=-1.000, max=1.000, flat=0.118, fuzz=0.000
- RZ: source=0x01000010, min=-1.000, max=1.000, flat=0.118, fuzz=0.000
- HAT_X: source=0x01000010, min=-1.000, max=1.000, flat=0.000, fuzz=0.000
- HAT_Y: source=0x01000010, min=-1.000, max=1.000, flat=0.000, fuzz=0.000
- Keyboard Input Mapper:
- Parameters:
- AssociatedDisplayId: -1
- OrientationAware: false
- KeyboardType: 1
- Orientation: 0
- KeyDowns: 0 keys currently down
- MetaState: 0x0
- DownTime: 675270841000
- Joystick Input Mapper:
- Axes:
- X: min=-1.00000, max=1.00000, flat=0.11765, fuzz=0.00000
- scale=0.00784, offset=-1.00000, highScale=0.00784, highOffset=-1.00000
- rawAxis=0, rawMin=0, rawMax=255, rawFlat=15, rawFuzz=0, rawResolution=0
- Y: min=-1.00000, max=1.00000, flat=0.11765, fuzz=0.00000
- scale=0.00784, offset=-1.00000, highScale=0.00784, highOffset=-1.00000
- rawAxis=1, rawMin=0, rawMax=255, rawFlat=15, rawFuzz=0, rawResolution=0
- Z: min=-1.00000, max=1.00000, flat=0.11765, fuzz=0.00000
- scale=0.00784, offset=-1.00000, highScale=0.00784, highOffset=-1.00000
- rawAxis=2, rawMin=0, rawMax=255, rawFlat=15, rawFuzz=0, rawResolution=0
- RZ: min=-1.00000, max=1.00000, flat=0.11765, fuzz=0.00000
- scale=0.00784, offset=-1.00000, highScale=0.00784, highOffset=-1.00000
- rawAxis=5, rawMin=0, rawMax=255, rawFlat=15, rawFuzz=0, rawResolution=0
- HAT_X: min=-1.00000, max=1.00000, flat=0.00000, fuzz=0.00000
- scale=1.00000, offset=0.00000, highScale=1.00000, highOffset=0.00000
- rawAxis=16, rawMin=-1, rawMax=1, rawFlat=0, rawFuzz=0, rawResolution=0
- HAT_Y: min=-1.00000, max=1.00000, flat=0.00000, fuzz=0.00000
- scale=1.00000, offset=0.00000, highScale=1.00000, highOffset=0.00000
- rawAxis=17, rawMin=-1, rawMax=1, rawFlat=0, rawFuzz=0, rawResolution=0
-</pre>
-<p>At the end of the input reader dump there is some information about global configuration
-parameters such as the mouse pointer speed.</p>
-<pre class="devsite-click-to-copy">
- Configuration:
- ExcludedDeviceNames: []
- VirtualKeyQuietTime: 0.0ms
- PointerVelocityControlParameters: scale=1.000, lowThreshold=500.000, highThreshold=3000.000, acceleration=3.000
- WheelVelocityControlParameters: scale=1.000, lowThreshold=15.000, highThreshold=50.000, acceleration=4.000
- PointerGesture:
- Enabled: true
- QuietInterval: 100.0ms
- DragMinSwitchSpeed: 50.0px/s
- TapInterval: 150.0ms
- TapDragInterval: 300.0ms
- TapSlop: 20.0px
- MultitouchSettleInterval: 100.0ms
- MultitouchMinDistance: 15.0px
- SwipeTransitionAngleCosine: 0.3
- SwipeMaxWidthRatio: 0.2
- MovementSpeedRatio: 0.8
- ZoomSpeedRatio: 0.3
-</pre>
-<h4 id="things-to-look-for_1">Things To Look For</h4>
-<ol>
-<li>
-<p>All of the expected input devices are present.</p>
-</li>
-<li>
-<p>Each input device has been configured appropriately. Especially check the
- touch screen and joystick axes.</p>
-</li>
-</ol>
-<h3 id="input-dispatcher-state">Input Dispatcher State</h3>
-<p>The <code>InputDispatcher</code> is responsible for sending input events to applications.
-Its state dump shows information about which window is being touched, the
-state of the input queue, whether an ANR is in progress, and so on.</p>
-<pre class="devsite-click-to-copy">
-Input Dispatcher State:
- DispatchEnabled: 1
- DispatchFrozen: 0
- FocusedApplication: <null>
- FocusedWindow: name='Window{3fb06dc3 u0 StatusBar}'
- TouchStates: <no displays touched>
- Windows:
- 0: name='Window{357bbbfe u0 SearchPanel}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=false, canReceiveKeys=false, flags=0x01820100, type=0x000007e8, layer=211000, frame=[0,0][1080,1920], scale=1.000000, touchableRegion=[0,0][1080,1920], inputFeatures=0x00000000, ownerPid=22674, ownerUid=10020, dispatchingTimeout=5000.000ms
- 1: name='Window{3b14c0ca u0 NavigationBar}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=false, canReceiveKeys=false, flags=0x01840068, type=0x000007e3, layer=201000, frame=[0,1776][1080,1920], scale=1.000000, touchableRegion=[0,1776][1080,1920], inputFeatures=0x00000000, ownerPid=22674, ownerUid=10020, dispatchingTimeout=5000.000ms
- 2: name='Window{2c7e849c u0 com.vito.lux}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=true, canReceiveKeys=false, flags=0x0089031a, type=0x000007d6, layer=191000, frame=[-495,-147][1575,1923], scale=1.000000, touchableRegion=[-495,-147][1575,1923], inputFeatures=0x00000000, ownerPid=4697, ownerUid=10084, dispatchingTimeout=5000.000ms
- 3: name='Window{31c9f22 u0 Heads Up}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=false, canReceiveKeys=false, flags=0x01820328, type=0x000007de, layer=161000, frame=[0,0][1794,750], scale=1.000000, touchableRegion=[0,0][1794,192], inputFeatures=0x00000000, ownerPid=22674, ownerUid=10020, dispatchingTimeout=5000.000ms
- 4: name='Window{3fb06dc3 u0 StatusBar}', displayId=0, paused=false, hasFocus=true, hasWallpaper=false, visible=true, canReceiveKeys=true, flags=0x81960040, type=0x000007d0, layer=151000, frame=[0,0][1080,1920], scale=1.000000, touchableRegion=[0,0][1080,1920], inputFeatures=0x00000004, ownerPid=22674, ownerUid=10020, dispatchingTimeout=5000.000ms
- 5: name='Window{278c1d65 u0 KeyguardScrim}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=false, canReceiveKeys=false, flags=0x01110900, type=0x000007ed, layer=131000, frame=[0,0][1080,1776], scale=1.000000, touchableRegion=[0,0][1080,1776], inputFeatures=0x00000000, ownerPid=745, ownerUid=1000, dispatchingTimeout=5000.000ms
- 6: name='Window{869f213 u0 com.android.systemui.ImageWallpaper}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=true, canReceiveKeys=false, flags=0x00000318, type=0x000007dd, layer=21025, frame=[0,0][2328,1920], scale=1.000000, touchableRegion=[0,0][2328,1920], inputFeatures=0x00000000, ownerPid=22674, ownerUid=10020, dispatchingTimeout=5000.000ms
- 7: name='Window{16ab6320 u0 InputMethod}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=false, canReceiveKeys=false, flags=0x01800108, type=0x000007db, layer=21020, frame=[0,75][1080,1920], scale=1.000000, touchableRegion=[0,986][1080,1920], inputFeatures=0x00000000, ownerPid=8409, ownerUid=10056, dispatchingTimeout=5000.000ms
- 8: name='Window{cf4ff0b u0 com.google.android.googlequicksearchbox/com.google.android.launcher.GEL}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=false, canReceiveKeys=false, flags=0x81910120, type=0x00000001, layer=21015, frame=[0,0][1080,1920], scale=1.000000, touchableRegion=[0,0][1080,1920], inputFeatures=0x00000000, ownerPid=14722, ownerUid=10022, dispatchingTimeout=5000.000ms
- 9: name='Window{1a7be08a u0 com.android.systemui/com.android.systemui.recents.RecentsActivity EXITING}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=false, canReceiveKeys=false, flags=0x81910120, type=0x00000001, layer=21010, frame=[0,0][1080,1920], scale=1.000000, touchableRegion=[0,0][1080,1920], inputFeatures=0x00000000, ownerPid=22674, ownerUid=10020, dispatchingTimeout=5000.000ms
- 10: name='Window{2280455f u0 com.google.android.gm/com.google.android.gm.ConversationListActivityGmail}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=false, canReceiveKeys=false, flags=0x81810120, type=0x00000001, layer=21005, frame=[0,0][1080,1920], scale=1.000000, touchableRegion=[0,0][1080,1920], inputFeatures=0x00000000, ownerPid=9897, ownerUid=10070, dispatchingTimeout=5000.000ms
- 11: name='Window{657fee5 u0 com.mobilityware.freecell/com.mobilityware.freecell.FreeCell}', displayId=0, paused=false, hasFocus=false, hasWallpaper=false, visible=false, canReceiveKeys=false, flags=0x01810520, type=0x00000001, layer=21000, frame=[0,0][1080,1776], scale=1.000000, touchableRegion=[0,0][1080,1920], inputFeatures=0x00000000, ownerPid=3189, ownerUid=10085, dispatchingTimeout=5000.000ms
- MonitoringChannels:
- 0: 'WindowManager (server)'
- RecentQueue: length=10
- MotionEvent(deviceId=4, source=0x00001002, action=2, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (335.0, 1465.0)]), policyFlags=0x62000000, age=217264.0ms
- MotionEvent(deviceId=4, source=0x00001002, action=1, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (335.0, 1465.0)]), policyFlags=0x62000000, age=217255.7ms
- MotionEvent(deviceId=4, source=0x00001002, action=0, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (330.0, 1283.0)]), policyFlags=0x62000000, age=216805.0ms
- MotionEvent(deviceId=4, source=0x00001002, action=2, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (330.0, 1287.0)]), policyFlags=0x62000000, age=216788.3ms
- MotionEvent(deviceId=4, source=0x00001002, action=2, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (331.0, 1297.0)]), policyFlags=0x62000000, age=216780.0ms
- MotionEvent(deviceId=4, source=0x00001002, action=2, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (332.0, 1316.0)]), policyFlags=0x62000000, age=216771.6ms
- MotionEvent(deviceId=4, source=0x00001002, action=2, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (333.0, 1340.0)]), policyFlags=0x62000000, age=216763.3ms
- MotionEvent(deviceId=4, source=0x00001002, action=2, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (333.0, 1362.0)]), policyFlags=0x62000000, age=216755.0ms
- MotionEvent(deviceId=4, source=0x00001002, action=2, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (332.0, 1384.0)]), policyFlags=0x62000000, age=216747.2ms
- MotionEvent(deviceId=4, source=0x00001002, action=1, flags=0x00000000, metaState=0x00000000, buttonState=0x00000000, edgeFlags=0x00000000, xPrecision=1.0, yPrecision=1.0, displayId=0, pointers=[0: (332.0, 1384.0)]), policyFlags=0x62000000, age=216738.9ms
- PendingEvent: <none>
- InboundQueue: <empty>
- ReplacedKeys: <empty>
- Connections:
- 0: channelName='WindowManager (server)', windowName='monitor', status=NORMAL, monitor=true, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 1: channelName='278c1d65 KeyguardScrim (server)', windowName='Window{278c1d65 u0 KeyguardScrim}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 2: channelName='357bbbfe SearchPanel (server)', windowName='Window{357bbbfe u0 SearchPanel}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 3: channelName='869f213 com.android.systemui.ImageWallpaper (server)', windowName='Window{869f213 u0 com.android.systemui.ImageWallpaper}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 4: channelName='3fb06dc3 StatusBar (server)', windowName='Window{3fb06dc3 u0 StatusBar}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 5: channelName='2c7e849c (server)', windowName='Window{2c7e849c u0 com.vito.lux}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 6: channelName='cf4ff0b com.google.android.googlequicksearchbox/com.google.android.launcher.GEL (server)', windowName='Window{cf4ff0b
-u0 com.google.android.googlequicksearchbox/com.google.android.launcher.GEL}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 7: channelName='2280455f com.google.android.gm/com.google.android.gm.ConversationListActivityGmail (server)', windowName='Window{2280455f u0 com.google.android.gm/com.google.android.gm.ConversationListActivityGmail}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 8: channelName='1a7be08a com.android.systemui/com.android.systemui.recents.RecentsActivity (server)', windowName='Window{1a7be08a u0 com.android.systemui/com.android.systemui.recents.RecentsActivity EXITING}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 9: channelName='3b14c0ca NavigationBar (server)', windowName='Window{3b14c0ca u0 NavigationBar}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 10: channelName='16ab6320 InputMethod (server)', windowName='Window{16ab6320 u0 InputMethod}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 11: channelName='657fee5 com.mobilityware.freecell/com.mobilityware.freecell.FreeCell (server)', windowName='Window{657fee5 u0 com.mobilityware.freecell/com.mobilityware.freecell.FreeCell}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 12: channelName='31c9f22 Heads Up (server)', windowName='Window{31c9f22 u0 Heads Up}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- AppSwitch: not pending
- 7: channelName='2280455f com.google.android.gm/com.google.android.gm.ConversationListActivityGmail (server)', windowName='Window{2280455f u0 com.google.android.gm/com.google.android.gm.ConversationListActivityGmail}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 8: channelName='1a7be08a com.android.systemui/com.android.systemui.recents.RecentsActivity (server)', windowName='Window{1a7be08a u0 com.android.systemui/com.android.systemui.recents.RecentsActivity EXITING}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 9: channelName='3b14c0ca NavigationBar (server)', windowName='Window{3b14c0ca u0 NavigationBar}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 10: channelName='16ab6320 InputMethod (server)', windowName='Window{16ab6320 u0 InputMethod}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 11: channelName='657fee5 com.mobilityware.freecell/com.mobilityware.freecell.FreeCell (server)', windowName='Window{657fee5 u0 com.mobilityware.freecell/com.mobilityware.freecell.FreeCell}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- 12: channelName='31c9f22 Heads Up (server)', windowName='Window{31c9f22 u0 Heads Up}', status=NORMAL, monitor=false, inputPublisherBlocked=false
- OutboundQueue: <empty>
- WaitQueue: <empty>
- AppSwitch: not pending
- Configuration:
- KeyRepeatDelay: 50.0ms
- KeyRepeatTimeout: 500.0ms
-</pre>
-<h4 id="things-to-look-for_2">Things To Look For</h4>
-<ol>
- <li> In general, all input events are being processed as expected. </li>
- <li> If you touch the touch screen and run dumpsys at the same time,
- then the <code>TouchStates</code> line should show the window that
- you are touching. </li>
-</ol>
-
-
- </body>
-</html>
diff --git a/en/devices/input/migration-guide.html b/en/devices/input/migration-guide.html
index 4ddc827..6f50f00 100644
--- a/en/devices/input/migration-guide.html
+++ b/en/devices/input/migration-guide.html
@@ -44,8 +44,9 @@
function input devices. These files should simple contain a line to set
the keyboard type to <code>SPECIAL_FUNCTION</code>.</p>
<p>A good way to ensure that all built-in input devices are appropriately configured
-is to run <a href="dumpsys.html">Dumpsys</a> and look for devices that
-are inappropriately using <code>Generic.kcm</code>.</p>
+is to run <a
+ href="https://developer.android.com/studio/command-line/dumpsys.html">Dumpsys</a>
+and look for devices that are inappropriately using <code>Generic.kcm</code>.</p>
<h2 id="migrating-to-android-honeycomb-32">Migrating to Android Honeycomb 3.2</h2>
<p>In Honeycomb 3.2, we added support for joysticks and extended the key layout file
format to enable joystick axis mapping.</p>
diff --git a/en/devices/storage/adoptable.html b/en/devices/storage/adoptable.html
index 7bef04d..7d16762 100644
--- a/en/devices/storage/adoptable.html
+++ b/en/devices/storage/adoptable.html
@@ -28,10 +28,16 @@
these accessories were historically limited to simple file storage, due to
their expected impermanence and the minimal data protection offered to
<a href="/devices/storage/traditional.html">traditional external storage</a>.
-Android 6.0 introduces the ability to
+Android 6.0 introduced the ability to
<a href="http://developer.android.com/about/versions/marshmallow/android-6.0.html#adoptable-storage">adopt</a>
external storage media to act like internal storage.</p>
+<p class="warning"><strong>Warning:</strong> <a
+href="/security/encryption/file-based.html">File-based encryption</a> cannot
+currently be used together with adoptable storage. On devices using file-based
+encryption, new storage media (such as an SD card) must be used as <a
+href="/devices/storage/traditional.html">traditional storage</a>.</p>
+
<p>When external storage media is adopted, it’s formatted and encrypted to only
work with a single Android device at a time. Because the media is strongly tied
to the Android device that adopted it, it can safely store both apps and
diff --git a/en/devices/tech/dalvik/configure.html b/en/devices/tech/dalvik/configure.html
index 2018b9c..b6868f7 100644
--- a/en/devices/tech/dalvik/configure.html
+++ b/en/devices/tech/dalvik/configure.html
@@ -24,9 +24,8 @@
<p>This page discusses how to configure ART and its compilation options. Topics addressed here
-include configuration of pre-compilation of the system image, dex2oat compilation options at
-first boot (and post-OTA), and how to trade off system partition space, data partition space,
-and performance.</p>
+include configuration of pre-compilation of the system image, dex2oat compilation options,
+and how to trade off system partition space, data partition space, and performance.</p>
<p>See <a href="http://source.android.com/devices/tech/dalvik/index.html">ART
and Dalvik</a>, the <a
@@ -39,105 +38,105 @@
<h2 id=how_art_works>How ART works</h2>
-<p>ART is the new Android runtime for the Android 5.0 (Lollipop or L) release and
-beyond. Dalvik is no longer available. </p>
+<p>ART uses ahead-of-time (AOT) compilation, and starting in Android 7.0
+(Nougat or N), it uses a hybrid combination of AOT, just-in-time (JIT)
+compilation, and profile-guided compilation. The combination of all these
+compilation modes is configurable and will be discussed in this section. As an
+example, Pixel devices are configured with the following compilation flow:</p>
+<ol>
+<li>An application is initially installed without any AOT compilation. The
+ first few times the application runs, it will be interpreted, and methods
+ frequently executed will be JIT compiled.</li>
+<li>When the device is idle and charging, a compilation daemon runs to
+ AOT-compile frequently used code based on a profile generated during the
+ first runs.</li>
+<li>The next restart of an application will use the profile-guided code and
+ avoid doing JIT compilation at runtime for methods already compiled. Methods
+ that get JIT-compiled during the new runs will be added to the profile, which
+ will then be picked up by the compilation daemon.</li>
+</ol>
-<p>Please note, this section merely summarizes ART’s configuration. For an
-in-depth description, see the <a
-href="https://www.google.com/events/io/io14videos/b750c8da-aebe-e311-b297-00155d5066d7">Android
-runtime</a> presentation conducted at Google I/O 2014. </p>
-
-<p>ART uses ahead-of-time (AOT) compilation. This means that, at installation, dex
-code is compiled to native code in OAT files, which replace Dalvik’s odex
-files. This has several implications:</p>
-
+<p>ART comprises a compiler (the <code>dex2oat</code> tool) and a runtime
+(<code>libart.so</code>) that is loaded for starting the Zygote. The
+<code>dex2oat</code> tool takes an APK file and generates one or more
+compilation artifact files that the runtime loads. The number of files, their
+extensions, and names are subject to change across releases, but as of the
+Android O release, the files being generated are:</p>
<ul>
- <li> Performance is improved over Dalvik. There is also a commensurate improvement
-in power consumption measured in the lab.
- <li> There is no runtime code cache. The OAT files are mapped to memory (and are
-thus page-able). The RAM memory footprint for OAT files might seem larger in
-terms of Proportional Set Size (PSS, or the memory shared across processes
-divided evenly between the processes). But because they are pageable we have
-found the system impact is improved in terms of real memory pressure effects as
-the Dalvik JIT cache was not pageable.
- <li> Similar to preloaded classes in the zygote, ART attempts to pre-initialize a
-set of classes at compile time. This creates a ‘boot.art’ file that comprises
-an image of the compacted heap of pre-initialized classes and related objects.
-This file is mapped into memory upon zygote startup. While this consumes
-additional storage (typically 10MB), it speeds zygote startup and creates
-opportunities for the system to swap out some preloaded classes under memory
-pressure. This also contributes to improved <a
-href="http://source.android.com/devices/tech/config/low-ram.html">low-RAM</a> performance
-for ART, since in Dalvik much of this class information would have
-been stored in dirty pages in the linear alloc space.
- <li> Dex file compilation uses a tool called dex2oat and takes more time than
-dexopt. The increase in time varies, but 2-3x increases in compile time are not
-unusual. For example, apps that typically take a second to install using dexopt
-might take 2-3 seconds.
- <li> OAT files are larger than odex files if full compilation is enabled. We discuss
-options to mitigate this cost later in this document.
+<li><code>.vdex</code>: contains the uncompressed DEX code of the
+ APK, with some additional metadata to speed up verification.</li>
+<li><code>.odex</code>: contains AOT compiled code for methods in the
+ APK.</li>
+<li><code>.art (optional)</code>: contains ART internal
+ representations of some strings and classes listed in the APK, used to speed
+ application startup. </li>
</ul>
<h2 id=compilation_options>Compilation options</h2>
-<p>Dex file compilation takes more time than dexopt, which can be noticeable when
-all of a user’s apps must be compiled during first boot (after factory reset or
-after receiving an OTA). To reduce the amount of compilation needed, ART
-supports the option of pre-optimizing libraries and applications in the system
-partition. Including the pre-optimized dex files takes space in the system
-image, so these options trade first boot time for system image size. Note that
-OTAs are relatively infrequent and subsequent boot times should be the same
-with or without pre-optimization.</p>
+<p>Compilation options for ART are of two categories:
+<ol>
+<li>System ROM configuration: what code gets AOT-compiled when building a
+ system image.</li>
+<li>Runtime configuration: how ART compiles and runs applications on a
+ device.</li>
+</ol>
+</p>
-<h3 id=undefined>WITH_DEXPREOPT</h3>
+<p>One core ART option to configure these two categories is <em>compiler
+filters</em>. Compiler filters drive how ART compiles DEX code and is an
+option passed to the <code>dex2oat</code> tool. Starting in Android O, there
+are four officially supported filters:</p>
+<ul>
+<li><em>verify</em>: only run DEX code verification.</li>
+<li><em>quicken</em>: run DEX code verification and optimize some DEX
+ instructions to get better interpreter performance.</li>
+<li><em>speed</em>: run DEX code verification and AOT-compile all methods.</li>
+<li><em>speed-profile</em>: run DEX code verification and AOT-compile methods
+ listed in a profile file.</li>
+</ul>
-<p>Pre-optimization is controlled by the build option
-<code>WITH_DEXPREOPT</code>. Before the L release, this was enabled by default
-in “user” builds. Starting in L, this option is opt-in and needs to be enabled
-in the product configuration such as a device’s BoardConfig.mk file.</p>
+<h3 id=system_rom>System ROM configuration</h3>
-<p>Enabling <code>WITH_DEXPREOPT</code> causes everything in the system image to be
-pre-optimized. If this makes the system image too large, additional options can
-be specified to reduce the amount of pre-optimization. Note that all the
-following build options with “PREOPT” in the name must have <code>WITH_DEXPREOPT</code>
-enabled to work.</p>
+<p>There are a number of ART build options available for configuring a system
+ROM. How to configure these options depends on the available storage space for
+<code>/system</code> and the number of pre-installed applications. The
+JARs/APKs that are compiled into a system ROM can be divided in four
+categories:</p>
+<ul>
+<li>Boot classpath code: compiled with the <em>speed</em> compiler filter by
+ default.</li>
+<li>System server code: compiled with the <em>speed</em> compiler filter by
+ default.</li>
+<li>Product-specific core applications: compiled with the <em>speed</em>
+ compiler filter by default.</li>
+<li>All other applications: compiled with the <em>quicken</em> compiler filter
+ by default.</li>
+</ul>
-<p>Example usage (in product’s BoardConfig.mk):</p>
+<h4 id=build_options>Makefile options</h4>
+<ul>
-<pre class="devsite-click-to-copy">WITH_DEXPREOPT := true</pre>
+<li><code>WITH_DEXPREOPT</code></li>
+<p>
+Whether <code>dex2oat</code> is invoked on DEX code installed on the system image. Enabled by default.
+</p>
-<h3 id=dont_dexpreopt_prebuilts>DONT_DEXPREOPT_PREBUILTS</h3>
+<li><code>DONT_DEXPREOPT_PREBUILTS</code> (since Android 5.0)</li>
+<p>
+Enabling <code>DONT_DEXPREOPT_PREBUILTS</code> prevents the prebuilts from being
+pre-optimized. These are apps that have <code>include $(BUILD_PREBUILT)</code>
+specified in their <code>Android.mk</code>, such as Gmail. Skipping
+pre-optimization of prebuilt apps that are likely to be updated via Google Play
+saves <code>/system</code> space but does add to first boot time.
+</p>
-<p>Enabling <code>DONT_DEXPREOPT_PREBUILTS</code> prevents the prebuilts from being
-pre-optimized. These are apps that have <code>include $(BUILD_PREBUILT)</code> specified
-in their Android.mk, such as Gmail. Skipping pre-optimization of prebuilt apps
-that are likely to be updated via Google Play saves /system space but does add
-to first boot time.</p>
+<li><code>WITH_DEXPREOPT_BOOT_IMG_ONLY</code></li>
-<p>Example usage (in product’s BoardConfig.mk):</p>
+<p>Enabling <code>WITH_DEXPREOPT_BOOT_IMG_ONLY</code> pre-optimizes only the
+boot classpath.
-<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-DONT_DEXPREOPT_PREBUILTS := true
-</pre>
-
-<h3 id=with_dexpreopt_boot_img_only>WITH_DEXPREOPT_BOOT_IMG_ONLY</h3>
-
-<p>Enabling <code>WITH_DEXPREOPT_BOOT_IMG_ONLY</code> only pre-optimizes the
-boot image, which consists of boot.art with the image classes and boot.oat with
-code for the boot classpath. Enabling this saves significant /system space but
-means all apps will be optimized at first boot. Typically it is better to
-selectively disable app pre-optimization via
-<code>DONT_DEXPREOPT_PREBUILTS</code> or add-product-dex-preopt-module-config.</p>
-
-<p>Example usage (in product’s BoardConfig.mk):</p>
-
-<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-WITH_DEXPREOPT_BOOT_IMG_ONLY := true
-</pre>
-
-<h3 id=local_dex_preopt>LOCAL_DEX_PREOPT</h3>
+<li><code>LOCAL_DEX_PREOPT</code></li>
<p>Pre-optimization can also be enabled or disabled on an individual app basis by
specifying the <code>LOCAL_DEX_PREOPT</code> option in the module definition.
@@ -148,84 +147,69 @@
data partition.</p>
<p><code>LOCAL_DEX_PREOPT</code> supports the values ‘true’ or ‘false’ to
-enable or disable pre-optimization respectively. In addition, ‘nostripping’ can
-be specified if pre-optimization should not strip the classes.dex file from the
-apk or jar file. Normally this file is stripped since it’s no longer needed
-after pre-optimization, but this last option is necessary to allow third-party
-APK signatures to remain valid.</p>
+enable or disable pre-optimization, respectively. In addition, ‘nostripping’ can
+be specified if pre-optimization should not strip the <code>classes.dex</code>
+file from the APK or JAR file. Normally this file is stripped since it’s no
+longer needed after pre-optimization, but this last option is necessary to
+allow third-party APK signatures to remain valid.</p>
-<p>Example usage (in app’s Android.mk):</p>
+<li><code>PRODUCT_DEX_PREOPT_BOOT_FLAGS</code></li>
+<p>
+Passes options to <code>dex2oat</code> to control how the boot image is
+compiled. It can be used to specify customized image classes lists, compiled
+classes lists, and compiler filters.
+</p>
-<pre class="devsite-click-to-copy">
-LOCAL_DEX_PREOPT := false
-</pre>
+<li><code>PRODUCT_DEX_PREOPT_DEFAULT_FLAGS</code></li>
+<p>
+Passes options to <code>dex2oat</code> to control how everything besides the
+boot image is compiled.
+</p>
-<h3 id=product_dex_preopt_*>PRODUCT_DEX_PREOPT_*</h3>
+<li><code>PRODUCT_DEX_PREOPT_MODULE_CONFIGS</code></li>
+<p>
+Provides the ability to pass <code>dex2oat</code> options for a particular
+module and product configuration. It is set in a product’s
+<code>device.mk</code> file by <code>$(call add-product-dex-preopt-module-config,<modules>,<option>)</code>
+where <code><modules></code> is a list of LOCAL_MODULE and LOCAL_PACKAGE names
+for JAR and APK files, respectively.
+</p>
-<p>Beginning post-L release in the Android Open Source Project (AOSP), a number of
-flags have been added that give further control to how pre-optimization is
-done. <code>PRODUCT_DEX_PREOPT_BOOT_FLAGS</code> passes options to dex2oat to control how
-the boot image is compiled. It can be used to specify customized image classes
-lists, compiled classes lists, and compiler filters, all of which are described
-in later sections. Similarly, <code>PRODUCT_DEX_PREOPT_DEFAULT_FLAGS</code>
-controls default flags to pass to dex2oat for compilation of everything besides
-the boot image, namely jar and apk files.</p>
+<li><code>PRODUCT_DEXPREOPT_SPEED_APPS (New in Android O)</code></li>
+<p>
+List of applications that have been identified as core to the products and
+which are desirable to compile with the <em>speed</em> compiler filter. For
+example, persistent apps such as SystemUI get a chance to use
+profile-guided compilation only at the next reboot, so it may be better for the
+product to have these apps always AOT-compiled.
+</p>
-<p><code>PRODUCT_DEX_PREOPT_MODULE_CONFIGS</code> provides the ability to pass
-dex2oat options for a particular module and product configuration. It is set in
-a product’s device.mk file by <code>$(call
-add-product-dex-preopt-module-config,<modules>,<option>)</code>
-where <modules> is a list of <code>LOCAL_MODULE</code> and
-<code>LOCAL_PACKAGE</code> names for jar and apk files respectively. Through
-this flag, it is possible to have fine-grained control of pre-optimization for
-each dex file and a specific device. Such tuning allows /system space to be
-maximally used to improve first boot time.</p>
+<li><code>PRODUCT_SYSTEM_SERVER_APPS (New in Android O)</code></li>
+<p>
+List of applications that are loaded by the system server. These applications
+will be compiled by default with the <em>speed</em> compiler filter.
+</p>
-<p>Example usage (in product’s device.mk):</p>
+<li><code>WITH_DEXPREOPT_PIC (Removed in Android O)</code></li>
-<pre class="devsite-click-to-copy">
-PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := --compiler-filter=interpret-only
-$(call add-product-dex-preopt-module-config,services,--compiler-filter=space)
-</pre>
+<p>In Android 5.1.0 through Android 6.0.1, <code>WITH_DEXPREOPT_PIC</code> can
+be specified to enable position-independent code (PIC). With this, compiled
+code from the image doesn’t have to be relocated from /system into
+/data/dalvik-cache, saving space in the data partition. However, there is a
+slight runtime impact because it disables an optimization that takes advantage
+of position-dependent code. Typically, devices wanting to save space in /data
+should enable PIC compilation.</p>
-<p>These flags can also be used to selectively disable pre-optimization of a
-particular module or package by specifying <code>$(call
-add-product-dex-preopt-module-config,<modules>,disable)</code> in a
-product's device.mk file.</p>
+<p>In Android 7.0, PIC compilation was enabled by default.</p>
-<p>Example usage (in product’s device.mk):</p>
+</ul>
-<pre class="devsite-click-to-copy">
-$(call add-product-dex-preopt-module-config,Calculator,disable)
-</pre>
-<h2 id=other_odex>First boot installation of DEX_PREOPT files</h2>
-<p>Starting in Android 7.0, devices may use two system partitions to enable
-<a href="/devices/tech/ota/ab_updates.html">A/B system updates</a>.
-To allow use of DEX_PREOPT while keeping the size of system partitions down and allowing
-performant first boot, the preopted files can be installed in the unused second system
-partition. They are then copied to the data partition on first boot.</p>
+<h4 id=boot_classpath>Boot classpath configuration</h4>
-<p>Example usage (in device-common.mk):</p>
-
-<pre class="devsite-click-to-copy">
-PRODUCT_PACKAGES += \
- cppreopts.sh
-PRODUCT_PROPERTY_OVERRIDES += \
- ro.cp_system_other_odex=1
-</pre>
-
-<p>And in device's BoardConfig.mk:</p>
-<pre class="devsite-click-to-copy">
-BOARD_USES_SYSTEM_OTHER_ODEX := true
-</pre>
-
-<p>See <a href="/devices/tech/ota/ab_updates.html#compilation">App
-compilation in background</a> to optionally include the compilation script and
-binaries in the system image.</p>
-
-<h2 id=preloaded_classes_list>Preloaded Classes List</h2>
+<ul>
+<li>Preloaded Classes List</li>
<p>The preloaded classes list is a list of classes the zygote will initialize on
startup. This saves each app from having to run these class initializers
@@ -244,10 +228,10 @@
</pre>
<p class="note"><strong>Note:</strong> This line must be placed before
-inheriting any product configuration makefiles that get the default one from
-build/target/product/base.mk.</p>
+inheriting any product configuration makefiles that get the default one from:
+<code>build/target/product/base.mk</code></p>
-<h2 id=image_classes_list>Image Classes List</h2>
+<li>Image Classes List</li>
<p>The image classes list is a list of classes that dex2oat initializes ahead of
time and stores in the boot.art file. This allows the zygote to load these
@@ -256,16 +240,19 @@
pages loaded from the image and shared between processes can be clean, allowing
them to be swapped out easily in low-memory situations. In L, by default the
image classes list uses the same list as the preloaded classes list. Beginning
-post-L in AOSP, a custom image classes list can be specified using
-<code>PRODUCT_DEX_PREOPT_BOOT_FLAGS</code>.</p>
+post-L in AOSP, a custom image classes list can be specified using:</p>
-<p>Example usage (in product’s device.mk):</p>
+<pre class="devsite-click-to-copy">
+PRODUCT_DEX_PREOPT_BOOT_FLAGS
+</pre>
+
+<p>Example use (in product’s <code>device.mk</code>):</p>
<pre class="devsite-click-to-copy">
PRODUCT_DEX_PREOPT_BOOT_FLAGS += --image-classes=<filename>
</pre>
-<h2 id=compiled_classes_list>Compiled Classes List</h2>
+<li>Compiled Classes List</li>
<p>In post-L AOSP, a subset of classes from the boot classpath can be specified to
be compiled during pre-optimization using the compiled classes list. This can
@@ -275,93 +262,104 @@
potentially affecting runtime performance. By default, dex2oat will look for a
compiled classes list in $OUT/system/etc/compiled-classes, so a custom one can
be copied to that location by the device.mk. A particular file location can
-also be specified using <code>PRODUCT_DEX_PREOPT_BOOT_FLAGS</code>.</p>
+also be specified using:
-<p>Example usage (in product’s device.mk):</p>
+<pre class="devsite-click-to-copy">
+PRODUCT_DEX_PREOPT_BOOT_FLAGS
+</pre>
+
+<p>Example usage (in product’s <code>device.mk</code>):</p>
<pre class="devsite-click-to-copy">
PRODUCT_COPY_FILES += <filename>:system/etc/compiled-classes
</pre>
<p class="note"><strong>Note:</strong> This line must be placed before
-inheriting any product configuration makefiles that get the default one from
-build/target/product/base.mk.</p>
-
-<h2 id=compiler_filters>Compiler Filters</h2>
-
-<p>In L, dex2oat takes a variety of --compiler-filter options to control how it
-compiles. Passing in a compiler filter flag for a particular app specifies how
-it’s pre-optimized. Here’s a description of each available option:</p>
-
-<ul>
- <li><em>everything</em> - compiles almost everything, excluding class initializers and some rare
-methods that are too large to be represented by the compiler’s internal
-representation.
- <li><em>speed</em> - compiles most methods and maximizes runtime performance, which is the
-default option.
- <li><em>speed-profile</em> - compiles methods passed from a profile file
- through the <em>--profile-file</em> option or <em>--profile-file-fd</em> option.
- <li><em>balanced</em> - attempts to get the best performance return on compilation investment.
- <li><em>space</em> - compiles a limited number of methods, prioritizing storage space.
- <li><em>interpret-only</em> - skips all compilation and relies on the interpreter to run code.
- <li><em>verify-profile</em> - skips all compilation and only performs verification of methods passed
- from a profile file through the <em>--profile-file</em> option or <em>--profile-file-fd</em> option.
- <li><em>verify-none</em> - special option that skips verification and compilation, should be used only
-for trusted system code.
+inheriting any product configuration makefiles that get the default one from:
+<code>build/target/product/base.mk</code></p>
</ul>
-<h2 id=with_dexpreopt_pic>WITH_DEXPREOPT_PIC</h2>
+<h3 id=runtime_configuration>Runtime configuration</h3>
-<p>In Android 5.1.0 through Android 6.0.1, <code>WITH_DEXPREOPT_PIC</code> can
-be specified to enable position-independent code (PIC). With this, compiled
-code from the image doesn’t have to be relocated from /system into
-/data/dalvik-cache, saving space in the data partition. However, there is a
-slight runtime impact because it disables an optimization that takes advantage
-of position-dependent code. Typically, devices wanting to save space in /data
-should enable PIC compilation.</p>
+<h4 id=undefined>Jit options</h4>
-<p>Example usage (in product’s device.mk):</p>
+<p>The following options affect Android releases only where the ART JIT compiler
+is available.</p>
-<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-WITH_DEXPREOPT_PIC := true
-</pre>
+<ul>
+<li>dalvik.vm.usejit: whether or not the JIT is enabled.</li>
+<li>dalvik.vm.jitinitialsize (default 64K): the initial capacity
+of the code cache. The code cache will regularly GC and increase if needed.
+<li>dalvik.vm.jitmaxsize (default 64M): the maximum capacity of the code cache.
+<li>dalvik.vm.jitthreshold: (default 10000) - This
+is the threshold that the "hotness" counter of a method needs to pass in order
+for the method to be JIT compiled. The "hotness" counter is a metric internal
+to the runtime. It includes the number of calls, backward branches, and other
+factors.
+<li>dalvik.vm.usejitprofiles: whether or not
+JIT profiles are enabled; this may be used even if dalvik.vm.usejit is false.
+Note that if this is false, the compiler filter <em>speed-profile</em> does
+not AOT-compile any method and is equivalent to <em>quicken</em>.
+<li>dalvik.vm.jitprithreadweight (default to
+dalvik.vm.jitthreshold / 20) - The weight of the JIT "samples"
+(see jitthreshold) for the application UI thread. Use to speed up compilation
+of methods that directly affect users experience when interacting with the
+app.
+<li>dalvik.vm.jittransitionweight: (default to dalvik.vm.jitthreshold / 10)
+the weight of the method
+invocation that transitions between compile code and interpreter. This helps
+make sure the methods involved are compiled to minimize transitions (which are
+expensive).
+</li>
+</ul>
-<p>Starting in Android 7.0, PIC compilation is enabled by default.</p>
+<h4 id=undefined>Package manager options</h4>
-<h2 id=with_art_small_mode>WITH_ART_SMALL_MODE</h2>
+<p>
+Since Android 7.0, there's a generic way to specify the level of
+compilation/verification that happened at various stages.
+The compilation levels can be configured via system properties
+with the defaults being:
+</p>
-<p>For devices with very limited space, <code>WITH_ART_SMALL_MODE</code> can be
-enabled. This option compiles the boot classpath and nothing else, greatly
-reducing first boot time since most compilation is skipped. It also saves on
-storage because there is no compiled code for apps. However, this impacts
-runtime performance since app code has to be interpreted. The impact is limited
-since most performance sensitive code in the framework is still compiled, but
-regressions may appear in benchmarking.</p>
+<ul>
+<li>pm.dexopt.install=quicken</li>
+<p>This is the compilation filter used when installing applications through Google
+Play. For faster installs, try the <em>quicken</em> compiler filter.
+</p>
+<li>pm.dexopt.bg-dexopt=speed-profile</li>
+<p>
+This is the compilation filter used when the device is idle, charging and
+fully charged. Try the <em>speed-profile</em> compiler filter
+to take advantage of profile-guided compilation and save on storage.
+</p>
+<li>pm.dexopt.boot=verify</li>
+<p>
+The compilation filter used after an over-the-air update. We
+<strong>strongly</strong> recommend the <em>verify</em> compiler filter for this
+option to avoid very long boot times.
+</p>
+<li>pm.dexopt.first-boot=quicken<li>
+<p>
+The compilation filter for the first time the device ever boots. The filter
+used here will only affect the boot time after factory. We recommend the filter
+<em>quicken</em> for it to avoid long times before a user gets to
+use the phone for the very first time. Note that if all applications in
+<code>/system</code> are already compiled with the <em>quicken</em> compiler
+filter or are compiled with the <em>speed</em> or <em>speed-profile</em>
+compiler filter, the <code>pm.dexopt.first-boot</code> has no effect.
+</p>
-<p>Example usage (in product’s device.mk):</p>
+</ul>
-<pre class="devsite-click-to-copy">
-WITH_ART_SMALL_MODE := true
-</pre>
+<h4 id=undefined>Dex2oat options</h4>
-<p>In future releases, this build option will be removed since it can be done with
-this (in product’s device.mk):</p>
-<pre class="devsite-click-to-copy">
-PRODUCT_PROPERTY_OVERRIDES += \
- dalvik.vm.dex2oat-filter=interpret-only \
- dalvik.vm.image-dex2oat-filter=speed
-</pre>
-
-<h2 id=dalvik_vm_properties>dalvik.vm Properties</h2>
-
-<p>Most dalvik.vm properties in ART are similar to Dalvik, but there are a few
-additional ones as described below. Note that these options affect dex2oat
+<p>Note that these options affect <code>dex2oat</code>
during on-device compilation as well as during pre-optimization, whereas most
of the options discussed above affect only pre-optimization.</p>
-<p>To control dex2oat while it’s compiling the boot image:</p>
+<p>To control <code>dex2oat</code> while it’s compiling the boot image:</p>
<ul>
<li>dalvik.vm.image-dex2oat-Xms: initial heap size
@@ -370,7 +368,7 @@
<li>dalvik.vm.image-dex2oat-threads: number of threads to use
</ul>
-<p>To control dex2oat while it’s compiling everything besides the boot image:</p>
+<p>To control <code>dex2oat</code> while it’s compiling everything besides the boot image:</p>
<ul>
<li>dalvik.vm.dex2oat-Xms: initial heap size
@@ -398,125 +396,65 @@
<li>dalvik.vm.dex2oat-swap: use dex2oat swap file (for low-memory devices)
</ul>
-<p>The options that control initial and maximum heap size for dex2oat should not
-be reduced since they could limit what applications can be compiled.</p>
+<p>The options that control initial and maximum heap size for
+<code>dex2oat</code> should not be reduced since they could limit what
+applications can be compiled.</p>
-<h2 id=sample_usage>Sample Usage</h2>
+<h2 id=other_odex>A/B specific configuration</h2>
-<p>The goal of these compiler options is to utilize available space in the system
-and data partition to reduce the amount of dex2oat that must be performed by
-the device. </p>
+<h3 id=undefined>ROM configuration</h3>
-<p>For devices with ample system and data space, enabling dex pre-optimization is
-all that is necessary.
+<p>Starting in Android 7.0, devices may use two system partitions to enable
+<a href="/devices/tech/ota/ab_updates.html">A/B system updates</a>.
+To save on the system partition size, the preopted files can be installed in
+the unused second system partition. They are then copied to the data partition
+on first boot.</p>
-<p>BoardConfig.mk:</p>
+<p>Example usage (in <code>device-common.mk</code>):</p>
<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
+PRODUCT_PACKAGES += \
+ cppreopts.sh
+PRODUCT_PROPERTY_OVERRIDES += \
+ ro.cp_system_other_odex=1
</pre>
-<p>If this causes the system image to become too large, the next thing to try is
-disabling pre-optimization of the prebuilts.
-
-<p>BoardConfig.mk:</p>
+<p>And in device's <code>BoardConfig.mk</code>:</p>
<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-DONT_DEXPREOPT_PREBUILTS := true
+BOARD_USES_SYSTEM_OTHER_ODEX := true
</pre>
-<p>Again, if the system image is still too large, try pre-optimizing only the boot
-image.
-
-<p>BoardConfig.mk:</p>
+<p>
+Note that boot classpath code, system server code, and product-specific core
+applications always compile to the system partition. By default, all other
+applications get compiled to the unused second system partition. This can be
+controlled with the <code>SYSTEM_OTHER_ODEX_FILTER</code>, which has a value by
+default of:</p>
<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-WITH_DEXPREOPT_BOOT_IMG_ONLY := true
+SYSTEM_OTHER_ODEX_FILTER ?= app/% priv-app/%
</pre>
-<p>However, limiting to pre-optimizing only the boot-image means all apps will
-have to be optimized on first boot. In order to avoid this, it is possible to
-combine these high level flags with more fine-grained controls to maximize the
-amount of pre-optimized apps.</p>
+<h3 id=undefined>Background dexopt OTA</h3>
-<p>For instance, if disabling the pre-optimization of the prebuilts almost fits
-into the system partition, compiling the boot classpath with the ‘space’ option
-may make it fit. Note this compiles fewer methods in the boot classpath,
-potentially interpreting more code and impacting runtime performance.
-
-<p>BoardConfig.mk:</p>
-
+<p>With A/B enabled devices, applications can be compiled in the background for
+updating to the new system image. See <a
+href="/devices/tech/ota/ab_updates.html#compilation">App compilation in
+background</a> to optionally include the compilation script and
+binaries in the system image. The compilation filter used for this compilation
+is controlled with:</p>
<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-DONT_DEXPREOPT_PREBUILTS := true
+pm.dexopt.ab-ota=speed-profile
</pre>
-<p>device.mk:</p>
+<p>
+We recommend using <em>speed-profile</em> to take advantage of profile guided
+compilation and save on storage.
+</p>
-<pre class="devsite-click-to-copy">
-PRODUCT_DEX_PREOPT_BOOT_FLAGS := --compiler-filter=space
-</pre>
-<p>If a device has very limited system partition space, it’s possible to compile a
-subset of classes in the boot classpath using the compiled classes list. Boot
-classpath methods that aren’t in this list will have to be interpreted, which
-could affect runtime performance.
-<p>BoardConfig.mk:</p>
-
-<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-WITH_DEXPREOPT_BOOT_IMG_ONLY := true
-</pre>
-
-<p>device.mk:</p>
-
-<pre class="devsite-click-to-copy">
-PRODUCT_COPY_FILES += <filename>:system/etc/compiled-classes
-</pre>
-
-<p>If a device has both limited space in the system and data partitions, compiler
-filter flags can be used to disable compilation of certain apps. This will save
-space in both system and data, as there won’t be any compiled code, but these
-apps will have to be interpreted. This example configuration would pre-optimize
-the boot classpath but prevent compilation of other apps that are not
-prebuilts. However, to prevent noticeable performance degradation of
-system_server, the services.jar is still compiled but optimized for space. Note
-that user-installed applications will still use the default compiler filter of
-speed.
-
-<p>BoardConfig.mk:</p>
-
-<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-DONT_DEXPREOPT_PREBUILTS := true
-</pre>
-
-<p>device.mk:</p>
-
-<pre class="devsite-click-to-copy">
-PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := --compiler-filter=interpret-only
-$(call add-product-dex-preopt-module-config,services,--compiler-filter=space)
-</pre>
-
-<p>For a major version upgrade OTA, it can be useful to blacklist certain apps
-from being pre-optimized since they will likely be out of date. This can be
-done by specifying <code>LOCAL_DEX_PREOPT</code> (for all products) or with
-<code>PRODUCT_DEX_PREOPT_MODULE_CONFIGS</code> (for a particular product).
-
-<p>BoardConfig.mk:</p>
-
-<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-</pre>
-
-<p>Android.mk (of blacklisted apps):</p>
-
-<pre class="devsite-click-to-copy">
-LOCAL_DEX_PREOPT := false
-</pre>
</body>
</html>
diff --git a/en/devices/tech/dalvik/jit-compiler.html b/en/devices/tech/dalvik/jit-compiler.html
index 9090349..74ac6de 100644
--- a/en/devices/tech/dalvik/jit-compiler.html
+++ b/en/devices/tech/dalvik/jit-compiler.html
@@ -46,12 +46,6 @@
different code.
</p>
-<p>
-See <a
-href="https://developer.android.com/preview/api-overview.html#jit_aot">Profile-guided
-JIT/AOT Compilation</a> on developer.android.com for a more thorough overview.
-</p>
-
<h2 id="architectural-overview">Architectural Overview</h2>
<img src="/devices/tech/dalvik/images/jit-arch.png" alt="JIT architecture" width="633" id="JIT-architecture" />
@@ -132,82 +126,7 @@
</li>
</ul>
-<h2 id="system-properties">System Properties</h2>
-
-<p>
-These system properties control JIT behavior:
-</p><ul>
-<li><code>dalvik.vm.usejit <true|false></code> - Whether or not the JIT is
-enabled.
-<li><code>dalvik.vm.jitinitialsize</code> (default 64K) - The initial capacity
-of the code cache. The code cache will regularly GC and increase if needed. It
-is possible to view the size of the code cache for your app with:<br>
-<code> $ adb shell dumpsys meminfo -d <pid></code>
-<li><code>dalvik.vm.jitmaxsize</code> (default 64M) - The maximum capacity of
-the code cache.
-<li><code>dalvik.vm.jitthreshold <integer></code> (default 10000) - This
-is the threshold that the "hotness" counter of a method needs to pass in order
-for the method to be JIT compiled. The "hotness" counter is a metric internal
-to the runtime. It includes the number of calls, backward branches & other
-factors.
-<li><code>dalvik.vm.usejitprofiles <true|false></code> - Whether or not
-JIT profiles are enabled; this may be used even if usejit is false.
-<li><code>dalvik.vm.jitprithreadweight <integer></code> (default to
-<code>dalvik.vm.jitthreshold</code> / 20) - The weight of the JIT "samples"
-(see jitthreshold) for the application UI thread. Use to speed up compilation
-of methods that directly affect users experience when interacting with the
-app.
-<li><code>dalvik.vm.jittransitionweight <integer></code>
-(<code>dalvik.vm.jitthreshold</code> / 10) - The weight of the method
-invocation that transitions between compile code and interpreter. This helps
-make sure the methods involved are compiled to minimize transitions (which are
-expensive).
-</li>
-</ul>
-
-<h2 id="tuning">Tuning</h2>
-
-<p>
-Device implementers may precompile (some of) the system apps if they want so.
-Initial JIT performance vs pre-compiled depends on the app, but in general
-they are quite close. It might be worth noting that precompiled apps will not
-be profiled and as such will take more space and may miss on other
-optimizations.
-</p>
-
-<p>
-In Android 7.0, there's a generic way to specify the level of
-compilation/verification based on the different use cases. For example, the
-default option for install time is to do only verification (and postpone
-compilation to a later stage). The compilation levels can be configured via
-system properties with the defaults being:
-</p>
-
-<pre class="devsite-click-to-copy">
-pm.dexopt.install=interpret-only
-pm.dexopt.bg-dexopt=speed-profile
-pm.dexopt.ab-ota=speed-profile
-pm.dexopt.nsys-library=speed
-pm.dexopt.shared-apk=speed
-pm.dexopt.forced-dexopt=speed
-pm.dexopt.core-app=speed
-pm.dexopt.first-boot=interpret-only
-pm.dexopt.boot=verify-profile
-</pre>
-
-<p>
-See the <a href="#recommendation">Recommendation</a> section for use.
-</p>
-
-<p>
-Note the reference to A/B over-the-air (OTA) updates here.
-</p>
-
-<p>
-Check <code>$ adb shell cmd package compile</code> for usage. Note all commands
-in this document are preceded by a dollar ($) sign that should be excluded when
-copying and pasting. A few common use cases:
-</p>
+<h2 id="tuning">Useful tips</h2>
<h3 id="turn-on-jit-logging">Turn on JIT logging</h3>
@@ -230,6 +149,10 @@
<h3 id="force-compilation-of-a-specific-package">Force compilation of a specific
package</h3>
+<p>
+Check <code>$ adb shell cmd package compile</code> for usage. A few common use cases:
+</p>
+
<ul>
<li>Profile-based:
<pre class="devsite-terminal devsite-click-to-copy">
@@ -275,142 +198,5 @@
</li>
</ul>
-<h2 id="recommendation">Recommendation</h2>
-
-<h3 id="runtime_compilation_level">Level of compilation/verification</h3>
-
-<p>
-Note that it is strongly recommended to use the default following
-<code>pm.dexopt</code> settings and it is the only path we have tested and will
-support.
-</p>
-
-<pre class="devsite-click-to-copy">
-pm.dexopt.install=interpret-only
-pm.dexopt.bg-dexopt=speed-profile
-pm.dexopt.boot=verify-profile (or interpret-only)
-</pre>
-
-<p>
-Here’s a detailed explanation about the <code>pm.dexopt</code> options, and the
-reasoning for our recommendations:
-</p>
-
-<pre class="devsite-click-to-copy">
-pm.dexopt.install
-</pre>
-
-<p>
-This is the compilation filter used when installing application through the
-Play Store. For faster installs we recommend <code>interpret-only</code>.
-</p>
-
-<pre class="devsite-click-to-copy">
-pm.dexopt.bg-dexopt
-</pre>
-
-<p>
-This is the compilation filter used when the device is idle and charging and
-fully charged. We recommend using <code>speed-profile</code> to take advantage
-of profile guided compilation and save on storage.
-</p>
-
-<pre class="devsite-click-to-copy">
-pm.dexopt.ab-ota
-</pre>
-
-<p>
-This is the compilation filter used when doing an A/B over-the-air (OTA)
-update. If the device supports A/B OTA, we recommend using
-<code>speed-profile</code> to take advantage of profile guided compilation and
-save on storage.
-</p>
-
-<pre class="devsite-click-to-copy">
-pm.dexopt.nsys-library
-pm.dexopt.shared-apk
-pm.dexopt.core-app
-</pre>
-
-<p>
-You can use these different options to control how to compile essentially
-applications used by other applications. For such applications, we recommend
-the <code>speed</code> filter, as the platform does not support efficient
-profiling of them.
-</p>
-
-<pre class="devsite-click-to-copy">
-pm.dexopt.first-boot
-</pre>
-
-<p>
-The compilation filter for the first time the device ever boots. The filter
-used here will only affect the boot time after factory. We recommend the filter
-<code>interpret-only</code> for it, to avoid long times before a user gets to
-use the phone for the very first time. Note that if all applications in /system
-are already speed compiled, <code>pm.dexopt.first-boot</code> has no effect.
-</p>
-
-<pre class="devsite-click-to-copy">
-pm.dexopt.boot
-</pre>
-
-<p>
-The compilation filter used after an over-the-air update. We
-<strong>strongly</strong> recommend <code>verify-profile</code> for this
-option, to avoid very long updates.
-</p>
-
-<h3 id="system_image_compilation_level">System image</h3>
-
-<p>
-This section gives recommendations on how to minimize the system image size
-while retaining the highest possible level of performance.
-Note these complement the above guidelines on the
-<a href="#runtime_compilation_level">level of compilation/verification</a>.
-</p>
-
-<p>
-System image size can be reduced by opting for a lower level of compilation for
-prebuilts. To achieve the best compromise between app performance and image size,
-we strongly recommend compiling prebuilts with the <code>interpret-only</code>
-filter. To do this, edit the following files to include these entries.
-</p>
-
-<p>Add the following entry to <code>BoardConfig.mk</code>:</p>
-
-<pre class="devsite-click-to-copy">
-WITH_DEXPREOPT := true
-</pre>
-
-<p>Add the following entry to <code>device.mk</code>:</p>
-
-<pre class="devsite-click-to-copy">
-PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := --compiler-filter=interpret-only
-</pre>
-
-<p>
-Using the <code>interpret-only</code> filter will reduce the optimized code
-size for prebuilts by roughly half (depending on the application) when
-compared with the <code>speed</code> filter. It also allows the runtime to
-profile the prebuilts and perform profile-guided compilation to further
-save on data partition storage.
-</p>
-
-<p>
-We advise against using a lower compilation/verification level
-(e.g. <code>verify-none</code>) or disabling the optimization for prebuilts
-as an effort to further save space on the system image. That will lead to slower
-application startup and increased memory consumption.
-</p>
-
-<h2 id="validation">Validation</h2>
-
-<p>
-To ensure their version of the feature works as intended, device implementers
-should run the ART test in <code>android/art/test</code>. Also, see the CTS
-test <code>hostsidetests/compilation</code> for userdedug builds.
-</p>
-
</body>
</html>
diff --git a/en/devices/tech/debug/dumpsys.html b/en/devices/tech/debug/dumpsys.html
deleted file mode 100644
index e87722b..0000000
--- a/en/devices/tech/debug/dumpsys.html
+++ /dev/null
@@ -1,109 +0,0 @@
-<html devsite>
- <head>
- <title>Dumpsys System Diagnostics</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-
-<p>The <code>dumpsys</code> tool runs on the device and provides information about the status
-of system services. </p>
-
-<h2 id=how_to_use_dumpsys>How to use dumpsys</h2>
-
-<p>If you run <code>adb shell dumpsys</code>, you’ll get diagnostic output for
-all system services, which is usually more than you want. For more manageable
-output, specify the service you would like to examine. </p>
-
-<p>For example, the following command:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell dumpsys input
-</pre>
-
-<p>provides system data for input components such as touchscreens or built-in
-keyboards.</p>
-
-<h2 id=list_of_system_services>List of system services</h2>
-
-
-<p>For a complete list of system services that you can use with dumpsys, try the
-following command:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell dumpsys -l
-</pre>
-
-<p>Example output:</p>
-<pre class="devsite-click-to-copy">
-Currently running services:
- DockObserver
- SurfaceFlinger
- accessibility
- account
- activity
- alarm
- android.security.keystore
- appops
- appwidget
- assetatlas
- audio
- backup
- battery
- batteryproperties
- batterystats
- bluetooth_manager
- clipboard
- connectivity
- consumer_ir
- content
- country_detector
- cpuinfo
- dbinfo
-...
-</pre>
-
-<h2 id=dumpsys_command-line_options>Dumpsys command-line options</h2>
-
-<p>Command-line options are different for different services. Here are a few
-common ones:</p>
-
-<ul>
- <li> For many services, you can append <code>-h</code> to see the help
-text.
- <li> For some services, you can append <code>-c</code> to view the data in
-a machine-friendly format. </ul>
-
-<h2 id=understanding_diagnostic_output>Understanding diagnostic output</h2>
-
-<p>For details on some of the most commonly used dumpsys services, see the
-following articles:</p>
-
-<ul>
- <li> <a
- href="/devices/input/diagnostics.html">Viewing Input Diagnostics (dumpsys input)</a>
- <li> <a href="procstats.html">Viewing RAM Usage Data (dumpsys procstats)</a>
- <li> <a href="netstats.html">Viewing Network Data (dumpsys netstats)</a>
- <li> <a href="/devices/tech/power/batterystats.html">Viewing Battery Usage Data (dumpsys batterystats)</a>
-</ul>
-
-
- </body>
-</html>
diff --git a/en/devices/tech/debug/index.html b/en/devices/tech/debug/index.html
index 268f24e..5400bb9 100644
--- a/en/devices/tech/debug/index.html
+++ b/en/devices/tech/debug/index.html
@@ -30,10 +30,10 @@
<p>This page covers use of <code>debuggerd</code>, a daemon process for
collecting error information after applications crash. Other pages in this
section explore system services with
-<a href="/devices/tech/debug/dumpsys.html">Dumpsys</a>, viewing
+<a href="https://developer.android.com/studio/command-line/dumpsys.html">Dumpsys</a>, viewing
<a href="/devices/tech/debug/native-memory.html">native memory</a>,
-<a href="/devices/tech/debug/netstats.html">network</a>, and
-<a href="/devices/tech/debug/procstats.html">RAM</a> usage, using
+<a href="https://developer.android.com/studio/command-line/dumpsys.html#network">network</a>, and
+<a href="https://developer.android.com/studio/command-line/dumpsys.html#procstats">RAM</a> usage, using
<a href="/devices/tech/debug/asan.html">AddressSanitizer</a> to detect memory
bugs in native code, evaluating
<a href="/devices/tech/debug/eval_perf.html"> performance issues</a> (includes
diff --git a/en/devices/tech/debug/netstats.html b/en/devices/tech/debug/netstats.html
deleted file mode 100644
index 78ddef0..0000000
--- a/en/devices/tech/debug/netstats.html
+++ /dev/null
@@ -1,151 +0,0 @@
-<html devsite>
- <head>
- <title>Viewing Network Usage Data</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-
-<p>Using the command <code>adb shell dumpsys netstats detail</code> provides
-network usage statistics collected since the device booted up.</p>
-
-<h2 id=input>Input</h2>
-
-
-<p>To view network usage statistics, run the following command:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell dumpsys netstats detail
-</pre>
-
-
-<h2 id=output>Output</h2>
-
-
-<p>The set of information reported varies depending on the version of Android but
-consists of several sections: </p>
-
-<ul>
- <li> Active interfaces
- <li> Active UID interfaces
- <li> Dev statistics
- <li> Xt statistics
- <li> UID statistics (sometimes also called "Detailed UID statistics")
- <li> UID tag statistics
-</ul>
-
-<h3 id=active_interfaces_active_uid_interfaces>Active interfaces/Active UID interfaces</h3>
-
-<p>Here is sample output for the active interfaces and active UID interfaces
-sections:</p>
-
-<pre class="devsite-click-to-copy">
-Active interfaces:
- iface=wlan0 ident=[{type=WIFI, subType=COMBINED, networkId="GoogleGuest"}]
-Active UID interfaces:
- iface=wlan0 ident=[{type=WIFI, subType=COMBINED, networkId="GoogleGuest"}]
-</pre>
-
-
-<p>This shows network statistics for the whole device. In most cases, the
-information in these two section is the same.</p>
-
-<h3 id=dev_stats_xt_stats>Dev statistics/Xt statistics</h3>
-
-
-<p>Here is sample output for the Dev statistics section:</p>
-
-<pre class="devsite-click-to-copy">
-Dev stats:
- Pending bytes: 170775
- Complete history:
- ident=[[type=MOBILE_HIPRI, subType=COMBINED, subscriberId=311111...]] uid=-1 set=ALL tag=0x0
- NetworkStatsHistory: bucketDuration=3600000
- bucketStart=1406138400000 activeTime=3603995 rxBytes=19467 rxPackets=53 txBytes=7500 txPackets=61 operations=0
- bucketStart=1406142000000 activeTime=20730 rxBytes=25403 rxPackets=66 txBytes=9140 txPackets=74 operations=0
- bucketStart=1406145600000 activeTime=29161 rxBytes=9263 rxPackets=37 txBytes=5180 txPackets=38 operations=0
- bucketStart=1406149200000 activeTime=9054 rxBytes=12387 rxPackets=31 txBytes=4052 txPackets=35 operations=0
- ident=[[type=WIFI, subType=COMBINED, networkId="MySSID"]] uid=-1 set=ALL tag=0x0
- NetworkStatsHistory: bucketDuration=3600000
- bucketStart=1406138400000 activeTime=4811082 rxBytes=335913292 rxPackets=265144 txBytes=9729261 txPackets=117220 operations=0
- bucketStart=1406142000000 activeTime=3513477 rxBytes=1193606876 rxPackets=956855 txBytes=29450792 txPackets=306634 operations=0
- bucketStart=1406145600000 activeTime=3297986 rxBytes=729381849 rxPackets=586396 txBytes=24247211 txPackets=237438 operations=0
- bucketStart=1406149200000 activeTime=3580941 rxBytes=57168575 rxPackets=51610 txBytes=5291167 txPackets=29260 operations=0
- ident=[[type=WIFI, subType=COMBINED, networkId="MySecondSSID"]] uid=-1 set=ALL tag=0x0
- NetworkStatsHistory: bucketDuration=3600000
-</pre>
-
-<h3 id=uid_stats>UID stats</h3>
-
-<pre class="devsite-click-to-copy">
-UID stats:
- Pending bytes: 744
- Complete history:
- ident=[[type=MOBILE_SUPL, subType=COMBINED, subscriberId=311111...], [type=MOBILE, subType=COMBINED, subscriberId=311111...]] uid=10007 set=DEFAULT tag=0x0
- NetworkStatsHistory: bucketDuration=7200000
- bucketStart=1406167200000 activeTime=7200000 rxBytes=4666 rxPackets=7 txBytes=1597 txPackets=10 operations=0
- ident=[[type=WIFI, subType=COMBINED, networkId="MySSID"]] uid=10007 set=DEFAULT tag=0x0
- NetworkStatsHistory: bucketDuration=7200000
- bucketStart=1406138400000 activeTime=7200000 rxBytes=17086802 rxPackets=15387 txBytes=1214969 txPackets=8036 operations=28
- bucketStart=1406145600000 activeTime=7200000 rxBytes=2396424 rxPackets=2946 txBytes=464372 txPackets=2609 operations=70
- bucketStart=1406152800000 activeTime=7200000 rxBytes=200907 rxPackets=606 txBytes=187418 txPackets=739 operations=0
- bucketStart=1406160000000 activeTime=7200000 rxBytes=826017 rxPackets=1126 txBytes=267342 txPackets=1175 operations=35
-</pre>
-
-
-<h3 id=interpreting_the_results>Interpreting the results</h3>
-
-
-<p>To find the UID for your application, you can run this command:
-<code>adb shell dumpsys package <your package name></code>.
-Then look for the line labeled <code>userId</code>.</p>
-
-<p>In our example, suppose we are trying to find network usage for our app
-“com.example.myapp”. We would run the following command:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell dumpsys package com.example.myapp | grep userId
-</pre>
-<p>This returns the following output:</p>
-<pre class="devsite-click-to-copy">
- userId=10007 gids=[3003, 1028, 1015]
-</pre>
-
-<p>Looking at the dump above, we look for lines that have uid=10007. Two such
-lines exist, the first indicating a mobile connection, and the second a Wi-Fi
-connection. Underneath each line, the number of bytes and packets sent and
-received can be seen, bucketed into two-hour windows. </p>
-
-<p>A bit more explanation:</p>
-
-<ul>
- <li> <code>set=DEFAULT</code> indicates foreground
- network usage, while <code>set=BACKGROUND</code> indicates
-background usage. <code>set=ALL</code> implies both.
- <li> <code>tag=0x0</code> indicates the socket tag associated with the traffic.
- <li> <code>rxBytes</code> and <code>rxPackets</code> represent received bytes and received packets in the
-corresponding time interval.
- <li> <code>txBytes</code> and <code>txPackets</code> represent sent (transmitted) bytes and sent packets in
-the corresponding time interval.
-</ul>
-
-
- </body>
-</html>
diff --git a/en/devices/tech/debug/procstats.html b/en/devices/tech/debug/procstats.html
deleted file mode 100644
index 285ea7e..0000000
--- a/en/devices/tech/debug/procstats.html
+++ /dev/null
@@ -1,371 +0,0 @@
-<html devsite>
- <head>
- <title>Viewing RAM Usage Data (procstats)</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-
-<p>The <code>procstats</code> tool is used to analyze application memory usage over time (versus at a
-particular snapshot in time, like <code>meminfo</code>). Its state dump displays statistics about every application’s runtime,
-proportional set size (PSS) and unique set size (USS).</p>
-
-<h2 id=input>Input</h2>
-
-
-<p>To get application memory usage stats for the last three hours, in
-human-readable form, run the following command:</p>
-
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell dumpsys procstats --hours 3
-</pre>
-
-
-
-<h2 id=output>Output</h2>
-
-
-<p>As can be seen in the example below, percentages display what percentage of
-time the application was running, while the numbers following show PSS and USS
-as minPSS-avgPSS-maxPSS/minUSS-avgUSS-maxUSS over samples.</p>
-
-<pre class="devsite-click-to-copy">
-AGGREGATED OVER LAST 3 HOURS:
- * com.android.systemui / u0a20 / v22:
- TOTAL: 100% (109MB-126MB-159MB/108MB-125MB-157MB over 18)
- Persistent: 100% (109MB-126MB-159MB/108MB-125MB-157MB over 18)
- * com.android.nfc / 1027 / v22:
- TOTAL: 100% (17MB-17MB-17MB/16MB-16MB-16MB over 18)
- Persistent: 100% (17MB-17MB-17MB/16MB-16MB-16MB over 18)
- * android.process.acore / u0a4 / v22:
- TOTAL: 100% (14MB-15MB-15MB/14MB-14MB-14MB over 20)
- Imp Fg: 100% (14MB-15MB-15MB/14MB-14MB-14MB over 20)
- * com.google.android.inputmethod.latin / u0a56 / v21483:
- TOTAL: 100% (57MB-59MB-59MB/56MB-58MB-58MB over 19)
- Imp Fg: 100% (57MB-59MB-59MB/56MB-58MB-58MB over 19)
- * com.redbend.vdmc / 1001 / v1:
- TOTAL: 100% (9.5MB-9.6MB-9.7MB/8.8MB-8.9MB-9.0MB over 18)
- Persistent: 100% (9.5MB-9.6MB-9.7MB/8.8MB-8.9MB-9.0MB over 18)
- * com.android.phone / 1001 / v22:
- TOTAL: 100% (19MB-22MB-27MB/18MB-21MB-26MB over 18)
- Persistent: 100% (19MB-22MB-27MB/18MB-21MB-26MB over 18)
- * com.google.android.gms.persistent / u0a8 / v7319438:
- TOTAL: 100% (32MB-35MB-40MB/30MB-33MB-37MB over 19)
- Imp Fg: 100% (32MB-35MB-40MB/30MB-33MB-37MB over 19)
- * com.android.bluetooth / 1002 / v22:
- TOTAL: 100% (9.3MB-9.7MB-10MB/8.5MB-8.9MB-9.2MB over 19)
- Imp Fg: 100% (9.3MB-9.7MB-10MB/8.5MB-8.9MB-9.2MB over 19)
- * com.google.android.googlequicksearchbox:interactor / u0a22 / v300404573:
- TOTAL: 100% (3.4MB-3.5MB-3.6MB/2.8MB-2.8MB-2.8MB over 19)
- Imp Fg: 100% (3.4MB-3.5MB-3.6MB/2.8MB-2.8MB-2.8MB over 19)
- * com.google.process.gapps / u0a8 / v7306438:
- TOTAL: 100% (23MB-24MB-28MB/21MB-22MB-26MB over 19)
- Imp Fg: 100% (23MB-24MB-28MB/21MB-22MB-26MB over 19)
- * com.vito.lux / u0a84 / v237:
- TOTAL: 100% (32MB-48MB-83MB/31MB-47MB-82MB over 134)
- Imp Fg: 100% (32MB-48MB-83MB/31MB-47MB-82MB over 134)
- Service: 0.05%
- * system / 1000 / v22:
- TOTAL: 100% (79MB-85MB-102MB/78MB-83MB-100MB over 18)
- Persistent: 100% (79MB-85MB-102MB/78MB-83MB-100MB over 18)
- * com.rhapsody / u0a83 / v125:
- TOTAL: 100% (7.9MB-12MB-19MB/6.9MB-11MB-17MB over 15)
- Service: 100% (7.9MB-12MB-19MB/6.9MB-11MB-17MB over 15)
- Service Rs: 0.04%
- * com.qualcomm.qcrilmsgtunnel / 1001 / v22:
- TOTAL: 100% (2.5MB-2.6MB-2.7MB/1.7MB-1.8MB-1.9MB over 15)
- Service: 100% (2.5MB-2.6MB-2.7MB/1.7MB-1.8MB-1.9MB over 15)
- Service Rs: 0.13%
- * com.amazon.kindle / u0a82 / v1143472216:
- TOTAL: 100% (44MB-54MB-77MB/43MB-52MB-74MB over 17)
- Service: 100% (44MB-54MB-77MB/43MB-52MB-74MB over 17)
- Service Rs: 0.04%
- * com.outplaylab.VideoDiet2 / u0a93 / v21:
- TOTAL: 100% (2.8MB-3.1MB-4.0MB/2.0MB-2.2MB-3.0MB over 15)
- Service: 100% (2.8MB-3.1MB-4.0MB/2.0MB-2.2MB-3.0MB over 15)
- Service Rs: 0.03%
- * android.process.media / u0a6 / v800:
- TOTAL: 99% (4.6MB-5.9MB-8.1MB/3.4MB-4.7MB-6.7MB over 25)
- Imp Fg: 0.02%
- Service: 99% (4.6MB-5.9MB-8.1MB/3.4MB-4.7MB-6.7MB over 25)
- Service Rs: 0.02%
- (Cached): 0.94%
- * kr.sira.sound / u0a108 / v41:
- TOTAL: 77% (117MB-191MB-219MB/111MB-187MB-213MB over 68)
- Top: 77% (117MB-191MB-219MB/111MB-187MB-213MB over 68)
- (Last Act): 18% (58MB-127MB-161MB/53MB-123MB-158MB over 3)
- (Cached): 0.06%
- * com.google.android.gms / u0a8 / v7319438:
- TOTAL: 37% (41MB-45MB-57MB/38MB-42MB-53MB over 23)
- Top: 13% (41MB-46MB-57MB/39MB-42MB-53MB over 16)
- Imp Fg: 13% (41MB-44MB-47MB/39MB-41MB-44MB over 5)
- Imp Bg: 0.38%
- Service: 11% (42MB-42MB-42MB/38MB-38MB-38MB over 2)
- Receiver: 0.03%
- (Last Act): 2.0% (38MB-38MB-38MB/36MB-36MB-36MB over 1)
- (Cached): 61% (39MB-40MB-43MB/37MB-37MB-40MB over 28)
- * com.google.android.googlequicksearchbox / u0a22 / v300404573:
- TOTAL: 22% (129MB-153MB-162MB/125MB-149MB-156MB over 20)
- Top: 22% (129MB-153MB-162MB/125MB-149MB-156MB over 20)
- Imp Bg: 0.04%
- Receiver: 0.01%
- (Home): 78% (75MB-84MB-122MB/74MB-82MB-117MB over 12)
- * com.google.android.apps.thehub / u0a102 / v12:
- TOTAL: 21% (6.4MB-7.6MB-8.7MB/4.8MB-6.0MB-7.2MB over 2)
- Service: 21% (6.4MB-7.6MB-8.7MB/4.8MB-6.0MB-7.2MB over 2)
- * com.google.android.talk / u0a54 / v22314462:
- TOTAL: 9.3%
- Top: 0.04%
- Service: 9.3%
- Receiver: 0.01%
- (Last Act): 3.9% (69MB-70MB-71MB/67MB-68MB-69MB over 6)
- (Cached): 87% (42MB-53MB-77MB/40MB-51MB-74MB over 137)
- * com.google.android.apps.plus / u0a67 / v413836278:
- TOTAL: 8.2% (9.6MB-12MB-18MB/8.1MB-11MB-16MB over 3)
- Imp Bg: 0.10%
- Service: 8.0% (9.6MB-12MB-18MB/8.1MB-11MB-16MB over 3)
- Receiver: 0.05%
- (Cached): 59% (7.8MB-19MB-33MB/6.8MB-18MB-31MB over 22)
- * com.android.providers.calendar / u0a2 / v22:
- TOTAL: 3.5% (7.3MB-7.7MB-8.0MB/5.9MB-6.5MB-6.9MB over 10)
- Imp Bg: 0.32%
- Service: 3.2% (7.3MB-7.7MB-8.0MB/5.9MB-6.5MB-6.9MB over 10)
- Receiver: 0.01%
- (Cached): 69% (4.7MB-6.6MB-7.8MB/3.5MB-5.5MB-6.7MB over 23)
- * com.amazon.mShop.android / u0a104 / v5030102:
- TOTAL: 2.7% (25MB-40MB-47MB/24MB-37MB-43MB over 6)
- Service: 2.6% (25MB-40MB-47MB/24MB-37MB-43MB over 6)
- Receiver: 0.15%
- (Cached): 97% (25MB-33MB-48MB/24MB-31MB-44MB over 46)
- * com.google.android.gm / u0a70 / v51001620:
- TOTAL: 2.2% (209MB-209MB-209MB/203MB-203MB-203MB over 1)
- Top: 0.48% (209MB-209MB-209MB/203MB-203MB-203MB over 1)
- Imp Bg: 0.70%
- Service: 1.0%
- Receiver: 0.01%
- (Last Act): 0.02%
- (Cached): 94% (25MB-67MB-116MB/23MB-63MB-109MB over 61)
- * com.google.android.googlequicksearchbox:search / u0a22 / v300404573:
- TOTAL: 2.1% (66MB-66MB-66MB/63MB-63MB-63MB over 1)
- Top: 1.4% (66MB-66MB-66MB/63MB-63MB-63MB over 1)
- Imp Fg: 0.01%
- Service: 0.66%
- Receiver: 0.02%
- (Cached): 98% (52MB-59MB-79MB/50MB-56MB-77MB over 56)
- * com.google.android.calendar / u0a31 / v2015030452:
- TOTAL: 1.4%
- Imp Bg: 0.33%
- Service: 1.1%
- Receiver: 0.02%
- (Cached): 80% (7.4MB-12MB-17MB/5.8MB-9.8MB-14MB over 18)
- * com.android.vending / u0a16 / v80341100:
- TOTAL: 1.3% (88MB-154MB-220MB/85MB-151MB-217MB over 2)
- Top: 1.3% (88MB-154MB-220MB/85MB-151MB-217MB over 2)
- Service: 0.06%
- Receiver: 0.02%
- (Last Act): 4.4% (46MB-68MB-89MB/45MB-66MB-87MB over 2)
- (Cached): 11% (15MB-74MB-133MB/13MB-72MB-131MB over 2)
- * com.google.android.apps.photos / u0a65 / v5616:
- TOTAL: 0.94%
- Service: 0.90%
- Receiver: 0.04%
- (Cached): 80% (9.2MB-12MB-17MB/7.5MB-11MB-15MB over 20)
- * com.amazon.avod.thirdpartyclient / u0a107 / v451210:
- TOTAL: 0.52%
- Service: 0.49%
- Receiver: 0.03%
- (Cached): 97% (14MB-24MB-34MB/13MB-22MB-31MB over 40)
- * com.google.android.gms.wearable / u0a8 / v7319438:
- TOTAL: 0.51%
- Imp Fg: 0.47%
- Service: 0.04%
- (Cached): 65% (4.7MB-6.5MB-8.2MB/3.6MB-4.2MB-5.4MB over 10)
- * com.amazon.mShop.android.shopping / u0a103 / v5040011:
- TOTAL: 0.50%
- Service: 0.37%
- Receiver: 0.13%
- (Cached): 77% (13MB-17MB-21MB/11MB-15MB-19MB over 15)
- * com.google.android.gms:car / u0a8 / v7319438:
- TOTAL: 0.49% (7.1MB-7.1MB-7.1MB/4.3MB-4.3MB-4.3MB over 1)
- Top: 0.05%
- Imp Fg: 0.39% (7.1MB-7.1MB-7.1MB/4.3MB-4.3MB-4.3MB over 1)
- Service: 0.05%
- (Cached): 0.60% (6.6MB-6.6MB-6.6MB/3.6MB-3.6MB-3.6MB over 1)
- * com.amazon.mp3 / u0a92 / v4033010:
- TOTAL: 0.46%
- Service: 0.43%
- Receiver: 0.03%
- (Cached): 84% (12MB-16MB-23MB/9.7MB-14MB-21MB over 25)
- * com.android.chrome:privileged_process1 / u0a34 / v2272096:
- TOTAL: 0.43%
- Service: 0.04%
- Service Rs: 0.39%
- (Cached): 100% (2.9MB-4.0MB-4.9MB/1.7MB-2.9MB-3.9MB over 18)
- * com.google.android.dialer / u0a10 / v20100:
- TOTAL: 0.39% (93MB-93MB-93MB/89MB-89MB-89MB over 1)
- Top: 0.23% (93MB-93MB-93MB/89MB-89MB-89MB over 1)
- Imp Fg: 0.16%
- (Cached): 16% (5.0MB-31MB-57MB/4.1MB-29MB-54MB over 2)
- * com.google.android.apps.maps / u0a58 / v906101124:
- TOTAL: 0.38%
- Service: 0.33%
- Receiver: 0.05%
- (Cached): 69% (8.7MB-15MB-18MB/7.2MB-14MB-17MB over 8)
- * com.google.android.youtube / u0a80 / v101451214:
- TOTAL: 0.26%
- Service: 0.26%
- (Cached): 36% (15MB-22MB-29MB/13MB-19MB-27MB over 5)
- * com.google.android.apps.fitness / u0a45 / v2015109100:
- TOTAL: 0.26%
- Service: 0.23%
- Receiver: 0.02%
- (Cached): 82% (3.9MB-6.4MB-9.2MB/2.8MB-5.3MB-7.9MB over 19)
- * com.google.android.apps.enterprise.dmagent / u0a37 / v630:
- TOTAL: 0.06%
- Service: 0.06%
- Receiver: 0.01%
- (Cached): 2.2% (6.5MB-7.4MB-8.2MB/4.8MB-5.8MB-6.8MB over 2)
- * com.audible.application / u0a95 / v3068:
- TOTAL: 0.06%
- Receiver: 0.06%
- (Cached): 34% (14MB-16MB-19MB/11MB-14MB-17MB over 7)
- * com.android.defcontainer / u0a5 / v22:
- TOTAL: 0.06%
- Imp Fg: 0.06%
- (Cached): 0.12%
- * com.google.android.music:main / u0a60 / v1847:
- TOTAL: 0.04%
- Top: 0.01%
- Service: 0.02%
- Receiver: 0.01%
- (Cached): 9.8% (10MB-12MB-14MB/8.3MB-9.6MB-11MB over 2)
- * com.google.android.apps.magazines / u0a61 / v2015040100:
- TOTAL: 0.03%
- Top: 0.02%
- Receiver: 0.01%
- (Cached): 8.7% (12MB-14MB-16MB/9.7MB-11MB-13MB over 2)
- * com.google.android.videos / u0a77 / v37191:
- TOTAL: 0.03%
- Imp Fg: 0.01%
- Service: 0.02%
- (Cached): 1.3% (11MB-12MB-13MB/9.1MB-10MB-12MB over 2)
- * com.google.android.apps.books / u0a28 / v30336:
- TOTAL: 0.03%
- Imp Fg: 0.01%
- Service: 0.02%
- (Cached): 1.3% (7.9MB-9.6MB-11MB/6.3MB-8.0MB-9.7MB over 2)
- * com.google.android.keep / u0a71 / v3115:
- TOTAL: 0.02%
- Service: 0.01%
- Receiver: 0.01%
- (Cached): 11% (6.3MB-8.7MB-9.6MB/5.1MB-7.4MB-8.3MB over 4)
- * com.android.chrome / u0a34 / v2272096:
- TOTAL: 0.02%
- Service: 0.01%
- Receiver: 0.02%
- (Cached): 90% (5.1MB-70MB-96MB/3.4MB-66MB-92MB over 15)
- * com.google.android.apps.gcs / u0a94 / v14:
- TOTAL: 0.02%
- Service: 0.02%
- (Cached): 17% (5.8MB-5.9MB-6.0MB/4.6MB-4.7MB-4.8MB over 2)
- * com.android.chrome:privileged_process0 / u0a34 / v2272096:
- TOTAL: 0.02%
- Service: 0.01%
- Receiver: 0.01%
- (Cached): 73% (162MB-163MB-164MB/157MB-157MB-157MB over 13)
- * com.android.chrome:sandboxed_process12 / u0a34 / v2272096:
- TOTAL: 0.02%
- Service: 0.01%
- Receiver: 0.01%
- (Cached): 73% (48MB-49MB-51MB/46MB-47MB-50MB over 13)
- * com.google.android.apps.docs / u0a40 / v51410735:
- TOTAL: 0.01%
- Receiver: 0.01%
- (Cached): 0.45% (10MB-10MB-10MB/9.3MB-9.3MB-9.3MB over 1)
- * com.google.android.deskclock / u0a38 / v303:
- TOTAL: 0.01%
- Receiver: 0.01%
- (Cached): 82% (2.5MB-3.3MB-4.3MB/1.7MB-2.3MB-3.2MB over 13)
- * com.google.android.gm.exchange / u0a69 / v500065:
- TOTAL: 0.01%
- Imp Bg: 0.01%
- (Cached): 27% (3.3MB-3.7MB-3.9MB/2.2MB-2.7MB-2.9MB over 6)
- * com.android.cellbroadcastreceiver / u0a3 / v22:
- TOTAL: 0.01%
- Service: 0.01%
- (Cached): 1.1% (3.5MB-3.5MB-3.5MB/2.5MB-2.5MB-2.5MB over 1)
- * com.coulombtech / u0a106 / v26:
- TOTAL: 0.01%
- Receiver: 0.01%
- (Cached): 21% (4.9MB-5.0MB-5.2MB/3.8MB-3.9MB-4.1MB over 2)
- * com.softcoil.mms / u0a86 / v32:
- TOTAL: 0.01%
- (Cached): 0.25%
- * com.udemy.android / u0a91 / v38:
- TOTAL: 0.01%
- Receiver: 0.01%
- (Cached): 0.75% (9.8MB-9.8MB-9.8MB/8.5MB-8.5MB-8.5MB over 1)
- * com.qualcomm.timeservice / u0a76 / v22:
- (Cached): 16% (2.3MB-2.4MB-2.4MB/1.6MB-1.6MB-1.6MB over 4)
- * com.lge.SprintHiddenMenu / 1000 / v22:
- (Cached): 0.16%
- * com.android.chrome:sandboxed_process13 / u0a34 / v2272096:
- (Cached): 0.01%
- * com.google.android.partnersetup / u0a13 / v22:
- (Cached): 0.14%
- * com.android.musicfx / u0a15 / v10400:
- (Cached): 0.41% (2.5MB-2.5MB-2.5MB/1.6MB-1.6MB-1.6MB over 1)
- * com.android.chrome:sandboxed_process9 / u0a34 / v2272096:
- (Cached): 30% (34MB-34MB-34MB/32MB-32MB-32MB over 9)
- * com.android.chrome:sandboxed_process11 / u0a34 / v2272096:
- (Cached): 7.2% (56MB-56MB-56MB/54MB-54MB-54MB over 3)
-
-Run time Stats:
- SOff/Norm: +32m52s226ms
- SOn /Norm: +2h10m8s364ms
- Mod : +17s930ms
- TOTAL: +2h43m18s520ms
-
-Memory usage:
- Kernel : 265MB (38 samples)
- Native : 73MB (38 samples)
- Persist: 262MB (90 samples)
- Top : 190MB (325 samples)
- ImpFg : 204MB (569 samples)
- ImpBg : 754KB (345 samples)
- Service: 93MB (1912 samples)
- Receivr: 227KB (1169 samples)
- Home : 66MB (12 samples)
- LastAct: 30MB (255 samples)
- CchAct : 220MB (450 samples)
- CchCAct: 193MB (71 samples)
- CchEmty: 182MB (652 samples)
- Cached : 58MB (38 samples)
- Free : 60MB (38 samples)
- TOTAL : 1.9GB
- ServRst: 50KB (278 samples)
-
- Start time: 2015-04-08 13:44:18
- Total elapsed time: +2h43m18s521ms (partial) libart.so
-</pre>
-
-
- </body>
-</html>
diff --git a/en/devices/tech/power/batterystats.html b/en/devices/tech/power/batterystats.html
deleted file mode 100644
index 10cf934..0000000
--- a/en/devices/tech/power/batterystats.html
+++ /dev/null
@@ -1,580 +0,0 @@
-<html devsite>
- <head>
- <title>Viewing Battery Use Data</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
- </head>
- <body>
- <!--
- Copyright 2017 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
-
-
- <p>The <code>dumpsys batterystats</code> command generates interesting
- statistical data about battery usage on a device, organized by unique user
- ID (UID). The statistics include the following:</p>
-
- <ul>
- <li>History of battery-related events</li>
-
- <li>Global statistics for the device</li>
-
- <li>Approximate power use per UID and system component</li>
-
- <li>Per-app mobile milliseconds per packet</li>
-
- <li>System UID aggregated statistics</li>
-
- <li>App UID aggregated statistics</li>
- </ul>
-
- <p>Use the <a href="https://github.com/google/battery-historian">Battery
- Historian</a> tool on the output of the dumpsys command to generate an HTML
- visualization of power-related events from the logs. This information makes it
- easier to understand and diagnose battery-related issues.</p>
-
- <h2 id="command-line_options">Command input</h2>
- <p>The basic <code>batterystats</code> command is:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell dumpsys batterystats
-</pre>
- <p>Supported options:</p>
- <ul>
- <li><code>--help</code> displays additional options for tailoring the output.
- </li>
- <li><code>--checkin</code> exports results in machine-readable csv format.
- </li>
- </ul>
- <p>For example, to print battery usage statistics in csv format for all apps
- since the device was last charged, run the command:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell dumpsys batterystats --charged --checkin
-</pre>
- <p>You can also specify a package name to get statistics for a single app. For
- example, to print battery usage statistics for a given app package
- since the device was last charged, run the command:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell dumpsys batterystats --charged <package-name>
-</pre>
-
- <h2 id="output">Command output</h2>
-
- <p>The <code>batterystats</code> command generates aggregated observations
- about battery use on the device since it was last charged. Observations may be
- per-UID or system-level; data is selected for inclusion based on its
- usefulness in analyzing battery performance. Output includes one (1) entry
- per observation, and each entry consists of a comma-separated list of values
- in the format:
- <em>int</em>,<em>uid</em>,<em>mode</em>,<em>section</em>,<em>fields</em>
- (one or more).</p>
-
- <p>The first four values correspond to the following:</p>
-
- <ul>
- <li>Dummy integer</li>
-
- <li>UID</li>
-
- <li>Aggregation mode
-
- <ul>
- <li>"i" for information not tied to charged/uncharged status.</li>
- <li>"l" for --charged (usage since last charge).</li>
- <li>"u" for --unplugged (usage since last unplugged). Deprecated in
- Android 5.1.1.</li>
- </ul>
- </li>
-
- <li><a href="#interpreting_the_output">Section identifier</a>, which
- determines how to interpret subsequent values in the line.</li>
- </ul>
-
-<p>Sample output:</p>
-
- <pre class="devsite-click-to-copy">
- 9,0,i,vers,11,116,K,L 9,0,i,uid,1000,android
- 9,0,i,uid,1000,com.android.providers.settings
- 9,0,i,uid,1000,com.android.inputdevices
- 9,0,i,uid,1000,com.android.server.telecom
- 9,0,i,uid,1000,com.android.keychain 9,0,i,uid,1000,com.android.settings
- 9,0,i,uid,1000,com.android.location.fused
- 9,0,i,uid,1001,com.android.providers.telephony
- 9,0,i,uid,1001,com.android.mms.service 9,0,i,uid,1001,com.android.stk
- 9,0,i,uid,1001,com.android.phone 9,0,i,uid,1027,com.android.nfc
- 9,0,i,uid,2000,com.android.shell
- 9,0,i,uid,10002,com.android.providers.calendar
- 9,0,i,uid,10003,com.android.cellbroadcastreceiver
- 9,0,i,uid,10004,com.android.providers.userdictionary
- 9,0,i,uid,10004,com.android.providers.contacts
- 9,0,i,uid,10005,com.google.android.apps.enterprise.dmagent
- 9,0,i,uid,10006,com.android.defcontainer
- 9,0,i,uid,10007,com.android.providers.media
- 9,0,i,uid,10007,com.android.providers.downloads
- 9,0,i,uid,10007,com.android.providers.downloads.ui
- 9,0,i,uid,10008,com.android.externalstorage
- 9,0,i,uid,10009,com.google.android.syncadapters.contacts
- 9,0,i,uid,10009,com.google.android.gms
- 9,0,i,uid,10009,com.google.android.gsf
- 9,0,i,uid,10009,com.google.android.gsf.login
- 9,0,i,uid,10009,com.google.android.backuptransport
- 9,0,i,uid,10011,com.google.android.dialer
- 9,0,i,uid,10013,com.google.android.onetimeinitializer
- 9,0,i,uid,10014,com.google.android.partnersetup
- 9,0,i,uid,10015,com.android.launcher
- 9,0,i,uid,10016,com.android.managedprovisioning
- 9,0,i,uid,10017,com.android.mms 9,0,i,uid,10018,com.android.musicfx
- 9,0,i,uid,10019,com.android.vending
- 9,0,i,uid,10022,com.android.sharedstoragebackup
- 9,0,i,uid,10023,com.android.systemui
- 9,0,i,uid,10025,com.google.android.googlequicksearchbox
- 9,0,i,uid,10027,com.google.android.apps.walletnfcrel
- 9,0,i,uid,10029,com.google.android.marvin.talkback
- 9,0,i,uid,10031,com.google.android.apps.books
- 9,0,i,uid,10034,com.google.android.calendar
- 9,0,i,uid,10037,com.android.chrome
- 9,0,i,uid,10039,com.google.android.configupdater
- 9,0,i,uid,10040,com.google.android.deskclock
- 9,0,i,uid,10041,com.android.documentsui
- 9,0,i,uid,10042,com.google.android.apps.docs
- 9,0,i,uid,10047,com.google.android.ears
- 9,0,i,uid,10054,com.google.android.talk
- 9,0,i,uid,10057,com.google.android.inputmethod.latin
- 9,0,i,uid,10061,com.google.android.music
- 9,0,i,uid,10064,com.android.packageinstaller
- 9,0,i,uid,10068,com.google.android.apps.plus
- 9,0,i,uid,10069,com.google.android.gm
- 9,0,i,uid,10070,com.google.android.keep
- 9,0,i,uid,10071,com.google.android.apps.genie.geniewidget
- 9,0,i,uid,10072,com.android.printspooler
- 9,0,i,uid,10076,com.google.android.videos
- 9,0,i,uid,10079,com.google.android.youtube
- 9,0,i,uid,10084,com.google.android.apps.magazines
- 9,0,i,dsd,1820451,97,s-,p- 9,0,i,dsd,3517481,98,s-,p-
- 9,0,l,bt,0,8548446,1000983,8566645,1019182,1418672206045,8541652,994188
- 9,0,l,gn,0,0,666932,495312,0,0,2104,1444
- 9,0,l,m,6794,0,8548446,8548446,0,0,0,666932,495312,0,697728,0,0,0,5797,0,0
- 9,0,l,br,9,0,6785,0,0 9,0,l,sgt,8548446,0,0,0,0 9,0,l,sst,9000
- 9,0,l,sgc,0,0,0,0,0 9,0,l,dct,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
- 9,0,l,dcc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 9,0,l,wst,0,0,0,0,0,0,0,0
- 9,0,l,wsc,0,0,0,0,0,0,0,0 9,0,l,wsst,0,0,0,0,0,0,0,52,0,0,8548394,0,0
- 9,0,l,wssc,0,0,0,0,0,0,0,2,0,0,2,0,0 9,0,l,wsgt,0,0,0,3016,8545430
- 9,0,l,wsgc,0,0,0,2,1 9,0,l,bst,0,0,0,0 9,0,l,bsc,0,0,0,0 9,0,l,dc,2,3,0,3
- 9,0,l,kwl,msm_ipc_read00000001:00000001,0,0
- 9,0,l,kwl,rpm_regulator_tcxo,0,0 9,0,l,kwl,wlan,25423,32
- 9,0,l,kwl,event4-648,0,0 9,0,l,kwl,qcril,187,2 9,0,l,kwl,ssr(dsps),0,0
- 9,0,l,kwl,bq51051b_wireless_chip,0,0 9,0,l,kwl,qmi0,0,0
- 9,0,l,kwl,event5-648,7755,1231
- 9,0,l,kwl,PowerManagerService.WakeLocks,680435,3908
- 9,0,l,kwl,msm_hsic_host,66258,35 9,0,l,kwl,qcom_sap_wakelock,0,0
- 9,0,l,kwl,sns_async_ev_wakelock,91954,1244 9,0,l,kwl,qmuxd_port_wl_12,0,0
- 9,0,l,kwl,pil-wcnss,0,0 9,0,l,kwl,event0-648,11364,1212
- 9,0,l,kwl,dofstrim,0,0 9,0,l,kwl,ssr(lpass),0,0
- 9,0,l,kwl,qmuxd_port_wl_11,0,0 9,0,l,kwl,event2-648,0,0
- 9,0,l,kwl,pil-vidc,0,0 9,0,l,kwl,mmc0,0,0
- 9,0,l,kwl,tabla_gpio_irq_resend,0,0 9,0,l,kwl,pil-q6,0,0
- 9,0,l,kwl,radio-interface,0,0 9,0,l,kwl,msm_ipc_read00000001:00000002,0,0
- 9,0,l,kwl,event3-648,8143,1231 9,0,l,kwl,ssr(wcnss),0,0
- 9,0,l,kwl,ssr(gss),0,0 9,0,l,kwl,KeyEvents,98,1263
- 9,0,l,kwl,unknown_wakeups,0,0 9,0,l,kwl,qmuxd_port_wl_10,0,0
- 9,0,l,kwl,pil-gss,0,0 9,0,l,kwl,qcom_rx_wakelock,161828,3205
- 9,0,l,kwl,ssr(external_modem),0,0 9,0,l,kwl,power-supply,228,23
- 9,0,l,kwl,pil-dsps,0,0 9,0,l,kwl,wcnss,0,0 9,0,l,kwl,msm_otg,0,0
- 9,0,l,kwl,pm8921_eoc,0,0 9,0,l,kwl,slimport_wake_lock,0,0
- 9,0,l,kwl,smsm_snapshot,0,0 9,0,l,kwl,suspend_backoff,239760,24
- 9,0,l,kwl,event1-648,9331,1212 9,0,l,kwl,main,429,0
- 9,0,l,kwl,alarm,2892,270 9,0,l,kwl,PowerManagerService.Display,432,1
- 9,0,l,kwl,qmi1,0,0 9,0,l,kwl,kickstart,211,1
- 9,0,l,kwl,qmuxd_port_wl_9,9,102 9,0,l,kwl,ear_hook,0,0
- 9,0,l,kwl,mmc0_detect,52,1232 9,0,l,kwl,deleted_wake_locks,0,0
- 9,0,l,kwl,PowerManagerService.Broadcasts,7331,0 9,0,l,kwl,qmi2,0,0
- 9,0,l,kwl,smd_sns_dsps,456,1340 9,0,l,kwl,alarm_rtc,36084,122
- 9,0,l,pws,2100,64.4,42.0,63.0 9,10009,l,pwi,uid,20.6 9,0,l,pwi,cell,18.5
- 9,0,l,pwi,idle,8.73 9,0,l,pwi,uid,5.46 9,1000,l,pwi,uid,5.11
- 9,0,l,pwi,wifi,3.28 9,10019,l,pwi,uid,0.847 9,10069,l,pwi,uid,0.408
- 9,0,l,pwi,scrn,0.385 9,10034,l,pwi,uid,0.322 9,10025,l,pwi,uid,0.185
- 9,0,l,pwi,blue,0.0273
- 9,0,l,pwi,cell,14.0
- 9,10002,l,pwi,uid,0.180 9,10023,l,pwi,uid,0.168 9,1001,l,pwi,uid,0.0297
- 9,10068,l,pwi,uid,0.0296 9,10057,l,pwi,uid,0.0234 9,1027,l,pwi,uid,0.0157
- 9,10079,l,pwi,uid,0.00905 9,10054,l,pwi,uid,0.00527
- 9,10005,l,pwi,uid,0.00341 9,10004,l,pwi,uid,0.00204
- 9,2000,l,pwi,uid,0.00192 9,10070,l,pwi,uid,0.00144
- 9,10061,l,pwi,uid,0.000860 9,10014,l,pwi,uid,0.000495
- 9,10040,l,pwi,uid,0.000286 9,1014,l,pwi,uid,0.00000157 9,0,l,pwi,over,1.36
- 9,0,l,nt,0,0,127699,11159,0,0,975,163,0,0
- 9,0,l,pr,file-storage,0,140,0,0,0,0 9,0,l,pr,TX_Thread,0,440,0,0,0,0
- 9,0,l,pr,flush-179:0,0,850,0,0,0,0 9,0,l,pr,sync_supers,10,0,0,0,0,0
- 9,0,l,pr,dhcpcd,0,30,0,0,0,0 9,0,l,pr,kauditd,50,10,0,0,0,0
- 9,0,l,pr,sdcard,20,110,0,0,0,0 9,0,l,pr,flush-0:18,40,100,0,0,0,0
- 9,0,l,pr,zygote,250,90,0,0,0,0 9,0,l,pr,bdi-default,0,610,0,0,0,0
- 9,0,l,pr,ueventd,940,2630,0,0,0,0 9,0,l,pr,kswapd0,0,180,0,0,0,0
- 9,0,l,pr,debuggerd,180,610,0,0,0,0 9,0,l,pr,jbd2/mmcblk0p20,0,50,0,0,0,0
- 9,0,l,pr,jbd2/mmcblk0p21,0,250,0,0,0,0
- 9,0,l,pr,jbd2/mmcblk0p22,0,90,0,0,0,0
- 9,0,l,pr,jbd2/mmcblk0p23,0,1150,0,0,0,0 9,0,l,pr,MC_Thread,0,1270,0,0,0,0
- 9,0,l,pr,adbd,10,40,0,0,0,0 9,0,l,pr,lmkd,360,990,0,0,0,0
- 9,0,l,pr,logd,1550,1670,0,0,0,0 9,0,l,pr,netd,80,330,0,0,0,0
- 9,0,l,pr,rild,160,0,0,0,0,0 9,0,l,pr,vold,50,100,0,0,0,0
- 9,0,l,pr,/init,0,70,0,0,0,0 9,0,l,pr,mpdecision,1400,7820,0,0,0,0
- 9,0,l,pr,khubd,0,10,0,0,0,0 9,0,l,pr,kthreadd,0,600,0,0,0,0
- 9,0,l,pr,kworker/0:0,0,3520,0,0,0,0 9,0,l,pr,sensors.qcom,380,720,0,0,0,0
- 9,0,l,pr,healthd,20,190,0,0,0,0 9,0,l,pr,thermald,60,360,0,0,0,0
- 9,0,l,pr,mmcqd/0,0,8700,0,0,0,0 9,0,l,pr,qseecomd,0,90,0,0,0,0
- 9,0,l,pr,ksoftirqd/0,0,420,0,0,0,0 9,0,l,pr,wpa_supplicant,170,160,0,0,0,0
- 9,0,l,pr,migration/0,0,1630,0,0,0,0 9,0,l,pr,migration/1,20,0,0,0,0,0
- 9,0,l,pr,RX_Thread,0,790,0,0,0,0 9,0,l,pr,netmgrd,40,20,0,0,0,0
- 9,1000,l,nt,0,0,11054,11216,0,0,26,29,0,0 9,1000,l,ua,2,0,0
- 9,1000,l,sr,5,6813,1 9,1000,l,wl,*alarm*,0,f,0,23856,p,151,0,w,0
- 9,1000,l,st,8548446,8548446,8548446 9,1000,l,pr,system,83310,35060,0,0,0,0
- 9,1000,l,pr,surfaceflinger,6620,9330,0,0,0,0 9,1000,l,pr,ks,0,60,0,0,0,0
- 9,1000,l,pr,qcks,0,90,0,0,0,0 9,1000,l,pr,efsks,0,50,0,0,0,0
- 9,1000,l,pr,com.android.server.telecom,110,100,0,0,0,0
- 9,1000,l,pr,servicemanager,40,110,0,0,0,0
- 9,1001,l,st,8548446,8548446,8548446 9,1001,l,pr,qmuxd,0,30,0,0,0,0
- 9,1001,l,pr,com.android.phone,450,300,0,0,0,0
- 9,1014,l,nt,0,0,3410,3370,0,0,10,10,0,0 9,1027,l,st,8548446,8548446,8548446
- 9,1027,l,pr,com.android.nfc,250,160,0,0,0,0
- 9,10002,l,apk,15,com.android.providers.calendar,com.android.providers.calendar.CalendarProviderIntentService,2383,15,15
- 9,10005,l,nt,0,0,1241,2488,0,0,6,10,0,0
- 9,10009,l,nt,0,0,232255,258511,0,0,472,600,0,0
- 9,10009,l,wfl,7689000,9814000,0
- 9,10009,l,jb,com.google.android.gms/.gcm.nts.TaskExecutionService,81,3
- 9,10009,l,sr,0,43643,46 9,10025,l,nt,0,0,152461,42850,0,0,267,243,0,0
- 9,10025,l,wfl,1593000,629000,0 9,10034,l,nt,0,0,77657,40093,0,0,172,170,0,0
- 9,10068,l,nt,0,0,11929,8383,0,0,50,47,0,0
- 9,10069,l,nt,0,0,41553,22886,0,0,85,91,0,0</pre>
-
- <h2 id="interpreting_the_output">Section identifiers</h2>
-
- <p>Command output for <code>batterystats</code> supports the following
- sections:</p>
-
- <table id="batterystats-section-ids">
-
- <tr>
- <th width="10%">Section Identifier</th>
- <th width="20%">Description</th>
- <th width="70%">Remaining Fields</th>
- </tr>
-
- <tr>
- <td><p>vers</p></td>
- <td><p>Version</p></td>
- <td><p>checkin version, parcel version, start platform version, end
- platform version</p></td>
- </tr>
-
- <tr>
- <td><p>uid</p></td>
- <td><p>UID</p></td>
- <td><p>uid, package name</p></td>
- </tr>
-
- <tr>
- <td><p>apk</p></td>
- <td><p>APK</p></td>
- <td><p>wakeups, APK, service, start time, starts, launches</p></td>
- </tr>
-
- <tr>
- <td><p>pr</p></td>
- <td><p>Process</p></td>
- <td><p>process, user, system, foreground, starts</p></td>
- </tr>
-
- <tr>
- <td><p>sr</p></td>
- <td><p>Sensor</p></td>
- <td><p>sensor number, time, count</p></td>
- </tr>
-
- <tr>
- <td><p>vib</p></td>
- <td><p>Vibrator</p></td>
- <td><p>time, count</p></td>
- </tr>
-
- <tr>
- <td><p>fg</p></td>
- <td><p>Foreground</p></td>
- <td><p>time, count</p></td>
- </tr>
-
- <tr>
- <td><p>st</p></td>
- <td><p>State Time</p></td>
- <td><p>foreground, active, running</p></td>
- </tr>
-
- <tr>
- <td><p>wl</p></td>
- <td><p>Wake lock</p></td>
- <td><p>wake lock, full time, 'f', full count, partial time, 'p', partial
- count, window time, 'w', window count</p></td>
- </tr>
-
- <tr>
- <td><p>sy</p></td>
- <td><p>Sync</p></td>
- <td><p>sync, time, count</p></td>
- </tr>
-
- <tr>
- <td><p>jb</p></td>
- <td><p>Job</p></td>
- <td><p>job, time, count</p></td>
- </tr>
-
- <tr>
- <td><p>kwl</p></td>
- <td><p>Kernel Wake Lock</p></td>
- <td><p>kernel wake lock, time, count</p></td>
- </tr>
-
- <tr>
- <td><p>wr</p></td>
- <td><p>Wakeup Reason</p></td>
- <td><p>wakeup reason, time, count</p></td>
- </tr>
-
- <tr>
- <td><p>nt</p></td>
- <td><p>Network</p></td>
- <td><p>mobile bytes RX, mobile bytes TX, Wi-Fi bytes RX, Wi-Fi bytes TX,
- mobile packets RX, mobile packets TX, Wi-Fi packets RX, Wi-Fi packets
- TX, mobile active time, mobile active count</p></td>
- </tr>
-
- <tr>
- <td><p>ua</p></td>
- <td><p>User Activity</p></td>
- <td><p>other, button, touch</p></td>
- </tr>
-
- <tr>
- <td><p>bt</p></td>
- <td><p>Battery</p></td>
- <td><p>start count, battery realtime, battery uptime, total realtime,
- total uptime, start clock time, battery screen off realtime, battery
- screen off uptime</p></td>
- </tr>
-
- <tr>
- <td><p>dc</p></td>
- <td><p>Battery Discharge</p></td>
- <td><p>low, high, screen on, screen off</p></td>
- </tr>
-
- <tr>
- <td><p>lv</p></td>
- <td><p>Battery Level</p></td>
- <td><p>start level, current level</p></td>
- </tr>
-
- <tr>
- <td><p>wfl</p></td>
- <td><p>Wi-Fi</p></td>
- <td><p>full Wi-Fi lock on time, Wi-Fi scan time, Wi-Fi running time, Wi-Fi
- scan count, Wi-Fi idle time, Wi-Fi receive time, Wi-Fi transmit time</p>
- </td>
- </tr>
-
- <tr>
- <td><p>gwfl</p></td>
- <td><p>Global Wi-Fi</p></td>
- <td><p>Wi-Fi on time, Wi-Fi running time, Wi-Fi idle time, Wi-Fi receive
- time, Wi-Fi transmit time, Wi-Fi power (mAh)</p></td>
- </tr>
-
- <tr>
- <td><p>gble</p></td>
- <td><p>Global Bluetooth</p></td>
- <td><p>BT idle time, BT receive time, BT transmit time, BT power (mAh)</p>
- </td>
- </tr>
-
- <tr>
- <td><p>m</p></td>
- <td><p>Misc</p></td>
- <td><p>screen on time, phone on time, full wakelock time total, partial
- wakelock time total, mobile radio active time, mobile radio active
- adjusted time, interactive time, power save mode enabled time,
- connectivity changes, device idle mode enabled time, device idle mode
- enabled count, device idling time, device idling count, mobile radio
- active count, mobile radio active unknown time</p></td>
- </tr>
-
- <tr>
- <td><p>gn</p></td>
- <td><p>Global Network</p></td>
- <td><p>mobile RX total bytes, mobile TX total bytes, Wi-Fi RX total
- bytes, Wi-Fi TX total bytes, mobile RX total packets, mobile TX total
- packets, Wi-Fi RX total packets, Wi-Fi TX total packets</p></td>
- </tr>
-
- <tr>
- <td><p>br</p></td>
- <td><p>Screen Brightness</p></td>
- <td><p>dark, dim, medium, light, bright</p></td>
- </tr>
-
- <tr>
- <td><p>sst</p></td>
- <td><p>Signal Scanning Time</p></td>
- <td><p>signal scanning time</p></td>
- </tr>
-
- <tr>
- <td><p>sgt</p></td>
- <td><p>Signal Strength Time</p></td>
- <td><p>none, poor, moderate, good, great</p></td>
- </tr>
-
- <tr>
- <td><p>sgc</p></td>
- <td><p>Signal Strength Count</p></td>
- <td><p>none, poor, moderate, good, great</p></td>
- </tr>
-
- <tr>
- <td><p>dct</p></td>
- <td><p>Data Connection Time</p></td>
- <td><p>none, GPRS, EDGE, UMTS, CDMA, EVDO_0, EVDO_A, 1xRTT, HSDPA, HSUPA,
- HSPA, IDEN, EVDO_B, LTE, EHRPD, HSPAP, other</p></td>
- </tr>
-
- <tr>
- <td><p>dcc</p></td>
- <td><p>Data Connection Count</p></td>
- <td><p>none, GPRS, EDGE, UMTS, CDMA, EVDO_0, EVDO_A, 1xRTT, HSDPA, HSUPA,
- HSPA, IDEN, EVDO_B, LTE, EHRPD, HSPAP, other</p></td>
- </tr>
-
- <tr>
- <td><p>wst</p></td>
- <td><p>Wi-Fi State Time</p></td>
- <td><p>off, off scanning, on no networks, on disconnected, on connected
- STA, on connected P2P, on connected STA P2P, soft AP</p></td>
- </tr>
-
- <tr>
- <td><p>wsc</p></td>
- <td><p>Wi-Fi State Count</p></td>
- <td><p>off, off scanning, on no networks, on disconnected, on connected
- STA, on connected P2P, on connected STA P2P, soft AP</p></td>
- </tr>
-
- <tr>
- <td><p>wsst</p></td>
- <td><p>Wi-Fi Supplicant State Time</p></td>
- <td><p>invalid, disconnected, interface disabled, inactive, scanning,
- authenticating, associating, associated, four-way handshake, group
- handshake, completed, dormant, uninitialized</p></td>
- </tr>
-
- <tr>
- <td><p>wssc</p></td>
- <td><p>Wi-Fi Supplicant State Count</p></td>
- <td><p>invalid, disconnected, interface disabled, inactive, scanning,
- authenticating, associating, associated, four-way handshake, group
- handshake, completed, dormant, uninitialized</p></td>
- </tr>
-
- <tr>
- <td><p>wsgt</p></td>
- <td><p>Wi-Fi Signal Strength Time</p></td>
- <td><p>none, poor, moderate, good, great</p></td>
- </tr>
-
- <tr>
- <td><p>wsgc</p></td>
- <td><p>Wi-Fi Signal Strength Count</p></td>
- <td><p>none, poor, moderate, good, great</p></td>
- </tr>
-
- <tr>
- <td><p>bst</p></td>
- <td><p>Bluetooth State Time</p></td>
- <td><p>inactive, low, med, high</p></td>
- </tr>
-
- <tr>
- <td><p>bsc</p></td>
- <td><p>Bluetooth State Count</p></td>
- <td><p>inactive, low, med, high</p></td>
- </tr>
-
- <tr>
- <td><p>pws</p></td>
- <td><p>Power Use Summary</p></td>
- <td><p>battery capacity, computed power, minimum drained power, maximum
- drained power</p></td>
- </tr>
-
- <tr>
- <td><p>pwi</p></td>
- <td><p>Power Use Item</p></td>
- <td><p>label, mAh</p></td>
- </tr>
-
- <tr>
- <td><p>dsd</p></td>
- <td><p>Discharge Step</p></td>
- <td><p>duration, level, screen, power-save</p></td>
- </tr>
-
- <tr>
- <td><p>csd</p></td>
- <td><p>Charge Step</p></td>
- <td><p>duration, level, screen, power-save</p></td>
- </tr>
-
- <tr>
- <td><p>dtr</p></td>
- <td><p>Discharge Time Remaining</p></td>
- <td><p>battery time remaining</p></td>
- </tr>
-
- <tr>
- <td><p>ctr</p></td>
- <td><p>Charge Time Remaining</p></td>
- <td><p>charge time remaining</p></td>
- </tr>
-
- </table>
-
-<h2 id="wifi-reqs">Bluetooth, cellular, and Wi-Fi usage</h2>
-
-<p>Support for battery usage data on Bluetooth, cellular, and Wi-Fi data
-requires the device Bluetooth, cellular, and Wif-Fi chipsets implement radio
-support and the chipset firmware passes usage data to the framework. OEMs must
-work with their chipset providers to facilitate in-field firmware updates on
-existing chipsets and compatible firmware on new chipsets.</p>
-
-<p>Additionally, OEMs must continue to configure and submit the power profile
-for their devices. However, when the platform detects that Bluetooth, cellular
-(as of Android 7.0), or Wi-Fi radio power data is available from the chipset, it
-uses chipset data instead of power profile data. For details, see
-<a href="/devices/tech/power/values.html#values">Power values</a>.</p>
-
-<p class="note"><strong>Note</strong>: Prior to Android 6.0, power use for
-Bluetooth radio, cellular radio, and Wi-Fi was tracked in the <em>m</em> (Misc)
-section category. In Android 6.0 and higher, power use for these components is
-tracked in the <em>pwi</em> (Power Use Item) section with individual labels
-(<em>wifi</em>, <em>blue</em>, <em>cell</em>) for each component.</p>
-
- </body>
-</html>
diff --git a/en/security/_toc.yaml b/en/security/_toc.yaml
index 61e02b7..c9c9e46 100644
--- a/en/security/_toc.yaml
+++ b/en/security/_toc.yaml
@@ -37,6 +37,8 @@
path: /security/advisory/
- title: 2017 Bulletins
section:
+ - title: July
+ path: /security/bulletin/2017-07-01
- title: June
path: /security/bulletin/2017-06-01
- title: May
diff --git a/en/security/bulletin/2017-04-01.html b/en/security/bulletin/2017-04-01.html
index 446616e..e80bb6e 100644
--- a/en/security/bulletin/2017-04-01.html
+++ b/en/security/bulletin/2017-04-01.html
@@ -116,7 +116,7 @@
<li>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>)
of Alpha Team, Qihoo 360 Technology Co. Ltd.: CVE-2017-0547</li>
<li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.:
- CVE-2017-6424, CVE-2017-0584, CVE-2017-0454, CVE-2017-0575, CVE-2017-0567</li>
+ CVE-2017-6424, CVE-2017-0584, CVE-2017-0454, CVE-2017-0574, CVE-2017-0575, CVE-2017-0567</li>
<li>Ian Foster (<a href="https://twitter.com/lanrat">@lanrat</a>): CVE-2017-0554</li>
<li>Jack Tang of Trend Micro Inc.: CVE-2017-0579</li>
<li>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) of <a
diff --git a/en/security/bulletin/2017-07-01.html b/en/security/bulletin/2017-07-01.html
new file mode 100644
index 0000000..3660f24
--- /dev/null
+++ b/en/security/bulletin/2017-07-01.html
@@ -0,0 +1,1779 @@
+<html devsite>
+ <head>
+ <title>Android Security Bulletin—July 2017</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ //www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<p><em>Published July 5, 2017 | Updated July 6, 2017</em></p>
+
+<p>The Android Security Bulletin contains details of security vulnerabilities
+affecting Android devices. Security patch levels of July 05, 2017 or later
+address all of these issues. Refer to the <a
+href="//support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel
+and Nexus update schedule</a> to learn how to check a device's security patch
+level.</p>
+
+<p>Partners were notified of the issues described in the bulletin at least a month
+ago. Source code patches for these issues have been released to the Android Open
+Source Project (AOSP) repository and linked from this bulletin. This bulletin also
+includes links to patches outside of AOSP.</p>
+
+<p>The most severe of these issues is a critical security vulnerability in media
+framework that could enable a remote attacker using a specially crafted file to
+execute arbitrary code within the context of a privileged process. The <a
+href="/security/overview/updates-resources.html#severity">severity
+assessment</a> is based on the effect that exploiting the vulnerability would
+possibly have on an affected device, assuming the platform and service
+mitigations are turned off for development purposes or if successfully bypassed.</p>
+
+<p>We have had no reports of active customer exploitation or abuse of these newly
+reported issues. Refer to the <a
+href="#mitigations">Android and Google Play
+Protect mitigations</a> section for details on the <a
+href="/security/enhancements/index.html">Android
+security platform protections</a> and Google Play Protect, which improve the
+security of the Android platform.</p>
+
+<p>We encourage all customers to accept these updates to their devices.</p>
+
+<p class="note"><strong>Note:</strong> Information on the latest over-the-air
+update (OTA) and firmware images for Google devices is available in the
+<a href="#google-device-updates">Google device updates</a> section.</p>
+
+<h2 id="announcements">Announcements</h2>
+<ul>
+ <li>This bulletin has two security patch level strings to provide Android
+ partners with the flexibility to more quickly fix a subset of vulnerabilities
+ that are similar across all Android devices. See <a
+ href="#common-questions-and-answers">Common questions and answers</a> for
+ additional information:
+ <ul>
+ <li><strong>2017-07-01</strong>: Partial security patch level string. This
+ security patch level string indicates that all issues associated with 2017-07-01
+ (and all previous security patch level strings) are addressed.</li>
+ <li><strong>2017-07-05</strong>: Complete security patch level string. This
+ security patch level string indicates that all issues associated with 2017-07-01
+ and 2017-07-05 (and all previous security patch level strings) are
+ addressed.</li>
+ </ul>
+ </li>
+</ul>
+
+<h2 id="mitigations">Android and Google Play Protect mitigations</h2>
+<p>This is a summary of the mitigations provided by the <a
+href="/security/enhancements/index.html">Android
+security platform</a> and service protections such as <a
+href="//www.android.com/play-protect">Google Play Protect</a>. These
+capabilities reduce the likelihood that security vulnerabilities could be
+successfully exploited on Android.</p>
+<ul>
+ <li>Exploitation for many issues on Android is made more difficult by
+ enhancements in newer versions of the Android platform. We encourage all users
+ to update to the latest version of Android where possible.</li>
+ <li>The Android security team actively monitors for abuse through <a
+ href="//www.android.com/play-protect">Google Play Protect</a> and warns
+ users about <a
+ href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially
+ Harmful Applications</a>. Google Play Protect is enabled by default on devices
+ with <a href="//www.android.com/gms">Google Mobile Services</a>, and is
+ especially important for users who install apps from outside of Google Play.
+ </li>
+</ul>
+
+<h2 id="2017-07-01-details">2017-07-01 security patch level—Vulnerability details</h2>
+<p>In the sections below, we provide details for each of the security
+vulnerabilities that apply to the 2017-07-01 patch level. Vulnerabilities are
+grouped under the component that they affect. There is a description of the
+issue and a table with the CVE, associated references, <a
+href="#common-questions-and-answers">type of vulnerability</a>, <a
+href="/security/overview/updates-resources.html#severity">severity</a>,
+and updated AOSP versions (where applicable). When available, we link the public
+change that addressed the issue to the bug ID, like the AOSP change list. When
+multiple changes relate to a single bug, additional references are linked to
+numbers following the bug ID.</p>
+
+<h3 id="runtime">Runtime</h3>
+<p>The most severe vulnerability in this section could enable a remote attacker
+using a specially crafted file to execute arbitrary code within the context of
+an unprivileged process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-3544</td>
+ <td><a href="https://android.googlesource.com/platform/libcore/+/c5dd90d62590425f04a261e0f6c927acca147f88">
+ A-35784677</a></td>
+ <td>RCE</td>
+ <td>Moderate</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+</table>
+<h3 id="framework">Framework</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application using a specially crafted file to execute arbitrary code within the
+context of an application that uses the library.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0664</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/59773dc2f213c3e645c7e04881afa0a8e6ffccca">
+ A-36491278</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0665</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/75edf04bf18d37df28fb58e1d75331ed4bcae230">
+ A-36991414</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0666</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/5fc2df253c089b53b3e235a3f237f96a98b53977">
+ A-37285689</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0667</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/5ac63e4547feaa7cb51ac81896250f47f367ffba">
+ A-37478824</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0668</td>
+ <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/b3e3325d23289a94e66d8ce36a53a7ccf7b52c6d">
+ A-22011579</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0669</td>
+ <td><a href="https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7b7ef84234cd3daea0e22025b908b0041885736c">
+ A-34114752</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0670</td>
+ <td><a href="https://android.googlesource.com/platform/bionic/+/e102faee8b2f87c28616e7f5453f9a11eea9b122">
+ A-36104177</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+</table>
+<h3 id="libraries">Libraries</h3>
+<p>The most severe vulnerability in this section could enable a remote attacker
+using a specially crafted file to execute arbitrary code within the context of
+an application that uses the library.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0671</td>
+ <td>A-34514762<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>High</td>
+ <td>4.4.4</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2109</td>
+ <td><a href="https://android.googlesource.com/platform/external/boringssl/+/ccb2efe8d3fccb4321e85048d67c8528e03d4652">
+ A-35443725</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0672</td>
+ <td><a href="https://android.googlesource.com/platform/external/skia/+/c4087ff5486d36a690c681affb668164ec0dd697">
+ A-34778578</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2</td>
+ </tr>
+</table>
+<h3 id="media-framework">Media framework</h3>
+<p>The most severe vulnerability in this section could enable a remote attacker
+using a specially crafted file to execute arbitrary code within the context of
+a privileged process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0540</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a92b39ff0c47d488b81fecd62ba85e48d386aa68">
+ A-33966031</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0673</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/381ccb2b7f2ba42490bafab6aa7a63a8212b396f">
+ A-33974623</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0674</td>
+ <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/1603112cccbab3dff66a7eb1b82e858c1749f34b">
+ A-34231163</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0675</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/726108468dcfdabb833b8d55333de53cf6350aaa">
+ A-34779227</a>
+ [<a href="https://android.googlesource.com/platform/external/libhevc/+/4395fc2288e3f692765c73fce416e831fdaa5463">2</a>]</td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0676</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/8e415eabb5d2abd2f2bd40a675339d967f81521b">
+ A-34896431</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0677</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/b8fee6a6d0a91fb5ddca8f54b0c891e25c1b65ae">
+ A-36035074</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0678</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/64bc0b8c0c495c487604d483aa57978db7f634be">
+ A-36576151</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0679</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/91cb6b1745f3e9d341cf6decc2b916cb1e4eea77">
+ A-36996978</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0680</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/989df73b34a7a698731cab3ee1e4a831a862fbe1">
+ A-37008096</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0681</td>
+ <td><a href="https://android.googlesource.com/platform/external/tremolo/+/822af05a1364d8dc6189dce5380a2703214dd799">
+ A-37208566</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0682</td>
+ <td>A-36588422<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0683</td>
+ <td>A-36591008<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0684</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c7c9271740c29c02e7926265ed53a44b8113dbfb">
+ A-35421151</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0685</td>
+ <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/680b75dabb90c8c2e22886826554ad1bc99b36f1">
+ A-34203195</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0686</td>
+ <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/b8d7e85c10cc22e1a5d81ec3d8a2e5bdd6102852">
+ A-34231231</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0688</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/62c07468bc26d1f9487c5298bb2a2f3740db13b1">
+ A-35584425</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0689</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/2210ff5600d3f965352a3074adff8fedddcf347e">
+ A-36215950</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0690</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1f418f10f4319fc829360b7efee7fca4b3880867">
+ A-36592202</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0691</td>
+ <td><a href="https://android.googlesource.com/platform/external/dng_sdk/+/c70264282305351abbec9b967333db4d896583b9">
+ A-36724453</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0692</td>
+ <td><a href="https://android.googlesource.com/platform/external/sonivox/+/6db482687caf12ea7d2d07d655b17413bc937c73">
+ A-36725407</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0693</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/632ff754836d22415136cb3f97fe4622c862ce81">
+ A-36993291</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0694</td>
+ <td><a href="https://android.googlesource.com/platform/external/sonivox/+/47750a5f1b19695ac64d6f7aa6e7e0918d3c8977">
+ A-37093318</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0695</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/cc5683451dd9be1491b54f215e9934d49f11cf70">
+ A-37094889</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0696</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/0d0ddb7cd7618ede5301803c526f066b95ce5089">
+ A-37207120</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0697</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c5eaf3ae70d5ea3a7d390294002e4cf9859b3578">
+ A-37239013</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0698</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1618337cac09284fddb5bb14b5e0cfe2946d3431">
+ A-35467458</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0699</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/989b2afc3ebb1bbb4c962e2aff1fd9b3149f83f1">
+ A-36490809</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+</table>
+<h3 id="system-ui">System UI</h3>
+<p>The most severe vulnerability in this section could enable a remote attacker
+using a specially crafted file to execute arbitrary code within the context of a
+privileged process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Updated AOSP versions</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0700</td>
+ <td><a href="https://android.googlesource.com/platform/external/libgdx/+/38889ebd9b9c682bd1b64fd251ecd69b504a6155">
+ A-35639138</a></td>
+ <td>RCE</td>
+ <td>High</td>
+ <td>7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0701</td>
+ <td><a href="https://android.googlesource.com/platform/external/libgdx/+/85e94f5b67c1beb9402c4de82bd481a5202470de">
+ A-36385715</a>
+ [<a href="https://android.googlesource.com/platform/external/libgdx/+/bd4c825d8fc5dd48f5c602e673ae210909b31fd0">2</a>]</td>
+ <td>RCE</td>
+ <td>High</td>
+ <td>7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0702</td>
+ <td><a href="https://android.googlesource.com/platform/external/libgdx/+/5d46e9a1784c02f347af107a978fe9fbd7af7fb2">
+ A-36621442</a></td>
+ <td>RCE</td>
+ <td>High</td>
+ <td>7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0703</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Settings/+/4af8f912aa1ee714638d0f9694d6f856bc8166f3">
+ A-33123882</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0704</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Settings/+/179f0e9512100b0a403aab8b2b4cf5510bb20bee">
+ A-33059280</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>7.1.1, 7.1.2</td>
+ </tr>
+</table>
+
+<h2 id="2017-07-05-details">2017-07-05 security patch level—Vulnerability details</h2>
+<p>In the sections below, we provide details for each of the security
+vulnerabilities that apply to the 2017-07-05 patch level. Vulnerabilities are
+grouped under the component that they affect and include details such as the
+CVE, associated references, <a href="#common-questions-and-answers">type of
+vulnerability</a>, <a
+href="/security/overview/updates-resources.html#severity">severity</a>,
+component (where applicable), and updated AOSP versions (where applicable). When
+available, we link the public change that addressed the issue to the bug ID,
+like the AOSP change list. When multiple changes relate to a single bug,
+additional references are linked to numbers following the bug ID.</p>
+
+<h3 id="broadcom-components">Broadcom components</h3>
+<p>The most severe vulnerability in this section could enable a proximate attacker
+to execute arbitrary code within the context of the kernel.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-9417</td>
+ <td>A-38041027<a href="#asterisk">*</a><br>
+ B-RB#123023</td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>Wi-Fi driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0705</td>
+ <td>A-34973477<a href="#asterisk">*</a><br>
+ B-RB#119898</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Wi-Fi driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0706</td>
+ <td>A-35195787<a href="#asterisk">*</a><br>
+ B-RB#120532</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Wi-Fi driver</td>
+ </tr>
+</table>
+<h3 id="htc-components">HTC components</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to execute arbitrary code within the context of a privileged
+process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0707</td>
+ <td>A-36088467<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>LED driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0708</td>
+ <td>A-35384879<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>Sound driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0709</td>
+ <td>A-35468048<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>Low</td>
+ <td>Sensor hub driver</td>
+ </tr>
+</table>
+<h3 id="kernel-components">Kernel components</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to execute arbitrary code within the context of a privileged
+process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6074</td>
+ <td>A-35784697<br>
+<a href="//git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4">Upstream
+kernel</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Networking subsystem</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-5970</td>
+ <td>A-35805460<br>
+<a href="//git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644">Upstream
+kernel</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>Networking subsystem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-5707</td>
+ <td>A-35841297<br>
+<a href="//git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81">Upstream kernel</a>
+[<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee">2</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>SCSI driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0710</td>
+ <td>A-34951864<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>TCB</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7308</td>
+ <td>A-36725304<br>
+<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b6867c2ce76c596676bec7d2d525af525fdc6e2">Upstream kernel</a>
+[<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b">2</a>]
+[<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcc5364bdcfe131e6379363f089e7b4108d35b70">3</a>]</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Networking driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9731</td>
+ <td>A-35841292<br>
+<a href="//git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14">Upstream
+kernel</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>File system</td>
+ </tr>
+</table>
+<h3 id="mediatek-components">MediaTek components</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to execute arbitrary code within the context of a privileged
+process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td> CVE-2017-0711</td>
+ <td>A-36099953<a href="#asterisk">*</a><br>
+ M-ALPS03206781</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Networking driver</td>
+ </tr>
+</table>
+<h3 id="nvidia-components">NVIDIA components</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to execute arbitrary code within the context of a privileged
+process.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0340</td>
+ <td>A-33968204<a href="#asterisk">*</a><br>
+ N-CVE-2017-0340</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Libnvparser</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0326</td>
+ <td>A-33718700<a href="#asterisk">*</a><br>
+ N-CVE-2017-0326</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>Video driver</td>
+ </tr>
+</table>
+<h3 id="qualcomm-components">Qualcomm components</h3>
+<p>The most severe vulnerability in this section could enable a local malicious
+application to execute arbitrary code within the context of the kernel.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-8255</td>
+ <td>A-36251983<br>
+<a href="//source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=cd42366a73b38c8867b66472f07d67a6eccde599">QC-CR#985205</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Bootloader</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10389</td>
+ <td>A-34500449<br>
+<a href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=031c27b4b8414bc93a14e773503d9bfc0fc890d2">QC-CR#1009145</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Bootloader</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8253</td>
+ <td>A-35400552<br>
+<a href="//www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=a5f07894058c4198f61e533d727b343c5be879b0">QC-CR#1086764</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Camera driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8262</td>
+ <td>A-32938443<br>
+<a href="//source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=9ef4ee8e3dfaf4e796bda781826851deebbd89bd">QC-CR#2029113</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>GPU driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8263</td>
+ <td>A-34126808<a href="#asterisk">*</a><br>
+ QC-CR#1107034</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Anonymous shared memory subsystem</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8267</td>
+ <td>A-34173755<a href="#asterisk">*</a><br>
+ QC-CR#2001129</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Anonymous shared memory subsystem</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8273</td>
+ <td>A-35400056<br>
+<a href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=dfe6691ba301c769179cabab12d74d4e952462b9">QC-CR#1094372</a>
+[<a
+href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=30d94c33dec0ffedc875d7853635a9773921320a">2</a>]</td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>Bootloader</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5863</td>
+ <td>A-36251182<br>
+<a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93">QC-CR#1102936</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>USB HID driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8243</td>
+ <td>A-34112490<a href="#asterisk">*</a><br>
+ QC-CR#2001803</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>SoC driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8246</td>
+ <td>A-37275839<br>
+<a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=30baaec8afb05abf9f794c631ad944838d498ab8">QC-CR#2008031</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Sound driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8256</td>
+ <td>A-37286701<br>
+<a href="//source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=75e1e00d6b3cd4cb89fd5314a60c333aa0b03230">QC-CR#1104565</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Wi-Fi driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8257</td>
+ <td>A-37282763<br>
+<a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0f19fbd00c6679bbc524f7a6d0fc3d54cfd1c9ae">QC-CR#2003129</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Video driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8259</td>
+ <td>A-34359487<br>
+<a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=68020103af00280393da10039b968c95d68e526c">QC-CR#2009016</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>SoC driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8260</td>
+ <td>A-34624155<br>
+<a href="//source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=8f236391e5187c05f7f4b937856944be0af7aaa5">QC-CR#2008469</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Camera driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8261</td>
+ <td>A-35139833<a href="#asterisk">*</a><br>
+ QC-CR#2013631</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Camera driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8264</td>
+ <td>A-33299365<a href="#asterisk">*</a><br>
+ QC-CR#1107702</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Camera driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8265</td>
+ <td>A-32341313<br>
+<a href="//source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=193813a21453ccc7fb6b04bedf881a6feaaa015f">QC-CR#1109755</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Video driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8266</td>
+ <td>A-33863407<br>
+<a href="//source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=42627c94cf8c189332a6f5bfdd465ea662777911">QC-CR#1110924</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Video driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8268</td>
+ <td>A-34620535<a href="#asterisk">*</a><br>
+ QC-CR#2002207</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Camera driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8270</td>
+ <td>A-35468665<a href="#asterisk">*</a><br>
+ QC-CR#2021363</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Wi-Fi driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8271</td>
+ <td>A-35950388<a href="#asterisk">*</a><br>
+ QC-CR#2028681</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Video driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8272</td>
+ <td>A-35950805<a href="#asterisk">*</a><br>
+ QC-CR#2028702</td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>Video driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8254</td>
+ <td>A-36252027<br>
+<a href="//source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=70afce1d9be745005c48fd565c01ce452a565e7e">QC-CR#832914</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>Sound driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8258</td>
+ <td>A-37279737<br>
+<a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=31e2a2f0f2f3615cefd4400c707709bbc3e26170">QC-CR#2005647</a></td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>Camera driver</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8269</td>
+ <td>A-33967002<a href="#asterisk">*</a><br>
+ QC-CR#2013145</td>
+ <td>ID</td>
+ <td>Moderate</td>
+ <td>IPA Driver</td>
+ </tr>
+</table>
+<h3 id="qualcomm-closed-source-components">Qualcomm closed-source
+components</h3>
+<p>These vulnerabilities affect Qualcomm components and are described in further
+detail in Qualcomm AMSS security bulletins in 2014-2016. They are included in
+this Android security bulletin in order to associate their fixes with an Android
+security patch level. Fixes for these vulnerabilities are available directly
+from Qualcomm.</p>
+
+<table>
+ <col width="17%">
+ <col width="19%">
+ <col width="9%">
+ <col width="14%">
+ <col width="39%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Type</th>
+ <th>Severity</th>
+ <th>Component</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9411</td>
+ <td>A-37473054<a href="#asterisk">*</a><br>
+ QC-CR#532956</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9968</td>
+ <td>A-37304413<a href="#asterisk">*</a><br>
+ QC-CR#642084</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9973</td>
+ <td>A-37470982<a href="#asterisk">*</a><br>
+ QC-CR#646919</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9974</td>
+ <td>A-37471979<a href="#asterisk">*</a><br>
+ QC-CR#654072</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9975</td>
+ <td>A-37471230<a href="#asterisk">*</a><br>
+ QC-CR#700125</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9977</td>
+ <td>A-37471087<a href="#asterisk">*</a><br>
+ QC-CR#703002</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9978</td>
+ <td>A-37468982<a href="#asterisk">*</a><br>
+ QC-CR#709939</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9979</td>
+ <td>A-37471088<a href="#asterisk">*</a><br>
+ QC-CR#717304</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9980</td>
+ <td>A-37471029<a href="#asterisk">*</a><br>
+ QC-CR#709766</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-0575</td>
+ <td>A-37296999<a href="#asterisk">*</a><br>
+ QC-CR#715815</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8592</td>
+ <td>A-37470090<a href="#asterisk">*</a><br>
+ QC-CR#775396</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Core</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8595</td>
+ <td>A-37472411<a href="#asterisk">*</a><br>
+ QC-CR#790151</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8596</td>
+ <td>A-37472806<a href="#asterisk">*</a><br>
+ QC-CR#802005</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9034</td>
+ <td>A-37305706<a href="#asterisk">*</a><br>
+ QC-CR#614512</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9035</td>
+ <td>A-37303626<a href="#asterisk">*</a><br>
+ QC-CR#750231</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9036</td>
+ <td>A-37303519<a href="#asterisk">*</a><br>
+ QC-CR#751831</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9037</td>
+ <td>A-37304366<a href="#asterisk">*</a><br>
+ QC-CR#753315</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9038</td>
+ <td>A-37303027<a href="#asterisk">*</a><br>
+ QC-CR#758328</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9039</td>
+ <td>A-37302628<a href="#asterisk">*</a><br>
+ QC-CR#760282</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9040</td>
+ <td>A-37303625<a href="#asterisk">*</a><br>
+ QC-CR#761216</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9041</td>
+ <td>A-37303518<a href="#asterisk">*</a><br>
+ QC-CR#762126</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9042</td>
+ <td>A-37301248<a href="#asterisk">*</a><br>
+ QC-CR#762214</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9043</td>
+ <td>A-37305954<a href="#asterisk">*</a><br>
+ QC-CR#762954</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9044</td>
+ <td>A-37303520<a href="#asterisk">*</a><br>
+ QC-CR#764858</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9045</td>
+ <td>A-37302136<a href="#asterisk">*</a><br>
+ QC-CR#766189</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9046</td>
+ <td>A-37301486<a href="#asterisk">*</a><br>
+ QC-CR#767335</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9047</td>
+ <td>A-37304367<a href="#asterisk">*</a><br>
+ QC-CR#779285</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9048</td>
+ <td>A-37305707<a href="#asterisk">*</a><br>
+ QC-CR#795960</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9049</td>
+ <td>A-37301488<a href="#asterisk">*</a><br>
+ QC-CR#421589, QC-CR#817165</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9050</td>
+ <td>A-37302137<a href="#asterisk">*</a><br>
+ QC-CR#830102</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9051</td>
+ <td>A-37300737<a href="#asterisk">*</a><br>
+ QC-CR#837317</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9052</td>
+ <td>A-37304217<a href="#asterisk">*</a><br>
+ QC-CR#840483</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9053</td>
+ <td>A-37301249<a href="#asterisk">*</a><br>
+ QC-CR#843808</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9054</td>
+ <td>A-37303177<a href="#asterisk">*</a><br>
+ QC-CR#856077</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9055</td>
+ <td>A-37472412<a href="#asterisk">*</a><br>
+ QC-CR#806464</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Core</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9060</td>
+ <td>A-37472807<a href="#asterisk">*</a><br>
+ QC-CR#817343</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9061</td>
+ <td>A-37470436<a href="#asterisk">*</a><br>
+ QC-CR#824195</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9062</td>
+ <td>A-37472808<a href="#asterisk">*</a><br>
+ QC-CR#802039</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9067</td>
+ <td>A-37474000<a href="#asterisk">*</a><br>
+ QC-CR#848926</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9068</td>
+ <td>A-37470144<a href="#asterisk">*</a><br>
+ QC-CR#851114</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9069</td>
+ <td>A-37470777<a href="#asterisk">*</a><br>
+ QC-CR#854496</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9070</td>
+ <td>A-37474001<a href="#asterisk">*</a><br>
+ QC-CR#877102</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9071</td>
+ <td>A-37471819<a href="#asterisk">*</a><br>
+ QC-CR#877276</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9072</td>
+ <td>A-37474002<a href="#asterisk">*</a><br>
+ QC-CR#877361</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9073</td>
+ <td>A-37473407<a href="#asterisk">*</a><br>
+ QC-CR#878073</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10343</td>
+ <td>A-32580186<a href="#asterisk">*</a><br>
+ QC-CR#972213</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10344</td>
+ <td>A-32583954<a href="#asterisk">*</a><br>
+ QC-CR#1022360</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Modem</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10346</td>
+ <td>A-37473408<a href="#asterisk">*</a><br>
+ QC-CR#896584</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Core</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10347</td>
+ <td>A-37471089<a href="#asterisk">*</a><br>
+ QC-CR#899671</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Core</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10382</td>
+ <td>A-28823584<a href="#asterisk">*</a><br>
+ QC-CR#944014</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10383</td>
+ <td>A-28822389<a href="#asterisk">*</a><br>
+ QC-CR#960624</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10388</td>
+ <td>A-32580294<a href="#asterisk">*</a><br>
+ QC-CR#992749</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10391</td>
+ <td>A-32583804<a href="#asterisk">*</a><br>
+ QC-CR#970283</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>WConnect</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5871</td>
+ <td>A-37473055<a href="#asterisk">*</a><br>
+ QC-CR#883013</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5872</td>
+ <td>A-37472809<a href="#asterisk">*</a><br>
+ QC-CR#886220</td>
+ <td>N/A</td>
+ <td>High</td>
+ <td>Secure systems group</td>
+ </tr>
+</table>
+<h2 id="google-device-updates">Google device updates</h2>
+<p>This table contains the security patch level in the latest over-the-air update
+(OTA) and firmware images for Google devices. The Google device firmware images
+are available on the <a
+href="//developers.google.com/android/nexus/images">Google Developer
+site</a>.</p>
+
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Google device</th>
+ <th>Security patch level</th>
+ </tr>
+ <tr>
+ <td>Pixel / Pixel XL</td>
+ <td>July 05, 2017</td>
+ </tr>
+ <tr>
+ <td>Nexus 5X</td>
+ <td>July 05, 2017</td>
+ </tr>
+ <tr>
+ <td>Nexus 6</td>
+ <td>July 05, 2017</td>
+ </tr>
+ <tr>
+ <td>Nexus 6P</td>
+ <td>July 05, 2017</td>
+ </tr>
+ <tr>
+ <td>Nexus 9</td>
+ <td>July 05, 2017</td>
+ </tr>
+ <tr>
+ <td>Nexus Player</td>
+ <td>July 05, 2017</td>
+ </tr>
+ <tr>
+ <td>Pixel C</td>
+ <td>July 05, 2017</td>
+ </tr>
+</table>
+<h2 id="acknowledgements">Acknowledgements</h2>
+<p>We would like to thank these researchers for their contributions:</p>
+
+<table>
+ <col width="17%">
+ <col width="83%">
+ <tr>
+ <th>CVEs</th>
+ <th>Researchers</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0711</td>
+ <td>Chengming Yang, Baozeng Ding, and Yang Song of Alibaba Mobile Security
+Group</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0706</td>
+ <td>Daxing Guo (<a href="//twitter.com/freener0">@freener0</a>) of
+Xuanwu Lab, Tencent</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8260</td>
+ <td>Derrek (<a href="//twitter.com/derrekr6">@derrekr6</a>) and Scott
+Bauer</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8265</td>
+ <td>Di Shen (<a href="//twitter.com/returnsme?lang=en">@returnsme</a>)
+of KeenLab (<a href="//twitter.com/keen_lab?lang=en">@keen_lab</a>),
+Tencent</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0703</td>
+ <td><a href="//fb.me/dzimka">Dzmitry Lukyanenka</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0692, CVE-2017-0694</td>
+ <td>Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd.</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8266, CVE-2017-8243, CVE-2017-8270</td>
+ <td>Gengjia Chen (<a
+href="//twitter.com/chengjia4574">@chengjia4574</a>) and <a
+href="//weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 Technology Co.
+Ltd.</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0665, CVE-2017-0681</td>
+ <td><a href="mailto:arnow117@gmail.com">Hanxiang Wen</a>, Mingjian Zhou (<a
+href="//twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang
+of <a href="//c0reteam.org">C0RE Team</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8268, CVE-2017-8261</td>
+ <td>Jianqiang Zhao (<a
+href="//twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a
+href="//weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0698</td>
+ <td>Joey Brand of Census Consulting Inc.</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0666, CVE-2017-0684</td>
+ <td>Mingjian Zhou (<a
+href="//twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), <a
+href="mailto:zc1991@mail.ustc.edu.cn">Chi Zhang</a>, and Xuxian Jiang of <a
+href="//c0reteam.org">C0RE Team</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0697, CVE-2017-0670</td>
+ <td><a href="mailto:jiych.guru@gmail.com">Niky1235</a> (<a
+href="//twitter.com/jiych_guru">@jiych_guru</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-9417</td>
+ <td>Nitay Artenstein of Exodus Intelligence</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0705, CVE-2017-8259</td>
+ <td><a href="//twitter.com/ScottyBauer1">Scott Bauer</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0667</td>
+ <td>Timothy Becker of CSS Inc.</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642, CVE-2017-0682, CVE-2017-0683, CVE-2017-0676,
+CVE-2017-0696,CVE-2017-0675, CVE-2017-0701, CVE-2017-0702, CVE-2017-0699</td>
+ <td>Vasily Vasiliev</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0695, CVE-2017-0689, CVE-2017-0540, CVE-2017-0680,
+CVE-2017-0679, CVE-2017-0685, CVE-2017-0686, CVE-2017-0693,CVE-2017-0674,
+CVE-2017-0677</td>
+ <td>V.E.O (<a href="//twitter.com/vysea">@VYSEa</a>) of <a
+href="//blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile
+Threat Response Team</a>, <a href="//www.trendmicro.com">Trend Micro</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0708</td>
+ <td>Xiling Gong of Tencent Security Platform Department</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0690</td>
+ <td>Yangkang (<a href="//twitter.com/dnpushme">@dnpushme</a>) and
+Liyadong of Qihoo 360 Qex Team</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8269, CVE-2017-8271, CVE-2017-8272, CVE-2017-8267</td>
+ <td>Yonggang Guo (<a href="//twitter.com/guoygang">@guoygang</a>) of
+IceSword Lab, Qihoo 360 Technology Co. Ltd.</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8264, CVE-2017-0326, CVE-2017-0709</td>
+ <td>Yuan-Tsung Lo (<a
+href="mailto:computernik@gmail.com">computernik@gmail.com</a>) and Xuxian Jiang
+of <a href="//c0reteam.org">C0RE Team</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0704, CVE-2017-0669</td>
+ <td>Yuxiang Li (<a href="//twitter.com/xbalien29">@Xbalien29</a>) of
+Tencent Security Platform Department</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0678</td>
+ <td><a href="//weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security
+Response Center, Qihoo 360 Technology Co. Ltd.</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0691, CVE-2017-0700</td>
+ <td><a href="//weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security
+Response Center, Qihoo 360 Technology Co. Ltd. and Ao Wang (<a
+href="//twitter.com/ArayzSegment">@ArayzSegment</a>) of <a
+href="//www.pwnzen.com/">Pangu Team</a></td>
+ </tr>
+</table>
+<h2 id="common-questions-and-answers">Common questions and answers</h2>
+<p>This section answers common questions that may occur after reading this
+bulletin.</p>
+
+<p><strong>1. How do I determine if my device is updated to address these issues?
+</strong></p>
+
+<p>To learn how to check a device's security patch level, read the instructions on
+the <a href="//support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel
+and Nexus update schedule</a>.</p>
+<ul>
+ <li>Security patch levels of 2017-07-01 or later address all issues associated
+ with the 2017-07-01 security patch level.</li>
+ <li>Security patch levels of 2017-07-05 or later address all issues associated
+ with the 2017-07-05 security patch level and all previous patch levels.</li>
+</ul>
+<p>Device manufacturers that include these updates should set the patch string
+level to:</p>
+<ul>
+ <li>[ro.build.version.security_patch]:[2017-07-01]</li>
+ <li>[ro.build.version.security_patch]:[2017-07-05]</li>
+</ul>
+<p><strong>2. Why does this bulletin have two security patch levels?</strong></p>
+
+<p>This bulletin has two security patch levels so that Android partners have the
+flexibility to fix a subset of vulnerabilities that are similar across all
+Android devices more quickly. Android partners are encouraged to fix all issues
+in this bulletin and use the latest security patch level.</p>
+<ul>
+ <li>Devices that use the July 01, 2017 security patch level must include all
+ issues associated with that security patch level, as well as fixes for all
+ issues reported in previous security bulletins.</li>
+ <li>Devices that use the security patch level of July 05, 2017 or newer must
+ include all applicable patches in this (and previous) security
+ bulletins.</li>
+</ul>
+<p>Partners are encouraged to bundle the fixes for all issues they are addressing
+in a single update.</p>
+
+<p><strong>3. What do the entries in the <em>Type</em> column mean?</strong></p>
+
+<p>Entries in the <em>Type</em> column of the vulnerability details table reference
+the classification of the security vulnerability.</p>
+
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Abbreviation</th>
+ <th>Definition</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>Remote code execution</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>Elevation of privilege</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>Information disclosure</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>Denial of service</td>
+ </tr>
+ <tr>
+ <td>N/A</td>
+ <td>Classification not available</td>
+ </tr>
+</table>
+
+<p><strong>4. What do the entries in the <em>References</em> column mean?</strong></p>
+
+<p>Entries under the <em>References</em> column of the vulnerability details table
+may contain a prefix identifying the organization to which the reference value
+belongs.</p>
+
+<table>
+ <col width="25%">
+ <col width="75%">
+ <tr>
+ <th>Prefix</th>
+ <th>Reference</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android bug ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm reference number</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek reference number</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA reference number</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom reference number</td>
+ </tr>
+</table>
+
+<p id="asterisk"><strong>5. What does a * next to the Android bug ID in the <em>References</em>
+column mean?</strong></p>
+
+<p>Issues that are not publicly available have a * next to the Android bug ID in
+the <em>References</em> column. The update for that issue is generally contained
+in the latest binary drivers for Nexus devices available from the <a
+href="//developers.google.com/android/nexus/drivers">Google Developer
+site</a>.</p>
+
+<h2 id="versions">Versions</h2>
+<table>
+ <col width="25%">
+ <col width="25%">
+ <col width="50%">
+ <tr>
+ <th>Version</th>
+ <th>Date</th>
+ <th>Notes</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>July 5, 2017</td>
+ <td>Bulletin published.</td>
+ </tr>
+ <tr>
+ <td>1.1</td>
+ <td>July 6, 2017</td>
+ <td>Bulletin revised to include AOSP links.</td>
+ </tr>
+</table>
+</body>
+</html>
diff --git a/en/security/bulletin/2017.html b/en/security/bulletin/2017.html
index dcaad8f..b6531fe 100644
--- a/en/security/bulletin/2017.html
+++ b/en/security/bulletin/2017.html
@@ -37,16 +37,30 @@
<th>Security patch level</th>
</tr>
<tr>
- <td><a href="2017-06-01.html">June 2017</a></td>
+ <td><a href="2017-07-01.html">July 2017</a></td>
<td>Coming soon
<!--
+ <a href="/security/bulletin/2017-07-01.html">English</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=ja">日本語</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=ru">ру́сский</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">中文 (中国)</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">中文 (台灣)</a>
+ -->
+ </td>
+ <td>July 5, 2017</td>
+ <td>2017-07-01<br>
+ 2017-07-05</td>
+ </tr>
+ <tr>
+ <td><a href="2017-06-01.html">June 2017</a></td>
+ <td>
<a href="/security/bulletin/2017-06-01.html">English</a> /
<a href="/security/bulletin/2017-06-01.html?hl=ja">日本語</a> /
<a href="/security/bulletin/2017-06-01.html?hl=ko">한국어</a> /
<a href="/security/bulletin/2017-06-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2017-06-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2017-06-01.html?hl=zh-tw">中文 (台灣)</a>
- -->
</td>
<td>June 5, 2017</td>
<td>2017-06-01<br>
diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html
index 29967c8..94f405c 100644
--- a/en/security/bulletin/index.html
+++ b/en/security/bulletin/index.html
@@ -22,7 +22,8 @@
-->
-
+<p class="note"><strong>Checking if your device is up-to-date?</strong>
+Look at <em>Google device updates</em> in the most recent bulletin.</p>
<p>Security has always been a major focus for Android and Google Play: Android was
built from day one with security in mind. Monthly device updates are an
important tool to make and keep Android users safe. This page contains the
@@ -75,16 +76,30 @@
<th>Security patch level</th>
</tr>
<tr>
- <td><a href="/security/bulletin/2017-06-01.html">June 2017</a></td>
+ <td><a href="/security/bulletin/2017-07-01.html">July 2017</a></td>
<td>Coming soon
<!--
+ <a href="/security/bulletin/2017-07-01.html">English</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=ja">日本語</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=ko">한국어</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=ru">ру́сский</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=zh-cn">中文 (中国)</a> /
+ <a href="/security/bulletin/2017-07-01.html?hl=zh-tw">中文 (台灣)</a>
+ -->
+ </td>
+ <td>July 5, 2017</td>
+ <td>2017-07-01<br>
+ 2017-07-05</td>
+ </tr>
+ <tr>
+ <td><a href="/security/bulletin/2017-06-01.html">June 2017</a></td>
+ <td>
<a href="/security/bulletin/2017-06-01.html">English</a> /
<a href="/security/bulletin/2017-06-01.html?hl=ja">日本語</a> /
<a href="/security/bulletin/2017-06-01.html?hl=ko">한국어</a> /
<a href="/security/bulletin/2017-06-01.html?hl=ru">ру́сский</a> /
<a href="/security/bulletin/2017-06-01.html?hl=zh-cn">中文 (中国)</a> /
<a href="/security/bulletin/2017-06-01.html?hl=zh-tw">中文 (台灣)</a>
- -->
</td>
<td>June 5, 2017</td>
<td>2017-06-01<br>
diff --git a/en/security/encryption/file-based.html b/en/security/encryption/file-based.html
index 37750fa..0a01a93 100644
--- a/en/security/encryption/file-based.html
+++ b/en/security/encryption/file-based.html
@@ -33,6 +33,13 @@
and how system applications can be updated to take full advantage of the new
Direct Boot APIs and offer users the best, most secure experience possible.
</p>
+
+<p class="warning"><strong>Warning:</strong> File-based encryption cannot
+currently be used together with <a
+href="/devices/storage/adoptable.html">adoptable storage</a>. On devices using
+file-based encryption, new storage media (such as an SD card) must be used as
+<a href="/devices/storage/traditional.html">traditional storage</a>.</p>
+
<h2 id="direct-boot">Direct Boot</h2>
<p>
File-based encryption enables a new feature introduced in Android 7.0 called <a
diff --git a/en/security/keystore/features.html b/en/security/keystore/features.html
index 6d48792..238f0d7 100644
--- a/en/security/keystore/features.html
+++ b/en/security/keystore/features.html
@@ -272,19 +272,19 @@
<ul>
<li><code>KM_TAG_ALL_USERS</code> indicates the key is usable by all users. If
- present, <code>KM_TAG_USER_ID</code> and <code>KM_TAG_SECURE_USER_ID</code> must not be present.
+ present, <code>KM_TAG_USER_ID</code> and <code>KM_TAG_USER_SECURE_ID</code> must not be present.
<li><code>KM_TAG_USER_ID</code> has a numeric value specifying the ID of the authorized user.
Note that this
is the Android user ID (for multi-user), not the application UID, and it is
enforced by non-secure software only. If present, <code>KM_TAG_ALL_USERS</code> must not be present.
- <li><code>KM_TAG_SECURE_USER_ID</code> has a 64-bit numeric value specifying the secure user ID
+ <li><code>KM_TAG_USER_SECURE_ID</code> has a 64-bit numeric value specifying the secure user ID
that must be provided
in a secure authentication token to unlock use of the key. If repeated, the key
may be used if any of the values is provided in a secure authentication token.
</ul>
<p>The second set indicate whether and when the user must be authenticated. If
-neither of these tags is present, but <code>KM_TAG_SECURE_USER_ID</code> is, authentication is
+neither of these tags is present, but <code>KM_TAG_USER_SECURE_ID</code> is, authentication is
required for every use of the key.</p>
<ul>
diff --git a/en/security/overview/acknowledgements.html b/en/security/overview/acknowledgements.html
index 1460e75..8870b84 100644
--- a/en/security/overview/acknowledgements.html
+++ b/en/security/overview/acknowledgements.html
@@ -45,6 +45,9 @@
<p>Amir Cohen of Ben Gurion University Cyber Lab</p>
+<p>Ao Wang (<a href="//twitter.com/ArayzSegment">@ArayzSegment</a>)
+ of <a href="//www.pwnzen.com/">Pangu Team</a></p>
+
<p>Dr. Asaf Shabtai of Ben Gurion University Cyber Lab</p>
<p>Baozeng Ding of Alibaba Mobile Security Group</p>
@@ -59,6 +62,9 @@
<p>Chengming Yang of Alibaba Mobile Security Group</p>
+<p><a href="mailto:zc1991@mail.ustc.edu.cn">Chi Zhang</a>of
+ <a href="//c0reteam.org">C0RE Team</a></p>
+
<p>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)
of <a href="http://c0reteam.org">C0RE Team</a></p>
@@ -84,6 +90,8 @@
<p>Ecular Xu (徐健) of Trend Micro</p>
+<p>Elphet of Alpha Team, Qihoo 360 Technology Co. Ltd.</p>
+
<p>En He (<a href="http://twitter.com/heeeeen4x">@heeeeen4x</a>) of
<a href="http://www.ms509.com">MS509Team</a></p>
@@ -137,6 +145,8 @@
<p>Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)
of IceSword Lab, Qihoo 360</p>
+<p>Joey Brand of Census Consulting Inc.</p>
+
<p>Jon Sawyer (<a href="http://twitter.com/jcase">@jcase</a>)</p>
<p>Juhu Nie of Xiaomi Inc.</p>
@@ -182,6 +192,8 @@
<p>Ning You of Alibaba Mobile Security Group</p>
+<p>Nitay Artenstein of Exodus Intelligence</p>
+
<p>Omer Shwartz of Ben Gurion University Cyber Lab</p>
<p>Peide Zhang of Vulpecker Team, Qihoo 360 Technology Co. Ltd.</p>
@@ -231,7 +243,7 @@
<p>Svetoslav Ganov of Google</p>
-<p>Tim Becker</p>
+<p>Timothy Becker of CSS Inc.</p>
<p><a href="mailto:segfault5514@gmail.com">Tong Lin</a>
of <a href="http://c0reteam.org">C0RE Team</a></p>
diff --git a/en/security/selinux/validate.html b/en/security/selinux/validate.html
index 93ecc05..85f3bc4 100644
--- a/en/security/selinux/validate.html
+++ b/en/security/selinux/validate.html
@@ -125,10 +125,18 @@
<p>To use it, run:</p>
-<pre class="devsite-terminal devsite-click-to-copy">
-adb shell su root dmesg | audit2allow -p $OUT/root/sepolicy
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">adb pull /sys/fs/selinux/policy</code>
+<code class="devsite-terminal">adb logcat -b all -d | audit2allow -p policy</code>
</pre>
+<p class="note"><strong>Note</strong>: Running these commands does not change
+bugreport.txt because all logs are already there, including the ones from
+before the last reboot. On devices running an OTA or development flash, old
+and new violations are mixed until another reboot. To address this, reboot
+the device again or filter LAST_KMSG and LAST_LOGCAT from your bugreport.
+</p>
+
<p>Nevertheless, care must be taken to examine each potential addition for
overreaching permissions. For example, feeding audit2allow the
<code>rmt_storage</code> denial shown earlier results in the following
diff --git a/en/security/verifiedboot/verified-boot.html b/en/security/verifiedboot/verified-boot.html
index e907dcb..07b43d6 100644
--- a/en/security/verifiedboot/verified-boot.html
+++ b/en/security/verifiedboot/verified-boot.html
@@ -187,9 +187,10 @@
<td><code>flashing lock</code></td>
<td>
<ul>
- <li>Wipe data after asking the user for confirmation
- <li>Clear a write-protected bit, readable by the bootloader, indicating
- the device is unlocked
+ <li>Wipes data after asking the user for confirmation.
+ <li>Clears a write-protected bit to lock the device.
+ Because the bit is write-protected, only the
+ bootloader can change it.
</ul>
</td>
</tr>
@@ -198,10 +199,11 @@
<td>
<ul>
<li>If the unlock device setting has not been enabled by the user,
- abort unlocking
- <li>Wipe data after asking the user for confirmation
- <li>Set a write-protected bit, readable by the bootloader, indicating
- the device is unlocked
+ aborts unlocking
+ <li>Wipes data after asking the user for confirmation
+ <li>Sets a write-protected bit to unlock the device.
+ Because the bit is write-protected, only the
+ bootloader can change it.
</ul>
</td>
</tr>
diff --git a/en/source/build-numbers.html b/en/source/build-numbers.html
index 5b977c6..3a7f1ee 100644
--- a/en/source/build-numbers.html
+++ b/en/source/build-numbers.html
@@ -197,6 +197,43 @@
</thead>
<tbody>
<tr>
+ <td>NZH54B</td>
+ <td>android-7.1.2_r27</td>
+ <td>Nougat</td>
+ <td>Pixel XL, Pixel</td>
+ </tr>
+ <tr>
+ <tr>
+ <td>NKG47M</td>
+ <td>android-7.1.2_r25</td>
+ <td>Nougat</td>
+ <td>Pixel XL, Pixel</td>
+ </tr>
+ <tr>
+ <td>NJH47D</td>
+ <td>android-7.1.2_r24</td>
+ <td>Nougat</td>
+ <td>Pixel XL, Pixel</td>
+ </tr>
+ <tr>
+ <td>NHG47O</td>
+ <td>android-7.1.2_r23</td>
+ <td>Nougat</td>
+ <td>Pixel XL, Pixel</td>
+ </tr>
+ <tr>
+ <td>N2G48B</td>
+ <td>android-7.1.2_r19</td>
+ <td>Nougat</td>
+ <td>Nexus 6P, Nexus Player, Pixel C</td>
+ </tr>
+ <tr>
+ <td>N2G47Z</td>
+ <td>android-7.1.2_r18</td>
+ <td>Nougat</td>
+ <td>Nexus 5X</td>
+ </tr>
+ <tr>
<td>NJH47B</td>
<td>android-7.1.2_r17</td>
<td>Nougat</td>
@@ -293,6 +330,24 @@
<td>Pixel C</td>
</tr>
<tr>
+ <td>N9F27F</td>
+ <td>android-7.1.1_r46</td>
+ <td>Nougat</td>
+ <td>Nexus 9 (volantis)</td>
+ </tr>
+ <tr>
+ <td>N6F27H</td>
+ <td>android-7.1.1_r45</td>
+ <td>Nougat</td>
+ <td>Nexus 6</td>
+ </tr>
+ <tr>
+ <td>N4F27I</td>
+ <td>android-7.1.1_r44</td>
+ <td>Nougat</td>
+ <td>Nexus 9 (volantisg)</td>
+ </tr>
+ <tr>
<td>N9F27C</td>
<td>android-7.1.1_r43</td>
<td>Nougat</td>
diff --git a/en/source/building.html b/en/source/building.html
index aada660..a499252 100644
--- a/en/source/building.html
+++ b/en/source/building.html
@@ -27,10 +27,6 @@
branches, including <code>master</code>. The basic sequence of build commands
is as follows:</p>
-<p class="note"><strong>Note:</strong> If you're building Android 6.0 or later,
-please see <a href="jack.html">Compiling with Jack</a> for information on this
-new default toolchain.</p>
-
<h2 id="obtaining-proprietary-binaries">Obtain proprietary binaries</h2>
<p>AOSP cannot be used from pure source code only and requires additional
diff --git a/en/source/code-style.html b/en/source/code-style.html
index ab35a9a..b13feb4 100644
--- a/en/source/code-style.html
+++ b/en/source/code-style.html
@@ -23,10 +23,17 @@
-<p>The code styles below are strict rules, not guidelines or recommendations.
-Contributions to Android that do not adhere to these rules are generally <em>not
-accepted</em>. We recognize that not all existing code follows these rules, but
-we expect all new code to be compliant.</p>
+<p>The code styles below are strict rules for contributing Java code to the
+Android Open Source Project (AOSP). Contributions to the Android platform that
+do not adhere to these rules are generally <em>not accepted</em>. We recognize
+that not all existing code follows these rules, but we expect all new code to
+be compliant.</p>
+
+<p class="note"><strong>Note:</strong> These rules are intended for the Android
+platform and are not required of Android app developers. App developers may
+follow the standard of their choosing, such as the <a
+href="https://google.github.io/styleguide/javaguide.html">Google Java Style
+Guide</a>.</p>
<h2 id="java-language-rules">Java Language Rules</h2>
<p>Android follows standard Java coding conventions with the additional rules
diff --git a/en/source/downloading.html b/en/source/downloading.html
index 1821aca..7599338 100644
--- a/en/source/downloading.html
+++ b/en/source/downloading.html
@@ -71,7 +71,7 @@
For version 1.22, the SHA-1 checksum for repo is da0514e484f74648a890c0467d61ca415379f791
</p>
<p>
- For version 1.23, the SHA-1 checksum for repo is ac9d646f6d699f6822a6bc787d3e7338ae7ab6ed
+ For version 1.23, the SHA-256 checksum for repo is e147f0392686c40cfd7d5e6f332c6ee74c4eab4d24e2694b3b0a0c037bf51dc5
</p>
<h2 id="initializing-a-repo-client">
Initializing a Repo client
diff --git a/en/source/using-repo.html b/en/source/using-repo.html
index 9fc473f..2c0d62a 100644
--- a/en/source/using-repo.html
+++ b/en/source/using-repo.html
@@ -127,15 +127,16 @@
</li>
<li>
<p>For each commit in the series, enter the Gerrit change ID inside the brackets:</p>
-<pre><code># Replacing from branch foo
+<pre><code># Replacing from branch foo
[ 3021 ] 35f2596c Refactor part of GetUploadableBranches to lookup one specific...
-[ 2829 ] ec18b4ba Update proto client to support patch set replacments
+[ 2829 ] ec18b4ba Update proto client to support patch set replacments
# Insert change numbers in the brackets to add a new patch set.
# To create a new change record, leave the brackets empty.
</code></pre>
</li>
</ul>
<p>After the upload is complete the changes will have an additional Patch Set.</p>
+<p>If you only want to upload the currently checked out Git branch, you can use the flag <code>--current-branch</code> (or <code>--cbr</code> for short).</p>
<h2 id="diff">diff</h2>
<pre class="devsite-terminal devsite-click-to-copy">
diff --git a/ja/security/bulletin/2017-06-01.html b/ja/security/bulletin/2017-06-01.html
new file mode 100644
index 0000000..9e49ec1
--- /dev/null
+++ b/ja/security/bulletin/2017-06-01.html
@@ -0,0 +1,1269 @@
+<html devsite><head>
+ <title>Android のセキュリティに関する公開情報 - 2017 年 6 月</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<p><em>2017 年 6 月 5 日公開 | 2017 年 6 月 7 日更新</em></p>
+
+<p>Android のセキュリティに関する公開情報には、Android 搭載端末に影響を与えるセキュリティの脆弱性の詳細を掲載しています。2017 年 6 月 5 日以降のセキュリティ パッチ レベルでは、下記のすべての問題に対処しています。端末のセキュリティ パッチ レベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel と Nexus のアップデート スケジュール</a>をご覧ください。</p>
+
+<p>パートナーには、この公開情報に記載の問題について 1 か月前までに通知済みです。Android オープンソース プロジェクト(AOSP)のレポジトリに、下記の問題に対するソースコードのパッチをリリースします。また、この公開情報では、これらのパッチへのリンクに加え、AOSP 以外のパッチへのリンクも掲載しています。</p>
+
+<p>下記の問題のうち最も重大度の高いものは、メディア フレームワークに重大なセキュリティの脆弱性があるため、離れた場所にいる攻撃者が特別に細工したファイルを使用して、メディア ファイルやデータの処理中にメモリ破壊を引き起こすおそれがあることです。<a href="/security/overview/updates-resources.html#severity">重大度の判定</a>は、攻撃を受けた端末でその脆弱性が悪用された場合の影響に基づくもので、プラットフォームやサービスでのリスク軽減策が開発目的で無効にされるか不正に回避された場合を前提としています。</p>
+
+<p>この新たに報告された問題によって実際のユーザー端末が不正使用された報告はありません。<a href="/security/enhancements/index.html">Android セキュリティ プラットフォームの保護</a>や <a href="https://www.android.com/play-protect">Google Play プロテクト</a>について詳しくは、<a href="#mitigations">Android と Google Play プロテクトのリスク軽減策</a>をご覧ください。こうした保護は、Android プラットフォームのセキュリティを改善します。</p>
+
+<p>ご利用の端末で上記の更新を行うことをすべてのユーザーにおすすめします。</p>
+
+<p class="note"><strong>注:</strong> 最新の無線(OTA)アップデートと Google 端末のファームウェア イメージについての情報は、<a href="#google-device-updates">Google 端末のアップデート</a>でご覧いただけます。</p>
+
+<h2 id="announcements">お知らせ</h2>
+<ul>
+ <li>毎月のセキュリティに関する公開情報を読みやすく変更しました。今回の変更の一環として、影響を受けるコンポーネントごとに脆弱性の情報を分類し、それぞれのセキュリティ パッチ レベル内にコンポーネント名の順に記載しています。また、Google 端末ごとの情報は<a href="#google-device-updates">専用のセクション</a>に掲載しています。</li>
+ <li>この公開情報では、2 つのセキュリティ パッチ レベル文字列を定義しています。これは、すべての Android 搭載端末で同様の問題が発生する一部の脆弱性をサブセットとし、Android パートナーが迅速かつ柔軟に修正できるようにするためです。詳しくは、<a href="#common-questions-and-answers">一般的な質問と回答</a>をご覧ください。
+ <ul>
+ <li><strong>2017-06-01</strong>: 部分的に対処したセキュリティ パッチ レベル文字列。このセキュリティ パッチ レベル文字列は、2017-06-01(およびそれ以前のすべてのセキュリティ パッチ レベル文字列)に関連するすべての問題に対処していることを示します。</li>
+ <li><strong>2017-06-05</strong>: 完全に対処したセキュリティ パッチ レベル文字列。このセキュリティ パッチ レベル文字列は、2017-06-01 と 2017-06-05(およびそれ以前のすべてのセキュリティ パッチ レベル文字列)に関連するすべての問題に対処していることを示します。</li>
+ </ul>
+ </li>
+</ul>
+
+<h2 id="mitigations">Android と Google Play プロテクトのリスク軽減策</h2>
+<p>ここでは、<a href="/security/enhancements/index.html">Android セキュリティ プラットフォーム</a>の保護と <a href="https://www.android.com/play-protect">Google Play プロテクト</a>のようなサービスの保護によるリスクの軽減について概説します。こうした機能は、Android でセキュリティの脆弱性が悪用される可能性を減らします。</p>
+<ul>
+ <li>Android プラットフォームの最新版での機能強化により、Android にある多くの問題の悪用が困難になります。Google では、すべてのユーザーに対し、できる限り最新バージョンの Android に更新することをおすすめしています。</li>
+ <li>Android セキュリティ チームは、<a href="https://www.android.com/play-protect">Google Play プロテクト</a>によって脆弱性の悪用を積極的に監視しており、<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">有害なおそれのあるアプリ</a>についてユーザーに警告しています。Google Play プロテクトは、<a href="http://www.android.com/gms">Google モバイル サービス</a>を搭載した端末ではデフォルトで有効になっており、Google Play 以外からアプリをインストールするユーザーにとっては特に重要です。</li>
+</ul>
+
+<h2 id="2017-06-01-details">セキュリティ パッチ レベル 2017-06-01 の脆弱性の詳細</h2>
+<p>パッチレベル 2017-06-01 に該当するセキュリティ脆弱性の各項目について、下記に詳細を説明します。脆弱性は、影響を受けるコンポーネントごとに分類しています。問題の内容について説明し、CVE、関連する参照先、<a href="#vulnerability-type">脆弱性の種類</a>、<a href="/security/overview/updates-resources.html#severity">重大度</a>、更新対象の AOSP バージョン(該当する場合)を表にまとめています。その問題に対処した、一般公開されている変更(AOSP の変更の一覧など)がある場合は、そのバグ ID にリンクを設定しています。複数の変更が同じバグに関係する場合は、バグ ID の後に記載した番号に、追加の参照へのリンクを設定しています。</p>
+
+<h3 id="bluetooth">Bluetooth</h3>
+<p>Bluetooth に重大な脆弱性があるため、悪意のあるローカルアプリが権限レベルの範囲外のデータにアクセスするおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>更新対象の AOSP バージョン</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0639</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/f196061addcc56878078e5684f2029ddbf7055ff">A-35310991</a></td>
+ <td>ID</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/14b7d7e1537af60b7bca6c7b9e55df0dc7c6bf41">A-35385327</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/2bcdf8ec7db12c5651c004601901f1fc25153f2c">A-33899337</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries">ライブラリ</h3>
+<p>ライブラリに重大な脆弱性があるため、離れた場所にいる攻撃者が特別に細工したファイルを使用して、権限のないプロセス内で任意のコードを実行するおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>更新対象の AOSP バージョン</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-8871</td>
+ <td>A-35443562<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-8332</td>
+ <td>A-37761553<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5131</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/0eff71008becb7f2c2b4509708da4b79985948bb">A-36554209</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-4658</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/8ea80f29ea5fdf383ee3ae59ce35e55421a339f8">A-36554207</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0663</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc">A-37104170</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7376</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4">A-36555370</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-5056</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/3f571b1bb85cf56903f06bab3a820182115c5541">A-36809819</a></td>
+ <td>RCE</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7375</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa">A-36556310</a></td>
+ <td>RCE</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/3d6a43155c702bce0e7e2a93a67247b5ce3946a5">A-36392138</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-1839</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/ff20cd797822dba8569ee518c44e6864d6b4ebfa">A-36553781</a></td>
+ <td>DoS</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="media-framework">メディア フレームワーク</h3>
+<p>メディア フレームワークに重大な脆弱性があるため、離れた場所にいる攻撃者が特別に細工したファイルを使用して、メディア ファイルやデータの処理中にメモリ破壊を引き起こすおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>更新された AOSP のバージョン</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0637</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258">A-34064500</a></td>
+ <td>RCE</td>
+ <td>重大</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0391</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/14bc1678a80af5be7401cf750ab762ae8c75cc5a">A-32322258</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td>A-33129467<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>6.0、6.0.1、7.0、7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0641</td>
+ <td><a href="https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb">A-34360591</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d">A-34819017</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643</td>
+ <td>A-35645051<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0644</td>
+ <td>A-35472997<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
+ </tr>
+</tbody></table>
+<h3 id="system-ui">システム UI</h3>
+<p>システム UI に重大な脆弱性があるため、攻撃者が特別に細工したファイルを使用して、権限のないプロセス内で任意のコードを実行するおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>更新対象の AOSP バージョン</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0638</td>
+ <td><a href="https://android.googlesource.com/platform/external/libgdx/+/a98943dd4aece3024f023f00256607d50dcbcd1e">A-36368305</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>7.1.1、7.1.2</td>
+ </tr>
+</tbody></table>
+<h2 id="2017-06-05-details">セキュリティ パッチ レベル 2017-06-05 の脆弱性の詳細</h2>
+<p>パッチレベル 2017-06-05 に該当するセキュリティ脆弱性の各項目について、下記に詳細を説明します。影響を受けるコンポーネントごとに脆弱性を分類し、CVE、関連する参照先、<a href="#vulnerability-type">脆弱性の種類</a>、<a href="/security/overview/updates-resources.html#severity">重大度</a>、コンポーネント(該当する場合)、更新対象の AOSP バージョン(該当する場合)などの詳細を記載しています。その問題に対処した、一般公開されている変更(AOSP の変更の一覧など)がある場合は、そのバグ ID にリンクを設定しています。複数の変更が同じバグに関係する場合は、バグ ID の後に記載した番号に、追加の参照へのリンクを設定しています。</p>
+
+<h3 id="kernel-components">カーネル コンポーネント</h3>
+<p>カーネル コンポーネントに重大な脆弱性があるため、悪意のあるローカルアプリによってカーネル内で任意のコードが実行されるおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>コンポーネント</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td>A-36101220<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>FIQ デバッガ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td>A-35644815<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>低</td>
+ <td>ION サブシステム</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries-05">ライブラリ</h3>
+<p>ライブラリに重大な脆弱性があるため、離れた場所にいる攻撃者が特別に細工したファイルを使用して、機密情報にアクセスできるおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>更新された AOSP のバージョン</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-7995</td>
+ <td>A-36810065<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>4.4.4</td>
+ </tr>
+</tbody></table>
+<h3 id="mediatek-components">MediaTek コンポーネント</h3>
+<p>MediaTek コンポーネントに重大な脆弱性があるため、悪意のあるローカルアプリによってカーネル内で任意のコードが実行されるおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>コンポーネント</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>A-35310230<a href="#asterisk">*</a><br />
+ M-ALPS03162263</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>コマンドキュー ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>A-34468195<a href="#asterisk">*</a><br />
+ M-ALPS03162283</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>サウンド ドライバ</td>
+ </tr>
+</tbody></table>
+<h3 id="nvidia-components">NVIDIA コンポーネント</h3>
+<p>NVIDIA コンポーネントに重大な脆弱性があるため、悪意のあるローカルアプリによってカーネル内で任意のコードが実行されるおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>コンポーネント</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6247</td>
+ <td>A-34386301<a href="#asterisk">*</a><br />
+ N-CVE-2017-6247</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>サウンド ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6248</td>
+ <td>A-34372667<a href="#asterisk">*</a><br />
+ N-CVE-2017-6248</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>サウンド ドライバ</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-components">Qualcomm コンポーネント</h3>
+<p>Qualcomm コンポーネントに重大な脆弱性があるため、近くにいる攻撃者によってカーネル内で任意のコードが実行されるおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>コンポーネント</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-7371</td>
+ <td>A-36250786<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e02e63b8014f7a0a5ea17a5196fb4ef1283fd1fd">QC-CR#1101054</a></td>
+ <td>RCE</td>
+ <td>重大</td>
+ <td>Bluetooth ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7365</td>
+ <td>A-32449913<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=da49bf21d1c19a6293d33c985066dc0273c476db">QC-CR#1017009</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>ブートローダ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7366</td>
+ <td>A-36252171<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f4c9ffd6cd7960265f38e285ac43cbecf2459e45">QC-CR#1036161</a>
+[<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7c4d5736d32f91f0cafe6cd86d00e26389970b00">2</a>]</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>GPU ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7367</td>
+ <td>A-34514708<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=07174af1af48c60a41c7136f0c80ffdf4ccc0b57">QC-CR#1008421</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>ブートローダ</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5861</td>
+ <td>A-36251375<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d">QC-CR#1103510</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>ビデオドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5864</td>
+ <td>A-36251231<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a">QC-CR#1105441</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>サウンド ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6421</td>
+ <td>A-36251986<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b">QC-CR#1110563</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>MStar タッチスクリーン ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7364</td>
+ <td>A-36252179<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3ce6c47d2142fcd2c4c1181afe08630aaae5a267">QC-CR#1113926</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>ビデオドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td>A-33452365<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=143ef972be1621458930ea3fc1def5ebce7b0c5d">QC-CR#1103085</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>サウンド ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369</td>
+ <td>A-33751424<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=75ed08a822cf378ffed0d2f177d06555bd77a006">QC-CR#2009216</a>
+[<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ae8f1d5f60644983aba7fbab469d0e542a187c6e">2</a>]</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>サウンド ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>A-34328139<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=970edf007fbe64b094437541a42477d653802d85">QC-CR#2006159</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>ビデオドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7372</td>
+ <td>A-36251497<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=1806be003731d6d4be55e5b940d14ab772839e13">QC-CR#1110068</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>ビデオドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7373</td>
+ <td>A-36251984<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=e5eb0d3aa6fe62ee437a2269a1802b1a72f61b75">QC-CR#1090244</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>ビデオドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>A-34621613<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64b7bc25e019dd07e8042e0a6ec6dc6a1dd0c385">QC-CR#2004036</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>カメラドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8234</td>
+ <td>A-36252121<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6266f954a52641f550ef71653ea83c80bdd083be">QC-CR#832920</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>カメラドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8235</td>
+ <td>A-36252376<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7e4424a1b5f6a6536066cca7aac2c3a23fd39f6f">QC-CR#1083323</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>カメラドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>A-35047217<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db">QC-CR#2009606</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>IPA ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8237</td>
+ <td>A-36252377<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=342d16ac6fb01e304ec75344c693257e00628ecf">QC-CR#1110522</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>ネットワーク ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>A-34327981<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6a3b8afdf97e77c0b64005b23fa6d32025d922e5">QC-CR#2009231</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Secure Execution Environment Communicator ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8239</td>
+ <td>A-36251230<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=01db0e012f86b8ba6974e5cb9905261a552a0610">QC-CR#1091603</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>カメラドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8240</td>
+ <td>A-36251985<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=22b8b6608174c1308208d5bc6c143f4998744547">QC-CR#856379</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>ピン コントローラ ドライバ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241</td>
+ <td>A-34203184<br />
+ <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=90213394b7efb28fa511b2eaebc1343ae3b54724">QC-CR#1069175</a></td>
+ <td>ID</td>
+ <td>低</td>
+ <td>Wi-Fi ドライバ</td>
+ </tr>
+</tbody></table>
+<h3 id="synaptics-components">Synaptics コンポーネント</h3>
+<p>Synaptics コンポーネントに重大な脆弱性があるため、悪意のあるローカルアプリが権限レベルの範囲外のデータにアクセスするおそれがあります。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>コンポーネント</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>A-35472278<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>低</td>
+ <td>タッチスクリーン ドライバ</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-closed-source-components">Qualcomm クローズドソース コンポーネント</h3>
+<p>Qualcomm コンポーネントに影響する脆弱性は次のとおりです。詳細については、2014~2016 年の Qualcomm AMSS のセキュリティに関する公開情報をご覧ください。これらは Android のセキュリティ パッチ レベルとの関連付けのため、今回の「Android のセキュリティに関する公開情報」に追記されています。ここに記載されている脆弱性の修正は、Qualcomm から直接入手できます。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参照</th>
+ <th>タイプ</th>
+ <th>重大度</th>
+ <th>コンポーネント</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9960</td>
+ <td>A-37280308<a href="#asterisk">*</a><br />
+ QC-CR#381837</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9961</td>
+ <td>A-37279724<a href="#asterisk">*</a><br />
+ QC-CR#581093</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9953</td>
+ <td>A-36714770<a href="#asterisk">*</a><br />
+ QC-CR#642173</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9967</td>
+ <td>A-37281466<a href="#asterisk">*</a><br />
+ QC-CR#739110</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9026</td>
+ <td>A-37277231<a href="#asterisk">*</a><br />
+ QC-CR#748397</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9027</td>
+ <td>A-37279124<a href="#asterisk">*</a><br />
+ QC-CR#748407</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9008</td>
+ <td>A-36384689<a href="#asterisk">*</a><br />
+ QC-CR#762111</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9009</td>
+ <td>A-36393600<a href="#asterisk">*</a><br />
+ QC-CR#762182</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9010</td>
+ <td>A-36393101<a href="#asterisk">*</a><br />
+ QC-CR#758752</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9011</td>
+ <td>A-36714882<a href="#asterisk">*</a><br />
+ QC-CR#762167</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9024</td>
+ <td>A-37265657<a href="#asterisk">*</a><br />
+ QC-CR#740680</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9012</td>
+ <td>A-36384691<a href="#asterisk">*</a><br />
+ QC-CR#746617</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9013</td>
+ <td>A-36393251<a href="#asterisk">*</a><br />
+ QC-CR#814373</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9014</td>
+ <td>A-36393750<a href="#asterisk">*</a><br />
+ QC-CR#855220</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9015</td>
+ <td>A-36714120<a href="#asterisk">*</a><br />
+ QC-CR#701858</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9029</td>
+ <td>A-37276981<a href="#asterisk">*</a><br />
+ QC-CR#827837</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10338</td>
+ <td>A-37277738<a href="#asterisk">*</a><br />
+ QC-CR#987699</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10336</td>
+ <td>A-37278436<a href="#asterisk">*</a><br />
+ QC-CR#973605</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10333</td>
+ <td>A-37280574<a href="#asterisk">*</a><br />
+ QC-CR#947438</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10341</td>
+ <td>A-37281667<a href="#asterisk">*</a><br />
+ QC-CR#991476</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10335</td>
+ <td>A-37282802<a href="#asterisk">*</a><br />
+ QC-CR#961142</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10340</td>
+ <td>A-37280614<a href="#asterisk">*</a><br />
+ QC-CR#989028</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10334</td>
+ <td>A-37280664<a href="#asterisk">*</a><br />
+ QC-CR#949933</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10339</td>
+ <td>A-37280575<a href="#asterisk">*</a><br />
+ QC-CR#988502</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10298</td>
+ <td>A-36393252<a href="#asterisk">*</a><br />
+ QC-CR#1020465</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10299</td>
+ <td>A-32577244<a href="#asterisk">*</a><br />
+ QC-CR#1058511</td>
+ <td>なし</td>
+ <td>重大</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9954</td>
+ <td>A-36388559<a href="#asterisk">*</a><br />
+ QC-CR#552880</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9955</td>
+ <td>A-36384686<a href="#asterisk">*</a><br />
+ QC-CR#622701</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9956</td>
+ <td>A-36389611<a href="#asterisk">*</a><br />
+ QC-CR#638127</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9957</td>
+ <td>A-36387564<a href="#asterisk">*</a><br />
+ QC-CR#638984</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9958</td>
+ <td>A-36384774<a href="#asterisk">*</a><br />
+ QC-CR#638135</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9962</td>
+ <td>A-37275888<a href="#asterisk">*</a><br />
+ QC-CR#656267</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9963</td>
+ <td>A-37276741<a href="#asterisk">*</a><br />
+ QC-CR#657771</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9959</td>
+ <td>A-36383694<a href="#asterisk">*</a><br />
+ QC-CR#651900</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9964</td>
+ <td>A-37280321<a href="#asterisk">*</a><br />
+ QC-CR#680778</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9965</td>
+ <td>A-37278233<a href="#asterisk">*</a><br />
+ QC-CR#711585</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9966</td>
+ <td>A-37282854<a href="#asterisk">*</a><br />
+ QC-CR#727398</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9023</td>
+ <td>A-37276138<a href="#asterisk">*</a><br />
+ QC-CR#739802</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9020</td>
+ <td>A-37276742<a href="#asterisk">*</a><br />
+ QC-CR#733455</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9021</td>
+ <td>A-37276743<a href="#asterisk">*</a><br />
+ QC-CR#735148</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9025</td>
+ <td>A-37276744<a href="#asterisk">*</a><br />
+ QC-CR#743985</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9022</td>
+ <td>A-37280226<a href="#asterisk">*</a><br />
+ QC-CR#736146</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9028</td>
+ <td>A-37277982<a href="#asterisk">*</a><br />
+ QC-CR#762764</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9031</td>
+ <td>A-37275889<a href="#asterisk">*</a><br />
+ QC-CR#866015</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9032</td>
+ <td>A-37279125<a href="#asterisk">*</a><br />
+ QC-CR#873202</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9033</td>
+ <td>A-37276139<a href="#asterisk">*</a><br />
+ QC-CR#892541</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9030</td>
+ <td>A-37282907<a href="#asterisk">*</a><br />
+ QC-CR#854667</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10332</td>
+ <td>A-37282801<a href="#asterisk">*</a><br />
+ QC-CR#906713<br />
+ QC-CR#917701<br />
+ QC-CR#917702</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10337</td>
+ <td>A-37280665<a href="#asterisk">*</a><br />
+ QC-CR#977632</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10342</td>
+ <td>A-37281763<a href="#asterisk">*</a><br />
+ QC-CR#988941</td>
+ <td>なし</td>
+ <td>高</td>
+ <td>クローズドソース コンポーネント</td>
+ </tr>
+</tbody></table>
+<h2 id="google-device-updates">Google 端末のアップデート</h2>
+<p>この表には最新の無線(OTA)アップデートと Google 端末のファームウェア イメージのセキュリティ パッチ レベルを記載しています。Google 端末のファームウェア イメージは、<a href="https://developers.google.com/android/nexus/images">Google デベロッパー サイト</a>で入手できます。</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>Google 端末</th>
+ <th>セキュリティ パッチ レベル</th>
+ </tr>
+ <tr>
+ <td>Pixel / Pixel XL</td>
+ <td>2017-06-05</td>
+ </tr>
+ <tr>
+ <td>Nexus 5X</td>
+ <td>2017-06-05</td>
+ </tr>
+ <tr>
+ <td>Nexus 6</td>
+ <td>2017-06-05</td>
+ </tr>
+ <tr>
+ <td>Nexus 6P</td>
+ <td>2017-06-05</td>
+ </tr>
+ <tr>
+ <td>Nexus 9</td>
+ <td>2017-06-05</td>
+ </tr>
+ <tr>
+ <td>Nexus Player</td>
+ <td>2017-06-05</td>
+ </tr>
+ <tr>
+ <td>Pixel C </td>
+ <td>2017-06-05</td>
+ </tr>
+</tbody></table>
+<h2 id="acknowledgements">謝辞</h2>
+<p>調査にご協力くださった下記の皆様方に感謝いたします(敬称略)。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="83%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>研究者</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643、CVE-2017-0641</td>
+ <td>Trend Micro の Ecular Xu(徐健)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645、CVE-2017-0639</td>
+ <td><a href="http://www.ms509.com">MS509Team</a> の En He(<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>)、Bo Liu</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>IceSword Lab, Qihoo 360 Technology Co. Ltd. の Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)、<a href="http://weibo.com/jfpan">pjf</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td>Tencent PC Manager の godzheng(郑文选 <a href="https://twitter.com/VirtualSeekers">@VirtualSeekers</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>Shellphish Grill Team の Jake Corina、Nick Stephens</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>IceSword Lab, Qihoo 360 の Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)、<a href="http://weibo.com/jfpan">pjf</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td><a href="http://c0reteam.org">C0RE Team</a> の Lubo Zhang(<a href="mailto:zlbzlb815@163.com">zlbzlb815@163.com</a>)、Yuan-Tsung Lo (<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>)、Xuxian Jiang</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>Tesla Product Security Team の Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>ベン=グリオン大学サイバー研究室の Omer Shwartz、Amir Cohen、Asaf Shabtai 博士、Yossi Oren 博士</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td><a href="https://alephsecurity.com/">Aleph Research</a>, HCL Technologies の Roee Hay(<a href="https://twitter.com/roeehay">@roeehay</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369、CVE-2017-6249、CVE-2017-6247、CVE-2017-6248</td>
+ <td>TrendMicro の sevenshen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642、CVE-2017-0637、CVE-2017-0638</td>
+ <td>Vasily Vasiliev</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td><a href="http://www.trendmicro.com">Trend Micro</a>, <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile Threat Response Team</a> の V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>Tencent Security Platform Department の Xiling Gong</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td>Qex Team, Qihoo 360 の Yangkang(<a href="https://twitter.com/dnpushme">@dnpushme</a>)、Liyadong</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>IceSword Lab, Qihoo 360 Technology Co. Ltd の Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>)
+</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td><a href="http://c0reteam.org">C0RE Team</a> の Yuan-Tsung Lo(<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>)、Xuxian Jiang</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241 </td>
+ <td>Google の Zubin Mithra</td>
+ </tr>
+</tbody></table>
+<h2 id="common-questions-and-answers">一般的な質問と回答</h2>
+<p>上記の公開情報に対する一般的な質問についての回答は以下のとおりです。</p>
+
+<p><strong>1. 上記の問題に対処するように端末が更新されているかどうかをどのように判断すればよいですか?
+</strong></p>
+
+<p>端末のセキュリティ パッチ レベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel および Nexus のアップデート スケジュール</a>に記載されている手順をご覧ください。</p>
+<ul>
+<li>セキュリティ パッチ レベル 2017-06-01 以降では、セキュリティ パッチ レベル 2017-06-01 に関連するすべての問題に対処しています。</li>
+<li>セキュリティ パッチ レベル 2017-06-05 以降では、セキュリティ パッチ レベル 2017-06-05、およびそれ以前のすべてのパッチレベルに関連するすべての問題に対処しています。</li></ul>
+<p>このアップデートを組み込んだ端末メーカーは、パッチレベル文字列を以下に設定する必要があります。</p>
+<ul>
+<li>[ro.build.version.security_patch]:[2017-06-01]</li>
+<li>[ro.build.version.security_patch]:[2017-06-05]</li></ul>
+<p><strong>2. この公開情報に 2 つのセキュリティ パッチ レベルがあるのはなぜですか?</strong></p>
+
+<p>この公開情報では、2 つのセキュリティ パッチ レベルを定義しています。これは、すべての Android 搭載端末で同様の問題が発生する一部の脆弱性をサブセットとし、Android パートナーが迅速かつ柔軟に修正できるようにするためです。Android パートナーには、この公開情報に掲載されている問題をすべて修正し、最新のセキュリティ パッチ レベルを使用することが推奨されています。</p>
+<ul>
+<li>2017 年 6 月 1 日のセキュリティ パッチ レベルを使用する端末には、そのセキュリティ パッチ レベルに関連するすべての問題と、それ以前のセキュリティに関する公開情報で報告されたすべての問題の修正を組み込む必要があります。</li>
+<li>2017 年 6 月 5 日以降のセキュリティ パッチ レベルを使用する端末には、今回(およびそれ以前)のセキュリティに関する公開情報に掲載された、該当するすべてのパッチを組み込む必要があります。</li></ul>
+<p>パートナーには、対処するすべての問題の修正を 1 つのアップデートにまとめて提供することが推奨されています。</p>
+
+<p id="vulnerability-type"><strong>3. 「タイプ」列の項目はどういう意味ですか?<em></em></strong></p>
+
+<p>脆弱性の詳細の表で「タイプ」列に記載した項目は、セキュリティの脆弱性の分類を示しています。<em></em></p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>略語</th>
+ <th>定義</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>リモートコード実行</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>権限昇格</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>情報開示</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>サービス拒否</td>
+ </tr>
+ <tr>
+ <td>なし</td>
+ <td>該当する分類なし</td>
+ </tr>
+</tbody></table>
+<p><strong>4. 「参照」の列の項目はどういう意味ですか?<em></em></strong></p>
+
+<p>脆弱性の詳細の表で「参照」列に記載した項目には、その参照番号が属す組織を示す接頭辞を含めている場合があります。<em></em></p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>接頭辞</th>
+ <th>参照</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android バグ ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm の参照番号</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek の参照番号</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA の参照番号</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom の参照番号</td>
+ </tr>
+</tbody></table>
+<p id="asterisk"><strong>5. 「参照」列の Android バグ ID の横にある「<a href="#asterisk">*</a>」はどういう意味ですか?<em></em></strong></p>
+
+<p>公開されていない問題には、「参照」列の Android バグ ID の横に「<a href="#asterisk">*</a>」を付けています。<em></em>この問題のアップデートは、通常、<a href="https://developers.google.com/android/nexus/drivers">Google デベロッパー サイト</a>から入手できる Nexus 端末用最新バイナリ ドライバに含まれています。</p>
+
+<h2 id="versions">バージョン</h2>
+<table>
+ <colgroup><col width="25%" />
+ <col width="25%" />
+ <col width="50%" />
+ </colgroup><tbody><tr>
+ <th>バージョン</th>
+ <th>日付</th>
+ <th>メモ</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>2017 年 6 月 5 日</td>
+ <td>情報公開</td>
+ </tr>
+ <tr>
+ <td>1.1</td>
+ <td>2017 年 6 月 7 日</td>
+ <td>公開情報を改訂し AOSP リンクを追加</td>
+ </tr>
+</tbody></table>
+
+</body></html>
\ No newline at end of file
diff --git a/ko/security/bulletin/2017-06-01.html b/ko/security/bulletin/2017-06-01.html
new file mode 100644
index 0000000..5344dcd
--- /dev/null
+++ b/ko/security/bulletin/2017-06-01.html
@@ -0,0 +1,1367 @@
+<html devsite><head>
+ <title>Android 보안 게시판 — 2017년 6월</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<p><em>2017년 6월 5일 게시됨 | 2017년 6월 7일 업데이트됨</em></p>
+
+<p>Android 보안 게시판에서는 Android 기기에 영향을 미치는 보안 취약성
+세부정보를 다룹니다. 아래 목록의 문제는 2017년 6월 5일
+보안 패치 수준 이상에서 모두 해결되었습니다. <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 및 Nexus 업데이트 일정</a>을
+참조하여 기기의 보안 패치 수준을 확인하는 방법을 알아보세요.</p>
+
+<p>파트너에게는 게시판에 설명된 문제에 관한 알림을
+최소 한 달 전에 전달했습니다. 이러한 문제를 해결하기 위한 소스 코드 패치는
+Android 오픈소스 프로젝트(AOSP) 저장소에 배포되고 이 게시판에도 링크될 예정입니다. 이
+게시판에는 AOSP 외부의 패치 링크도 포함되어 있습니다.</p>
+
+<p>이 중 가장 심각한 문제는 미디어 프레임워크의 심각한 보안 취약성으로,
+특별히 제작된 파일을 사용하는 원격 공격자가 미디어 파일 및 데이터 처리 중에
+메모리 손상을 일으킬 수 있습니다. <a href="/security/overview/updates-resources.html#severity">심각도 평가</a>는
+개발 목적으로 플랫폼 및 서비스 완화를 사용할 수 없거나
+우회에 성공한 경우 취약성 악용으로 인해 대상 기기가 받는 영향을
+기준으로 합니다.</p>
+
+<p>실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는
+접수되지 않았습니다. Android 플랫폼의 보안을 개선하는
+<a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및
+<a href="https://www.android.com/play-protect">Google Play Protect</a> 관련 세부정보를
+보려면 <a href="#mitigations">Android 및 Google Play Protect 완화</a>
+섹션을 참조하세요.</p>
+
+<p>모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다.</p>
+
+<p class="note"><strong>참고:</strong> 최신 무선 업데이트(OTA) 관련 정보 및
+Google 기기의 펌웨어 이미지는 <a href="#google-device-updates">Google 기기 업데이트</a> 섹션을 참조하세요.</p>
+
+<h2 id="announcements">공지사항</h2>
+<ul>
+ <li>가독성을 높이기 위해 월간 보안 게시판을
+ 간소화했습니다. 이 업데이트의 일환으로 취약성 정보가
+ 영향을 받은 구성요소별로 분류되고 보안 패치 수준 내에서
+ 구성요소 이름별로 정렬되며, Google 기기별 정보는
+ <a href="#google-device-updates">전용 섹션</a>에 호스팅됩니다.</li>
+ <li>이 게시판에는 Android 파트너가 모든 Android 기기에서 유사하게 발생하는
+ 취약성 문제의 일부를 더욱 빠르고 유연하게 해결하도록 하기 위해
+ 두 가지 보안 패치 수준 문자열이 포함되어 있습니다. 자세한 내용은 <a href="#common-questions-and-answers">일반적인 질문 및 답변</a>을
+ 참조하세요.
+ <ul>
+ <li><strong>2017-06-01</strong>: 부분 보안 패치 수준 문자열입니다. 이 보안 패치 수준 문자열은
+ 2017-06-01 및 이전의 보안 패치 수준 문자열과 관련된 문제가
+ 모두 해결되었음을 나타냅니다.</li>
+ <li><strong>2017-06-05</strong>: 전체 보안 패치 수준 문자열입니다. 이 보안 패치 수준 문자열은
+ 2017-06-01과 2017-06-05 및 이전의 보안 패치 수준
+ 문자열과 관련된 문제가 모두
+ 해결되었음을 나타냅니다.</li>
+ </ul>
+ </li>
+</ul>
+
+<h2 id="mitigations">Android 및 Google Play Protect 완화</h2>
+<p>다음은 <a href="https://www.android.com/play-protect">Google Play Protect</a>와 같은 <a href="/security/enhancements/index.html">Android 보안 플랫폼</a>
+및 서비스 보호 기능에서 제공하는 완화에 관한
+요약입니다.
+이러한 기능을 통해 Android에서 보안 취약성이
+악용될 가능성을 줄입니다.</p>
+<ul>
+ <li>Android 플랫폼 최신 버전의 향상된 기능으로 Android의 여러 문제를
+ 악용하기 더욱 어려워졌습니다. 가능하다면 모든 사용자는 최신 버전의 Android로
+ 업데이트하는 것이 좋습니다.</li>
+ <li>Android 보안팀에서는 <a href="https://www.android.com/play-protect">Google Play Protect</a>를 통해
+ 악용사례를 적극 모니터링하고
+ <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">잠재적으로 위험한 애플리케이션</a>에 관해
+ 사용자에게 경고를 보냅니다. Google Play Protect는 <a href="http://www.android.com/gms">Google 모바일 서비스</a>가 적용된
+ 기기에 기본적으로 사용 설정되어 있으며
+ Google Play 외부에서 가져온 앱을 설치하는 사용자에게 특히 중요합니다.</li>
+</ul>
+
+<h2 id="2017-06-01-details">2017-06-01 보안 패치 수준—취약성 세부정보</h2>
+<p>다음 섹션에서는 2017-06-01 패치 수준에 적용되는
+각 보안 취약성에 관해 자세히 알아볼 수 있습니다. 취약성은 영향을 받는
+구성요소 아래에 분류되어 있습니다. 여기에는 문제 설명 및
+CVE, 관련 참조, <a href="#vulnerability-type">취약성 유형</a>, <a href="/security/overview/updates-resources.html#severity">심각도</a>, 업데이트된 AOSP 버전(해당하는 경우)이
+포함된 표가 제시됩니다. 가능한 경우 AOSP 변경사항 목록과 같이
+문제를 해결한 공개 변경사항을 버그 ID에 연결합니다. 하나의
+버그와 관련된 변경사항이 여러 개인 경우 추가 참조가 버그 ID 다음에 오는
+번호에 연결됩니다.</p>
+
+<h3 id="bluetooth">블루투스</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 로컬 악성 앱이
+권한 수준을 벗어난 데이터에 액세스할 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>업데이트된 AOSP 버전</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0639</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/f196061addcc56878078e5684f2029ddbf7055ff">A-35310991</a></td>
+ <td>ID</td>
+ <td>높음</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/14b7d7e1537af60b7bca6c7b9e55df0dc7c6bf41">A-35385327</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/2bcdf8ec7db12c5651c004601901f1fc25153f2c">A-33899337</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries">라이브러리</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 특별히 제작된 파일을 사용하는 원격 공격자가
+권한이 설정되지 않은 프로세스의 컨텍스트 내에서 임의의 코드를
+실행할 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>업데이트된 AOSP 버전</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-8871</td>
+ <td>A-35443562<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>높음</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-8332</td>
+ <td>A-37761553<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>높음</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5131</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/0eff71008becb7f2c2b4509708da4b79985948bb">A-36554209</a></td>
+ <td>RCE</td>
+ <td>높음</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-4658</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/8ea80f29ea5fdf383ee3ae59ce35e55421a339f8">A-36554207</a></td>
+ <td>RCE</td>
+ <td>높음</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0663</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc">A-37104170</a></td>
+ <td>RCE</td>
+ <td>높음</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7376</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4">A-36555370</a></td>
+ <td>RCE</td>
+ <td>높음</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-5056</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/3f571b1bb85cf56903f06bab3a820182115c5541">A-36809819</a></td>
+ <td>RCE</td>
+ <td>보통</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7375</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa">A-36556310</a></td>
+ <td>RCE</td>
+ <td>보통</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/3d6a43155c702bce0e7e2a93a67247b5ce3946a5">A-36392138</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-1839</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/ff20cd797822dba8569ee518c44e6864d6b4ebfa">A-36553781</a></td>
+ <td>DoS</td>
+ <td>보통</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="media-framework">미디어 프레임워크</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 특별히 제작된 파일을 사용하는
+원격 공격자가 미디어 파일 및 데이터 처리 중에 메모리 손상을 일으킬 수
+있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>업데이트된 AOSP 버전</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0637</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258">A-34064500</a></td>
+ <td>RCE</td>
+ <td>심각</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0391</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/14bc1678a80af5be7401cf750ab762ae8c75cc5a">A-32322258</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td>A-33129467<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0641</td>
+ <td><a href="https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb">A-34360591</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d">A-34819017</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643</td>
+ <td>A-35645051<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0644</td>
+ <td>A-35472997<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ </tr>
+</tbody></table>
+<h3 id="system-ui">시스템 UI</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 특별히 제작된 파일을 사용하는 공격자가
+권한이 설정되지 않은 프로세스의 컨텍스트 내에서 임의의 코드를 실행할 수
+있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>업데이트된 AOSP 버전</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0638</td>
+ <td><a href="https://android.googlesource.com/platform/external/libgdx/+/a98943dd4aece3024f023f00256607d50dcbcd1e">A-36368305</a></td>
+ <td>RCE</td>
+ <td>높음</td>
+ <td>7.1.1, 7.1.2</td>
+ </tr>
+</tbody></table>
+<h2 id="2017-06-05-details">2017-06-05 보안 패치 수준—취약성 세부정보</h2>
+<p>다음 섹션에서는 2017-06-05 패치 수준에 적용되는
+각 보안 취약성에 관해 자세히 알아볼 수 있습니다. 취약성은
+영향을 받는 구성요소 아래에 분류되어 있으며 CVE, 관련 참조,
+<a href="#vulnerability-type">취약성 유형</a>, <a href="/security/overview/updates-resources.html#severity">심각도</a>, 구성요소(해당하는 경우),
+업데이트된 AOSP 버전(해당하는 경우)와 같은
+세부정보가 포함되어 있습니다. 가능한 경우
+AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을 버그 ID에
+연결합니다. 하나의 버그와 관련된 변경사항이 여러 개인 경우 추가
+참조가 버그 ID 다음에 오는 번호에 연결됩니다.</p>
+
+<h3 id="kernel-components">커널 구성요소</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 로컬 악성 앱이
+커널 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>구성요소</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td>A-36101220<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>FIQ 디버거</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td>A-35644815<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>낮음</td>
+ <td>ION 하위 시스템</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries-05">라이브러리</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 특별이 제작된 파일을 사용하는
+원격 공격자가 민감한 정보에 액세스할 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>업데이트된 AOSP 버전</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-7995</td>
+ <td>A-36810065<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>4.4.4</td>
+ </tr>
+</tbody></table>
+<h3 id="mediatek-components">MediaTek 구성요소</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 로컬 악성 앱이
+커널 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>구성요소</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>A-35310230<a href="#asterisk">*</a><br />
+ M-ALPS03162263</td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>명령 대기열 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>A-34468195<a href="#asterisk">*</a><br />
+ M-ALPS03162283</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>사운드 드라이버</td>
+ </tr>
+</tbody></table>
+<h3 id="nvidia-components">NVIDIA 구성요소</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 로컬 악성 앱이
+커널 컨텍스트 내에서 임의의 코드를 실행할 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>구성요소</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6247</td>
+ <td>A-34386301<a href="#asterisk">*</a><br />
+ N-CVE-2017-6247</td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>사운드 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6248</td>
+ <td>A-34372667<a href="#asterisk">*</a><br />
+ N-CVE-2017-6248</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>사운드 드라이버</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-components">Qualcomm 구성요소</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 인접한 공격자가 커널 컨텍스트 내에서
+임의의 코드를 실행할 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>구성요소</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-7371</td>
+ <td>A-36250786<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e02e63b8014f7a0a5ea17a5196fb4ef1283fd1fd">QC-CR#1101054</a></td>
+ <td>RCE</td>
+ <td>심각</td>
+ <td>블루투스 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7365</td>
+ <td>A-32449913<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=da49bf21d1c19a6293d33c985066dc0273c476db">QC-CR#1017009</a></td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>부트로더</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7366</td>
+ <td>A-36252171<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f4c9ffd6cd7960265f38e285ac43cbecf2459e45">QC-CR#1036161</a>
+[<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7c4d5736d32f91f0cafe6cd86d00e26389970b00">2</a>]</td>
+ <td>EoP</td>
+ <td>높음</td>
+ <td>GPU 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7367</td>
+ <td>A-34514708<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=07174af1af48c60a41c7136f0c80ffdf4ccc0b57">QC-CR#1008421</a></td>
+ <td>DoS</td>
+ <td>높음</td>
+ <td>부트로더</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5861</td>
+ <td>A-36251375<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d">QC-CR#1103510</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>동영상 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5864</td>
+ <td>A-36251231<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a">QC-CR#1105441</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>사운드 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6421</td>
+ <td>A-36251986<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b">QC-CR#1110563</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>MStar 터치스크린 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7364</td>
+ <td>A-36252179<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3ce6c47d2142fcd2c4c1181afe08630aaae5a267">QC-CR#1113926</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>동영상 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td>A-33452365<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=143ef972be1621458930ea3fc1def5ebce7b0c5d">QC-CR#1103085</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>사운드 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369</td>
+ <td>A-33751424<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=75ed08a822cf378ffed0d2f177d06555bd77a006">QC-CR#2009216</a>
+[<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ae8f1d5f60644983aba7fbab469d0e542a187c6e">2</a>]</td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>사운드 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>A-34328139<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=970edf007fbe64b094437541a42477d653802d85">QC-CR#2006159</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>동영상 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7372</td>
+ <td>A-36251497<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=1806be003731d6d4be55e5b940d14ab772839e13">QC-CR#1110068</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>동영상 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7373</td>
+ <td>A-36251984<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=e5eb0d3aa6fe62ee437a2269a1802b1a72f61b75">QC-CR#1090244</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>동영상 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>A-34621613<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64b7bc25e019dd07e8042e0a6ec6dc6a1dd0c385">QC-CR#2004036</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>카메라 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8234</td>
+ <td>A-36252121<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6266f954a52641f550ef71653ea83c80bdd083be">QC-CR#832920</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>카메라 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8235</td>
+ <td>A-36252376<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7e4424a1b5f6a6536066cca7aac2c3a23fd39f6f">QC-CR#1083323</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>카메라 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>A-35047217<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db">QC-CR#2009606</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>IPA 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8237</td>
+ <td>A-36252377<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=342d16ac6fb01e304ec75344c693257e00628ecf">QC-CR#1110522</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>네트워크 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>A-34327981<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6a3b8afdf97e77c0b64005b23fa6d32025d922e5">QC-CR#2009231</a></td>
+ <td>EoP</td>
+ <td>보통</td>
+ <td>Secure Execution Environment Communication 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8239</td>
+ <td>A-36251230<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=01db0e012f86b8ba6974e5cb9905261a552a0610">QC-CR#1091603</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>카메라 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8240</td>
+ <td>A-36251985<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=22b8b6608174c1308208d5bc6c143f4998744547">QC-CR#856379</a></td>
+ <td>ID</td>
+ <td>보통</td>
+ <td>핀 컨트롤러 드라이버</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241</td>
+ <td>A-34203184<br />
+ <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=90213394b7efb28fa511b2eaebc1343ae3b54724">QC-CR#1069175</a></td>
+ <td>ID</td>
+ <td>낮음</td>
+ <td>Wi-Fi 드라이버</td>
+ </tr>
+</tbody></table>
+<h3 id="synaptics-components">Synaptics 구성요소</h3>
+<p>이 섹션의 가장 심각한 취약성으로 인해 로컬 악성 앱이
+권한 수준을 벗어난 데이터에 액세스할 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>구성요소</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>A-35472278<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>낮음</td>
+ <td>터치스크린 드라이버</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-closed-source-components">Qualcomm 비공개 소스
+구성요소</h3>
+<p>다음의 취약성은 Qualcomm 구성요소에 영향을 주며 Qualcomm AMSS
+2014~2016년 보안 게시판에 자세히 설명되어 있습니다. 이러한 취약성은
+각 취약성의 수정사항을 Android 보안 패치 수준과 연결하기 위해 Android 보안
+게시판에 포함되었습니다. 이러한 취약성의 수정사항은 Qualcomm에서 직접 받을 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>참조</th>
+ <th>형식</th>
+ <th>심각도</th>
+ <th>구성요소</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9960</td>
+ <td>A-37280308<a href="#asterisk">*</a><br />
+ QC-CR#381837</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9961</td>
+ <td>A-37279724<a href="#asterisk">*</a><br />
+ QC-CR#581093</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9953</td>
+ <td>A-36714770<a href="#asterisk">*</a><br />
+ QC-CR#642173</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9967</td>
+ <td>A-37281466<a href="#asterisk">*</a><br />
+ QC-CR#739110</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9026</td>
+ <td>A-37277231<a href="#asterisk">*</a><br />
+ QC-CR#748397</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9027</td>
+ <td>A-37279124<a href="#asterisk">*</a><br />
+ QC-CR#748407</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9008</td>
+ <td>A-36384689<a href="#asterisk">*</a><br />
+ QC-CR#762111</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9009</td>
+ <td>A-36393600<a href="#asterisk">*</a><br />
+ QC-CR#762182</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9010</td>
+ <td>A-36393101<a href="#asterisk">*</a><br />
+ QC-CR#758752</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9011</td>
+ <td>A-36714882<a href="#asterisk">*</a><br />
+ QC-CR#762167</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9024</td>
+ <td>A-37265657<a href="#asterisk">*</a><br />
+ QC-CR#740680</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9012</td>
+ <td>A-36384691<a href="#asterisk">*</a><br />
+ QC-CR#746617</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9013</td>
+ <td>A-36393251<a href="#asterisk">*</a><br />
+ QC-CR#814373</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9014</td>
+ <td>A-36393750<a href="#asterisk">*</a><br />
+ QC-CR#855220</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9015</td>
+ <td>A-36714120<a href="#asterisk">*</a><br />
+ QC-CR#701858</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9029</td>
+ <td>A-37276981<a href="#asterisk">*</a><br />
+ QC-CR#827837</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10338</td>
+ <td>A-37277738<a href="#asterisk">*</a><br />
+ QC-CR#987699</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10336</td>
+ <td>A-37278436<a href="#asterisk">*</a><br />
+ QC-CR#973605</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10333</td>
+ <td>A-37280574<a href="#asterisk">*</a><br />
+ QC-CR#947438</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10341</td>
+ <td>A-37281667<a href="#asterisk">*</a><br />
+ QC-CR#991476</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10335</td>
+ <td>A-37282802<a href="#asterisk">*</a><br />
+ QC-CR#961142</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10340</td>
+ <td>A-37280614<a href="#asterisk">*</a><br />
+ QC-CR#989028</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10334</td>
+ <td>A-37280664<a href="#asterisk">*</a><br />
+ QC-CR#949933</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10339</td>
+ <td>A-37280575<a href="#asterisk">*</a><br />
+ QC-CR#988502</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10298</td>
+ <td>A-36393252<a href="#asterisk">*</a><br />
+ QC-CR#1020465</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10299</td>
+ <td>A-32577244<a href="#asterisk">*</a><br />
+ QC-CR#1058511</td>
+ <td>해당 없음</td>
+ <td>심각</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9954</td>
+ <td>A-36388559<a href="#asterisk">*</a><br />
+ QC-CR#552880</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9955</td>
+ <td>A-36384686<a href="#asterisk">*</a><br />
+ QC-CR#622701</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9956</td>
+ <td>A-36389611<a href="#asterisk">*</a><br />
+ QC-CR#638127</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9957</td>
+ <td>A-36387564<a href="#asterisk">*</a><br />
+ QC-CR#638984</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9958</td>
+ <td>A-36384774<a href="#asterisk">*</a><br />
+ QC-CR#638135</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9962</td>
+ <td>A-37275888<a href="#asterisk">*</a><br />
+ QC-CR#656267</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9963</td>
+ <td>A-37276741<a href="#asterisk">*</a><br />
+ QC-CR#657771</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9959</td>
+ <td>A-36383694<a href="#asterisk">*</a><br />
+ QC-CR#651900</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9964</td>
+ <td>A-37280321<a href="#asterisk">*</a><br />
+ QC-CR#680778</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9965</td>
+ <td>A-37278233<a href="#asterisk">*</a><br />
+ QC-CR#711585</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9966</td>
+ <td>A-37282854<a href="#asterisk">*</a><br />
+ QC-CR#727398</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9023</td>
+ <td>A-37276138<a href="#asterisk">*</a><br />
+ QC-CR#739802</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9020</td>
+ <td>A-37276742<a href="#asterisk">*</a><br />
+ QC-CR#733455</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9021</td>
+ <td>A-37276743<a href="#asterisk">*</a><br />
+ QC-CR#735148</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9025</td>
+ <td>A-37276744<a href="#asterisk">*</a><br />
+ QC-CR#743985</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9022</td>
+ <td>A-37280226<a href="#asterisk">*</a><br />
+ QC-CR#736146</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9028</td>
+ <td>A-37277982<a href="#asterisk">*</a><br />
+ QC-CR#762764</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9031</td>
+ <td>A-37275889<a href="#asterisk">*</a><br />
+ QC-CR#866015</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9032</td>
+ <td>A-37279125<a href="#asterisk">*</a><br />
+ QC-CR#873202</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9033</td>
+ <td>A-37276139<a href="#asterisk">*</a><br />
+ QC-CR#892541</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9030</td>
+ <td>A-37282907<a href="#asterisk">*</a><br />
+ QC-CR#854667</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10332</td>
+ <td>A-37282801<a href="#asterisk">*</a><br />
+ QC-CR#906713<br />
+ QC-CR#917701<br />
+ QC-CR#917702</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10337</td>
+ <td>A-37280665<a href="#asterisk">*</a><br />
+ QC-CR#977632</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10342</td>
+ <td>A-37281763<a href="#asterisk">*</a><br />
+ QC-CR#988941</td>
+ <td>해당 없음</td>
+ <td>높음</td>
+ <td>비공개 소스 구성요소</td>
+ </tr>
+</tbody></table>
+<h2 id="google-device-updates">Google 기기 업데이트</h2>
+<p>이 표에는 최신 무선 업데이트(OTA)의 보안 패치 수준 및 Google 기기의
+펌웨어 이미지가 포함되어 있습니다. The Google 기기 펌웨어 이미지는
+<a href="https://developers.google.com/android/nexus/images">Google 개발자 사이트</a>에서 받을 수
+있습니다.</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>Google 기기</th>
+ <th>보안 패치 수준</th>
+ </tr>
+ <tr>
+ <td>Pixel/Pixel XL</td>
+ <td>2017년 6월 5일</td>
+ </tr>
+ <tr>
+ <td>Nexus 5X</td>
+ <td>2017년 6월 5일</td>
+ </tr>
+ <tr>
+ <td>Nexus 6</td>
+ <td>2017년 6월 5일</td>
+ </tr>
+ <tr>
+ <td>Nexus 6P</td>
+ <td>2017년 6월 5일</td>
+ </tr>
+ <tr>
+ <td>Nexus 9</td>
+ <td>2017년 6월 5일</td>
+ </tr>
+ <tr>
+ <td>Nexus Player</td>
+ <td>2017년 6월 5일</td>
+ </tr>
+ <tr>
+ <td>Pixel C</td>
+ <td>2017년 6월 5일</td>
+ </tr>
+</tbody></table>
+<h2 id="acknowledgements">감사의 말씀</h2>
+<p>참여해 주신 다음 연구원에게 감사드립니다.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="83%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>연구원</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643, CVE-2017-0641</td>
+ <td>Trend Micro의 Ecular Xu(徐健)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645, CVE-2017-0639</td>
+ <td><a href="http://www.ms509.com">MS509Team</a>의 En He(<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>),
+Bo Liu</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>Qihoo 360 Technology Co. Ltd. IceSword Lab의
+Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), <a href="http://weibo.com/jfpan">pjf</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td>Tencent PC Manager의 Godzheng(郑文选 -<a href="https://twitter.com/VirtualSeekers">@VirtualSeekers</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>Shellphish Grill Team의 Jake Corina, Nick Stephens</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>Qihoo 360 IceSword Lab의 Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>), <a href="http://weibo.com/jfpan">pjf </a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td><a href="http://c0reteam.org">C0RE Team</a>의 Lubo Zhang(<a href="mailto:zlbzlb815@163.com">zlbzlb815@163.com</a>), Yuan-Tsung Lo(<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>),
+Xuxian Jiang</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>Tesla's Product Security Team의
+Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>Ben Gurion University Cyber Lab의 Omer Shwartz, Amir Cohen,
+Dr. Asaf Shabtai, Dr. Yossi Oren</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td>HCL Technologies <a href="https://alephsecurity.com/">Aleph Research</a>의 Roee Hay(<a href="https://twitter.com/roeehay">@roeehay</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369, CVE-2017-6249, CVE-2017-6247, CVE-2017-6248</td>
+ <td>TrendMicro의 sevenshen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642, CVE-2017-0637, CVE-2017-0638</td>
+ <td>Vasily Vasiliev</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile
+Threat Response Team</a>의 V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>Tencent Security Platform Department의 Xiling Gong</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td>Qihoo 360 Qex Team의
+Yangkang(<a href="https://twitter.com/dnpushme">@dnpushme</a>), Liyadong</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>Qihoo 360 Technology Co. Ltd. IceSword Lab의
+Yonggang Guo(<a href="https://twitter.com/guoygang">@guoygang</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td><a href="http://c0reteam.org">C0RE Team</a>의 Yuan-Tsung Lo(<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>),
+Xuxian Jiang</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241</td>
+ <td>Google의 Zubin Mithra</td>
+ </tr>
+</tbody></table>
+<h2 id="common-questions-and-answers">일반적인 질문 및 답변</h2>
+<p>이 섹션에서는 게시판을 읽은 뒤 제기될 수 있는 일반적인 질문에 대한 답변을 제시합니다.</p>
+
+<p><strong>1. 내 기기가 업데이트되어 이 문제가 해결되었는지 어떻게 알 수 있나요?
+</strong></p>
+
+<p>기기의 보안 패치 수준을 확인하는 방법을 알아보려면
+<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 및 Nexus 업데이트 일정</a>의
+안내를 읽어 보세요.</p>
+<ul>
+<li>2017-06-01 보안 패치 수준과 관련된 모든 문제는 2017-06-01
+보안 패치 수준 이상에서 해결됩니다.</li>
+<li>2017-06-05 보안 패치 수준 및 그 이전의 모든 패치 수준과 관련된
+모든 문제는 2017-06-05 보안 패치 수준 이상에서 해결됩니다.</li></ul>
+<p>이러한 업데이트를 포함하는 기기 제조업체는 패치 문자열 수준을
+다음과 같이 설정해야 합니다.</p>
+<ul>
+<li>[ro.build.version.security_patch]:[2017-06-01]</li>
+<li>[ro.build.version.security_patch]:[2017-06-05]</li></ul>
+<p><strong>2. 이 게시판에 두 가지 보안 패치 수준이 있는 이유가 무엇인가요?</strong></p>
+
+<p>이 게시판에서는 Android 파트너가 모든 Android 기기에서 유사하게 발생하는
+취약성 문제의 일부를 더욱 빠르고 유연하게 해결하도록 하기 위해 두 가지 보안 패치 수준이 포함되어 있습니다. Android 파트너는 이 게시판에 언급된 문제를 모두 수정하고
+최신 보안 패치 수준을 사용하는 것이 좋습니다.</p>
+<ul>
+<li>2017년 6월 1일 보안 패치 수준을 사용하는 기기는 이 보안 패치 수준과
+관련된 모든 문제와 이전 보안 게시판에서 보고된 모든 문제의 수정사항을
+포함해야 합니다.</li>
+<li>2017년 6월 5일 이후의 보안 패치 수준을 사용하는 기기는 이 보안 게시판과
+이전 보안 게시판에 언급된 모든 관련 패치를 포함해야 합니다.</li></ul>
+<p>파트너는 해결하는 모든 문제의 수정사항을 단 한 번의 업데이트에서 번들로 묶는 것이
+좋습니다.</p>
+
+<p id="vulnerability-type"><strong>3. <em>유형</em> 열의 항목은 무엇을 의미하나요?</strong></p>
+
+<p>취약성 세부정보 표의 <em>유형</em> 열에 있는 항목은
+보안 취약성 분류를 참조합니다.</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>약어</th>
+ <th>정의</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>원격 코드 실행</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>권한 승격</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>정보 공개</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>서비스 거부</td>
+ </tr>
+ <tr>
+ <td>해당 없음</td>
+ <td>분류 없음</td>
+ </tr>
+</tbody></table>
+<p><strong>4. <em>참조</em> 열의 항목은 무엇을 의미하나요?</strong></p>
+
+<p>취약성 세부정보 표의 <em>참조</em> 열에 있는 항목은 참조 값이 속한
+조직을 나타내는 접두어를 포함할 수 있습니다.</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>접두어</th>
+ <th>참조</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android 버그 ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm 참조 번호</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek 참조 번호</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA 참조 번호</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom 참조 번호</td>
+ </tr>
+</tbody></table>
+<p id="asterisk"><strong>5. <em>참조</em> 열에서 Android 버그 ID 옆에 있는 <a href="#asterisk">*</a> 표시는
+무엇을 의미하나요?</strong></p>
+
+<p>공개되지 않은 문제는 <em>참조</em> 열의 Android 버그 ID 옆에 <a href="#asterisk">*</a> 표시가 있습니다. 일반적으로 해당 문제의 업데이트는 <a href="https://developers.google.com/android/nexus/drivers">Google 개발자 사이트</a>에서
+제공하는 Nexus 기기용 최신 바이너리 드라이버에 포함되어 있습니다.</p>
+
+<h2 id="versions">버전</h2>
+<table>
+ <colgroup><col width="25%" />
+ <col width="25%" />
+ <col width="50%" />
+ </colgroup><tbody><tr>
+ <th>버전</th>
+ <th>날짜</th>
+ <th>메모</th>
+ </tr>
+ <tr>
+ <td>1.0/</td>
+ <td>2017년 6월 5일</td>
+ <td>게시판이 게시됨</td>
+ </tr>
+ <tr>
+ <td>1.1</td>
+ <td>2017년 6월 7일</td>
+ <td>게시판이 수정되어 AOSP 링크 포함됨</td>
+ </tr>
+</tbody></table>
+
+</body></html>
\ No newline at end of file
diff --git a/ru/security/bulletin/2017-06-01.html b/ru/security/bulletin/2017-06-01.html
new file mode 100644
index 0000000..fe571db
--- /dev/null
+++ b/ru/security/bulletin/2017-06-01.html
@@ -0,0 +1,1269 @@
+<html devsite><head>
+ <title>Бюллетень по безопасности Android – июнь 2017 г.</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<p><em>Опубликовано 5 июня 2017 г. | Обновлено 7 июня 2016 г.</em></p>
+
+<p>В этом бюллетене содержится информация об уязвимостях в защите устройств Android. Все актуальные проблемы, перечисленные здесь, устранены в исправлении от 5 июня 2017 года или более новом. Информацию о том, как проверить обновления системы безопасности, можно найти в <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Справочном центре</a>.</p>
+
+<p>Мы сообщили партнерам о проблемах, описанных в бюллетене, по крайней мере месяц назад. Исправления уязвимостей будут доступны в хранилище Android Open Source Project (AOSP). В этом бюллетене также приведены ссылки на исправления вне AOSP.</p>
+
+<p>Самая серьезная из этих проблем – критическая уязвимость в Media Framework, которая позволяет злоумышленнику нарушить целостность информации в памяти при обработке медиафайлов и данных в специально созданном файле. <a href="/security/overview/updates-resources.html#severity">Уровень серьезности</a> зависит от того, какой ущерб будет нанесен устройству при атаке с использованием уязвимости, если средства защиты будут отключены разработчиком или взломаны.</p>
+
+<p>Обнаруженные уязвимости не эксплуатировались. В разделе <a href="#mitigations">Предотвращение атак</a> рассказывается, как <a href="/security/enhancements/index.html">платформа безопасности</a> и <a href="https://www.android.com/play-protect">Google Play Защита</a> помогают снизить вероятность атак на Android.</p>
+
+<p>Мы рекомендуем всем пользователям установить перечисленные здесь обновления.</p>
+
+<p class="note"><strong>Примечание.</strong> Информация о последних автоматических обновлениях (OTA) и об образах прошивок для устройств Google находится в разделе <a href="#google-device-updates">Обновления устройств Google</a>.</p>
+
+<h2 id="announcements">Объявления</h2>
+<ul>
+ <li>Мы изменили структуру ежемесячного бюллетеня по безопасности, чтобы сделать его более удобочитаемым. Теперь информация об уязвимостях сгруппирована более удобно. Кроме того, сведения об обновлениях устройств Google находятся в <a href="#google-device-updates">специальном разделе</a>.</li>
+ <li>Мы включили в этот бюллетень сведения о двух обновлениях, чтобы помочь нашим партнерам как можно скорее устранить уязвимости, затрагивающие все устройства Android. Дополнительную информацию вы найдете в разделе <a href="#common-questions-and-answers">Часто задаваемые вопросы</a>.
+ <ul>
+ <li><strong>2017-06-01</strong>: частичное обновление системы безопасности, в котором исправлены все уязвимости уровня 2017-06-01 и более ранние.</li>
+ <li><strong>2017-06-05</strong>: полное обновление системы безопасности, в котором исправлены все уязвимости уровней 2017-06-01 и 2017-06-05, а также более ранние.</li>
+ </ul>
+ </li>
+</ul>
+
+<h2 id="mitigations">Предотвращение атак</h2>
+<p>Ниже рассказывается, как <a href="/security/enhancements/index.html">платформа безопасности</a> и средства защиты сервисов, например <a href="https://www.android.com/play-protect">Google Play Защита</a> позволяют снизить вероятность атак на Android.</p>
+<ul>
+ <li>Использование многих уязвимостей затрудняется в новых версиях Android, поэтому мы рекомендуем всем пользователям своевременно обновлять систему.</li>
+ <li>Команда, отвечающая за безопасность Android, активно отслеживает злоупотребления с помощью <a href="https://www.android.com/play-protect">Google Play Защиты</a> и предупреждает пользователей об установке <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">потенциально опасных приложений</a>. Google Play Защита включена по умолчанию на всех устройствах с <a href="http://www.android.com/gms">сервисами Google для мобильных устройств</a>. Она особенно важна, если пользователь устанавливает ПО из сторонних источников.</li>
+</ul>
+
+<h2 id="2017-06-01-details">Описание уязвимостей (обновление системы безопасности 2017-06-01)</h2>
+<p>В этом разделе вы найдете подробную информацию обо всех уязвимостях обновления системы безопасности 2017-06-01. Уязвимости сгруппированы по компонентам, которые они затрагивают. Для каждого приведено описание и таблица с CVE, ссылками, <a href="#vulnerability-type">типом</a>, <a href="/security/overview/updates-resources.html#severity">уровнем серьезности</a>, а также версиями AOSP (при наличии). Где возможно, мы приводим основную ссылку на опубликованное изменение, связанное с идентификатором ошибки (например, список AOSP), и дополнительные ссылки в квадратных скобках.</p>
+
+<h3 id="bluetooth">Bluetooth</h3>
+<p>Самая серьезная уязвимость позволяет локальному вредоносному ПО получать несанкционированный доступ к данным.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Обновленные версии AOSP</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0639</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/f196061addcc56878078e5684f2029ddbf7055ff">A-35310991</a></td>
+ <td>РИ</td>
+ <td>Высокий</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/14b7d7e1537af60b7bca6c7b9e55df0dc7c6bf41">A-35385327</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/2bcdf8ec7db12c5651c004601901f1fc25153f2c">A-33899337</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries">Библиотеки</h3>
+<p>Самая серьезная уязвимость позволяет злоумышленнику выполнять произвольный код в контексте непривилегированного процесса с помощью специально созданного файла.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Обновленные версии AOSP</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-8871</td>
+ <td>A-35443562<a href="#asterisk">*</a></td>
+ <td>УВК</td>
+ <td>Высокий</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-8332</td>
+ <td>A-37761553<a href="#asterisk">*</a></td>
+ <td>УВК</td>
+ <td>Высокий</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5131</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/0eff71008becb7f2c2b4509708da4b79985948bb">A-36554209</a></td>
+ <td>УВК</td>
+ <td>Высокий</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-4658</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/8ea80f29ea5fdf383ee3ae59ce35e55421a339f8">A-36554207</a></td>
+ <td>УВК</td>
+ <td>Высокий</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0663</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc">A-37104170</a></td>
+ <td>УВК</td>
+ <td>Высокий</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7376</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4">A-36555370</a></td>
+ <td>УВК</td>
+ <td>Высокий</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-5056</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/3f571b1bb85cf56903f06bab3a820182115c5541">A-36809819</a></td>
+ <td>УВК</td>
+ <td>Средний</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7375</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa">A-36556310</a></td>
+ <td>УВК</td>
+ <td>Средний</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/3d6a43155c702bce0e7e2a93a67247b5ce3946a5">A-36392138</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-1839</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/ff20cd797822dba8569ee518c44e6864d6b4ebfa">A-36553781</a></td>
+ <td>ОО</td>
+ <td>Средний</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="media-framework">Media framework</h3>
+<p>Самая серьезная уязвимость позволяет злоумышленнику нарушить целостность информации в памяти при обработке медиафайлов и данных в специально созданном файле.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Обновленные версии AOSP</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0637</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258">A-34064500</a></td>
+ <td>УВК</td>
+ <td>Критический</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0391</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/14bc1678a80af5be7401cf750ab762ae8c75cc5a">A-32322258</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td>A-33129467<a href="#asterisk">*</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0641</td>
+ <td><a href="https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb">A-34360591</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d">A-34819017</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643</td>
+ <td>A-35645051<a href="#asterisk">*</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0644</td>
+ <td>A-35472997<a href="#asterisk">*</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ </tr>
+</tbody></table>
+<h3 id="system-ui">Интерфейс системы</h3>
+<p>Самая серьезная уязвимость позволяет злоумышленнику выполнять произвольный код в контексте непривилегированного процесса с помощью специально созданного файла.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Обновленные версии AOSP</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0638</td>
+ <td><a href="https://android.googlesource.com/platform/external/libgdx/+/a98943dd4aece3024f023f00256607d50dcbcd1e">A-36368305</a></td>
+ <td>УВК</td>
+ <td>Высокий</td>
+ <td>7.1.1, 7.1.2</td>
+ </tr>
+</tbody></table>
+<h2 id="2017-06-05-details">Описание уязвимостей (обновление системы безопасности 2017-06-05)</h2>
+<p>В этом разделе вы найдете подробную информацию обо всех уязвимостях обновления системы безопасности 2017-06-05. Уязвимости сгруппированы по компонентам, которые они затрагивают. Для каждого приведена таблица с CVE, ссылками, <a href="#vulnerability-type">типом</a>, <a href="/security/overview/updates-resources.html#severity">уровнем серьезности</a>, а также версиями AOSP (при наличии). Где возможно, мы приводим основную ссылку на опубликованное изменение, связанное с идентификатором ошибки (например, список AOSP), и дополнительные ссылки в квадратных скобках.</p>
+
+<h3 id="kernel-components">Компоненты ядра</h3>
+<p>Самая серьезная уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Компонент</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td>A-36101220<a href="#asterisk">*</a></td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>Отладчик FIQ</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td>A-35644815<a href="#asterisk">*</a></td>
+ <td>РИ</td>
+ <td>Низкий</td>
+ <td>Подсистема ION</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries-05">Библиотеки</h3>
+<p>Самая серьезная уязвимость позволяет злоумышленнику получить несанкционированный доступ к конфиденциальной информации с помощью специально созданного файла.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Обновленные версии AOSP</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-7995</td>
+ <td>A-36810065<a href="#asterisk">*</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>4.4.4</td>
+ </tr>
+</tbody></table>
+<h3 id="mediatek-components">Компоненты MediaTek</h3>
+<p>Самая серьезная уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Компонент</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>A-35310230<a href="#asterisk">*</a><br />
+ M-ALPS03162263</td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>Драйвер очереди команд</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>A-34468195<a href="#asterisk">*</a><br />
+ M-ALPS03162283</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Аудиодрайвер</td>
+ </tr>
+</tbody></table>
+<h3 id="nvidia-components">Компоненты NVIDIA</h3>
+<p>Самая серьезная уязвимость позволяет локальному вредоносному ПО выполнять произвольный код в контексте ядра.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Компонент</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6247</td>
+ <td>A-34386301<a href="#asterisk">*</a><br />
+ N-CVE-2017-6247</td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>Аудиодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6248</td>
+ <td>A-34372667<a href="#asterisk">*</a><br />
+ N-CVE-2017-6248</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Аудиодрайвер</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-components">Компоненты Qualcomm</h3>
+<p>Самая серьезная уязвимость позволяет злоумышленнику выполнять произвольный код в контексте ядра.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Компонент</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-7371</td>
+ <td>A-36250786<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e02e63b8014f7a0a5ea17a5196fb4ef1283fd1fd">QC-CR#1101054</a></td>
+ <td>УВК</td>
+ <td>Критический</td>
+ <td>Драйвер Bluetooth</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7365</td>
+ <td>A-32449913<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=da49bf21d1c19a6293d33c985066dc0273c476db">QC-CR#1017009</a></td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>Загрузчик</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7366</td>
+ <td>A-36252171<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f4c9ffd6cd7960265f38e285ac43cbecf2459e45">QC-CR#1036161</a>
+[<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7c4d5736d32f91f0cafe6cd86d00e26389970b00">2</a>]</td>
+ <td>ПП</td>
+ <td>Высокий</td>
+ <td>Драйвер графического процессора</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7367</td>
+ <td>A-34514708<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=07174af1af48c60a41c7136f0c80ffdf4ccc0b57">QC-CR#1008421</a></td>
+ <td>ОО</td>
+ <td>Высокий</td>
+ <td>Загрузчик</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5861</td>
+ <td>A-36251375<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d">QC-CR#1103510</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Видеодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5864</td>
+ <td>A-36251231<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a">QC-CR#1105441</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Аудиодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6421</td>
+ <td>A-36251986<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b">QC-CR#1110563</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер сенсорного экрана MStar</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7364</td>
+ <td>A-36252179<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3ce6c47d2142fcd2c4c1181afe08630aaae5a267">QC-CR#1113926</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Видеодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td>A-33452365<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=143ef972be1621458930ea3fc1def5ebce7b0c5d">QC-CR#1103085</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Аудиодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369</td>
+ <td>A-33751424<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=75ed08a822cf378ffed0d2f177d06555bd77a006">QC-CR#2009216</a>
+[<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ae8f1d5f60644983aba7fbab469d0e542a187c6e">2</a>]</td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Аудиодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>A-34328139<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=970edf007fbe64b094437541a42477d653802d85">QC-CR#2006159</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Видеодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7372</td>
+ <td>A-36251497<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=1806be003731d6d4be55e5b940d14ab772839e13">QC-CR#1110068</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Видеодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7373</td>
+ <td>A-36251984<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=e5eb0d3aa6fe62ee437a2269a1802b1a72f61b75">QC-CR#1090244</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Видеодрайвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>A-34621613<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64b7bc25e019dd07e8042e0a6ec6dc6a1dd0c385">QC-CR#2004036</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер камеры</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8234</td>
+ <td>A-36252121<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6266f954a52641f550ef71653ea83c80bdd083be">QC-CR#832920</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер камеры</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8235</td>
+ <td>A-36252376<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7e4424a1b5f6a6536066cca7aac2c3a23fd39f6f">QC-CR#1083323</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер камеры</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>A-35047217<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db">QC-CR#2009606</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер усилителя</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8237</td>
+ <td>A-36252377<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=342d16ac6fb01e304ec75344c693257e00628ecf">QC-CR#1110522</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Сетевой драйвер</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>A-34327981<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6a3b8afdf97e77c0b64005b23fa6d32025d922e5">QC-CR#2009231</a></td>
+ <td>ПП</td>
+ <td>Средний</td>
+ <td>Драйвер QSEE Communacator</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8239</td>
+ <td>A-36251230<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=01db0e012f86b8ba6974e5cb9905261a552a0610">QC-CR#1091603</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>Драйвер камеры</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8240</td>
+ <td>A-36251985<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=22b8b6608174c1308208d5bc6c143f4998744547">QC-CR#856379</a></td>
+ <td>РИ</td>
+ <td>Средний</td>
+ <td>Драйвер контроллера контактов</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241</td>
+ <td>A-34203184<br />
+ <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=90213394b7efb28fa511b2eaebc1343ae3b54724">QC-CR#1069175</a></td>
+ <td>РИ</td>
+ <td>Низкий</td>
+ <td>Драйвер Wi-Fi</td>
+ </tr>
+</tbody></table>
+<h3 id="synaptics-components">Компоненты Synaptics</h3>
+<p>Самая серьезная уязвимость позволяет локальному вредоносному ПО получать несанкционированный доступ к данным.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Компонент</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>A-35472278<a href="#asterisk">*</a></td>
+ <td>ПП</td>
+ <td>Низкий</td>
+ <td>Драйвер сенсорного экрана</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-closed-source-components">Закрытые компоненты Qualcomm</h3>
+<p>Эти уязвимости затрагивают компоненты Qualcomm и описаны в бюллетенях по безопасности Qualcomm AMSS за 2014–2016 года. Они включены в этот бюллетень по безопасности Android, чтобы связать их исправления с обновлением системы безопасности. Сами исправления доступны напрямую у Qualcomm.</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Ссылки</th>
+ <th>Тип</th>
+ <th>Уровень серьезности</th>
+ <th>Компонент</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9960</td>
+ <td>A-37280308<a href="#asterisk">*</a><br />
+ QC-CR#381837</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9961</td>
+ <td>A-37279724<a href="#asterisk">*</a><br />
+ QC-CR#581093</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9953</td>
+ <td>A-36714770<a href="#asterisk">*</a><br />
+ QC-CR#642173</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9967</td>
+ <td>A-37281466<a href="#asterisk">*</a><br />
+ QC-CR#739110</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9026</td>
+ <td>A-37277231<a href="#asterisk">*</a><br />
+ QC-CR#748397</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9027</td>
+ <td>A-37279124<a href="#asterisk">*</a><br />
+ QC-CR#748407</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9008</td>
+ <td>A-36384689<a href="#asterisk">*</a><br />
+ QC-CR#762111</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9009</td>
+ <td>A-36393600<a href="#asterisk">*</a><br />
+ QC-CR#762182</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9010</td>
+ <td>A-36393101<a href="#asterisk">*</a><br />
+ QC-CR#758752</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9011</td>
+ <td>A-36714882<a href="#asterisk">*</a><br />
+ QC-CR#762167</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9024</td>
+ <td>A-37265657<a href="#asterisk">*</a><br />
+ QC-CR#740680</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9012</td>
+ <td>A-36384691<a href="#asterisk">*</a><br />
+ QC-CR#746617</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9013</td>
+ <td>A-36393251<a href="#asterisk">*</a><br />
+ QC-CR#814373</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9014</td>
+ <td>A-36393750<a href="#asterisk">*</a><br />
+ QC-CR#855220</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9015</td>
+ <td>A-36714120<a href="#asterisk">*</a><br />
+ QC-CR#701858</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9029</td>
+ <td>A-37276981<a href="#asterisk">*</a><br />
+ QC-CR#827837</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10338</td>
+ <td>A-37277738<a href="#asterisk">*</a><br />
+ QC-CR#987699</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10336</td>
+ <td>A-37278436<a href="#asterisk">*</a><br />
+ QC-CR#973605</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10333</td>
+ <td>A-37280574<a href="#asterisk">*</a><br />
+ QC-CR#947438</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10341</td>
+ <td>A-37281667<a href="#asterisk">*</a><br />
+ QC-CR#991476</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10335</td>
+ <td>A-37282802<a href="#asterisk">*</a><br />
+ QC-CR#961142</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10340</td>
+ <td>A-37280614<a href="#asterisk">*</a><br />
+ QC-CR#989028</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10334</td>
+ <td>A-37280664<a href="#asterisk">*</a><br />
+ QC-CR#949933</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10339</td>
+ <td>A-37280575<a href="#asterisk">*</a><br />
+ QC-CR#988502</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10298</td>
+ <td>A-36393252<a href="#asterisk">*</a><br />
+ QC-CR#1020465</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10299</td>
+ <td>A-32577244<a href="#asterisk">*</a><br />
+ QC-CR#1058511</td>
+ <td>Н/Д</td>
+ <td>Критический</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9954</td>
+ <td>A-36388559<a href="#asterisk">*</a><br />
+ QC-CR#552880</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9955</td>
+ <td>A-36384686<a href="#asterisk">*</a><br />
+ QC-CR#622701</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9956</td>
+ <td>A-36389611<a href="#asterisk">*</a><br />
+ QC-CR#638127</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9957</td>
+ <td>A-36387564<a href="#asterisk">*</a><br />
+ QC-CR#638984</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9958</td>
+ <td>A-36384774<a href="#asterisk">*</a><br />
+ QC-CR#638135</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9962</td>
+ <td>A-37275888<a href="#asterisk">*</a><br />
+ QC-CR#656267</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9963</td>
+ <td>A-37276741<a href="#asterisk">*</a><br />
+ QC-CR#657771</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9959</td>
+ <td>A-36383694<a href="#asterisk">*</a><br />
+ QC-CR#651900</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9964</td>
+ <td>A-37280321<a href="#asterisk">*</a><br />
+ QC-CR#680778</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9965</td>
+ <td>A-37278233<a href="#asterisk">*</a><br />
+ QC-CR#711585</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9966</td>
+ <td>A-37282854<a href="#asterisk">*</a><br />
+ QC-CR#727398</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9023</td>
+ <td>A-37276138<a href="#asterisk">*</a><br />
+ QC-CR#739802</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9020</td>
+ <td>A-37276742<a href="#asterisk">*</a><br />
+ QC-CR#733455</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9021</td>
+ <td>A-37276743<a href="#asterisk">*</a><br />
+ QC-CR#735148</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9025</td>
+ <td>A-37276744<a href="#asterisk">*</a><br />
+ QC-CR#743985</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9022</td>
+ <td>A-37280226<a href="#asterisk">*</a><br />
+ QC-CR#736146</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9028</td>
+ <td>A-37277982<a href="#asterisk">*</a><br />
+ QC-CR#762764</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9031</td>
+ <td>A-37275889<a href="#asterisk">*</a><br />
+ QC-CR#866015</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9032</td>
+ <td>A-37279125<a href="#asterisk">*</a><br />
+ QC-CR#873202</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9033</td>
+ <td>A-37276139<a href="#asterisk">*</a><br />
+ QC-CR#892541</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9030</td>
+ <td>A-37282907<a href="#asterisk">*</a><br />
+ QC-CR#854667</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10332</td>
+ <td>A-37282801<a href="#asterisk">*</a><br />
+ QC-CR#906713<br />
+ QC-CR#917701<br />
+ QC-CR#917702</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10337</td>
+ <td>A-37280665<a href="#asterisk">*</a><br />
+ QC-CR#977632</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10342</td>
+ <td>A-37281763<a href="#asterisk">*</a><br />
+ QC-CR#988941</td>
+ <td>Н/Д</td>
+ <td>Высокий</td>
+ <td>Закрытый компонент</td>
+ </tr>
+</tbody></table>
+<h2 id="google-device-updates">Обновления устройств Google</h2>
+<p>В таблице указаны обновление системы безопасности, которые находится в последнем автоматическом обновлении (OTA) и <a href="https://developers.google.com/android/nexus/images">образах прошивок для устройств Google</a>.</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>Устройство</th>
+ <th>Обновление системы безопасности</th>
+ </tr>
+ <tr>
+ <td>Pixel/Pixel XL</td>
+ <td>5 июня 2017 г.</td>
+ </tr>
+ <tr>
+ <td>Nexus 5X</td>
+ <td>5 июня 2017 г.</td>
+ </tr>
+ <tr>
+ <td>Nexus 6</td>
+ <td>5 июня 2017 г.</td>
+ </tr>
+ <tr>
+ <td>Nexus 6P</td>
+ <td>5 июня 2017 г.</td>
+ </tr>
+ <tr>
+ <td>Nexus 9</td>
+ <td>5 июня 2017 г.</td>
+ </tr>
+ <tr>
+ <td>Nexus Player</td>
+ <td>5 июня 2017 г.</td>
+ </tr>
+ <tr>
+ <td>Pixel С</td>
+ <td>5 июня 2017 г.</td>
+ </tr>
+</tbody></table>
+<h2 id="acknowledgements">Благодарности</h2>
+<p>Благодарим всех, кто помог обнаружить уязвимости:</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="83%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>Специалисты</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643, CVE-2017-0641</td>
+ <td>Экулар Сюй (徐健) из Trend Micro</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645, CVE-2017-0639</td>
+ <td>Энь Хэ (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) и Бо Лю из <a href="http://www.ms509.com">MS509Team</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>Гэнцзя Чэнь (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) и <a href="http://weibo.com/jfpan">pjf</a> из IceSword Lab, Qihoo 360 Technology Co. Ltd.</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td>Godzhen (郑文选 <a href="https://twitter.com/VirtualSeekers">@VirtualSeekers</a>) из Tencent PC Manager</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>Джейк Корина и Ник Стивенс из Shellphish Grill Team</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>Цзяньцян Чжао (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) и <a href="http://weibo.com/jfpan">pjf</a> из IceSword Lab, Qihoo 360</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td>Лубо Чжан (<a href="mailto:zlbzlb815@163.com">zlbzlb815@163.com</a>), Юань-Цун Ло (<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>) и Сюйсянь Цзян из <a href="http://c0reteam.org">C0RE Team</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>Нейтан Крэнделл (<a href="https://twitter.com/natecray">@natecray</a>) из Tesla's Product Security Team</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>Омер Шварц, Амир Коэн, доктор Асаф Шабтай и доктор Йосси Орен из лаборатории кибербезопасности Университета имени Бен-Гуриона</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td>Рои Хэй (<a href="https://twitter.com/roeehay">@roeehay</a>) из <a href="https://alephsecurity.com/">Aleph Research</a>, HCL Technologies</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369, CVE-2017-6249, CVE-2017-6247, CVE-2017-6248</td>
+ <td>Севен Шэнь (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) из TrendMicro</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642, CVE-2017-0637, CVE-2017-0638</td>
+ <td>Василий Васильев</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) из <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">команды по изучению угроз для мобильных устройств</a>, <a href="http://www.trendmicro.com">Trend Micro</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>Силин Гун из отдела безопасности платформы Tencent</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td>Янкан (<a href="https://twitter.com/dnpushme">@dnpushme</a>) и Лиядон из Qex Team, Qihoo 360</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>Юнган Го (<a href="https://twitter.com/guoygang">@guoygang</a>) из IceSword Lab, Qihoo 360 Technology Co. Ltd.</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td>Юань-Цун Ло (<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>) и Сюйсянь Цзян из <a href="http://c0reteam.org">C0RE Team</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241</td>
+ <td>Зубин Митра из Google</td>
+ </tr>
+</tbody></table>
+<h2 id="common-questions-and-answers">Часто задаваемые вопросы</h2>
+<p>В этом разделе мы отвечаем на вопросы, которые могут возникнуть
+после прочтения бюллетеня.</p>
+
+<p><strong>1. Как определить, установлено ли на устройство обновление, в котором устранены перечисленные проблемы?
+</strong></p>
+
+<p>Информацию о том, как проверить обновления системы безопасности, можно найти в <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Справочном центре</a>.</p>
+<ul>
+<li>В исправлении от 1 июня 2017 года или более новом устранены все проблемы, связанные с обновлением 2017-06-01.</li>
+<li>В исправлении от 5 июня 2017 года или более новом устранены все проблемы, связанные с обновлением 2017-06-05.</li></ul>
+<p>Производители устройств, позволяющие установить эти обновления, должны присвоить им один из этих уровней:</p>
+<ul>
+<li>[ro.build.version.security_patch]:[2017-06-01]</li>
+<li>[ro.build.version.security_patch]:[2017-06-05]</li></ul>
+<p><strong>2. Почему в этом бюллетене говорится о двух обновлениях системы безопасности?</strong></p>
+
+<p>Мы включили в этот бюллетень сведения о двух обновлениях, чтобы помочь нашим партнерам как можно скорее устранить уязвимости, затрагивающие все устройства Android. Рекомендуем партнерам Android исправить все вышеперечисленные проблемы и установить последнее обновление системы безопасности.</p>
+<ul>
+<li>На устройствах с установленным обновлением от 1 июня 2017 года должны быть исправлены все проблемы, упомянутые в соответствующем разделе этого бюллетеня, а также в предыдущих выпусках.</li>
+<li>На устройствах с установленным обновлением от 5 июня 2017 года или более новым должны быть исправлены все проблемы, упомянутые в этом бюллетене и предыдущих выпусках.</li></ul>
+<p>Рекомендуем партнерам собрать все исправления проблем в одно обновление.</p>
+
+<p id="vulnerability-type"><strong>3. Что означают сокращения в столбце <em>Тип</em>?</strong></p>
+
+<p>А этой столбце указан<em></em> тип уязвимости по следующей классификации:</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>Сокращение</th>
+ <th>Описание</th>
+ </tr>
+ <tr>
+ <td>УВК</td>
+ <td>Удаленное выполнение кода</td>
+ </tr>
+ <tr>
+ <td>ПП</td>
+ <td>Повышение привилегий</td>
+ </tr>
+ <tr>
+ <td>РИ</td>
+ <td>Раскрытие информации</td>
+ </tr>
+ <tr>
+ <td>ОО</td>
+ <td>Отказ в обслуживании</td>
+ </tr>
+ <tr>
+ <td>Н/Д</td>
+ <td>Классификация недоступна</td>
+ </tr>
+</tbody></table>
+<p><strong>4. На что указывают записи в столбце <em>Ссылки</em>?</strong></p>
+
+<p>В таблицах с описанием уязвимостей есть столбец <em>Ссылки</em>. Каждая запись в нем может содержать префикс, указывающий на источник ссылки, а именно:</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>Префикс</th>
+ <th>Значение</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Идентификатор ошибки Android</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Ссылочный номер Qualcomm</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>Ссылочный номер MediaTek</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>Ссылочный номер NVIDIA</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Ссылочный номер Broadcom</td>
+ </tr>
+</tbody></table>
+<p id="asterisk"><strong>6. Что означает значок <a href="#asterisk">*</a> рядом с идентификатором ошибки Android в столбце <em>Ссылки</em>?</strong></p>
+
+<p>Значок <a href="#asterisk">*</a> (звездочка) означает, что исправление для уязвимости не опубликовано<em></em>. Необходимое обновление содержится в последних бинарных драйверах для устройств Nexus, которые можно скачать на <a href="https://developers.google.com/android/nexus/drivers">сайте для разработчиков</a>.</p>
+
+<h2 id="versions">Версии</h2>
+<table>
+ <colgroup><col width="25%" />
+ <col width="25%" />
+ <col width="50%" />
+ </colgroup><tbody><tr>
+ <th>Версия</th>
+ <th>Дата</th>
+ <th>Примечания</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>5 июня 2017 г.</td>
+ <td>Бюллетень опубликован.</td>
+ </tr>
+ <tr>
+ <td>1.1</td>
+ <td>7 июня 2017 г.</td>
+ <td>Добавлены ссылки на AOSP.</td>
+ </tr>
+</tbody></table>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/devices/tech/debug/gdb.html b/zh-cn/devices/tech/debug/gdb.html
new file mode 100644
index 0000000..f9c74d5
--- /dev/null
+++ b/zh-cn/devices/tech/debug/gdb.html
@@ -0,0 +1,109 @@
+<html devsite><head>
+ <title>使用 GDB</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>GNU 项目调试程序 (GDB) 是常用的 Unix 调试程序。本页详细介绍了如何使用 <code>gdb</code> 调试 Android 应用和进程。</p>
+
+<h2 id="running">调试运行中的应用或进程</h2>
+
+<p>要连接到已在运行的应用或本机守护进程,请配合使用 <code>gdbclient</code> 和 PID。例如,要调试 PID 为 1234 的进程,请运行:</p>
+
+<pre class="devsite-terminal devsite-click-to-copy">
+gdbclient 1234
+</pre>
+
+<p>此脚本会设置端口转发,在设备上启动相应的 <code>gdbserver</code>,在主机上启动相应的 <code>gdb</code>,配置 <code>gdb</code> 以找出符号,然后将 <code>gdb</code> 连接到远程 <code>gdbserver</code>。</p>
+
+<h2 id="starts">调试本机进程启动</h2>
+
+<p>要在进程启动时对其进行调试,请使用 <code>gdbserver</code> 或 <code>gdbserver64</code>(适用于 64 位进程)。例如:</p>
+
+<pre class="devsite-terminal devsite-click-to-copy">
+adb shell gdbserver :5039 /system/bin/<var>MY_TEST_APP</var>
+</pre>
+
+<p>输出示例:</p>
+<pre class="devsite-click-to-copy">
+Process <var>MY_TEST_APP</var> created; pid = 3460
+Listening on port 5039
+</pre>
+
+<p>接下来,从 <code>gdbserver</code> 输出中找出应用 PID,并将其用于其他终端窗口。</p>
+
+<pre class="devsite-terminal devsite-click-to-copy">
+gdbclient <var>APP_PID</var>
+</pre>
+
+<p>最后,在 <code>gdb</code> 提示处输入 <strong>continue</strong>。</p>
+
+<p class="note"><strong>注意</strong>:如果您指定了错误的 <code>gdbserver</code>,将会收到没任何帮助的错误消息(例如“<code>Reply contains invalid hex digit 59</code>”)。</p>
+
+<h2 id="app-startup">调试应用启动</h2>
+
+<p>有时,您需要在应用启动时对其进行调试;例如在应用发生崩溃时,您需要逐步检查代码,以查看崩溃之前<em></em>发生的情况。
+<a href="#running">附加</a>调试程序有时能解决问题,有时不能解决问题,因为应用可能会在您可以附加调试程序之前崩溃。<code>logwrapper</code> 方法(用于 <code>strace</code> 和 <code>valgrind</code>)不一定能解决所有的问题,因为应用可能没有权限打开端口,而 <code>gdbserver</code> 会继承这项限制。</p>
+
+<p>要调试应用启动,请使用“设置”中的开发者选项,指示应用等待附加 Java 调试程序:</p>
+
+<ol>
+<li>请依次转到“设置”>“开发者选项”>“选择调试应用”<em></em>,并从列表中选择您的应用,然后按<strong>等待调试程序</strong>。</li>
+
+<li>启动应用,您可以从启动器启动,也可以在命令行中运行以下命令来启动:<pre class="devsite-terminal devsite-click-to-copy">
+am start -a android.intent.action.MAIN -n <var>APP_NAME</var>/.<var>APP_ACTIVITY</var>
+</pre></li>
+
+<li>等待应用加载,然后等待系统显示一个对话框提示您应用正在等待附加调试程序。</li>
+
+<li>正常附加 <code>gdbserver</code>/<code>gdbclient</code>,设置断点,然后继续运行该进程。</li></ol>
+
+<p>要让应用实际运行,请附加 Java 调试网络协议 (JDWP) 调试程序,例如 Java 调试程序 (jdb):</p>
+<pre class="devsite-click-to-copy">
+<code class="devsite-terminal">adb forward tcp:12345 jdwp:<var>XXX</var> # (Where XXX is the pid of the debugged process.)</code>
+<code class="devsite-terminal">jdb -attach localhost:12345</code>
+</pre>
+
+<h2 id="crash">调试崩溃的应用或进程</h2>
+
+<p>如果您希望 <code>debuggerd</code> 暂停崩溃的进程,以便您可以附加 <code>gdb</code>,请设置相应的属性:</p>
+
+<pre class="devsite-click-to-copy">
+# Android 7.0 Nougat and later.
+<code class="devsite-terminal">adb shell setprop debug.debuggerd.wait_for_gdb true</code>
+</pre>
+
+<pre class="devsite-click-to-copy">
+# Android 6.0 Marshmallow and earlier.
+<code class="devsite-terminal">adb shell setprop debug.db.uid 999999</code>
+</pre>
+
+<p>在寻常的崩溃输出结束后,<code>debuggerd</code> 会提供有关如何使用命令连接 <code>gdb</code> 的说明:</p><pre class="devsite-terminal devsite-click-to-copy">
+gdbclient <var>PID</var>
+</pre>
+
+<h2 id="symbols">无符号调试</h2>
+
+<p>对于 32 位 ARM,如果您没有符号,<code>gdb</code> 就会搞不清楚要反汇编的指令集(ARM 或 Thumb)。要在缺失符号信息时指定已选为默认项的指令集,请设置以下属性:</p>
+
+<pre class="devsite-terminal devsite-click-to-copy">
+set arm fallback-mode arm # or thumb
+</pre>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/advisory/2016-03-18.html b/zh-cn/security/advisory/2016-03-18.html
index 16cb18d..222d71d 100644
--- a/zh-cn/security/advisory/2016-03-18.html
+++ b/zh-cn/security/advisory/2016-03-18.html
@@ -1,8 +1,7 @@
-<html devsite>
- <head>
- <title>Android 安全公告 - 2016 年 3 月 18 日</title>
- <meta name="project_path" value="/_project.yaml" />
- <meta name="book_path" value="/_book.yaml" />
+<html devsite><head>
+ <title>Android 安全建议 - 2016 年 3 月 18 日</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
</head>
<body>
<!--
@@ -21,15 +20,13 @@
limitations under the License.
-->
-
-
<p><em>发布时间:2016 年 3 月 18 日</em></p>
-<p>Android 安全公告是对 Nexus 安全公告的补充。要详细了解安全公告,请参阅我们的<a href="index.html">摘要网页</a>。</p>
+<p>Android 安全建议是对 Nexus 安全公告的补充。如需关于安全建议的更多信息,请参阅我们的<a href="index.html">摘要页面</a>。</p>
<h2 id="summary">摘要</h2>
-<p>Google 注意到,某个 Root 应用会利用部分 Android 设备上的内核中某个未被补丁程序修复的本地提权漏洞 (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a>)。只有用户在设备上安装该应用后,设备才会受到该应用的影响。Google 已通过<a href="https://support.google.com/accounts/answer/2812853">验证应用</a>功能阻止用户在 Google Play 内外安装会利用该漏洞的 Root 应用。此外,Google 还更新了系统,以便检测会利用这一特定漏洞的应用。</p>
+<p>Google 注意到,某个 Root 应用会利用部分 Android 设备的内核中某个未被补丁程序修复的本地提权漏洞 (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a>)。只有用户在设备上安装该应用后,设备才会受到该应用的影响。Google 已通过<a href="https://support.google.com/accounts/answer/2812853">验证应用</a>功能阻止用户在 Google Play 内外安装会利用该漏洞的 Root 应用。此外,Google 还更新了系统,以便检测会利用这一特定漏洞的应用。</p>
<p>为了针对该问题提供最后一道防护屏障,我们已在 2016 年 3 月 16 日向合作伙伴提供用于修复该问题的补丁程序。我们正在准备 Nexus 更新版本,近日就会发布。此外,我们还在 Android 开放源代码项目 (AOSP) 代码库中发布了针对该问题的源代码补丁程序。</p>
@@ -43,37 +40,32 @@
<h3 id="scope">范围</h3>
-
-<p>该公告适用于所有搭载内核版本 3.4、3.10 和 3.14 且未安装补丁程序的 Android 设备(包括所有 Nexus 设备)。Linux 内核版本为 3.18 或更高版本的 Android 设备不会受到影响。</p>
+<p>该安全建议适用于所有内核版本为 3.4、3.10 和 3.14 且未安装补丁程序的 Android 设备(包括所有 Nexus 设备)。Linux 内核版本为 3.18 或更高版本的 Android 设备不会受到影响。</p>
<h3 id="mitigations">缓解措施</h3>
-
<p>下列缓解措施有助于降低用户受该问题影响的可能性:</p>
<ul>
<li>“验证应用”功能已进行了更新,能够阻止用户在 Google Play 内外安装会试图利用该漏洞的已知应用。
- <li>Google Play 禁止 Root 应用(例如会试图利用该问题的应用)上架。
- <li><a href="https://support.google.com/nexus/answer/4457705">Linux 内核版本为 3.18</a> 或更高版本的 Android 设备不会受到影响。
-</li></li></li></ul>
+ </li><li>Google Play 禁止 Root 应用(例如会试图利用该问题的应用)上架。
+ </li><li><a href="https://support.google.com/nexus/answer/4457705">Linux 内核版本为 3.18</a> 或更高版本的 Android 设备不会受到影响。
+</li></ul>
<h3 id="acknowledgements">致谢</h3>
-
-<p>Android 非常感谢 <a href="http://c0reteam.org/">C0RE 团队</a>和 <a href="https://www.zimperium.com/">Zimperium</a> 对该公告做出的贡献。</p>
+<p>Android 衷心感谢 <a href="http://c0reteam.org/">C0RE 团队</a>和 <a href="https://www.zimperium.com/">Zimperium</a> 对该安全建议做出的贡献。</p>
<h3 id="suggested_actions">建议操作</h3>
-
<p>Android 建议所有用户在有设备软件更新时,进行相应更新。</p>
<h3 id="fixes">修复程序</h3>
-
<p>Google 已针对多个内核版本在 AOSP 代码库中发布修复程序。我们已向 Android 合作伙伴发出相关修复程序的通知,并建议他们采用。如需进一步更新,Android 会直接将更新内容发布到 AOSP。</p>
<table>
- <tr>
+ <tbody><tr>
<th>内核版本</th>
<th>补丁程序</th>
</tr>
@@ -93,12 +85,10 @@
<td>3.18+</td>
<td>公开 Linux 内核已打了补丁程序</td>
</tr>
-</table>
-
+</tbody></table>
<h2 id="common_questions_and_answers">常见问题和解答</h2>
-
<p><strong>1. 具体问题是什么?
</strong></p>
@@ -126,10 +116,8 @@
<h2 id="revisions">修订版本</h2>
-
<ul>
- <li>2016 年 3 月 18 日:发布了公告。
+ <li>2016 年 3 月 18 日:发布了安全建议。
</li></ul>
- </body>
-</html>
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/advisory/index.html b/zh-cn/security/advisory/index.html
new file mode 100644
index 0000000..444e8a5
--- /dev/null
+++ b/zh-cn/security/advisory/index.html
@@ -0,0 +1,44 @@
+<html devsite><head>
+ <title>Android 安全建议</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 安全建议是对 <a href="/security/bulletin/index.html">Android 安全公告</a>的补充。Android 会发布一些建议,让用户了解如何解决可能不需要安全补丁程序或 Nexus/Pixel 设备更新,但仍可能影响 Android 用户总体安全性的问题。Android 安全公告中会随附<a href="https://developers.google.com/android/nexus/images">设备出厂映像</a>和无线下载 (OTA) 的设备更新,以保护用户免遭 Android 生态系统中已知安全问题的影响。<em></em>Android 安全建议则旨在针对与 Android 有关的安全问题向用户提供详细信息和指导,可能不会随附相应的软件更新。</p>
+
+<p>不过,当有更新可用于解决 Android 安全建议中介绍的问题时,我们会在针对 Nexus 和 Pixel 设备的 Android 安全公告中提供这些更新。在 Android 安全公告中,我们会提到公告中要解决的问题对应的是哪期 Android 安全建议。</p>
+
+<p>和接收公告方面的通知一样,加入 <a href="https://groups.google.com/forum/#!forum/android-security-updates">Android 安全更新</a>论坛后,您便可以在我们发布建议时收到通知。</p>
+
+<table>
+ <tbody><tr>
+ <th>建议</th>
+ <th>语言</th>
+ <th>发布日期</th>
+ </tr>
+ <tr>
+ <td><a href="2016-03-18.html">2016-03-18</a></td>
+ <td>
+ <a href="/security/advisory/2016-03-18.html">English</a> / <a href="/security/advisory/2016-03-18.html?hl=ja">日本語</a> / <a href="/security/advisory/2016-03-18.html?hl=ko">한국어</a> / <a href="/security/advisory/2016-03-18.html?hl=ru">ру́сский</a> / <a href="/security/advisory/2016-03-18.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/advisory/2016-03-18.html?hl=zh-tw">中文 (台灣)</a>
+ </td>
+ <td>2016 年 3 月 18 日</td>
+ </tr>
+</tbody></table>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/apksigning/index.html b/zh-cn/security/apksigning/index.html
new file mode 100644
index 0000000..c0af7d0
--- /dev/null
+++ b/zh-cn/security/apksigning/index.html
@@ -0,0 +1,60 @@
+<html devsite><head>
+ <title>应用签名</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>通过应用签名,开发者可以标识应用创作者并更新其应用,而无需创建复杂的接口和权限。在 Android 平台上运行的每个应用都必须要有<a href="https://developer.android.com/studio/publish/app-signing.html">开发者的签名</a>。Google Play 或 Android 设备上的软件包安装程序会拒绝没有获得签名就尝试安装的应用。
+</p>
+<p>在 Google Play 上,应用签名可以将 Google 对开发者的信任和开发者对自己的应用的信任联系在一起。这样一来,开发者就知道自己的应用是以未经修改的形式提供给 Android 设备,并且可以对其应用的行为负责。
+</p>
+<p>在 Android 上,应用签名是将应用放入其应用沙盒的第一步。已签名的应用证书定义了哪个用户 ID 与哪个应用相关联;不同的应用要以不同的用户 ID 运行。应用签名可确保一个应用无法访问任何其他应用的数据,通过明确定义的 IPC 进行访问时除外。</p>
+<p>当应用(APK 文件)安装到 Android 设备上时,软件包管理器会验证 APK 是否已经过适当签名(已使用 APK 中包含的证书签名)。如果该证书(或更准确地说,证书中的公钥)与设备上的任何其他 APK 使用的签名密钥一致,那么这个新 APK 就可以选择在清单中指定它将与其他以类似方式签名的 APK 共用一个 UID。
+</p>
+<p>应用可以由第三方(OEM、运营商、其他应用市场)签名,也可以自行签名。Android 提供了使用自签名证书进行代码签名的功能,而开发者无需外部协助或许可即可生成自签名证书。应用并非必须由核心机构签名。Android 目前不对应用证书进行 CA 认证。
+</p>
+<p>应用还可以在“签名”保护级别声明安全权限,以便只有使用同一个密钥签名的应用可以获得此仅限,同时让这些应用可以各自维持单独的 UID 和应用沙盒。通过<a href="https://developer.android.com/guide/topics/manifest/manifest-element.html#uid">共用 UID 功能</a>,多个应用可以共用一个应用沙盒,从而建立起更紧密的联系。在该功能中,使用同一个开发者密钥签名的两个或更多应用可以在其清单中声明共用的 UID。</p>
+<h2>APK 签名方案</h2>
+<p>Android 支持两种应用签名方案,一种是基于 JAR 签名的方案(v1 方案),另一种是 Android Nougat (Android 7.0) 中引入的 <a href="v2.html">APK 签名方案 v2(v2 方案)</a>。
+</p>
+<p>为了最大限度地提高兼容性,应同时采用 v1 和 v2 这两种方案对应用进行签名。与只通过 v1 方案签名的应用相比,通过 v2 方案签名的应用能够更快速地安装到 Android Nougat 及更高版本的设备上。更低版本的 Android 平台会忽略 v2 签名,这就需要应用包含 v1 签名。
+</p>
+<h3 id="v1">JAR 签名(v1 方案)</h3>
+<p>从一开始,APK 签名就是 Android 的一个有机部分。该方案基于<a href="https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File">签名的 JAR</a>。如要详细了解如何使用该方案,请参阅介绍如何<a href="https://developer.android.com/studio/publish/app-signing.html">为您的应用签名</a>的 Android Studio 文档。
+</p>
+<p>v1 签名不保护 APK 的某些部分,例如 ZIP 元数据。APK 验证程序需要处理大量不可信(尚未经过验证)的数据结构,然后会舍弃不受签名保护的数据。这会导致相当大的受攻击面。此外,APK 验证程序必须解压所有已压缩的条目,而这需要花费更多时间和内存。为了解决这些问题,Android 7.0 中引入了 APK 签名方案 v2。
+</p>
+<h3 id="v2">APK 签名方案 v2(v2 方案)</h3>
+<p>Android 7.0 中引入了 APK 签名方案 v2(v2 方案)。该方案会对 APK 的内容进行哈希处理和签名,然后将生成的“APK 签名分块”插入到 APK 中。如要详细了解如何在应用中使用 v2 方案,请参阅 Android N 开发者预览版中的 <a href="https://developer.android.com/about/versions/nougat/android-7.0.html#apk_signature_v2">APK 签名方案 v2</a>。
+</p>
+<p>在验证期间,v2 方案会将 APK 文件视为 Blob,并对整个文件进行签名检查。对 APK 进行的任何修改(包括对 ZIP 元数据进行的修改)都会使 APK 签名作废。这种形式的 APK 验证不仅速度要快得多,而且能够发现更多种未经授权的修改。
+</p>
+<p>新的签名格式向后兼容,因此,使用这种新格式签名的 APK 可在更低版本的 Android 设备上进行安装(会直接忽略添加到 APK 的额外数据),但前提是这些 APK 还带有 v1 签名。
+</p>
+<p>
+ <img src="../images/apk-validation-process.png" alt="APK 签名验证过程" id="figure1"/>
+</p>
+<p class="img-caption"><strong>图 1.</strong> APK 签名验证过程(新步骤以红色显示)</p>
+
+<p>验证程序会对照存储在“APK 签名分块”中的 v2 签名对 APK 的全文件哈希进行验证。该哈希涵盖除“APK 签名分块”(其中包含 v2 签名)之外的所有内容。在“APK 签名分块”以外对 APK 进行的任何修改都会使 APK 的 v2 签名作废。v2 签名被删除的 APK 也会被拒绝,因为 v1 签名指明相应 APK 带有 v2 签名,所以 Android Nougat 及更高版本会拒绝使用 v1 签名验证 APK。
+</p>
+
+<p>如需关于 APK 签名验证过程的详细信息,请参阅 APK 签名方案 v2 的<a href="v2.html#verification">“验证”部分</a>。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/apksigning/v2.html b/zh-cn/security/apksigning/v2.html
new file mode 100644
index 0000000..ac12e74
--- /dev/null
+++ b/zh-cn/security/apksigning/v2.html
@@ -0,0 +1,223 @@
+<html devsite><head>
+ <title>APK 签名方案 v2</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>APK 签名方案 v2 是一种全文件签名方案,该方案能够发现对 APK 的受保护部分进行的所有更改,从而有助于加快验证速度并<a href="#integrity-protected-contents">增强完整性保证</a>。</p>
+
+<p>使用 APK 签名方案 v2 进行签名时,会在 APK 文件中插入一个 <a href="#apk-signing-block">APK 签名分块</a>,该分块位于“ZIP 中央目录”部分之前并紧邻该部分。在“APK 签名分块”内,v2 签名和签名者身份信息会存储在 <a href="#apk-signature-scheme-v2-block">APK 签名方案 v2 分块</a>中。
+</p>
+
+<p>
+ <img src="../images/apk-before-after-signing.png" alt="签名前和签名后的 APK" id="figure1"/>
+</p>
+<p class="img-caption"><strong>图 1.</strong> 签名前和签名后的 APK</p>
+
+<p>APK 签名方案 v2 是在 Android 7.0 (Nougat) 中引入的。为了使 APK 可在 Android 6.0 (Marshmallow) 及更低版本的设备上安装,应先使用 <a href="index.html#v1">JAR 签名</a>功能对 APK 进行签名,然后再使用 v2 方案对其进行签名。
+</p>
+
+<h2 id="apk-signing-block">APK 签名分块</h2>
+<p>为了保持与当前 APK 格式向后兼容,v2 及更高版本的 APK 签名会存储在“APK 签名分块”内,该分块是为了支持 APK 签名方案 v2 而引入的一个新容器。在 APK 文件中,“APK 签名分块”位于“ZIP 中央目录”(位于文件末尾)之前并紧邻该部分。
+</p>
+
+<p>该分块包含多个“ID-值”对,所采用的封装方式有助于更轻松地在 APK 中找到该分块。APK 的 v2 签名会存储为一个“ID-值”对,其中 ID 为 0x7109871a。
+</p>
+
+<h3 id="apk-signing-block-format">格式</h3>
+<p>“APK 签名分块”的格式如下(所有数字字段均采用小端字节序):</p>
+
+<ul>
+ <li><code>size of block</code>,以字节数(不含此字段)计 (uint64)</li>
+ <li>带 uint64 长度前缀的“ID-值”对序列:<ul>
+ <li><code>ID</code> (uint32)</li>
+ <li><code>value</code>(可变长度:“ID-值”对的长度 - 4 个字节)</li>
+ </ul>
+ </li>
+ <li><code>size of block</code>,以字节数计 - 与第一个字段相同 (uint64)</li>
+ <li><code>magic</code> APK 签名分块 42(16 个字节)</li>
+</ul>
+
+<p>在解析 APK 时,首先要通过以下方法找到“ZIP 中央目录”的起始位置:在文件末尾找到“ZIP 中央目录结尾”记录,然后从该记录中读取“中央目录”的起始偏移量。通过 <code>magic</code> 值,可以快速确定“中央目录”前方可能是“APK 签名分块”。然后,通过 <code>size of
+block</code> 值,可以高效地找到该分块在文件中的起始位置。
+</p>
+
+<p>在解译该分块时,应忽略 ID 未知的“ID-值”对。
+</p>
+
+<h2 id="apk-signature-scheme-v2-block">APK 签名方案 v2 分块</h2>
+<p>APK 由一个或多个签名者/身份签名,每个签名者/身份均由一个签名密钥来表示。该信息会以“APK 签名方案 v2 分块”的形式存储。对于每个签名者,都会存储以下信息:</p>
+
+<ul>
+ <li>(签名算法、摘要、签名)元组。摘要会存储起来,以便将签名验证和 APK 内容完整性检查拆开进行。</li>
+ <li>表示签名者身份的 X.509 证书链。</li>
+ <li>采用键值对形式的其他属性。</li>
+</ul>
+
+<p>对于每位签名者,都会使用收到的列表中支持的签名来验证 APK。签名算法未知的签名会被忽略。如果遇到多个支持的签名,则由每个实现来选择使用哪个签名。这样一来,以后便能够以向后兼容的方式引入安全系数更高的签名方法。建议的方法是验证安全系数最高的签名。
+</p>
+
+<h3 id="apk-signature-scheme-v2-block-format">格式</h3>
+<p>“APK 签名方案 v2 分块”存储在“APK 签名分块”内,ID 为 <code>0x7109871a</code>。
+</p>
+
+<p>“APK 签名方案 v2 分块”的格式如下(所有数字值均采用小端字节序,所有带长度前缀的字段均使用 uint32 值表示长度):</p>
+<ul>
+ <li>带长度前缀的 <code>signer</code>(带长度前缀)序列:<ul>
+ <li>带长度前缀的 <code>signed data</code>:<ul>
+ <li>带长度前缀的 <code>digests</code>(带长度前缀)序列:<ul>
+ <li><code>signature algorithm ID</code> (uint32)</li>
+ <li>(带长度前缀)<code>digest</code> - 请参阅<a href="#integrity-protected-contents">受完整性保护的内容</a></li>
+ </ul>
+ </li>
+ <li>带长度前缀的 X.509 <code>certificates</code> 序列:<ul>
+ <li>带长度前缀的 X.509 <code>certificate</code>(ASN.1 DER 形式)</li>
+ </ul>
+ </li>
+ <li>带长度前缀的 <code>additional attributes</code>(带长度前缀)序列:<ul>
+ <li><code>ID</code> (uint32)</li>
+ <li><code>value</code>(可变长度:附加属性的长度 - 4 个字节)</li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ <li>带长度前缀的 <code>signatures</code>(带长度前缀)序列:<ul>
+ <li><code>signature algorithm ID</code> (uint32)</li>
+ <li><code>signed data</code> 上带长度前缀的 <code>signature</code></li>
+ </ul>
+ </li>
+ <li>带长度前缀的 <code>public key</code>(SubjectPublicKeyInfo,ASN.1 DER 形式)</li>
+ </ul>
+ </li>
+</ul>
+
+<h4 id="signature-algorithm-ids">签名算法 ID</h4>
+<ul>
+ <li>0x0101 - 采用 SHA2-256 摘要、SHA2-256 MGF1、32 个字节的盐且尾部为 0xbc 的 RSASSA-PSS 算法</li>
+ <li>0x0102 - 采用 SHA2-512 摘要、SHA2-512 MGF1、64 个字节的盐且尾部为 0xbc 的 RSASSA-PSS 算法</li>
+ <li>0x0103 - 采用 SHA2-256 摘要的 RSASSA-PKCS1-v1_5 算法。此算法适用于需要确定性签名的编译系统。</li>
+ <li>0x0104 - 采用 SHA2-512 摘要的 RSASSA-PKCS1-v1_5 算法。此算法适用于需要确定性签名的编译系统。</li>
+ <li>0x0201 - 采用 SHA2-256 摘要的 ECDSA 算法</li>
+ <li>0x0202 - 采用 SHA2-512 摘要的 ECDSA 算法</li>
+ <li>0x0301 - 采用 SHA2-256 摘要的 DSA 算法</li>
+</ul>
+
+<p>Android 平台支持上述所有签名算法。签名工具可能只支持其中一部分算法。
+</p>
+
+<p>
+<strong>支持的密钥大小和 EC 曲线:</strong>
+</p>
+
+<ul>
+ <li>RSA:1024、2048、4096、8192、16384</li>
+ <li>EC:NIST P-256、P-384、P-521</li>
+ <li>DSA:1024、2048、3072</li>
+</ul>
+
+<h2 id="integrity-protected-contents">受完整性保护的内容</h2>
+
+<p>为了保护 APK 内容,APK 包含以下 4 个部分:</p>
+
+<ol>
+ <li>ZIP 条目的内容(从偏移量 0 处开始一直到“APK 签名分块”的起始位置)</li>
+ <li>APK 签名分块</li>
+ <li>ZIP 中央目录</li>
+ <li>ZIP 中央目录结尾</li>
+</ol>
+
+<p>
+ <img src="../images/apk-sections.png" alt="签名后的各个 APK 部分" id="figure2"/>
+</p>
+<p class="img-caption"><strong>图 2.</strong> 签名后的各个 APK 部分</p>
+
+<p>APK 签名方案 v2 负责保护第 1、3、4 部分的完整性,以及第 2 部分包含的“APK 签名方案 v2 分块”中的 <code>signed data</code> 分块的完整性。
+</p>
+
+<p>第 1、3 和 4 部分的完整性通过其内容的一个或多个摘要来保护,这些摘要存储在 <code>signed data</code> 分块中,而这些分块则通过一个或多个签名来保护。
+</p>
+
+<p>第 1、3 和 4 部分的摘要采用以下计算方式,类似于两级 <a href="https://en.wikipedia.org/wiki/Merkle_tree">Merkle 树</a>。每个部分都会被拆分成多个大小为 1 MB(2<sup>20</sup> 个字节)的连续块。每个部分的最后一个块可能会短一些。每个块的摘要均通过字节 <code>0xa5</code> 的连接、块的长度(采用小端字节序的 uint32 值,以字节数计)和块的内容进行计算。顶级摘要通过字节 <code>0x5a</code> 的连接、块数(采用小端字节序的 uint32 值)以及块的摘要的连接(按照块在 APK 中显示的顺序)进行计算。摘要以分块方式计算,以便通过并行处理来加快计算速度。
+</p>
+
+<p>
+ <img src="../images/apk-integrity-protection.png" alt="APK 摘要" id="figure3"/>
+</p>
+<p class="img-caption"><strong>图 3.</strong> APK 摘要</p>
+
+<p>由于第 4 部分(ZIP 中央目录结尾)包含“ZIP 中央目录”的偏移量,因此该部分的保护比较复杂。当“APK 签名分块”的大小发生变化(例如,添加了新签名)时,偏移量也会随之改变。因此,在通过“ZIP 中央目录结尾”计算摘要时,必须将包含“ZIP 中央目录”偏移量的字段视为包含“APK 签名分块”的偏移量。
+</p>
+
+<h2 id="rollback-protections">防回滚保护</h2>
+<p>攻击者可能会试图在支持对带 v2 签名的 APK 进行验证的 Android 平台上将带 v2 签名的 APK 作为带 v1 签名的 APK 进行验证。为了防范此类攻击,带 v2 签名的 APK 如果还带 v1 签名,其 META-INF/*.SF 文件的主要部分中必须包含 X-Android-APK-Signed 属性。该属性的值是一组以英文逗号分隔的 APK 签名方案 ID(v2 方案的 ID 为 2)。在验证 v1 签名时,对于此组中验证程序首选的 APK 签名方案(例如,v2 方案),如果 APK 没有相应的签名,APK 验证程序必须要拒绝这些 APK。此项保护依赖于内容 META-INF/*.SF 文件受 v1 签名保护这一事实。请参阅 <a href="#v1-verification">JAR 已签名的 APK 的验证</a>部分。
+</p>
+
+<p>攻击者可能会试图从“APK 签名方案 v2 分块”中删除安全系数较高的签名。为了防范此类攻击,对 APK 进行签名时使用的签名算法 ID 的列表会存储在通过各个签名保护的 <code>signed data</code> 分块中。
+</p>
+
+<h2 id="verification">验证</h2>
+
+<p>在 Android 7.0 中,可以根据 APK 签名方案 v2(v2 方案)或 JAR 签名(v1 方案)验证 APK。更低版本的平台会忽略 v2 签名,仅验证 v1 签名。
+</p>
+
+<p>
+ <img src="../images/apk-validation-process.png" alt="APK 签名验证过程" id="figure4"/>
+</p>
+<p class="img-caption"><strong>图 4.</strong> APK 签名验证过程(新步骤以红色显示)</p>
+
+<h3 id="v2-verification">APK 签名方案 v2 验证</h3>
+<ol>
+ <li>找到“APK 签名分块”并验证以下内容:<ol>
+ <li>“APK 签名分块”的两个大小字段包含相同的值。</li>
+ <li>“ZIP 中央目录”紧跟在“ZIP 中央目录结尾”记录后面。</li>
+ <li>“ZIP 中央目录结尾”之后没有任何数据。</li>
+ </ol>
+ </li>
+ <li>找到“APK 签名分块”中的第一个“APK 签名方案 v2 分块”。如果 v2 分块存在,则继续执行第 3 步。否则,回退至<a href="#v1-verification">使用 v1 方案</a>验证 APK。</li>
+ <li>对“APK 签名方案 v2 分块”中的每个 <code>signer</code> 执行以下操作:<ol>
+ <li>从 <code>signatures</code> 中选择安全系数最高的受支持 <code>signature algorithm ID</code>。安全系数排序取决于各个实现/平台版本。</li>
+ <li>使用 <code>public
+ key</code> 并对照 <code>signed data</code> 验证 <code>signatures</code> 中对应的 <code>signature</code>。(现在可以安全地解析 <code>signed data</code> 了。)</li>
+ <li>验证 <code>digests</code> 和 <code>signatures</code> 中的签名算法 ID 列表(有序列表)是否相同。(这是为了防止删除/添加签名。)</li>
+ <li>使用签名算法所用的同一种摘要算法<a href="#integrity-protected-contents">计算 APK 内容的摘要</a>。</li>
+ <li>验证计算出的摘要是否与 <code>digests</code> 中对应的 <code>digest</code> 相同。</li>
+ <li>验证 <code>certificates</code> 中第一个 <code>certificate</code> 的 SubjectPublicKeyInfo 是否与 <code>public key</code> 相同。</li>
+ </ol>
+ </li>
+ <li>如果找到了至少一个 <code>signer</code>,并且对于每个找到的 <code>signer</code>,第 3 步都取得了成功,APK 验证将会成功。</li>
+</ol>
+
+<p class="note"><strong>注意</strong>:如果第 3 步或第 4 步失败了,则不得使用 v1 方案验证 APK。
+</p>
+
+<h3 id="v1-verification">JAR 已签名的 APK 的验证(v1 方案)</h3>
+<p>JAR 已签名的 APK 是一种<a href="https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File">标准的已签名 JAR</a>,其中包含的条目必须与 META-INF/MANIFEST.MF 中列出的条目完全相同,并且所有条目都必须已由同一组签名者签名。其完整性按照以下方式进行验证:</p>
+
+<ol>
+ <li>每个签名者均由一个包含 META-INF/<signer>.SF 和 META-INF/<signer>.(RSA|DSA|EC) 的 JAR 条目来表示。</li>
+ <li><signer>.(RSA|DSA|EC) 是<a href="https://tools.ietf.org/html/rfc5652">具有 SignedData 结构的 PKCS #7 CMS ContentInfo</a>,其签名通过 <signer>.SF 文件进行验证。</li>
+ <li><signer>.SF 文件包含 META-INF/MANIFEST.MF 的全文件摘要和 META-INF/MANIFEST.MF 各个部分的摘要。需要验证 MANIFEST.MF 的全文件摘要。如果该验证失败,则改为验证 MANIFEST.MF 各个部分的摘要。</li>
+ <li>对于每个受完整性保护的 JAR 条目,META-INF/MANIFEST.MF 都包含一个具有相应名称的部分,其中包含相应条目未压缩内容的摘要。所有这些摘要都需要验证。</li>
+ <li>如果 APK 包含未在 MANIFEST.MF 中列出且不属于 JAR 签名一部分的 JAR 条目,APK 验证将会失败。</li>
+</ol>
+
+<p>因此,保护链是每个受完整性保护的 JAR 条目的 <signer>.(RSA|DSA|EC) -> <signer>.SF -> MANIFEST.MF -> 内容。
+</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/authentication/fingerprint-hal.html b/zh-cn/security/authentication/fingerprint-hal.html
new file mode 100644
index 0000000..9422812
--- /dev/null
+++ b/zh-cn/security/authentication/fingerprint-hal.html
@@ -0,0 +1,107 @@
+<html devsite><head>
+ <title>Fingerprint HAL</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<h2 id="overview">概述</h2>
+
+<p>如果设备配有指纹传感器,用户就可以注册一个或多个指纹,然后使用自己的指纹来解锁设备以及执行其他任务。</p>
+
+<p>Android 会利用 Fingerprint 硬件抽象层 (HAL) 连接到供应商专用库和指纹硬件,例如指纹传感器。</p>
+
+<p>要实现 Fingerprint HAL,您必须在某个供应商专用库中实现 <code>fingerprint.h</code> (<code>/hardware/libhardware/include/hardware/fingerprint.h</code>) 中的<a href="#major_functions_in_the_fingerprint_hal">函数</a>;请参阅 <a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/fingerprint.h"><code>fingerprint.h</code></a> 文件中的备注。</p>
+
+<h3 id="fingerprint_matching_flow">指纹匹配流程</h3>
+
+<p>下文概要介绍了指纹匹配流程。该流程假设设备上已经注册了一个指纹,即供应商专用库已为该指纹注册了一个模板。另请参阅<a href="index.html">身份验证</a>。</p>
+
+<p>设备的指纹传感器通常处于闲置状态。但为了响应对 <code>authenticate</code> 或 <code>enroll</code> 函数的调用,指纹传感器会监听触摸操作(并且屏幕可能会在用户触摸指纹传感器时被唤醒)。</p>
+
+<ol>
+ <li>当用户将手指放在指纹传感器上时,供应商专用库会根据当前的已注册模板集判断是否匹配。
+ </li><li>第 1 步的结果会传递到 Fingerprint HAL,后者会将指纹身份验证结果通知给 <code>fingerprintd</code>(Fingerprint 守护进程)。
+</li></ol>
+
+<p>请注意,单个设备上存储的模板越多,进行匹配所需的时间就越长。</p>
+
+<h2 id="architecture">架构</h2>
+
+<p><strong>Fingerprint HAL</strong> 会与以下组件交互:</p>
+
+<ul>
+ <li><strong>FingerprintManager API</strong>:会在应用进程中与应用直接交互。
+ <ul>
+ <li>每个应用都有一个 FingerprintManager 实例。
+ </li><li>FingerprintManager 是与 FingerprintService 进行通信的封装容器。
+ </li></ul>
+ </li><li><strong>FingerprintService</strong>:在系统进程中运行的单例服务,可处理与 <code>fingerprintd</code> 之间的通信。
+ </li><li><strong>fingerprintd(Fingerprint 守护进程)</strong>:FingerprintService 中 Binder 界面的 C/C++ 实现。<code>fingerprintd</code> 守护进程在自己的进程中运行,并会封装 Fingerprint HAL 供应商专用库。
+ </li><li><strong>Fingerprint HAL 供应商专用库</strong>:硬件供应商的 Fingerprint HAL 实现。供应商专用库能够与设备专用硬件进行通信。
+ </li><li><strong>Keystore API 和 Keymaster</strong>:这两种组件可以提供由硬件支持的加密功能,以便在可信执行环境 (TEE) 中安全地存储密钥。
+</li></ul>
+
+<p>如下图所示,供应商专用 HAL 实现需要使用 TEE 要求的通信协议。</p>
+
+<img src="../images/fingerprint-data-flow.png" alt="指纹身份验证的数据流程" id="figure1"/>
+
+<p class="img-caption"><strong>图 1. </strong> 指纹身份验证的概要数据流程</p>
+
+<p>因此,不得将原始图片和处理后的指纹特征传递到不可信内存中。所有此类生物识别数据都需要安全地存储在传感器硬件或可信内存中。(TEE 中的内存被视为可信内存,TEE 之外的内存则被视为不可信内存。)</p>
+
+<p>获取 Root 权限不得损坏生物识别数据。</p>
+
+<p>如下图所示,<code>fingerprintd</code> 会通过 Fingerprint HAL 调用供应商专用库,以便注册指纹以及执行其他操作。</p>
+
+<img src="../images/fingerprint-daemon.png" alt="与 fingerprintd 交互" id="figure2"/>
+<p class="img-caption"><strong>图 2. </strong> Fingerprint 守护进程 (<code>fingerprintd</code>) 与 Fingerprint 供应商专用库之间的交互</p>
+
+<h2 id="fingerprint_implementation_guidelines">Fingerprint 实现准则</h2>
+
+<p>本部分中的准则旨在确保:</p>
+
+<ul>
+ <li>指纹数据不会被泄露</li><li>从设备中移除用户时,一并移除指纹数据</li></ul>
+
+<p>以下是具体准则:</p>
+
+<ol>
+ <li>必须要确保在任何情况下都无法从传感器驱动程序或可信执行环境 (TEE) 以外访问原始指纹数据或衍生内容(例如模板)。只能将硬件访问权限授予 TEE(如果硬件支持它的话),并且必须通过 SELinux 政策对硬件访问权限加以保护。也就是说,串行外设接口 (SPI) 渠道必须只能供 TEE 访问,并且必须有针对所有设备文件的明确 SELinux 政策。
+ </li><li>指纹采集、注册和识别必须在 TEE 内部进行。</li><li>只有加密形式的指纹数据可以存储在文件系统中(即使文件系统本身已加密)。
+ </li><li>指纹模板必须已通过设备专用私钥(例如 AES 密钥)签名,并且必须至少包含绝对文件系统路径、群组和指纹 ID,这样一来,相应模板文件便无法在其他设备上使用,并且无法用于在同一设备上注册的任何其他用户。例如,您将无法复制同一设备上其他用户的指纹数据,也无法从其他设备复制指纹数据。
+ </li><li>实现必须使用 <code>set_active_group()</code> 函数提供的文件系统路径,或提供一种能够在移除用户时一并清空所有用户模板数据的方法。强烈建议将指纹模板文件以加密形式存储在提供的路径中。如果因 TEE 存储要求导致这种做法不可行,实现人员必须添加一些钩子,以确保在移除用户时一并移除相关数据。
+</li></ol>
+
+<h2 id="major_functions_in_the_fingerprint_hal">Fingerprint HAL 中的主要函数</h2>
+
+<p>以下是 <code>/hardware/libhardware/include/hardware/fingerprint.h</code> 文件中的主要函数。您可以查看该文件中的详细说明。</p>
+
+<ul>
+ <li><strong>enroll:</strong> 将 HAL 状态机切换到开始收集和存储指纹模板的状态。注册完成后或超时后,HAL 状态机会立即返回到闲置状态。
+ </li><li><strong>pre_enroll:</strong> 生成一个独一无二的令牌,以指明指纹注册已开始。为 <code>enroll</code> 函数提供令牌,以确保事先已经过身份验证(例如使用密码)。一旦确认了设备凭据,便会开始封装令牌并对其进行相应的处理(例如,进行 HMAC 处理),以防被篡改。在注册期间必须检查令牌,以确认令牌仍然有效。
+ </li><li><strong>get_authenticator_id:</strong> 返回与当前指纹集关联的令牌。
+ </li><li><strong>cancel:</strong> 取消所有待处理的注册或验证操作。HAL 状态机会返回到闲置状态。
+ </li><li><strong>enumerate:</strong> 同步调用,用于枚举所有已知指纹模板。
+ </li><li><strong>remove:</strong> 删除指纹模板。
+ </li><li><strong>set_active_group:</strong> 限定只能对属于指定群组(通过群组标识符 (GID) 来标识)的指纹集执行某项 HAL 操作。
+ </li><li><strong>authenticate:</strong> 验证与指纹相关的操作(通过操作 ID 来标识)。
+ </li><li><strong>set_notify:</strong> 注册将从 HAL 获得通知的用户函数。如果 HAL 状态机处于繁忙状态,该函数会被屏蔽,直到 HAL 不再处于繁忙状态为止。
+</li></ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/authentication/gatekeeper.html b/zh-cn/security/authentication/gatekeeper.html
new file mode 100644
index 0000000..f8463fe
--- /dev/null
+++ b/zh-cn/security/authentication/gatekeeper.html
@@ -0,0 +1,106 @@
+<html devsite><head>
+ <title>Gatekeeper</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<h2 id="overview">概述</h2>
+
+<p>Gatekeeper 子系统会在可信执行环境 (TEE) 中执行设备解锁图案/密码身份验证。Gatekeeper 会使用由硬件支持的密钥通过 HMAC 注册和验证密码。此外,Gatekeeper 会限制连续失败的验证尝试次数,并且必须根据指定的超时和指定的连续失败尝试次数拒绝服务请求。</p>
+
+<p>当用户验证其密码时,Gatekeeper 会使用 TEE 派生的共享密钥对身份验证认证签名,以发送至<a href="/security/keystore/index.html">由硬件支持的 Keystore</a>。也就是说,Gatekeeper 认证可让 Keystore 知道可以发布与身份验证绑定的密钥(例如,应用创建的密钥)供应用使用了。</p>
+
+<h2 id="architecture">架构</h2>
+
+<p>Gatekeeper 包括以下 3 个主要组件:</p>
+
+<ul>
+ <li><strong>gatekeeperd(Gatekeeper 守护进程)</strong>。
+一种 C++ Binder 服务,其中包含独立于平台的逻辑,并且与 <code>GateKeeperService</code> Java 接口相对应。
+ </li><li><strong>Gatekeeper 硬件抽象层 (HAL)</strong>。
+<code>hardware/libhardware/include/hardware/gatekeeper.h</code> 中的 HAL 接口,是一个实现模块。
+ </li><li><strong>Gatekeeper (TEE)</strong>。
+<code>gatekeeperd</code> 的 TEE 副本。基于 TEE 的 Gatekeeper 实现。
+</li></ul>
+
+<p>实现 Gatekeeper:</p>
+
+<ul>
+ <li>实现 Gatekeeper HAL,具体来说就是实现 <code>gatekeeper.h</code> (<code>hardware/libhardware/include/hardware/gatekeeper.h</code>) 中的函数。请参阅 <a href="#hal_implementation">HAL 实现</a>。
+ </li><li>实现 TEE 特有的 Gatekeeper 组件,部分基于以下标头文件:<code>system/gatekeeper/include/gatekeeper/gatekeeper.h</code>。该标头文件中包括用于创建和访问密钥以及用于计算签名的纯虚函数。请参阅 <a href="#trusty_and_other_implementations">Trusty 和其他实现</a>。
+</li></ul>
+
+<p>如下图所示,<code>LockSettingsService</code> 会通过 Binder 发出一个请求,该请求会到达 Android 操作系统中的 <code>gatekeeperd</code> 守护进程。<code>gatekeeperd</code> 守护进程会发出一个请求,该请求会到达此守护进程在 TEE 中的副本 (Gatekeeper)。</p>
+
+<img src="../images/gatekeeper-flow.png" alt="Gatekeeper 流程" id="figure1"/>
+<p class="img-caption"><strong>图 1.</strong> GateKeeper 进行身份验证的概要数据流程</p>
+
+<p><code>gatekeeperd</code> 守护进程会向 Android 框架 API 授予访问 HAL 的权限,并且会参与向 Keystore 报告设备<a href="index.html">身份验证</a>的活动。<code>gatekeeperd</code> 守护进程会在自己的进程中运行,与系统服务器隔离开来。</p>
+
+<h2 id="hal_implementation">HAL 实现</h2>
+
+<p><code>gatekeeperd</code> 守护进程会利用 HAL 同 <code>gatekeeperd</code> 守护进程的 TEE 副本进行交互,以进行密码身份验证。HAL 实现必须能够签署(注册)和验证 Blob。所有实现都需要遵循每次密码验证成功时生成的身份验证令牌 (AuthToken) 的标准格式。AuthToken 的内容和语义在<a href="index.html">身份验证</a>中进行了介绍。</p>
+
+<p>具体来说就是,要实现 <code>gatekeeper.h</code> 标头文件(位于 <code>hardware/libhardware/include/hardware</code> 文件夹中),需要实现 <code>enroll</code> 和 <code>verify</code> 函数。</p>
+
+<p><code>enroll</code> 函数会获取一个密码 Blob,为其签名,并以句柄的形式返回签名。返回的 Blob(通过调用 <code>enroll</code>)必须有 <code>system/gatekeeper/include/gatekeeper/password_handle.h</code> 中显示的结构。</p>
+
+<p><code>verify</code> 函数需要将通过收到的密码生成的签名与注册的密码句柄进行比较,并确认两者是否一致。</p>
+
+<p>用于注册和验证的密钥不得更改,并且应该可以在每次设备启动时重新派生。</p>
+
+<h2 id="trusty_and_other_implementations">Trusty 和其他实现</h2>
+
+<p><a href="/security/trusty/index.html">Trusty</a> 操作系统是 Google 的开放源代码信任的操作系统,适用于 TEE 环境。Trusty 中包含一个经过批准的 GateKeeper 实现。不过,<strong>所有 TEE 操作系统</strong>均可用于实现 Gatekeeper。TEE <strong>必须</strong>有权访问一个由硬件支持的密钥,以及一个安全的单调时钟(<strong>在暂停状态下运行</strong>)。</p>
+
+<p>Trusty 会使用内部 IPC 系统直接在 Keymaster 和 Trusty Gatekeeper(Gatekeeper 的 Trusty 实现)之间传达共享的密钥。这个共享的密钥用于签署将发送至 Keystore 的 AuthToken,以便提供密码验证认证。Trusty Gatekeeper 会在每次使用该密钥时向 Keymaster 请求该密钥,而不会保留或缓存该密钥的值。实现能够随意以不会降低安全性的任何方式共享该密钥。</p>
+
+<p>HMAC 密钥用于注册和验证密码,是派生的密钥,单独保存在 GateKeeper 中。</p>
+
+<p>Android 树提供了一种通用的 C++ 版本的 GateKeeper 实现,只需添加设备专用例程即可完成。要使用设备专用代码为您的 TEE 实现 TEE Gatekeeper,请参阅以下文件中的函数和命令:</p>
+<pre>
+system/gatekeeper/include/gatekeeper/gatekeeper.h
+</pre>
+
+<p>对于 TEE GateKeeper,合规实现的主要责任有:</p>
+
+<ul>
+ <li>遵循 Gatekeeper HAL</li><li>返回的 AuthTokens 的格式必须符合 AuthToken 规范(在<a href="index.html">身份验证</a>中进行了介绍)</li><li>TEE Gatekeeper 必须能够通过以下方法与 Keymaster 共享 HMAC 密钥:按需通过 TEE IPC 请求密钥,或始终维护密钥值的有效缓存</li></ul>
+
+<h2 id="user_sids">用户 SID</h2>
+
+<p>用户安全 ID(用户 SID)是用户的 TEE 代码。用户 SID 与 Android 用户 ID 之间没有明显的关联。</p>
+
+<p>每当用户注册新密码时,如果未提供之前的密码,系统就会使用加密 PRNG 生成一个用户 SID。这称为“不可信”重新注册。如果用户提供了之前的有效密码,便会发生“可信”重新注册。在这种情况下,用户 SID 会迁移到新密码句柄,从而保留绑定到它的密钥。在一般情况下,Android 框架不允许进行“不可信”重新注册。</p>
+
+<p>注册密码时,用户 SID 会随密码句柄中的密码一起接受 HMAC 处理。</p>
+
+<p>用户 SID 会写入到 <code>verify</code> 函数返回的 AuthToken 中,并且会同所有与身份验证绑定的 Keystore 密钥相关联。如需关于 AuthToken 格式和 Keystore 的更多信息,请参阅<a href="index.html">身份验证</a>。由于对 <code>enroll</code> 函数的不可信调用会更改用户 SID,因此此类调用会使绑定到相应密码的密钥无法再使用。</p>
+
+<p>攻击者在控制 Android 操作系统后可以更改设备密码,但在此过程中,他们需要破坏掉受 Root 保护的敏感密钥。</p>
+
+<h2 id="request_throttling">请求次数限制</h2>
+
+<p>GateKeeper 必须能够安全地限制对用户凭据进行暴力破解的尝试次数。如 <code>gatekeeper.h</code> 文件(位于 <code>hardware/libhardware/include/hardware</code> 中)中所示,HAL 能够返回一个超时(以毫秒数计)。超时旨在通知客户端在超时过去之前不要再次调用 GateKeeper。如果有待处理的超时,GateKeeper 不应处理相关请求。</p>
+
+<p>Gatekeeper 必须先编写一个失败计数器,然后再验证用户密码。如果密码验证成功,则应清除失败计数器。这可以在发出 <code>verify</code> 调用后防止攻击者发起以下攻击:通过停用嵌入式 MMC (eMMC) 来阻止请求次数限制。此外,<code>enroll</code> 函数还会验证用户密码(如果提供了),因此必须以同样的方式对其加以限制。</p>
+
+<p>如果设备支持,强烈建议将失败计数器写入到安全存储空间。如果设备不支持文件级加密,或如果安全存储空间的速度过慢,实现可以直接使用 RPMB。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/authentication/index.html b/zh-cn/security/authentication/index.html
new file mode 100644
index 0000000..4c52e0a
--- /dev/null
+++ b/zh-cn/security/authentication/index.html
@@ -0,0 +1,166 @@
+<html devsite><head>
+ <title>身份验证</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<h2 id="overview">概述</h2>
+
+<p>Android 6.0 中引入了通过用户身份验证把关的加密密钥的概念。为了实现这一概念,需要两种关键组件协同运作。一种是加密密钥存储和服务提供程序,用于存储加密密钥并提供基于加密密钥的标准加密例程。另一种是任意数量的用户身份验证程序,用于证明相应用户存在并/或已成功通过身份验证。</p>
+
+<p>Android 中的加密密钥存储功能由 Keystore 服务和 Keymaster 提供。(另请参阅由 Keystore 服务提供支持的框架级 <a href="https://developer.android.com/training/articles/keystore.html">Android Keystore 系统</a>的相关信息。)对于 Android 6.0,两个受支持的身份验证组件是 Gatekeeper(用于 PIN 码/解锁图案/密码身份验证)和 Fingerprint(用于指纹身份验证)。这两个组件会通过已经过身份验证的渠道与 Keystore 服务沟通身份验证状态。</p>
+
+<ul>
+ <li><strong><a href="/security/keystore/index.html">由硬件支持的 Keystore</a>:</strong>加密服务(其中包括由硬件支持的密钥存储加密服务),可能包括可信执行环境 (TEE)。</li>
+ <li><strong><a href="gatekeeper.html">Gatekeeper</a>:</strong> 用于进行 PIN 码、解锁图案和密码身份验证的组件。</li>
+ <li><strong><a href="fingerprint-hal.html">Fingerprint</a>:</strong> 用于进行指纹身份验证的组件。</li>
+</ul>
+
+<h2 id="architecture">架构</h2>
+
+<p>Gatekeeper 和 Fingerprint 组件能够与 Keystore 及其他组件协同运作,以便支持使用由硬件支持的<a href="#authentication_token_format">身份验证令牌</a>(以下称为“AuthToken”)。</p>
+
+<h3 id="enrollment">注册</h3>
+
+<p>在设备恢复出厂设置后首次启动时,所有身份验证程序均会做好接受用户进行凭据注册的准备。</p>
+
+<p>用户必须先通过 Gatekeeper 注册 PIN 码/解锁图案/密码。这项初始注册会创建一个随机生成的 64 位用户 SID(用户安全标识符,下文中对此进行了介绍),该用户 SID 将用作用户的标识符以及用户加密材料的绑定令牌。该用户 SID 会以加密形式绑定到用户的密码。如下文中详细介绍的,成功通过 Gatekeeper 的身份验证后,将会为相应密码生成包含用户 SID 的 AuthToken。</p>
+
+<p>用户要更改凭据时,必须提供现有凭据。如果现有凭据成功通过验证,与现有凭据关联的用户 SID 将转移到新凭据。这让用户在更改凭据后能够继续访问自己的密钥。如果用户未提供现有凭据,系统会为其注册一个新凭据,其中包含一个完全随机的用户 SID。用户可以访问设备,但会永久丢失基于旧用户 SID 创建的密钥。这种情况称为“不可信注册”。</p>
+
+<p>请注意,在一般情况下,Android 框架不允许进行不可信注册,因此大多数用户根本看不到此功能。不过,如果设备管理员或攻击者强制重置密码,则可能会导致发生这种情况。</p>
+
+<h3 id="authentication">身份验证</h3>
+
+<p>现在,用户已设置凭据并收到了用户 SID,接下来就可以开始进行身份验证了。</p>
+
+<p>在下图中,用户提供 PIN 码、解锁图案、密码或指纹后,身份验证过程便开始了。所有 TEE 组件都共用一个密钥来验证对方的消息。</p>
+
+<img src="../images/authentication-flow.png" alt="身份验证流程" id="figure1"/>
+<p class="img-caption"><strong>图 1. </strong> 身份验证流程</p>
+
+<p>以下步骤中的数字对应于上图中的数字,并包括对 Android 操作系统和 TEE 操作系统的引用:</p>
+
+<ol>
+ <li>用户提供 PIN 码、解锁图案、密码或指纹。<code>LockSettingsService</code> 或 <code>FingerprintService</code> 通过 Binder 向 Android 操作系统中的 Gatekeeperd 或 fingerprintd 守护进程发出请求。请注意,在指纹请求发出后,会异步发生指纹身份验证。
+ </li><li>该步骤涉及 <strong></strong>Gatekeeperd(下方选项 1)<strong>或</strong> fingerprintd(下方选项 2),具体取决于用户提供的是 PIN 码/解锁图案/密码还是指纹。
+ <ul>
+ <li>Gatekeeperd 守护进程将在第 1 步中收到的 PIN 码、解锁图案或密码哈希发送到它在 TEE 内的副本 (Gatekeeper)。如果 TEE 内的身份验证成功,TEE 内的 Gatekeeper 会将包含相应用户 SID 并且已使用 AuthToken HMAC 密钥签名的 AuthToken 发送到它在 Android 操作系统中的副本。</li><li>或者,监听指纹事件的 fingerprintd 守护进程将在第 1 步中收到的数据发送到它在 TEE 内的副本 (Fingerprint)。如果 TEE 内的身份验证成功,TEE 内的 Fingerprint 会将已使用 AuthToken HMAC 密钥签名的 AuthToken 发送到它在 Android 操作系统中的副本。</li></ul>
+ </li><li>Gatekeeperd 或 fingerprintd 守护进程收到经过签名的 AuthToken,并通过 Keystore 服务 Binder 接口的扩展程序将 AuthToken 传递到 Keystore 服务。此外,Gatekeeperd 会在设备被重新锁定以及设备密码发生变化时通知 Keystore 服务。
+ </li><li>Keystore 服务将从 Gatekeeperd 和 fingerprintd 收到的 AuthToken 传递给 Keymaster,以便使用与 Gatekeeper 和 Fingerprint Trustlet 共用的密钥验证 AuthToken。Keymaster 会将令牌中的时间戳视为最后一次身份验证的时间,并根据该时间戳做出密钥发布决定(以允许应用使用相应密钥)。
+</li></ol>
+
+<p class="note"><strong>注意</strong>:每当设备重新启动时,AuthToken 都会作废。</p>
+
+<h2 id="authentication_token_format">身份验证令牌格式</h2>
+
+<p>要共用令牌并在各种语言和组件之间实现兼容性,必须遵循 <a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/hw_auth_token.h"><code>hw_auth_token.h</code></a> 文件中说明的 AuthToken 格式。请参阅以下文件:</p>
+<pre>
+hardware/libhardware/include/hardware/hw_auth_token.h
+</pre>
+
+<p>下表中定义了一个简单序列化协议的必填字段。这些字段具有固定的大小。</p>
+
+<p>字段说明位于该表下方。</p>
+<table>
+ <tbody><tr>
+ <th><strong>字段</strong></th>
+ <th><strong>类型</strong></th>
+ <th><strong>必填还是选填</strong></th>
+ </tr>
+ <tr>
+ <td>AuthToken 版本</td>
+ <td>1 个字节</td>
+ <td>必填</td>
+ </tr>
+ <tr>
+ <td>质询</td>
+ <td>64 位未签名整数</td>
+ <td>选填</td>
+ </tr>
+ <tr>
+ <td>用户 SID</td>
+ <td>64 位未签名整数</td>
+ <td>必填</td>
+ </tr>
+ <tr>
+ <td>身份验证程序 ID</td>
+ <td>64 位未签名整数,按网络字节序保存</td>
+ <td>选填</td>
+ </tr>
+ <tr>
+ <td>身份验证程序类型</td>
+ <td>32 位未签名整数,按网络字节序保存</td>
+ <td>必填</td>
+ </tr>
+ <tr>
+ <td>时间戳</td>
+ <td>64 位未签名整数,按网络字节序保存</td>
+ <td>必填</td>
+ </tr>
+ <tr>
+ <td>AuthToken HMAC 密钥 (SHA-256)</td>
+ <td>256 位 Blob</td>
+ <td>必填</td>
+ </tr>
+</tbody></table>
+
+<h3 id="field_descriptions">字段说明</h3>
+
+<p>本部分对上方 AuthToken 表中的各个字段进行了说明。</p>
+
+<p><strong>AuthToken 版本</strong>:下方所有字段的组代码。</p>
+
+<p><strong>质询</strong>:一个随机整数,用于防范重放攻击。通常是所请求的加密操作的 ID,目前可供交易指纹授权使用。如果质询存在,AuthToken 仅对包含相应质询的加密操作有效。</p>
+
+<p><strong>用户 SID</strong>:不重复的用户标识符,以加密形式绑定到与设备身份验证关联的所有密钥。如需更多信息,请参阅 Gatekeeper 页面。</p>
+
+<p><strong>身份验证程序 ID (ASID)</strong>:绑定到特定身份验证程序政策时使用的标识符。所有身份验证程序都有自己的 ASID 值,它们可以根据自己的要求更改该值。</p>
+
+<p><strong>身份验证程序类型</strong>:Gatekeeper 或 Fingerprint,如下所示:</p>
+<table>
+ <tbody><tr>
+ <th><strong>身份验证程序类型</strong></th>
+ <th><strong>身份验证程序名称</strong></th>
+ </tr>
+ <tr>
+ <td>0x00</td>
+ <td>Gatekeeper</td>
+ </tr>
+ <tr>
+ <td>0x01</td>
+ <td>Fingerprint</td>
+ </tr>
+</tbody></table>
+
+<p><strong>时间戳</strong>:自最近一次系统启动以来已经过的时间(以毫秒数计)。</p>
+
+<p><strong>AuthToken HMAC 密钥</strong>:除 HMAC 字段以外所有字段的已加密 SHA-256 MAC。</p>
+
+<h2 id="device_boot_flow">设备启动流程</h2>
+
+<p>设备每次启动时,都必须生成 AuthToken HMAC 密钥并与所有 TEE 组件(Gatekeeper、Fingerprint 和 Keymaster)共用该密钥。因此,设备每次重新启动时都必须随机生成 HMAC 密钥,以便加强对重放攻击的防范力度。</p>
+
+<p>关于与所有组件共用此 HMAC 密钥的协议是一项依赖于平台的实现功能。<strong>在任何情况下都不能</strong>将该密钥设为可在 TEE 以外获得。因此,如果 TEE 操作系统缺少内部进程间通信 (IPC) 机制,并且 TEE 需要通过不可信操作系统传输数据,那么传输操作必须通过安全的密钥交换协议进行。</p>
+
+<p>与 Android 并排运行的 <a href="/security/trusty/index.html">Trusty</a> 操作系统就是一种 TEE,不过也可以使用其他 TEE。Trusty 使用内部 IPC 系统在 Keymaster 和 Fingerprint 或 Gatekeeper 之间直接进行通信。HMAC 密钥单独保存在 Keymaster 内。Fingerprint 和 Gatekeeper 会在每次使用该密钥时向 Keymaster 请求该密钥,而不会保留或缓存该密钥的值。</p>
+
+<p>请注意,TEE 中的小程序之间不会进行任何通信,因为 IPC 基础架构中缺少部分 TEE。这还使得 Keystore 服务因知晓系统内的身份验证表而能够快速拒绝注定会失败的请求,从而避免向 TEE 发送会占用大量处理能力的 IPC。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/bulletin/2017-06-01.html b/zh-cn/security/bulletin/2017-06-01.html
new file mode 100644
index 0000000..026af02
--- /dev/null
+++ b/zh-cn/security/bulletin/2017-06-01.html
@@ -0,0 +1,1268 @@
+<html devsite><head>
+ <title>Android 安全公告 - 2017 年 6 月</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<p><em>发布时间:2017 年 6 月 5 日 | 更新时间:2017 年 6 月 7 日</em></p>
+
+<p>Android 安全公告详细介绍了会影响 Android 设备的安全漏洞。2017 年 6 月 5 日(或之后)的安全补丁程序级别均已解决所有这些问题。请参阅 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 和 Nexus 更新时间表</a>,了解如何检查设备的安全补丁程序级别。</p>
+
+<p>我们的合作伙伴在至少一个月前就已收到本公告中说明的这些问题的相关通知。我们将在 Android 开放源代码项目 (AOSP) 代码库中发布针对相关问题的源代码补丁程序,并在本公告中提供相应链接。本公告还提供了 AOSP 之外的补丁程序的链接。</p>
+
+<p>这些问题中危险性最高的是媒体框架中的一个严重程度为“严重”的安全漏洞,在系统处理文件和数据时,该漏洞可让远程攻击者使用特制文件破坏内存。<a href="/security/overview/updates-resources.html#severity">严重程度评估</a>的依据是漏洞被利用后可能会对受影响设备造成的影响大小(假设相关平台和服务缓解措施被成功规避或出于开发目的而被关闭)。</p>
+
+<p>我们尚未收到用户因这些新报告的问题而遭到主动攻击或这些问题遭到滥用的报告。请参阅 <a href="#mitigations">Android 和 Google Play 保护机制缓解措施</a>部分,详细了解 <a href="/security/enhancements/index.html">Android 安全平台防护功能</a>和 <a href="https://www.android.com/play-protect">Google Play 保护机制</a>;这些功能可提高 Android 平台的安全性。</p>
+
+<p>我们建议所有用户都在自己的设备上接受这些更新。</p>
+
+<p class="note"><strong>注意</strong>:如需了解与最新的无线更新 (OTA) 和适用于 Google 设备的固件映像有关的信息,请参阅 <a href="#google-device-updates">Google 设备更新</a>部分。</p>
+
+<h2 id="announcements">公告</h2>
+<ul>
+ <li>我们简化了每月安全公告,以便于轻松阅读。在此次更新中,我们在各安全补丁程序级别内按受影响的组件对漏洞信息进行了分类并按组件名对漏洞信息进行了排序,同时将 Google 设备专属信息划分到了<a href="#google-device-updates">专门的部分</a>中。</li>
+ <li>本公告有两个安全补丁程序级别字符串,目的是让 Android 合作伙伴能够灵活地、更快速地修复所有 Android 设备上类似的一系列漏洞。如需了解详情,请参阅<a href="#common-questions-and-answers">常见问题和解答</a>:
+ <ul>
+ <li><strong>2017-06-01</strong>:部分安全补丁程序级别字符串。此安全补丁程序级别字符串表明与 2017-06-01(以及之前的所有安全补丁程序级别字符串)相关的所有问题均已得到解决。</li>
+ <li><strong>2017-06-05</strong>:完整的安全补丁程序级别字符串。此安全补丁程序级别字符串表明与 2017-06-01 和 2017-06-05(以及之前的所有安全补丁程序级别字符串)相关的所有问题均已得到解决。</li>
+ </ul>
+ </li>
+</ul>
+
+<h2 id="mitigations">Android 和 Google Play 保护机制缓解措施</h2>
+<p>本部分总结了 <a href="/security/enhancements/index.html">Android 安全平台</a>和服务防护功能(如 <a href="https://www.android.com/play-protect">Google Play 保护机制</a>)提供的缓解措施。这些功能可降低 Android 上的安全漏洞被成功利用的可能性。</p>
+<ul>
+ <li>新版 Android 平台中的增强功能让攻击者更加难以利用 Android 上存在的许多问题。我们建议所有用户都尽可能更新到最新版 Android。</li>
+ <li>Android 安全团队会积极利用 <a href="https://www.android.com/play-protect">Google Play 保护机制</a>来监控滥用行为,并在发现<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">可能有害的应用</a>时向用户发出警告。在预装有 <a href="http://www.android.com/gms">Google 移动服务</a>的设备上,Google Play 保护机制在默认情况下处于启用状态。对于安装来自 Google Play 以外的应用的用户来说,这项功能尤为重要。</li>
+</ul>
+
+<h2 id="2017-06-01-details">2017-06-01 安全补丁程序级别 - 漏洞详情</h2>
+<p>我们在下面提供了 2017-06-01 补丁程序级别涵盖的每个安全漏洞的详细信息,漏洞列在受其影响的组件下,其中包括问题描述,以及一个包含 CVE、相关参考信息、<a href="#vulnerability-type">漏洞类型</a>、<a href="/security/overview/updates-resources.html#severity">严重程度</a>和已更新的 AOSP 版本(如果适用)的表格。在适用的情况下,我们会将 Bug ID 链接到解决相应问题的公开更改记录(如 AOSP 代码更改列表)。如果某个 Bug 有多条相关的更改记录,我们还将通过 Bug ID 后面的数字链接到更多参考信息。</p>
+
+<h3 id="bluetooth">蓝牙</h3>
+<p>这一部分中最严重的漏洞可让本地恶意应用获取超出其权限范围的数据。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>已更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0639</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/f196061addcc56878078e5684f2029ddbf7055ff">A-35310991</a></td>
+ <td>ID</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/14b7d7e1537af60b7bca6c7b9e55df0dc7c6bf41">A-35385327</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/2bcdf8ec7db12c5651c004601901f1fc25153f2c">A-33899337</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries">库</h3>
+<p>这一部分中最严重的漏洞可让远程攻击者使用特制文件通过非特许进程执行任意代码。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>已更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-8871</td>
+ <td>A-35443562<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-8332</td>
+ <td>A-37761553<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5131</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/0eff71008becb7f2c2b4509708da4b79985948bb">A-36554209</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-4658</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/8ea80f29ea5fdf383ee3ae59ce35e55421a339f8">A-36554207</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0663</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc">A-37104170</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7376</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4">A-36555370</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-5056</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/3f571b1bb85cf56903f06bab3a820182115c5541">A-36809819</a></td>
+ <td>RCE</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7375</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa">A-36556310</a></td>
+ <td>RCE</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/3d6a43155c702bce0e7e2a93a67247b5ce3946a5">A-36392138</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-1839</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/ff20cd797822dba8569ee518c44e6864d6b4ebfa">A-36553781</a></td>
+ <td>DoS</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="media-framework">媒体框架</h3>
+<p>这一部分中最严重的漏洞可让远程攻击者在系统处理媒体文件和数据时,使用特制文件破坏内存。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>已更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0637</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258">A-34064500</a></td>
+ <td>RCE</td>
+ <td>严重</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0391</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/14bc1678a80af5be7401cf750ab762ae8c75cc5a">A-32322258</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td>A-33129467<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>6.0、6.0.1、7.0、7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0641</td>
+ <td><a href="https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb">A-34360591</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d">A-34819017</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643</td>
+ <td>A-35645051<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0644</td>
+ <td>A-35472997<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
+ </tr>
+</tbody></table>
+<h3 id="system-ui">系统界面</h3>
+<p>这一部分中最严重的漏洞可让攻击者使用特制文件通过非特许进程执行任意代码。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>已更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0638</td>
+ <td><a href="https://android.googlesource.com/platform/external/libgdx/+/a98943dd4aece3024f023f00256607d50dcbcd1e">A-36368305</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>7.1.1、7.1.2</td>
+ </tr>
+</tbody></table>
+<h2 id="2017-06-05-details">2017-06-05 安全补丁程序级别 - 漏洞详情</h2>
+<p>我们在下面提供了 2017-06-05 补丁程序级别涵盖的每个安全漏洞的详细信息,漏洞列在受其影响的组件下,其中包括 CVE、相关参考信息、<a href="#vulnerability-type">漏洞类型</a>、<a href="/security/overview/updates-resources.html#severity">严重程度</a>、组件(如果适用)和已更新的 AOSP 版本(如果适用)等详细信息。在适用的情况下,我们会将 Bug ID 链接到解决相应问题的公开更改记录(如 AOSP 代码更改列表)。如果某个 Bug 有多条相关的更改记录,我们还将通过 Bug ID 后面的数字链接到更多参考信息。</p>
+
+<h3 id="kernel-components">内核组件</h3>
+<p>这一部分中最严重的漏洞可让本地恶意应用通过内核执行任意代码。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>组件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td>A-36101220<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>FIQ 调试程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td>A-35644815<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>低</td>
+ <td>ION 子系统</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries-05">库</h3>
+<p>这一部分中最严重的漏洞可让远程攻击者使用特制文件获取敏感信息。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>已更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-7995</td>
+ <td>A-36810065<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>4.4.4</td>
+ </tr>
+</tbody></table>
+<h3 id="mediatek-components">MediaTek 组件</h3>
+<p>这一部分中最严重的漏洞可让本地恶意应用通过内核执行任意代码。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>组件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>A-35310230<a href="#asterisk">*</a><br />
+ M-ALPS03162263</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>命令队列驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>A-34468195<a href="#asterisk">*</a><br />
+ M-ALPS03162283</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>声音驱动程序</td>
+ </tr>
+</tbody></table>
+<h3 id="nvidia-components">NVIDIA 组件</h3>
+<p>这一部分中最严重的漏洞可让本地恶意应用通过内核执行任意代码。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>组件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6247</td>
+ <td>A-34386301<a href="#asterisk">*</a><br />
+ N-CVE-2017-6247</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>声音驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6248</td>
+ <td>A-34372667<a href="#asterisk">*</a><br />
+ N-CVE-2017-6248</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>声音驱动程序</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-components">Qualcomm 组件</h3>
+<p>这一部分中最严重的漏洞可让邻近区域内的攻击者通过内核执行任意代码。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>组件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-7371</td>
+ <td>A-36250786<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e02e63b8014f7a0a5ea17a5196fb4ef1283fd1fd">QC-CR#1101054</a></td>
+ <td>RCE</td>
+ <td>严重</td>
+ <td>蓝牙驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7365</td>
+ <td>A-32449913<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=da49bf21d1c19a6293d33c985066dc0273c476db">QC-CR#1017009</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>引导加载程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7366</td>
+ <td>A-36252171<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f4c9ffd6cd7960265f38e285ac43cbecf2459e45">QC-CR#1036161</a>
+[<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7c4d5736d32f91f0cafe6cd86d00e26389970b00">2</a>]</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>GPU 驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7367</td>
+ <td>A-34514708<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=07174af1af48c60a41c7136f0c80ffdf4ccc0b57">QC-CR#1008421</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>引导加载程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5861</td>
+ <td>A-36251375<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d">QC-CR#1103510</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>视频驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5864</td>
+ <td>A-36251231<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a">QC-CR#1105441</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>声音驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6421</td>
+ <td>A-36251986<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b">QC-CR#1110563</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>MStar 触摸屏驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7364</td>
+ <td>A-36252179<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3ce6c47d2142fcd2c4c1181afe08630aaae5a267">QC-CR#1113926</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>视频驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td>A-33452365<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=143ef972be1621458930ea3fc1def5ebce7b0c5d">QC-CR#1103085</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>声音驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369</td>
+ <td>A-33751424<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=75ed08a822cf378ffed0d2f177d06555bd77a006">QC-CR#2009216</a>
+[<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ae8f1d5f60644983aba7fbab469d0e542a187c6e">2</a>]</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>声音驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>A-34328139<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=970edf007fbe64b094437541a42477d653802d85">QC-CR#2006159</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>视频驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7372</td>
+ <td>A-36251497<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=1806be003731d6d4be55e5b940d14ab772839e13">QC-CR#1110068</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>视频驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7373</td>
+ <td>A-36251984<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=e5eb0d3aa6fe62ee437a2269a1802b1a72f61b75">QC-CR#1090244</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>视频驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>A-34621613<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64b7bc25e019dd07e8042e0a6ec6dc6a1dd0c385">QC-CR#2004036</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>相机驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8234</td>
+ <td>A-36252121<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6266f954a52641f550ef71653ea83c80bdd083be">QC-CR#832920</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>相机驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8235</td>
+ <td>A-36252376<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7e4424a1b5f6a6536066cca7aac2c3a23fd39f6f">QC-CR#1083323</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>相机驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>A-35047217<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db">QC-CR#2009606</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>IPA 驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8237</td>
+ <td>A-36252377<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=342d16ac6fb01e304ec75344c693257e00628ecf">QC-CR#1110522</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>网络驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>A-34327981<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6a3b8afdf97e77c0b64005b23fa6d32025d922e5">QC-CR#2009231</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>安全执行环境通讯驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8239</td>
+ <td>A-36251230<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=01db0e012f86b8ba6974e5cb9905261a552a0610">QC-CR#1091603</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>相机驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8240</td>
+ <td>A-36251985<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=22b8b6608174c1308208d5bc6c143f4998744547">QC-CR#856379</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>PIN 码控制器驱动程序</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241</td>
+ <td>A-34203184<br />
+ <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=90213394b7efb28fa511b2eaebc1343ae3b54724">QC-CR#1069175</a></td>
+ <td>ID</td>
+ <td>低</td>
+ <td>WLAN 驱动程序</td>
+ </tr>
+</tbody></table>
+<h3 id="synaptics-components">Synaptics 组件</h3>
+<p>这一部分中最严重的漏洞可让本地恶意应用获取超出其权限范围的数据。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>组件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>A-35472278<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>低</td>
+ <td>触摸屏驱动程序</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-closed-source-components">Qualcomm 闭源组件</h3>
+<p>以下漏洞会影响 Qualcomm 组件;2014–2016 年的 Qualcomm AMSS 安全公告对这些漏洞进行了详细说明。此 Android 安全公告中也包含这些漏洞,旨在将其修复方案与 Android 安全补丁程序级别建立关联。这些漏洞的修复方案可直接从 Qualcomm 获取。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>参考信息</th>
+ <th>类型</th>
+ <th>严重程度</th>
+ <th>组件</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9960</td>
+ <td>A-37280308<a href="#asterisk">*</a><br />
+ QC-CR#381837</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9961</td>
+ <td>A-37279724<a href="#asterisk">*</a><br />
+ QC-CR#581093</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9953</td>
+ <td>A-36714770<a href="#asterisk">*</a><br />
+ QC-CR#642173</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9967</td>
+ <td>A-37281466<a href="#asterisk">*</a><br />
+ QC-CR#739110</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9026</td>
+ <td>A-37277231<a href="#asterisk">*</a><br />
+ QC-CR#748397</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9027</td>
+ <td>A-37279124<a href="#asterisk">*</a><br />
+ QC-CR#748407</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9008</td>
+ <td>A-36384689<a href="#asterisk">*</a><br />
+ QC-CR#762111</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9009</td>
+ <td>A-36393600<a href="#asterisk">*</a><br />
+ QC-CR#762182</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9010</td>
+ <td>A-36393101<a href="#asterisk">*</a><br />
+ QC-CR#758752</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9011</td>
+ <td>A-36714882<a href="#asterisk">*</a><br />
+ QC-CR#762167</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9024</td>
+ <td>A-37265657<a href="#asterisk">*</a><br />
+ QC-CR#740680</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9012</td>
+ <td>A-36384691<a href="#asterisk">*</a><br />
+ QC-CR#746617</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9013</td>
+ <td>A-36393251<a href="#asterisk">*</a><br />
+ QC-CR#814373</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9014</td>
+ <td>A-36393750<a href="#asterisk">*</a><br />
+ QC-CR#855220</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9015</td>
+ <td>A-36714120<a href="#asterisk">*</a><br />
+ QC-CR#701858</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9029</td>
+ <td>A-37276981<a href="#asterisk">*</a><br />
+ QC-CR#827837</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10338</td>
+ <td>A-37277738<a href="#asterisk">*</a><br />
+ QC-CR#987699</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10336</td>
+ <td>A-37278436<a href="#asterisk">*</a><br />
+ QC-CR#973605</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10333</td>
+ <td>A-37280574<a href="#asterisk">*</a><br />
+ QC-CR#947438</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10341</td>
+ <td>A-37281667<a href="#asterisk">*</a><br />
+ QC-CR#991476</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10335</td>
+ <td>A-37282802<a href="#asterisk">*</a><br />
+ QC-CR#961142</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10340</td>
+ <td>A-37280614<a href="#asterisk">*</a><br />
+ QC-CR#989028</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10334</td>
+ <td>A-37280664<a href="#asterisk">*</a><br />
+ QC-CR#949933</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10339</td>
+ <td>A-37280575<a href="#asterisk">*</a><br />
+ QC-CR#988502</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10298</td>
+ <td>A-36393252<a href="#asterisk">*</a><br />
+ QC-CR#1020465</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10299</td>
+ <td>A-32577244<a href="#asterisk">*</a><br />
+ QC-CR#1058511</td>
+ <td>N/A</td>
+ <td>严重</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9954</td>
+ <td>A-36388559<a href="#asterisk">*</a><br />
+ QC-CR#552880</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9955</td>
+ <td>A-36384686<a href="#asterisk">*</a><br />
+ QC-CR#622701</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9956</td>
+ <td>A-36389611<a href="#asterisk">*</a><br />
+ QC-CR#638127</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9957</td>
+ <td>A-36387564<a href="#asterisk">*</a><br />
+ QC-CR#638984</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9958</td>
+ <td>A-36384774<a href="#asterisk">*</a><br />
+ QC-CR#638135</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9962</td>
+ <td>A-37275888<a href="#asterisk">*</a><br />
+ QC-CR#656267</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9963</td>
+ <td>A-37276741<a href="#asterisk">*</a><br />
+ QC-CR#657771</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9959</td>
+ <td>A-36383694<a href="#asterisk">*</a><br />
+ QC-CR#651900</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9964</td>
+ <td>A-37280321<a href="#asterisk">*</a><br />
+ QC-CR#680778</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9965</td>
+ <td>A-37278233<a href="#asterisk">*</a><br />
+ QC-CR#711585</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9966</td>
+ <td>A-37282854<a href="#asterisk">*</a><br />
+ QC-CR#727398</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9023</td>
+ <td>A-37276138<a href="#asterisk">*</a><br />
+ QC-CR#739802</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9020</td>
+ <td>A-37276742<a href="#asterisk">*</a><br />
+ QC-CR#733455</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9021</td>
+ <td>A-37276743<a href="#asterisk">*</a><br />
+ QC-CR#735148</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9025</td>
+ <td>A-37276744<a href="#asterisk">*</a><br />
+ QC-CR#743985</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9022</td>
+ <td>A-37280226<a href="#asterisk">*</a><br />
+ QC-CR#736146</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9028</td>
+ <td>A-37277982<a href="#asterisk">*</a><br />
+ QC-CR#762764</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9031</td>
+ <td>A-37275889<a href="#asterisk">*</a><br />
+ QC-CR#866015</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9032</td>
+ <td>A-37279125<a href="#asterisk">*</a><br />
+ QC-CR#873202</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9033</td>
+ <td>A-37276139<a href="#asterisk">*</a><br />
+ QC-CR#892541</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9030</td>
+ <td>A-37282907<a href="#asterisk">*</a><br />
+ QC-CR#854667</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10332</td>
+ <td>A-37282801<a href="#asterisk">*</a><br />
+ QC-CR#906713<br />
+ QC-CR#917701<br />
+ QC-CR#917702</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10337</td>
+ <td>A-37280665<a href="#asterisk">*</a><br />
+ QC-CR#977632</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10342</td>
+ <td>A-37281763<a href="#asterisk">*</a><br />
+ QC-CR#988941</td>
+ <td>N/A</td>
+ <td>高</td>
+ <td>闭源组件</td>
+ </tr>
+</tbody></table>
+<h2 id="google-device-updates">Google 设备更新</h2>
+<p>以下表格包含最新的无线更新 (OTA) 中的安全补丁程序级别和适用于 Google 设备的固件映像。Google 设备固件映像可在 <a href="https://developers.google.com/android/nexus/images">Google 开发者网站</a>上获取。</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>Google 设备</th>
+ <th>安全补丁程序级别</th>
+ </tr>
+ <tr>
+ <td>Pixel/Pixel XL</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus 5X</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus 6</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus 6P</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus 9</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus Player</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Pixel C</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+</tbody></table>
+<h2 id="acknowledgements">致谢</h2>
+<p>非常感谢以下研究人员做出的贡献:</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="83%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>研究人员</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643、CVE-2017-0641</td>
+ <td>趋势科技的徐健</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645、CVE-2017-0639</td>
+ <td><a href="http://www.ms509.com">MS509Team</a> 的 En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) 和 Bo Liu</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>奇虎 360 科技有限公司 IceSword 实验室的 Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 和 <a href="http://weibo.com/jfpan">pjf</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td>腾讯电脑管家的郑文选 (<a href="https://twitter.com/VirtualSeekers">@VirtualSeekers</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>Shellphish Grill 团队的 Jake Corina 和 Nick Stephens</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>奇虎 360 IceSword 实验室的 Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) 和 <a href="http://weibo.com/jfpan">pjf</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td><a href="http://c0reteam.org">C0RE 团队</a>的 Lubo Zhang (<a href="mailto:zlbzlb815@163.com">zlbzlb815@163.com</a>)、Yuan-Tsung Lo (<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>) 和 Xuxian Jiang</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>特斯拉产品安全团队的 Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>本·古里安大学网络实验室的 Omer Shwartz、Amir Cohen、Asaf Shabtai 博士和 Yossi Oren 博士</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td>HCL 科技公司 <a href="https://alephsecurity.com/">Aleph 研究团队</a>的 Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369、CVE-2017-6249、CVE-2017-6247、CVE-2017-6248</td>
+ <td>趋势科技的 Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642、CVE-2017-0637、CVE-2017-0638</td>
+ <td>Vasily Vasiliev</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td><a href="http://www.trendmicro.com">趋势科技</a><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">移动威胁响应团队</a>的 V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>腾讯安全平台部门的 Xiling Gong</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td>奇虎 360 Qex 团队的 Yangkang (<a href="https://twitter.com/dnpushme">@dnpushme</a>) 和 Liyadong</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>奇虎 360 科技有限公司 IceSword 实验室的 Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td><a href="http://c0reteam.org">C0RE 团队</a>的 Yuan-Tsung Lo (<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>) 和 Xuxian Jiang</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241</td>
+ <td>Google 的 Zubin Mithra</td>
+ </tr>
+</tbody></table>
+<h2 id="common-questions-and-answers">常见问题和解答</h2>
+<p>本部分针对阅读本公告后可能产生的常见问题提供了相应的解答。</p>
+
+<p><strong>1. 如何确定我的设备是否已更新到解决了这些问题的版本?
+</strong></p>
+
+<p>要了解如何检查设备的安全补丁程序级别,请阅读 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 和 Nexus 更新时间表</a>中的说明。</p>
+<ul>
+<li>2017-06-01(或之后)的安全补丁程序级别解决了与 2017-06-01 安全补丁程序级别相关的所有问题。</li>
+<li>2017-06-05(或之后)的安全补丁程序级别解决了与 2017-06-05 安全补丁程序级别以及之前的所有补丁程序级别相关的所有问题。</li></ul>
+<p>提供这些更新的设备制造商应将补丁程序字符串级别设为:</p>
+<ul>
+<li>[ro.build.version.security_patch]:[2017-06-01]</li>
+<li>[ro.build.version.security_patch]:[2017-06-05]</li></ul>
+<p><strong>2. 为何此公告有 2 个安全补丁程序级别?</strong></p>
+
+<p>本公告有 2 个安全补丁程序级别,目的是让 Android 合作伙伴能够灵活地、更快速地修复所有 Android 设备上类似的一系列漏洞。我们建议 Android 合作伙伴修复本公告中的所有问题并使用最新的安全补丁程序级别。</p>
+<ul>
+<li>使用 2017 年 6 月 1 日安全补丁程序级别的设备必须包含该安全补丁程序级别对应的所有问题的修复方案,以及针对之前的安全公告中报告的所有问题的修复方案。</li>
+<li>使用 2017 年 6 月 5 日或更新的安全补丁程序级别的设备必须包含此(以及之前的)安全公告中的所有适用补丁程序。</li></ul>
+<p>我们建议合作伙伴在一次更新中汇总要解决的所有问题的修复方案。</p>
+
+<p id="vulnerability-type"><strong>3.<em></em>“类型”列中的条目表示什么意思?</strong></p>
+
+<p><em></em>漏洞详情表的“类型”列中的条目是安全漏洞的分类。</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>缩写</th>
+ <th>定义</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>远程代码执行</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>提权</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>信息披露</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>拒绝服务</td>
+ </tr>
+ <tr>
+ <td>N/A</td>
+ <td>没有分类</td>
+ </tr>
+</tbody></table>
+<p><strong>4.<em></em>“参考信息”列中的条目表示什么意思?</strong></p>
+
+<p>漏洞详情表的“参考信息”列中的条目可能包含用于标识参考值所属组织的前缀。<em></em></p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>前缀</th>
+ <th>参考信息</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android Bug ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm 参考编号</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek 参考编号</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA 参考编号</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom 参考编号</td>
+ </tr>
+</tbody></table>
+<p id="asterisk"><strong>5.<em></em>“参考信息”列中的“Android Bug ID”旁边的 <a href="#asterisk">*</a> 表示什么意思?</strong></p>
+
+<p><em></em>如果“参考信息”列的“Android Bug ID”旁边标有 <a href="#asterisk">*</a>,则表示相应问题未公开发布。<a href="https://developers.google.com/android/nexus/drivers">Google Developers 网站</a>上提供的 Nexus 设备的最新二进制驱动程序中通常包含针对此问题的更新。</p>
+
+<h2 id="versions">版本</h2>
+<table>
+ <colgroup><col width="25%" />
+ <col width="25%" />
+ <col width="50%" />
+ </colgroup><tbody><tr>
+ <th>版本</th>
+ <th>日期</th>
+ <th>备注</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>2017 年 6 月 5 日</td>
+ <td>发布了本公告。</td>
+ </tr>
+ <tr>
+ <td>1.1</td>
+ <td>2017 年 6 月 7 日</td>
+ <td>修订了本公告,添加了 AOSP 链接。</td>
+ </tr>
+</tbody></table>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/encryption/full-disk.html b/zh-cn/security/encryption/full-disk.html
new file mode 100644
index 0000000..b06a575
--- /dev/null
+++ b/zh-cn/security/encryption/full-disk.html
@@ -0,0 +1,395 @@
+<html devsite><head>
+ <title>全盘加密</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>全盘加密是使用已加密的密钥对 Android 设备上的所有用户数据进行编码的过程。设备经过加密后,所有由用户创建的数据在写入磁盘之前都会自动加密,并且所有读取操作都会在将数据返回给调用进程之前自动解密数据。</p>
+
+<p>全盘加密是在 Android 4.4 版中引入的,不过 Android 5.0 中又引入了以下新功能:</p>
+<ul>
+ <li>创建了快速加密方式,这种加密方式只会对数据分区中已使用的分块进行加密,以免首次启动用时过长。目前只有 EXT4 和 F2FS 文件系统支持快速加密。
+ </li><li>添加了 <a href="/devices/storage/config.html"><code>forceencrypt</code> fstab 标记</a>,以便在首次启动时进行加密。
+ </li><li>添加了对解锁图案和无密码加密的支持。
+ </li><li>添加了由硬件支持的加密密钥存储空间,该空间使用可信执行环境(TEE,例如 TrustZone)的签名功能。如需更多详细信息,请参阅<a href="#storing_the_encrypted_key">存储已加密的密钥</a>。
+</li></ul>
+
+<p class="caution"><strong>注意</strong>:对于升级到 Android 5.0 的设备,如果升级之后进行了加密,则可以通过恢复出厂设置还原到未加密状态。在首次启动时加密的新 Android 5.0 设备无法还原到未加密状态。</p>
+
+<h2 id="how_android_encryption_works">Android 全盘加密的运作方式</h2>
+
+<p>Android 全盘加密基于在块设备层运行的内核功能 <code>dm-crypt</code>。因此,这种加密方式适用于以块设备的形式呈现给内核的嵌入式多媒体卡<strong> </strong>(eMMC) 和类似闪存设备。YAFFS 会直接与原始 NAND 闪存芯片交互,无法进行全盘加密。</p>
+
+<p>全盘加密采用的是 128 位高级加密标准 (AES) 算法(搭配密码块链接 (CBC) 和 ESSIV:SHA256)。对主密钥进行加密时使用的是 128 位 AES 算法,并会调用 OpenSSL 库。对于该密钥,您必须使用 128 位或更多位(可以选择 256 位)。</p>
+
+<p class="note"><strong>注意</strong>:原始设备制造商 (OEM) 可以使用 128 位或更多位对主密钥进行加密。</p>
+
+<p>Android 5.0 版中有以下 4 种加密状态:</p>
+
+<ul>
+ <li>默认</li><li>PIN 码</li><li>密码</li><li>解锁图案</li></ul>
+
+<p>首次启动时,设备会创建一个随机生成的 128 位主密钥,然后会使用默认密码和存储的盐对其进行哈希处理。默认密码是“default_password”。不过,设备还会通过 TEE(例如 TrustZone)为生成的哈希签名。TEE 会使用相应签名的哈希来加密主密钥。</p>
+
+<p>您可以在 Android 开放源代码项目 <a href="https://android.googlesource.com/platform/system/vold/+/master/cryptfs.c">cryptfs.c</a> 文件中找到定义的默认密码。</p>
+
+<p>当用户在设备上设置 PIN 码/通行码或密码时,只有 128 位的密钥会被重新加密并存储起来(也就是说,更改用户 PIN 码/通行码/解锁图案不会导致重新加密用户数据)。请注意,<a href="http://developer.android.com/guide/topics/admin/device-admin.html">受管理的设备</a>可能受 PIN 码、解锁图案或密码限制。</p>
+
+<p>加密操作由 <code>init</code> 和 <code>vold</code> 管理。
+<code>init</code> 负责调用 <code>vold</code>,然后 vold 会设置相关属性以触发 init 中的事件。系统的其他部分也会查看这些属性以执行各项任务,例如报告状态、提示输入密码,或有严重错误发生时提示恢复出厂设置。为了调用 <code>vold</code> 中的加密功能,系统会使用命令行工具 <code>vdc</code> 的 <code>cryptfs</code> 命令:<code>checkpw</code>、<code>restart</code>、<code>enablecrypto</code>、<code>changepw</code>、<code>cryptocomplete</code>、<code>verifypw</code>、<code>setfield</code>、<code>getfield</code>、<code>mountdefaultencrypted</code>、<code>getpwtype</code>、<code>getpw</code> 以及 <code>clearpw</code>。</p>
+
+<p>要加密、解密或清空 <code>/data</code>,<code>/data</code> 不得处于装载状态。但要显示任何界面,框架都必须启动,而框架需要 <code>/data</code> 才能运行。为了解决这一冲突,<code>/data</code> 上会装载一个临时文件系统。通过该文件系统,Android 可以提示输入密码、显示进度或根据需要建议清除数据。不过,该文件系统会带来以下限制:要从临时文件系统切换到实际的 <code>/data</code> 文件系统,系统必须停止临时文件系统中打开了文件的所有进程,并在实际的 <code>/data</code> 文件系统中重启这些进程。为此,所有服务都必须位于以下其中一个组内:<code>core</code>、<code>main</code> 和 <code>late_start</code>。</p>
+
+<ul>
+ <li><code>core</code>:启动后一直不会关闭。
+ </li><li><code>main</code>:关闭,然后在用户输入磁盘密码后会重启。
+ </li><li><code>late_start</code>:在 <code>/data</code> 未解密并装载之前,一直不会启动。
+</li></ul>
+
+<p>为了触发这些操作,<code>vold.decrypt</code> 属性会被设为<a href="https://android.googlesource.com/platform/system/vold/+/master/cryptfs.c">多种字符串</a>。要结束和重启服务,请使用以下 <code>init</code> 命令:</p>
+
+<ul>
+ <li><code>class_reset</code>:停止相应服务,但允许通过 class_start 重启该服务。
+ </li><li><code>class_start</code>:重启相应服务。
+ </li><li><code>class_stop</code>:停止相应服务并添加 <code>SVC_DISABLED</code> 标记。被停止的服务不会对 <code>class_start</code> 做出响应。
+</li></ul>
+
+<h2 id="flows">流程</h2>
+
+<p>有 4 种针对已加密设备的流程。每个设备只需加密一次,然后会遵循正常的启动流程。</p>
+
+<ul>
+ <li>加密之前未加密的设备:<ul>
+ <li>使用 <code>forceencrypt</code> 加密新设备:首次启动时的强制加密(从 Android L 开始)。
+ </li><li>加密现有设备:由用户启动的加密(Android K 及更低版本)。
+ </li></ul>
+ </li><li>启动已加密的设备:<ul>
+ <li>启动无密码的已加密设备:启动未设置密码的已加密设备(适用于运行 Android 5.0 及更高版本的设备)。
+ </li><li>启动设有密码的已加密设备:启动设置了密码的已加密设备。
+ </li></ul>
+</li></ul>
+
+<p>除了上述流程外,设备还可能无法加密 <code>/data</code>。下文对上述每种流程进行了详细介绍。</p>
+
+<h3 id="encrypt_a_new_device_with_forceencrypt">使用 forceencrypt 加密新设备</h3>
+
+<p>这是 Android 5.0 设备首次启动时的常规流程。</p>
+
+<ol>
+ <li><strong>检测带有 <code>forceencrypt</code> 标记的未加密文件系统</strong>
+
+<p>
+<code>/data</code> 未加密,但需要加密,因为 <code>forceencrypt</code> 强制要求进行此项加密。卸载 <code>/data</code>。</p>
+
+ </li><li><strong>开始加密 <code>/data</code></strong>
+
+<p><code>vold.decrypt = "trigger_encryption"</code> 会触发 <code>init.rc</code>,从而使 <code>vold</code> 对 <code>/data</code> 进行无密码加密。(因为这应该是新设备,还没有设置密码。)</p>
+
+ </li><li><strong>装载 tmpfs</strong>
+
+<p><code>vold</code> 会装载一个 tmpfs <code>/data</code>(使用 <code>ro.crypto.tmpfs_options</code> 中的 tmpfs 选项),并会将 <code>vold.encrypt_progress</code> 属性设为 0。
+<code>vold</code> 会准备 tmpfs <code>/data</code> 以便启动已加密的系统,并会将 <code>vold.decrypt</code> 属性设为 <code>trigger_restart_min_framework</code>
+</p>
+
+ </li><li><strong>启动框架以显示进度</strong>
+
+<p>由于设备上几乎没有要加密的数据,加密过程很快就会完成,因此实际上通常并不会显示进度条。如需关于进度界面的更多详细信息,请参阅<a href="#encrypt_an_existing_device">加密现有设备</a>。</p>
+
+ </li><li><strong><code>/data</code> 加密后,关闭框架</strong>
+
+<p><code>vold</code> 会将 <code>vold.decrypt</code> 设为 <code>trigger_default_encryption</code>,这会启动 <code>defaultcrypto</code> 服务。(这会启动以下流程来装载默认的已加密用户数据。)<code>trigger_default_encryption</code> 会检查加密类型,以了解 <code>/data</code> 加密是否使用了密码。由于 Android 5.0 设备是在首次启动时加密,应该没有设置任何密码,因此我们要解密并装载 <code>/data</code>。</p>
+
+ </li><li><strong>装载 <code>/data</code></strong>
+
+<p>接下来,<code>init</code> 会使用从 <code>ro.crypto.tmpfs_options</code>(在 <code>init.rc</code> 中设置)中选取的参数在 tmpfs RAMDisk 中装载 <code>/data</code>。</p>
+
+ </li><li><strong>启动框架</strong>
+
+<p>将 <code>vold</code> 设为 <code>trigger_restart_framework</code>,这会继续常规启动过程。</p>
+</li></ol>
+
+<h3 id="encrypt_an_existing_device">加密现有设备</h3>
+
+<p>当您加密之前搭载 Android K 或更低版本但已迁移至 L 的未加密设备时,则会发生该流程。</p>
+
+<p>该流程由用户启动,在代码中称为“原地加密”。当用户选择对设备进行加密时,界面中将会提示用户确认电池是否已充满电并且交流电源适配器是否已插好,以便有充足的电量来完成加密过程。</p>
+
+<p class="warning"><strong>警告</strong>:如果设备在完成加密之前耗尽电量并关机,文件数据将会处于部分加密状态。如果出现这种情况,必须将设备恢复出厂设置,而这将导致所有数据都会丢失。</p>
+
+<p>为了进行原地加密,<code>vold</code> 会启动一个循环来读取实际块设备中每个扇区的数据,然后将其写入到加密块设备。在读取每个扇区的数据以及将其写入到加密块设备之前,<code>vold</code> 都会先检查相应扇区是否处于使用状态。对于几乎没有什么数据的新设备来说,这种方式可以大大加快加密速度。</p>
+
+<p><strong>设备状态</strong>:设置 <code>ro.crypto.state = "unencrypted"</code>,并执行 <code>on nonencrypted</code> <code>init</code> 触发器以继续启动。</p>
+
+<ol>
+ <li><strong>检查密码</strong>
+
+<p>界面会使用 <code>cryptfs enablecrypto inplace</code> 命令调用 <code>vold</code>,其中 <code>passwd</code> 是用户的锁定屏幕密码。</p>
+
+ </li><li><strong>关闭框架</strong>
+
+<p><code>vold</code> 会检查是否存在错误。如果无法加密,则返回 -1,并在日志中记录原因。如果可以加密,则会将 <code>vold.decrypt</code> 属性设为 <code>trigger_shutdown_framework</code>。这会使 <code>init.rc</code> 停止 <code>late_start</code> 类和 <code>main</code> 类中的服务。</p>
+
+ </li><li><strong>创建加密页脚</strong></li>
+ <li><strong>创建路径文件</strong></li>
+ <li><strong>重新启动</strong></li>
+ <li><strong>检测路径文件</strong></li>
+ <li><strong>开始加密 <code>/data</code></strong>
+
+<p>接下来,<code>vold</code> 会设置加密映射,这将创建一个映射到实际块设备的虚拟加密块设备,但会在写入每个扇区的数据时对相应扇区进行加密,并在读取每个扇区的数据时对相应扇区进行解密。然后,<code>vold</code> 会创建并写出加密元数据。</p>
+
+ </li><li><strong>在加密时装载 tmpfs</strong>
+
+<p><code>vold</code> 会装载一个 tmpfs <code>/data</code>(使用 <code>ro.crypto.tmpfs_options</code> 中的 tmpfs 选项),并会将 <code>vold.encrypt_progress</code> 属性设为 0。<code>vold</code> 会准备 tmpfs <code>/data</code> 以便启动已加密的系统,并会将 <code>vold.decrypt</code> 属性设为 <code>trigger_restart_min_framework</code> </p>
+
+ </li><li><strong>启动框架以显示进度</strong>
+
+<p><code>trigger_restart_min_framework </code> 会使 <code>init.rc</code> 启动 <code>main</code> 类中的服务。当框架看到 <code>vold.encrypt_progress</code> 已设为 0 时,它会打开进度条界面,该界面每 5 秒查询一次该属性并更新进度条。加密循环会在已加密的分区比例每增加百分之一时更新一次 <code>vold.encrypt_progress</code>。</p>
+
+ </li><li><strong><code> /data</code> 加密后,更新加密页脚</strong>
+
+<p><code>/data</code> 成功加密后,<code>vold</code> 会清除元数据中的 <code>ENCRYPTION_IN_PROGRESS</code> 标记。</p>
+
+<p>当设备成功解锁后,接下来便会使用密码加密主密钥,并且会更新加密页脚。</p>
+
+<p>如果重新启动因某个原因失败了,<code>vold</code> 会将 <code>vold.encrypt_progress</code> 属性设为 <code>error_reboot_failed</code>,并且界面中应显示一条消息,提示用户按某个按钮以重新启动。这种情况不应发生。</p>
+</li></ol>
+
+<h3 id="starting_an_encrypted_device_with_default_encryption">启动已进行默认加密的已加密设备</h3>
+
+<p>当您启动无密码的已加密设备时,则会发生该流程。由于 Android 5.0 设备是在首次启动时加密,应该没有设置任何密码,因此属于“默认加密”状态。<em></em></p>
+
+<ol>
+ <li><strong>检测无密码的已加密 <code>/data</code></strong>
+
+<p>会发现 Android 设备已加密,因为 <code>/data</code> 无法装载,并且设置了 <code>encryptable</code> 或 <code>forceencrypt</code> 标记。</p>
+
+<p><code>vold</code> 会将 <code>vold.decrypt</code> 设为 <code>trigger_default_encryption</code>,这会启动 <code>defaultcrypto</code> 服务。<code>trigger_default_encryption</code> 会检查加密类型,以了解 <code>/data</code> 加密是否使用了密码。</p>
+
+ </li><li><strong>解密 /data</strong>
+
+<p>基于块设备创建 <code>dm-crypt</code> 设备,接下来设备就可以使用了。</p>
+
+ </li><li><strong>装载 /data</strong>
+
+<p>然后,<code>vold</code> 会装载已解密的实际 <code>/data</code> 分区,并准备新的分区。它会将 <code>vold.post_fs_data_done</code> 属性设为 0,接着将 <code>vold.decrypt</code> 设为 <code>trigger_post_fs_data</code>。这会使 <code>init.rc</code> 运行其 <code>post-fs-data</code> 命令。这些命令会创建所有必要的目录或链接,然后将 <code>vold.post_fs_data_done</code> 设为 1。</p>
+
+<p>当 <code>vold</code> 看到该属性中的 1 时,会将 <code>vold.decrypt</code> 属性设为 <code>trigger_restart_framework.</code> 这会使 <code>init.rc</code> 再次启动 <code>main</code> 类中的服务,并启动 <code>late_start</code> 类中的服务(这是设备启动后首次启动这些服务)。</p>
+
+ </li><li><strong>启动框架</strong>
+
+<p>现在,框架会使用已解密的 <code>/data</code> 启动其所有服务,接下来系统就可以使用了。</p>
+</li></ol>
+
+<h3 id="starting_an_encrypted_device_without_default_encryption">启动未进行默认加密的已加密设备</h3>
+
+<p>当您启动设有密码的已加密设备时,则会发生该流程。设备的密码可以是 PIN 码、解锁图案或密码。</p>
+
+<ol>
+ <li><strong>检测设有密码的已加密设备</strong>
+
+<p>会发现 Android 设备已加密,因为设置了 <code>ro.crypto.state = "encrypted"</code> 标记</p>
+
+<p>由于 <code>/data</code> 是使用密码加密的,因此 <code>vold</code> 会将 <code>vold.decrypt</code> 设为 <code>trigger_restart_min_framework</code>。</p>
+
+ </li><li><strong>装载 tmpfs</strong>
+
+<p><code>init</code> 会设置 5 个属性,以保存为 <code>/data</code>(包含从 <code>init.rc</code> 传入的参数)提供的初始装载选项。
+<code>vold</code> 会使用这些属性来设置加密映射:</p>
+
+<ol>
+ <li><code>ro.crypto.fs_type</code>
+ </li><li><code>ro.crypto.fs_real_blkdev</code>
+ </li><li><code>ro.crypto.fs_mnt_point</code>
+ </li><li><code>ro.crypto.fs_options</code>
+ </li><li><code>ro.crypto.fs_flags </code>(ASCII 码 8 位十六进制数字,以 0x 开头)</li></ol>
+
+ </li><li><strong>启动框架以提示输入密码</strong>
+
+<p>框架会启动并看到 <code>vold.decrypt</code> 已设为 <code>trigger_restart_min_framework</code>。这让框架知道自己是在 tmpfs <code>/data</code> 磁盘中启动的,并且需要获取用户密码。</p>
+
+<p>不过,它首先需要确认磁盘是否已经过适当加密。它会向 <code>vold</code> 发送 <code>cryptfs cryptocomplete</code> 命令。
+如果加密已成功完成,<code>vold</code> 会返回 0;如果发生内部错误,则会返回 -1;如果加密未成功完成,则会返回 -2。<code>vold</code> 通过查看 <code>CRYPTO_ENCRYPTION_IN_PROGRESS</code> 标记的加密元数据来确定应返回的值。如果设置了此标记,则表示加密过程中断了,并且设备上没有可用的数据。如果 <code>vold</code> 返回错误,界面中应显示一条消息,提示用户重新启动设备并将其恢复出厂设置,并且界面中应为用户提供一个用于执行该操作的按钮。</p>
+
+ </li><li><strong>通过密码解密数据</strong>
+
+<p><code>cryptfs cryptocomplete</code> 成功后,框架会显示一个界面,提示用户输入磁盘密码。界面会向 <code>vold</code> 发送 <code>cryptfs checkpw</code> 命令来检查用户输入的密码。如果密码正确(通过以下方式判定:在临时位置成功装载已解密的 <code>/data</code>,然后将其卸载),<code>vold</code> 会将已解密块设备的名称保存在 <code>ro.crypto.fs_crypto_blkdev</code> 属性中,并向界面返回状态 0。如果密码不正确,则向界面返回 -1。</p>
+
+ </li><li><strong>停止框架</strong>
+
+<p>界面会显示加密启动图形,然后使用 <code>cryptfs restart</code> 命令调用 <code>vold</code>。<code>vold</code> 会将 <code>vold.decrypt</code> 属性设为 <code>trigger_reset_main</code>,这会使 <code>init.rc</code> 执行 <code>class_reset main</code> 命令。此命令会停止 main 类中的所有服务,以便卸载 tmpfs <code>/data</code>。</p>
+
+ </li><li><strong>装载 <code>/data</code></strong>
+
+<p>然后,<code>vold</code> 会装载已解密的实际 <code>/data</code> 分区,并准备新的分区(如果加密时采用了首次发布不支持的数据清除选项,则可能永远无法准备就绪)。它会将 <code>vold.post_fs_data_done</code> 属性设为 0,接着将 <code>vold.decrypt</code> 设为 <code>trigger_post_fs_data</code>。这会使 <code>init.rc</code> 运行其 <code>post-fs-data</code> 命令。这些命令会创建所有必要的目录或链接,然后将 <code>vold.post_fs_data_done</code> 设为 1。当 <code>vold</code> 看到该属性中的 1 时,会将 <code>vold.decrypt</code> 属性设为 <code>trigger_restart_framework</code>。这会使 <code>init.rc</code> 再次启动 <code>main</code> 类中的服务,并启动 <code>late_start</code> 类中的服务(这是设备启动后首次启动这些服务)。</p>
+
+ </li><li><strong>启动整个框架</strong>
+
+<p>现在,框架会使用已解密的 <code>/data</code> 文件系统启动其所有服务,接下来系统就可以使用了。</p>
+</li></ol>
+
+<h3 id="failure">失败</h3>
+
+<p>有一些原因可能会导致设备无法解密。设备会先按照一系列常规步骤启动:</p>
+
+<ol>
+ <li>检测设有密码的已加密设备</li><li>装载 tmpfs</li><li>启动框架以提示输入密码</li></ol>
+
+<p>但在框架打开后,设备可能会遇到一些错误:</p>
+
+<ul>
+ <li>密码匹配但无法解密数据</li><li>用户输错密码的次数达到了 30 次</li></ul>
+
+<p>如果这些错误未解决,则会<strong>提示用户清除数据并恢复出厂设置</strong>:</p>
+
+<p>如果 <code>vold</code> 在加密过程中检测到错误,并且任何数据都尚未被销毁,而框架处于打开状态,<code>vold</code> 会将 <code>vold.encrypt_progress </code>属性设为 <code>error_not_encrypted</code>。界面中会提示用户重新启动系统,并提醒他们加密过程并未开始。如果错误发生在框架关闭之后、进度条界面显示之前,<code>vold</code> 会重新启动系统。如果重新启动失败,则会将 <code>vold.encrypt_progress</code> 设为 <code>error_shutting_down</code> 并返回 -1;但却无法捕获相应错误。这种情况不应发生。</p>
+
+<p>如果 <code>vold</code> 在加密过程中检测到错误,则会将 <code>vold.encrypt_progress</code> 设为 <code>error_partially_encrypted</code> 并返回 -1。随后,界面中应显示一条消息,告诉用户加密失败,并且界面中应为用户提供一个用于将设备恢复出厂设置的按钮。</p>
+
+<h2 id="storing_the_encrypted_key">存储已加密的密钥</h2>
+
+<p>已加密的密钥存储在加密元数据中。硬件支持是通过使用可信执行环境 (TEE) 的签名功能实现的。以前在加密主密钥时,需要使用通过对用户的密码和存储的盐应用 scrypt 生成的密钥。为了使该密钥能够抵御盒外攻击,我们通过使用存储的 TEE 密钥为生成的密钥签名,扩展了这种算法。然后,通过再次应用 scrypt,生成的签名会转变成具有适当长度的密钥。该密钥随后会用于加密和解密主密钥。存储该密钥的步骤如下:</p>
+
+<ol>
+ <li>生成 16 个字节的随机磁盘加密密钥 (DEK) 和 16 个字节的盐。
+ </li><li>对用户密码和盐应用 scrypt,以生成 32 个字节的中间密钥 1 (IK1)。
+ </li><li>为 IK1 填充若干个零字节,以便达到绑定到硬件的私钥 (HBK) 的大小。具体来说就是按照以下方式进行填充:00 || IK1 || 00..00;1 个零字节,32 个 IK1 字节,223 个零字节。
+ </li><li>使用 HBK 为已填充的 IK1 签名,以生成 256 个字节的 IK2。
+ </li><li>对 IK2 和盐(与第 2 步中使用的盐相同)应用 scrypt,以生成 32 个字节的 IK3。
+ </li><li>将 IK3 的前 16 个字节用作 KEK,后 16 个字节用作 IV。</li><li>使用 AES_CBC、密钥 KEK 和初始化矢量 IV 加密 DEK。</li></ol>
+
+<h2 id="changing_the_password">更改密码</h2>
+
+<p>当用户选择在设置中更改或移除密码时,界面会向 <code>vold</code> 发送 <code>cryptfs changepw</code> 命令,然后 <code>vold</code> 会使用新密码重新加密磁盘主密钥。</p>
+
+<h2 id="encryption_properties">加密属性</h2>
+
+<p><code>vold</code> 和 <code>init</code> 之间通过设置属性进行通信。下面列出了可用的加密属性。</p>
+
+<h3 id="vold_properties">vold 属性</h3>
+
+<table>
+ <tbody><tr>
+ <th>属性</th>
+ <th>说明</th>
+ </tr>
+ <tr>
+ <td><code>vold.decrypt trigger_encryption</code></td>
+ <td>以无密码方式加密存储卷。</td>
+ </tr>
+ <tr>
+ <td><code>vold.decrypt trigger_default_encryption</code></td>
+ <td>检查存储卷是否采用了无密码加密。如果是,则解密并装载存储卷;如果不是,则将 <code>vold.decrypt</code> 设为 trigger_restart_min_framework。</td>
+ </tr>
+ <tr>
+ <td><code>vold.decrypt trigger_reset_main</code></td>
+ <td>由 vold 设置,用于关闭提示输入磁盘密码的界面。</td>
+ </tr>
+ <tr>
+ <td><code>vold.decrypt trigger_post_fs_data</code></td>
+ <td>由 vold 设置,用于准备具有必要目录等内容的 /data。</td>
+ </tr>
+ <tr>
+ <td><code>vold.decrypt trigger_restart_framework</code></td>
+ <td>由 vold 设置,用于启动实际框架和所有服务。</td>
+ </tr>
+ <tr>
+ <td><code>vold.decrypt trigger_shutdown_framework</code></td>
+ <td>由 vold 设置,用于关闭整个框架以开始加密。</td>
+ </tr>
+ <tr>
+ <td><code>vold.decrypt trigger_restart_min_framework</code></td>
+ <td>由 vold 设置,用于启动加密进度条界面或提示输入密码,具体取决于 <code>ro.crypto.state</code> 的值。</td>
+ </tr>
+ <tr>
+ <td><code>vold.encrypt_progress</code></td>
+ <td>框架启动时,如果设置了此属性,则会进入进度条界面模式。</td>
+ </tr>
+ <tr>
+ <td><code>vold.encrypt_progress 0 to 100</code></td>
+ <td>进度条界面中应按照设置显示百分比值。</td>
+ </tr>
+ <tr>
+ <td><code>vold.encrypt_progress error_partially_encrypted</code></td>
+ <td>进度条界面中应显示一条消息,告诉用户加密失败,并且界面中应为用户提供一个用于将设备恢复出厂设置的按钮。</td>
+ </tr>
+ <tr>
+ <td><code>vold.encrypt_progress error_reboot_failed</code></td>
+ <td>进度条界面中应显示一条消息,告诉用户加密已完成,并且界面中应为用户提供一个用于重新启动设备的按钮。此错误不应发生。</td>
+ </tr>
+ <tr>
+ <td><code>vold.encrypt_progress error_not_encrypted</code></td>
+ <td>进度条界面中应显示一条消息,告诉用户发生错误,没有已加密的数据或数据已丢失,并且界面中应为用户提供一个用于重新启动系统的按钮。</td>
+ </tr>
+ <tr>
+ <td><code>vold.encrypt_progress error_shutting_down</code></td>
+ <td>进度条界面未运行,因此不清楚谁将响应此错误。在任何情况下,都不应发生此错误。</td>
+ </tr>
+ <tr>
+ <td><code>vold.post_fs_data_done 0</code></td>
+ <td>由 <code>vold</code> 在将 <code>vold.decrypt</code> 设为 <code>trigger_post_fs_data</code> 的前一刻设置。</td>
+ </tr>
+ <tr>
+ <td><code>vold.post_fs_data_done 1</code></td>
+ <td>由 <code>init.rc</code> 或 <code>init.rc</code> 在完成 <code>post-fs-data</code> 任务之后立即设置。</td>
+ </tr>
+</tbody></table>
+<h3 id="init_properties">init 属性</h3>
+
+<table>
+ <tbody><tr>
+ <th>属性</th>
+ <th>说明</th>
+ </tr>
+ <tr>
+ <td><code>ro.crypto.fs_crypto_blkdev</code></td>
+ <td>由 <code>vold</code> 命令 <code>checkpw</code> 设置,供 <code>vold</code> 命令 <code>restart</code> 以后使用。</td>
+ </tr>
+ <tr>
+ <td><code>ro.crypto.state unencrypted</code></td>
+ <td>由 <code>init</code> 设置,用于说明相应系统正在未加密的 <code>/data ro.crypto.state encrypted</code> 中运行。由 <code>init</code> 设置,用于说明相应系统正在已加密的 <code>/data</code> 中运行。</td>
+ </tr>
+ <tr>
+ <td><p><code>ro.crypto.fs_type<br />
+ ro.crypto.fs_real_blkdev <br />
+ ro.crypto.fs_mnt_point<br />
+ ro.crypto.fs_options<br />
+ ro.crypto.fs_flags <br />
+ </code></p></td>
+ <td>这 5 个属性由 <code>init</code> 在尝试装载 <code>/data</code>(包含从 <code>init.rc</code> 传入的参数)时设置。<code>vold</code> 会使用这些属性来设置加密映射。</td>
+ </tr>
+ <tr>
+ <td><code>ro.crypto.tmpfs_options</code></td>
+ <td>由 <code>init.rc</code> 设置,包含 init 在装载 tmpfs /data 文件系统时应使用的选项。</td>
+ </tr>
+</tbody></table>
+<h2 id="init_actions">init 操作</h2>
+
+<pre>
+on post-fs-data
+on nonencrypted
+on property:vold.decrypt=trigger_reset_main
+on property:vold.decrypt=trigger_post_fs_data
+on property:vold.decrypt=trigger_restart_min_framework
+on property:vold.decrypt=trigger_restart_framework
+on property:vold.decrypt=trigger_shutdown_framework
+on property:vold.decrypt=trigger_encryption
+on property:vold.decrypt=trigger_default_encryption
+</pre>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/encryption/index.html b/zh-cn/security/encryption/index.html
new file mode 100644
index 0000000..ea9f244
--- /dev/null
+++ b/zh-cn/security/encryption/index.html
@@ -0,0 +1,38 @@
+<html devsite><head>
+ <title>加密</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>加密是使用对称加密密钥对 Android 设备上的所有用户数据进行编码的过程。设备经过加密后,所有由用户创建的数据在存入磁盘之前都会自动加密,并且所有读取操作都会在将数据返回给调用进程之前自动解密数据。加密可确保未经授权方在尝试访问相应数据时无法读取它们。
+</p>
+<p>Android 有两种设备加密方法:全盘加密和文件级加密。
+</p>
+<h2 id="full-disk">全盘加密</h2>
+<p>Android 5.0 及更高版本支持<a href="full-disk.html">全盘加密</a>。全盘加密是使用单个密钥(由用户的设备密码加以保护)来保护设备的整个用户数据分区。设备启动后,用户必须提供其凭据才能访问磁盘的任何部分。
+</p>
+<p>虽然这非常有利于确保安全性,但如果采用这种加密方式,当用户重新启动设备后,手机的大多数核心功能都将无法立即可用。由于对数据的访问受单个用户凭据的保护,因此闹钟等功能将无法运行,无障碍服务将无法使用,并且手机将无法接听电话。
+</p>
+<h2 id="file-based">文件级加密</h2>
+<p>Android 7.0 及更高版本支持<a href="file-based.html">文件级加密</a>。采用文件级加密时,可以使用不同的密钥对不同的文件进行加密,并且可以对这些文件进行单独解密。支持文件级加密的设备还支持一种称为<a href="https://developer.android.com/preview/features/direct-boot.html">直接启动</a>的新功能。该功能处于启用状态时,已加密设备在启动后将直接进入锁定屏幕,从而可让用户快速访问重要的设备功能,例如无障碍服务和闹钟。
+</p>
+<p>引入文件级加密和新 API 后,便可以将应用设为加密感知型应用,这样一来,它们将能够在受限环境中运行。这些应用将可以在用户提供凭据之前运行,同时系统仍能保护私密用户信息。
+</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/enhancements/enhancements41.html b/zh-cn/security/enhancements/enhancements41.html
new file mode 100644
index 0000000..0516b64
--- /dev/null
+++ b/zh-cn/security/enhancements/enhancements41.html
@@ -0,0 +1,57 @@
+<html devsite><head>
+ <title>Android 1.5 至 4.1 中的安全增强功能</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 提供了一个多层安全模型,<a href="/security/index.html">Android 安全性概述</a>中对该模型进行了介绍。每个 Android 更新版本中都包含数十种用于保护用户的安全增强功能。以下是 Android 1.5 至 4.1 版中引入的一些安全增强功能:</p>
+
+<dl>
+<dt><strong>Android 1.5</strong></dt>
+<dd><ul>
+<li>ProPolice:旨在防止堆栈缓冲区溢出 (-fstack-protector)</li>
+<li>safe_iop:旨在减少整数溢出</li>
+<li>OpenBSD dlmalloc 的扩展程序:旨在防范 double free() 漏洞和连续块攻击。连续块攻击是利用堆损坏的常见攻击方式。</li>
+<li>OpenBSD calloc:旨在防止在内存分配期间发生整数溢出</li>
+</ul>
+</dd>
+
+<dt><strong>Android 2.3</strong></dt>
+<dd><ul>
+<li>格式化字符串漏洞防护功能 (-Wformat-security -Werror=format-security)</li>
+<li>基于硬件的 No eXecute (NX):旨在防止在堆栈和堆上执行代码</li>
+<li>Linux mmap_min_addr:旨在降低空指针解引用提权风险(在 Android 4.1 中得到了进一步增强)</li>
+</ul>
+</dd>
+
+<dt><strong>Android 4.0</strong></dt>
+<dd>地址空间布局随机化 (ASLR):旨在随机排列内存中的关键位置</dd>
+
+<dt><strong>Android 4.1</strong></dt>
+<dd><ul>
+<li>PIE(位置无关可执行文件)支持</li>
+<li>只读重定位/立即绑定 (-Wl,-z,relro -Wl,-z,now)</li>
+<li>启用了 dmesg_restrict(避免内核地址泄露)</li>
+<li>启用了 kptr_restrict(避免内核地址泄露)</li>
+</ul>
+</dd>
+
+</dl>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/enhancements/enhancements42.html b/zh-cn/security/enhancements/enhancements42.html
new file mode 100644
index 0000000..cf30dd6
--- /dev/null
+++ b/zh-cn/security/enhancements/enhancements42.html
@@ -0,0 +1,49 @@
+<html devsite><head>
+ <title>Android 4.2 中的安全增强功能</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 提供了一个多层安全模型,<a href="/security/index.html">Android 安全性概述</a>中对该模型进行了介绍。每个 Android 更新版本中都包含数十种用于保护用户的安全增强功能。以下是 Android 4.2 中引入的一些安全增强功能:</p>
+
+<ul>
+<li><strong>应用验证</strong> - 用户可以选择启用“验证应用”,并且可以选择在应用安装之前由应用验证程序对其进行筛查。如果用户尝试安装的应用可能有害,应用验证功能可以提醒用户;如果应用的危害性非常大,应用验证功能可以阻止安装。</li>
+<li><strong>加强对付费短信的控制</strong> - 如果有应用尝试向使用付费服务的短代码发送短信(可能会产生额外的费用),Android 将会通知用户。用户可以选择是允许还是阻止该应用发送短信。</li>
+
+<li><strong>始终开启的 VPN</strong> - 可以配置 VPN,以确保在建立 VPN 连接之前应用无法访问网络。这有助于防止应用跨其他网络发送数据。</li>
+
+<li><strong>证书锁定</strong> - Android 的核心库现在支持<a href="https://developer.android.com/reference/android/net/http/X509TrustManagerExtensions.html">证书锁定</a>。如果证书未关联到一组应关联的证书,锁定的域将会收到证书验证失败消息。这有助于防范证书授权中心免遭可能的入侵。</li>
+
+<li><strong>改进后的 Android 权限显示方式</strong> - 权限划分到了多个对用户来说更清晰明了的组中。在审核权限时,用户可以点击权限来查看关于相应权限的更多详细信息。</li>
+
+<li><strong>installd 加固</strong> - <code>installd</code> 守护进程不会以 Root 用户身份运行,从而可减小 Root 提权攻击的潜在攻击面。</li>
+
+<li><strong>init 脚本加固</strong> - init 脚本现在应用 <code>O_NOFOLLOW</code> 语义来防范与符号链接相关的攻击。</li>
+
+<li><strong>FORTIFY_SOURCE</strong> - Android 现在实现了 <code>FORTIFY_SOURCE</code>。系统库和应用可以使用它来防范内存损坏。</li>
+
+<li><strong>ContentProvider 默认配置</strong> - 面向第 17 层 API 的应用会针对每个<a href="https://developer.android.com/reference/android/content/ContentProvider.html">内容提供程序</a>默认将“export”设为“false”,从而减小应用的默认受攻击面。</li>
+
+<li><strong>加密</strong> - 修改了 SecureRandom 和 Cipher.RSA 的默认实现,以便使用 OpenSSL。为使用 OpenSSL 1.0.1 的 TLSv1.1 和 TLSv1.2 添加了安全套接字支持</li>
+
+<li><strong>安全漏洞修复程序</strong> - 升级了开放源代码库,新增了一些安全漏洞修复程序,其中包括 WebKit、libpng、OpenSSL 和 LibXML。Android 4.2 中还包含针对 Android 特有漏洞的修复程序。有关这些漏洞的信息已提供给“开放手机联盟”(Open Handset Alliance) 成员,并且 Android 开放源代码项目中提供了相应的修复程序。为了提高安全性,搭载更低版本 Android 的某些设备可能也会包含这些修复程序。</li>
+
+</ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/enhancements/enhancements43.html b/zh-cn/security/enhancements/enhancements43.html
new file mode 100644
index 0000000..24805ca
--- /dev/null
+++ b/zh-cn/security/enhancements/enhancements43.html
@@ -0,0 +1,63 @@
+<html devsite><head>
+ <title>Android 4.3 中的安全增强功能</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>每个 Android 版本中都包含数十种用于保护用户的安全增强功能。以下是 Android 4.3 中提供的一些安全增强功能:</p>
+
+<ul>
+ <li><strong>通过 SELinux 得到增强的 Android 沙盒。
+</strong>此版本利用 Linux 内核中的 SELinux 强制访问控制系统 (MAC) 增强了 Android 沙盒。SELinux 强化功能(用户和开发者看不到它)可提高现有 Android 安全模型的可靠性,同时与现有应用保持兼容。为了确保持续兼容,此版本允许以宽容模式使用 SELinux。此模式会记录所有政策违规行为,但不会中断应用或影响系统行为。</li>
+
+ <li><strong>没有 SetUID/SetGID 程序:
+</strong>针对 Android 系统文件添加了对文件系统功能的支持,并移除了所有 SetUID/SetGUID 程序。这可以减小 Root 攻击面,并降低出现潜在安全漏洞的可能性。</li>
+
+ <li><strong>ADB 身份验证。
+</strong>从 Android 4.2.2 起,开始使用 RSA 密钥对为 ADB 连接进行身份验证。这可以防止攻击者在实际接触到设备的情况下未经授权使用 ADB。</li>
+
+ <li><strong>限制 Android 应用执行 SetUID 程序。
+</strong>/system 分区现在针对 Zygote 衍生的进程装载了 nosuid,以防止 Android 应用执行 SetUID 程序。这可以减小 Root 攻击面,并降低出现潜在安全漏洞的可能性。</li>
+
+ <li><strong>功能绑定。
+</strong>在执行应用之前,Android Zygote 和 ADB 现在会先使用 prctl(PR_CAPBSET_DROP) 舍弃不必要的功能。这可以防止 Android 应用和从 shell 启动的应用获取特权功能。</li>
+
+ <li><strong>AndroidKeyStore 提供程序。
+</strong>Android 现在有一个允许应用创建专用密钥的密钥库提供程序。该程序可以为应用提供一个用于创建或存储私钥的 API,其他应用将无法使用这些私钥。</li>
+
+ <li><strong>KeyChain isBoundKeyAlgorithm。
+</strong>Keychain API 现在提供了一种方法 (isBoundKeyType),可让应用确认系统级密钥是否已绑定到设备的硬件信任根。该方法提供了一个用于创建或存储私钥的位置,即使发生 Root 权限被窃取的情况,这些私钥也无法从设备中导出。</li>
+
+ <li><strong>NO_NEW_PRIVS。</strong>
+在执行应用代码之前,Android Zygote 现在会先使用 prctl(PR_SET_NO_NEW_PRIVS) 禁止添加新权限。这可以防止 Android 应用执行可通过 execve 提权的操作。(此功能需要使用 3.5 或更高版本的 Linux 内核)。</li>
+
+ <li><strong>FORTIFY_SOURCE 增强功能。
+</strong>Android x86 和 MIPS 上启用了 FORTIFY_SOURCE,并增强了 strchr()、strrchr()、strlen() 和 umask() 调用。这可以检测潜在的内存损坏漏洞或没有结束符的字符串常量。</li>
+
+ <li><strong>迁移保护。
+</strong>针对静态关联的可执行文件启用了只读迁移 (relro) 技术,并移除了 Android 代码中的所有文本迁移技术。这可以深度防范潜在的内存损坏漏洞。</li>
+
+ <li><strong>经过改进的 EntropyMixer。
+</strong>除了定期执行混合操作之外,EntropyMixer 现在还会在关机/重新启动时写入熵。这样一来,便可以保留设备开机时生成的所有熵,而这对于配置之后立即重新启动的设备来说尤其有用。</li>
+
+ <li><strong>安全漏洞修复程序。
+</strong>Android 4.3 中还包含针对 Android 特有漏洞的修复程序。有关这些漏洞的信息已提供给“开放手机联盟”(Open Handset Alliance) 成员,并且 Android 开放源代码项目中提供了相应的修复程序。为了提高安全性,搭载更低版本 Android 的某些设备可能也会包含这些修复程序。</li>
+</ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/enhancements/enhancements44.html b/zh-cn/security/enhancements/enhancements44.html
new file mode 100644
index 0000000..07d7de7
--- /dev/null
+++ b/zh-cn/security/enhancements/enhancements44.html
@@ -0,0 +1,49 @@
+<html devsite><head>
+ <title>Android 4.4 中的安全增强功能</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>每个 Android 版本中都包含数十种用于保护用户的安全增强功能。以下是 Android 4.4 中提供的一些安全增强功能:</p>
+
+<ul>
+ <li><strong>通过 SELinux 得到增强的 Android 沙盒。</strong>
+Android 现在以强制模式使用 SELinux。SELinux 是 Linux 内核中的强制访问控制 (MAC) 系统,用于增强基于自主访问控制 (DAC) 的现有安全模型。这为防范潜在的安全漏洞提供了额外的保护屏障。</li>
+
+ <li><strong>按用户应用 VPN。</strong>
+多用户设备上现在按用户应用 VPN。这样一来,用户就可以通过一个 VPN 路由所有网络流量,而不会影响使用同一设备的其他用户。</li>
+
+ <li><strong>AndroidKeyStore 中的 ECDSA 提供程序支持。
+</strong>Android 现在有一个允许使用 ECDSA 和 DSA 算法的密钥库提供程序。</li>
+
+ <li><strong>设备监测警告。</strong>
+如果有任何证书添加到可允许监测已加密网络流量的设备证书库中,Android 都会向用户发出警告。</li>
+
+ <li><strong>FORTIFY_SOURCE。</strong>
+Android 现在支持 FORTIFY_SOURCE 第 2 级,并且所有代码在编译时都会受到这些保护。FORTIFY_SOURCE 已得到增强,能够与 Clang 配合使用。</li>
+
+ <li><strong>证书锁定。</strong>
+Android 4.4 能够检测安全的 SSL/TLS 通信中是否使用了欺诈性 Google 证书,并且能够阻止这种行为。</li>
+
+ <li><strong>安全漏洞修复程序。</strong>
+Android 4.4 中还包含针对 Android 特有漏洞的修复程序。有关这些漏洞的信息已提供给“开放手机联盟”(Open Handset Alliance) 成员,并且 Android 开放源代码项目中提供了相应的修复程序。为了提高安全性,搭载更低版本 Android 的某些设备可能也会包含这些修复程序。</li>
+
+</ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/enhancements/enhancements50.html b/zh-cn/security/enhancements/enhancements50.html
new file mode 100644
index 0000000..a6fc26f
--- /dev/null
+++ b/zh-cn/security/enhancements/enhancements50.html
@@ -0,0 +1,38 @@
+<html devsite><head>
+ <title>Android 5.0 中的安全增强功能</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>每个 Android 版本中都包含数十种用于保护用户的安全增强功能。以下是 Android 5.0 中提供的一些主要安全增强功能:</p>
+
+<ul>
+ <li><strong>默认加密:</strong> 在以开箱即用的方式搭载 L 的设备上,会默认启用全盘加密功能,以便更好地保护丢失设备或被盗设备上的数据。对于更新到 L 的设备,可以在<strong>设置</strong> > <strong>安全性</strong>部分进行加密。
+ </li><li><strong>经过改进的全盘加密功能:</strong> 使用 <code>scrypt</code> 保护用户密码免遭暴力破解攻击;在可能的情况下,该密钥会绑定到硬件密钥库,以防范来自设备外的攻击。和以往一样,Android 屏幕锁定密钥和设备加密密钥不会被发送到设备以外,也不会提供给任何应用。
+ </li><li><strong>通过 SELinux 得到增强的 Android 沙盒</strong>:对于所有域,Android 现在都要求 SELinux 处于强制模式。SELinux 是 Linux 内核中的强制访问控制 (MAC) 系统,用于增强现有的自主访问控制 (DAC) 安全模型。这个新层为防范潜在的安全漏洞提供了额外的保护屏障。
+ </li><li><strong>Smart Lock:</strong>Android 现在包含一些 Trustlet,它们可以提供更灵活的设备解锁方式。例如,Trustlet 可让设备在靠近其他可信设备(通过 NFC、蓝牙)时或用户拥有可信面孔时自动解锁。
+ </li><li><strong>面向手机和平板电脑的多用户功能、受限个人资料和访客模式:</strong> Android 现在为手机提供了多用户功能,并包含一个访客模式。利用访客模式,您可以让访客轻松地临时使用您的设备,而不向他们授予对您的数据和应用的访问权限。
+ </li><li><strong>不使用 OTA 的 WebView 更新方式:</strong> 现在可以独立于框架对 WebView 进行更新,而且无需使用系统 OTA。这有助于更快速地应对 WebView 中的潜在安全问题。
+ </li><li><strong>经过更新的 HTTPS 和 TLS/SSL 加密功能</strong>:现在启用了 TLSv1.2 和 TLSv1.1,首选是正向加密,启用了 AES-GCM,停用了弱加密套件(MD5、3DES 和导出密码套件)。如需更多详细信息,请访问 <a href="https://developer.android.com/reference/javax/net/ssl/SSLSocket.html">https://developer.android.com/reference/javax/net/ssl/SSLSocket.html</a>。
+ </li><li><strong>移除了非 PIE 链接器支持:</strong> Android 现在要求所有动态链接的可执行文件都要支持 PIE(位置无关可执行文件)。这有助于增强 Android 的地址空间布局随机化 (ASLR) 实现。
+ </li><li><strong>FORTIFY_SOURCE 改进:</strong> 以下 libc 函数现在实现了 FORTIFY_SOURCE 保护功能:<code>stpcpy()</code>、<code>stpncpy()</code>、<code>read()</code>、<code>recvfrom()</code>、<code>FD_CLR()</code>、<code>FD_SET()</code> 和 <code>FD_ISSET()</code>。这有助于防范涉及这些函数的内存损坏漏洞。
+ </li><li><strong>安全修复程序:</strong> Android 5.0 中还包含针对 Android 特有漏洞的修复程序。有关这些漏洞的信息已提供给“开放手机联盟”(Open Handset Alliance) 成员,并且 Android 开放源代码项目中提供了相应的修复程序。为了提高安全性,搭载更低版本 Android 的某些设备可能也会包含这些修复程序。
+</li></ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/enhancements/enhancements60.html b/zh-cn/security/enhancements/enhancements60.html
new file mode 100644
index 0000000..91d7374
--- /dev/null
+++ b/zh-cn/security/enhancements/enhancements60.html
@@ -0,0 +1,35 @@
+<html devsite><head>
+ <title>Android 6.0 中的安全增强功能</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>每个 Android 版本中都包含数十种用于保护用户的安全增强功能。以下是 Android 6.0 中提供的一些主要安全增强功能:</p>
+<ul>
+ <li><strong>运行时权限</strong>:应用在运行时请求权限,而不是在安装时被授予权限。用户可以为 M 及更低版本的 Android 应用启用和停用权限。</li>
+ <li><strong>验证启动</strong>:在执行系统软件之前,先对其进行一系列加密检查,以确保手机从引导加载程序到操作系统均处于正常状况。</li>
+ <li><strong>硬件隔离安全措施</strong>:新的硬件抽象层 (HAL),Fingerprint API、锁定屏幕、设备加密功能和客户端证书可以利用它来保护密钥免遭内核入侵和/或现场攻击。</li>
+ <li><strong>指纹</strong>:现在,只需触摸一下,即可解锁设备。开发者还可以借助新的 API 来使用指纹锁定和解锁加密密钥。</li>
+ <li><strong>加装 SD 卡</strong>:<em></em>可将移动媒体设备加装到设备上,以便扩展可用存储空间来存放本地应用数据、照片、视频等内容,但仍受块级加密保护。</li>
+ <li><strong>明文流量</strong>:开发者可以使用新的 StrictMode 来确保其应用不会使用明文。</li>
+ <li><strong>系统加固</strong>:通过由 SELinux 强制执行的政策对系统进行加固。这可以实现更好的用户隔离和 IOCTL 过滤、降低可从设备/系统之外访问的服务面临的威胁、进一步强化 SELinux 域,以及高度限制对 /proc 的访问。</li>
+ <li><strong>USB 访问控制</strong>:必须由用户确认是否允许通过 USB 访问手机上的文件、存储空间或其他功能。<em></em>现在,默认设置是“仅充电”,如果要访问存储空间,必须获得用户的明确许可。</li>
+</ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/enhancements/enhancements70.html b/zh-cn/security/enhancements/enhancements70.html
new file mode 100644
index 0000000..161586e
--- /dev/null
+++ b/zh-cn/security/enhancements/enhancements70.html
@@ -0,0 +1,37 @@
+<html devsite><head>
+ <title>Android 7.0 中的安全增强功能</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>每个 Android 版本中都包含数十项用于保护用户的安全增强功能。以下是 Android 7.0 中提供的一些主要安全增强功能:</p>
+
+<ul>
+ <li><strong>文件级加密</strong>:在文件级进行加密,而不是将整个存储区域作为单个单元进行加密。这种加密方式可以更好地隔离和保护设备上的不同用户和资料(例如个人资料和工作资料)。</li>
+ <li><strong>直接启动</strong>:通过文件级加密实现,允许特定应用(例如,闹钟和无障碍功能)在设备已开机但未解锁的情况下运行。</li>
+ <li><strong>验证启动</strong>:现在,验证启动会被严格强制执行,从而使遭到入侵的设备无法启动;验证启动支持纠错功能,有助于更可靠地防范非恶意数据损坏。</li>
+ <li><strong>SELinux</strong>:更新后的 SELinux 配置和更高的 Seccomp 覆盖率有助于进一步锁定应用沙盒并减小受攻击面。</li>
+ <li><strong>库加载顺序随机化和经过改进的 ASLR</strong>:更高的随机性可以使一些代码重用攻击得逞的难度增大。</li>
+ <li><strong>内核加固</strong>:通过将内核内存的各个分区标记为只读,限制内核对用户空间地址的访问,并进一步减小现有的受攻击面,为更高版本的内核添加额外的内存保护。</li>
+ <li><strong>APK 签名方案 v2</strong>:引入了一种全文件签名方案,该方案有助于加快验证速度并增强完整性保证。</li>
+ <li><strong>可信 CA 商店</strong>:为了使应用更轻松地控制对其安全网络流量的访问,对于目标 API 级别为 24+ 的应用来说,用户安装的证书授权中心以及通过 Device Admin API 安装的证书授权中心默认情况下不再可信。此外,所有新的 Android 设备必须搭载相同的可信 CA 存储区。</li>
+ <li><strong>网络安全配置</strong>:通过声明式配置文件来配置网络安全设置和传输层安全协议 (TLS)。</li>
+</ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/enhancements/index.html b/zh-cn/security/enhancements/index.html
new file mode 100644
index 0000000..85adadd
--- /dev/null
+++ b/zh-cn/security/enhancements/index.html
@@ -0,0 +1,25 @@
+<html devsite><head>
+ <title>安全增强功能</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 一直在不断改进其安全功能和产品/服务。您可以在左侧导航栏中查看各个版本的增强功能列表。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/index.html b/zh-cn/security/index.html
new file mode 100644
index 0000000..e6999af
--- /dev/null
+++ b/zh-cn/security/index.html
@@ -0,0 +1,108 @@
+<html devsite><head>
+ <title>安全</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 采用了业界领先的安全功能,并与开发者和设备实现人员密切合作,以确保 Android 平台和生态系统的安全。要打造一个由基于 Android 平台以及围绕 Android 平台开发且由云服务提供支持的应用和设备组成的强大生态系统,稳定可靠的安全模型至关重要。为此,在整个开发生命周期内,Android 都遵循了严格的安全计划。
+</p>
+<p>
+<strong>Android 是一款开放的系统</strong>。Android 应用使用通过 Android 平台提供的先进硬件和软件以及本地数据和收到的数据,为消费者带来创新和价值。为了实现这一价值,Android 平台提供了一个应用环境,该环境可以保护用户、数据、应用、设备和网络的机密性、完整性与可用性。
+</p>
+<p>保障开放平台的安全需要强大的安全架构和严格的安全程序。Android 采用了一个多层安全模型,该模型非常灵活,能够在支持开放平台的同时保护平台的所有用户。如需关于报告安全问题以及关于更新流程的信息,请参阅<a href="/security/overview/updates-resources.html">安全更新和资源</a>。
+</p>
+<p>
+<strong>Android 适合开发者使用</strong>。Android 中设计了多种旨在减轻开发者负担的安全控制机制。精通安全技术的开发者可以轻松使用并依赖灵活的安全控制机制。不太熟悉安全技术的开发者则由默认的安全机制提供保护。
+</p>
+<p>除了提供一个稳定的平台来供开发者开发应用之外,Android 还以多种方式为开发者提供其他支持。Android 安全团队会检查应用中是否存在潜在漏洞,并会提出关于如何解决这些问题的建议。对于带有 Google Play 的设备,Play 服务会为关键软件库(例如,用于保障应用通信安全的 OpenSSL)提供安全更新。Android 安全团队发布了一款用于测试 SSL 的工具 (<a href="https://github.com/google/nogotofail">Nogotofail</a>),该工具可以协助开发者发现潜在的安全问题,无论他们是在使用什么平台进行开发。
+</p>
+<p>如需面向 Android 应用开发者的更多信息,请访问 <a href="https://developer.android.com/training/best-security.html">developer.android.com</a>。
+</p>
+<p>
+<strong>Android 适合用户使用</strong>。用户可以查看每个应用请求的权限,并可以对这些权限加以控制。这种设计考虑到了攻击者可能会尝试进行一些常见的攻击,例如,诱使设备用户安装恶意软件的社会工程攻击,以及对 Android 上的第三方应用的攻击。Android 能够降低受到这些攻击的可能性,并能够大大限制攻击成功时造成的影响。在设备到达用户手中后,Android 的安全性将会不断提升:Android 会与<a href="/security/overview/acknowledgements.html">合作伙伴和公众</a>密切合作,为还在继续接收安全更新的所有 Android 设备提供补丁程序。
+</p>
+<p>如需面向最终用户的更多信息,请访问 <a href="https://support.google.com/nexus/answer/6172890">Nexus 帮助中心</a>、<a href="https://support.google.com/pixelphone/answer/6172890">Pixel 帮助中心</a>或设备制造商的帮助中心。
+</p>
+<p>本文档概述了 Android 安全计划的目标,介绍了 Android 安全架构方面的基础知识,并解答了对系统架构师和安全分析人员来说最相关的问题。本文档重点介绍 Android 核心平台的安全功能,而不是讨论具体应用特有的安全问题,例如,与浏览器或短信应用相关的问题。
+</p>
+
+<h2 id="background">背景</h2>
+<p>Android 提供了一个适用于移动设备的开放源代码平台和应用环境。
+</p>
+<p>以下各个部分和页面介绍了 Android 平台的安全功能。<em></em>图 1 总结了 Android 软件堆栈各个层的安全组件和注意事项。每个组件都假定下面的组件均已采取适当的安全措施。除了作为 Root 代码运行的少量 Android 操作系统代码外,Linux 内核上方的所有代码都受应用沙盒的限制。
+</p>
+
+<p><img alt="图 1:Android 软件堆栈" src="images/android_software_stack.png"/></p>
+<p class="img-caption">
+<strong>图 1</strong>. Android 软件堆栈。
+</p>
+<p>Android 平台的主要构造块包括:</p>
+<ul>
+ <li><strong>设备硬件</strong>:Android 能够在多种硬件配置中运行,其中包括智能手机、平板电脑、手表、汽车、智能电视、OTT 游戏盒和机顶盒。Android 独立于处理器,但它确实利用了一些针对硬件的安全功能,例如 ARM eXecute-Never。</li>
+ <li><strong>Android 操作系统</strong>:核心操作系统是在 Linux 内核之上构建的。所有设备资源(例如,摄像头功能、GPS 数据、蓝牙功能、电话功能、网络连接等)都通过该操作系统访问。</li>
+ <li><strong>Android 应用运行时</strong>:Android 应用通常都是使用 Java 编程语言编写的,并在 Android 运行时 (ART) 中运行。不过,仍有许多应用(包括核心 Android 服务和应用)是本机应用或包含本机库。ART 和本机应用在相同的安全环境中运行(包含在应用沙盒内)。应用在文件系统中有一个专用部分,它们可以在其中写入私密数据,包括数据库和原始文件。</li>
+</ul>
+<p>Android 应用扩展了 Android 核心操作系统。应用有两个主要来源:</p>
+<ul>
+ <li><strong>预先安装的应用</strong>:Android 包括一套预先安装的应用,其中包括电话、电子邮件、日历、网络浏览器和通讯录应用。这些应用不仅能够用作用户应用,而且能够提供可供其他应用访问的关键设备功能。预先安装的应用可能是开放源代码 Android 平台的一部分,也可能是由具体设备的制造商开发的。</li>
+ <li><strong>用户安装的应用</strong>:Android 提供了一个支持任何第三方应用的开放式开发环境。Google Play 为用户提供了数十万款应用。</li>
+</ul>
+
+<h2 id="google-security-services">Google 安全服务</h2>
+<p>Google 提供了一套基于云的服务,用户可通过 <a href="https://www.android.com/gms/">Google 移动服务</a>将这些服务安装到兼容的 Android 设备上。虽然这些服务不是 Android 开放源代码项目的一部分,但它们包含在许多 Android 设备中。如需关于其中部分服务的更多信息,请参阅 Android 安全团队发布的 <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf">2015 年年度回顾报告</a>。
+</p>
+<p>Google 的主要安全服务包括:</p>
+<ul>
+ <li><strong>Google Play</strong>:Google Play 是一系列服务的总称。借助这些服务,用户可以通过自己的 Android 设备或网络发现、安装和购买应用。Google Play 可让开发者轻松覆盖 Android 用户和潜在客户。此外,Google Play 还提供社区审核、应用<a href="https://developer.android.com/guide/publishing/licensing.html">许可验证</a>、应用安全扫描以及其他安全服务。</li>
+ <li><strong>Android 更新</strong>:Android 更新服务可为某些 Android 设备提供新功能和安全更新,其中包括通过网络或无线下载 (OTA) 方式提供的更新。</li>
+ <li><strong>应用服务</strong>:可让 Android 应用使用云功能的框架,例如应用数据和设置<a href="https://developer.android.com/guide/topics/data/backup.html">备份</a>功能,以及用于推送消息的云端至设备消息传递功能 (<a href="https://developers.google.com/cloud-messaging/">C2DM</a>)。</li>
+ <li><strong>验证应用</strong>:在用户安装有害应用时发出警告或自动阻止安装;持续扫描设备上的应用,并在发现<a href="https://support.google.com/accounts/answer/2812853">有害应用</a>时发出警告或将其移除。
+ </li>
+ <li><strong>SafetyNet</strong>:一款旨在保护隐私的入侵检测系统,能够帮助 Google 跟踪和降低已知的安全威胁,并能够发现新的安全威胁。</li>
+ <li><strong>SafetyNet Attestation</strong>:用于确定设备是否与 CTS 兼容的第三方 API。<a href="http://developer.android.com/training/safetynet/index.html">Attestation</a> 还可以协助识别与应用服务器通信的 Android 应用。</li>
+ <li><strong>Android 设备管理器</strong>:既是一款<a href="https://www.google.com/android/devicemanager">网络应用</a>,也是一款 <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.adm">Android 应用</a>,用于寻找丢失的设备或被盗的设备。</li>
+</ul>
+
+<h2 id="security-program-overview">安全计划概述</h2>
+<p>Android 安全计划的关键组成部分包括:</p>
+<ul>
+ <li><strong>设计审核</strong>:Android 安全流程在开发生命周期的早期便开始了,并会在这一阶段创建大量的可配置安全模型和设计。平台的每项主要功能都会由工程和安全资源进行审核,并且适当的安全控制机制会被集成到系统架构中。</li>
+ <li><strong>渗透测试和代码审核</strong>:在平台开发期间,Android 创建的组件和开放源代码组件都要接受严格的安全审核。这些审核由 Android 安全团队、Google 的信息安全工程团队和独立的安全顾问进行。这些审核的目标是在主要版本发布之前找出存在的缺陷和可能的漏洞,并模拟将由外部安全专家在平台发布时进行的各种类型的分析。</li>
+ <li><strong>开放源代码和社区审核</strong>:Android 开放源代码项目允许任何感兴趣者对其进行广泛的安全审核。Android 还使用已经过重要外部安全审核的开放源代码技术,例如 Linux 内核。Google Play 面向用户和公司开设了一个论坛,以便直接向用户提供与具体应用相关的信息。</li>
+ <li><strong>事件响应</strong>:即使采取了所有这些预防措施,平台发布后也仍可能会出现安全问题,为此,Android 项目制定了一个全面的安全响应流程。Android 安全团队有全职成员负责监控用于讨论潜在漏洞的 Android 专用安全社区和一般安全社区,并且他们会查看提交到 Android 错误数据库中的<a href="/security/overview/updates-resources.html#android_security_bug_lifecycle">安全错误</a>。发现确实存在的问题后,Android 团队会启动响应流程,以便快速修复漏洞,确保将所有 Android 用户面临的潜在风险降至最低。这些云支持的响应可能包括更新 Android 平台(无线下载更新)、从 Google Play 中移除应用,以及从现场设备中移除应用。</li>
+ <li><strong>每月安全更新</strong>:Android 安全团队会为 Google Nexus 设备和所有设备制造合作伙伴提供<a href="/security/bulletin/index.html">每月更新</a>。</li>
+</ul>
+
+<h2 id="platform-security-architecture">平台安全架构</h2>
+<p>通过将传统的操作系统安全控制机制扩展到以下用途,Android 致力于成为最安全、最实用的移动平台操作系统:</p>
+<ul>
+ <li>保护应用和用户数据</li>
+ <li>保护系统资源(包括网络)</li>
+ <li>将应用同系统、其他应用和用户隔离开来</li>
+</ul>
+<p>为了实现这些目标,Android 提供了以下关键安全功能:</p>
+<ul>
+ <li>通过 Linux 内核在操作系统级别提供的强大安全功能</li>
+ <li>针对所有应用的强制性应用沙盒</li>
+ <li>安全的进程间通信</li>
+ <li>应用签名</li>
+ <li>应用定义的权限和用户授予的权限</li>
+</ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/keystore/features.html b/zh-cn/security/keystore/features.html
new file mode 100644
index 0000000..1292e1b
--- /dev/null
+++ b/zh-cn/security/keystore/features.html
@@ -0,0 +1,217 @@
+<html devsite><head>
+ <title>功能</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>本页中包含与 Android 6.0 中 <a href="index.html">Keystore</a> 的功能相关的信息。</p>
+
+<h2 id="cryptographic_primitives">加密基元</h2>
+
+<p>Keystore 能够提供以下类别的操作:</p>
+
+<ul>
+ <li>生成密钥</li><li>导入和导出不对称密钥(无密钥包装)</li><li>导入原始对称密钥(同样无包装)</li><li>使用适当的填充模式进行不对称加密和解密</li><li>使用摘要和适当的填充模式进行不对称签名和验证</li><li>以适当模式(包括 AEAD 模式)进行对称加密和解密</li><li>生成和验证对称消息验证码</li></ul>
+
+<p>生成或导入密钥时,必须指定协议元素(例如,目的、模式和填充,以及<a href="#key_access_control">访问控制限制</a>),这些元素会永久绑定到相应密钥,以确保无法以任何其他方式使用相应密钥。</p>
+
+<p>除了上面列出的操作外,Keymaster 实现还必须再提供一项服务,即随机数生成服务,但该服务并不作为 API 进行提供。该服务仅供在内部使用,用于生成密钥、初始化矢量 (IV)、随机填充,以及其他需要具有随机性的安全协议元素。</p>
+
+<h2 id="required_primitives">必需的基元</h2>
+
+<p>所有实现都必须提供:</p>
+
+<ul>
+ <li><a href="http://en.wikipedia.org/wiki/RSA_(cryptosystem)">RSA</a>
+ <ul>
+ <li>必须支持 2048 位、3072 位和 4096 位密钥</li><li>支持公开指数 F4 (2^16+1)</li><li>对于 RSA 签名,必需的填充模式为:<ul>
+ <li>无填充(已弃用,将于日后移除)</li><li>RSASSA-PSS (<code>KM_PAD_RSA_PSS</code>)</li><li>RSASSA-PKCS1-v1_5 (<code>KM_PAD_RSA_PKCS1_1_5_SIGN</code>)</li></ul>
+ </li><li>对于 RSA 签名,必需的摘要模式为:<ul>
+ <li>无摘要(已弃用,将于日后移除)</li><li>SHA-256</li></ul>
+ </li><li>对于 RSA 加密/解密,必需的填充模式为:<ul>
+ <li>无填充</li><li>RSAES-OAEP (<code>KM_PAD_RSA_OAEP</code>)</li><li>RSAES-PKCS1-v1_5 (<code>KM_PAD_RSA_PKCS1_1_5_ENCRYPT</code>)</li></ul>
+ </li></ul>
+ </li><li><a href="http://en.wikipedia.org/wiki/Elliptic_Curve_DSA">ECDSA</a>
+ <ul>
+ <li>必须支持 224 位、256 位、384 位和 521 位密钥,分别使用 NIST P-224、P-256、P-384 和 P-521 曲线</li><li>对于 ECDSA,必需的摘要模式为:<ul>
+ <li>无摘要(已弃用,将于日后移除)</li><li>SHA-256</li></ul>
+ </li></ul>
+ </li><li><a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">AES</a>
+ <ul>
+ <li>必须提供 128 位和 256 位密钥</li><li><a href="http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_chaining_.28CBC.29">CBC</a>、CTR、ECB 和 GCM。GCM 实现不得允许使用少于 96 位的标记,也不得允许使用 96 位以外的随机数长度。
+ </li><li>对于 CBC 和 ECB 模式,必须支持填充模式 <code>KM_PAD_NONE</code> 和 <code>KM_PAD_PKCS7</code>。采用“无填充”时,如果输入的不是分块大小的倍数,CBC 或 ECB 模式的加密必须失败。
+ </li></ul>
+ </li><li><a href="http://en.wikipedia.org/wiki/Hash-based_message_authentication_code">HMAC</a> <a href="http://en.wikipedia.org/wiki/SHA-2">SHA-256</a>,其中任意密钥均不得短于 32 个字节。
+</li></ul>
+
+<p>强烈建议(但并不强制要求)提供 SHA1,以及 SHA2 系列的其他成员(SHA-224、SHA384 和 SHA512)。如果硬件 Keymaster 实现未提供这些内容,Keystore 将在软件中提供它们。</p>
+
+<p>此外,为了实现与其他系统的互用性,还建议提供以下基元:</p>
+
+<ul>
+ <li>适用于 RSA 的较小密钥大小</li><li>适用于 RSA 的任意公开指数</li></ul>
+
+<h2 id="key_access_control">密钥访问控制</h2>
+
+<p>如果攻击者可以随意使用在任何情况下都无法从设备获取的基于硬件的密钥,那么此类密钥将无法提供太多的安全性(尽管它们比可被窃取的密钥更安全)。<em></em>因此,Keystore 强制执行访问控制至关重要。</p>
+
+<p>访问控制指的是由“标记/值”对组成的“授权列表”。授权标记是 32 位整数,其值有多种类型。有些标记可以重复使用,以指定多个值。某个标记是否可重复使用是在关于该标记的文档中指定的。密钥创建好后,调用程序会指定一个授权列表。Keymaster 实现使用的底层 Keystore 将会修改该列表,以指定一些额外的信息(例如,密钥是否有防回滚保护),并且会返回一个“最终”授权列表(编码到返回的密钥 Blob 中)。如果最终授权列表被修改了,那么任何尝试使用相应密钥进行任何加密操作的行为都必须失败。</p>
+
+<p>枚举 <code>keymaster_authorization_tag_t</code> 中定义了一组可能的标记,这组标记必须永远保持不变(不过可进行扩展)。这些标记的名称带有 <code>KM_TAG_</code> 前缀。标记 ID 的前四位用于指明类型。</p>
+
+<p>可能的类型包括:</p>
+
+<p><strong><code>KM_ENUM</code>:</strong>很多标记的值都是在枚举中定义的。例如,<code>KM_TAG_PURPOSE</code> 的可能值是在枚举 <code>keymaster_purpose_t</code> 中定义的。</p>
+
+<p><strong><code>KM_ENUM_REP</code></strong>:与 <code>KM_ENUM</code> 相同,不过此标记可在授权列表中重复使用。重复使用此标记表明有多个已获授权的值。例如,某个加密密钥可能有 <code>KM_PURPOSE_ENCRYPT</code> 和 <code>KM_PURPOSE_DECRYPT</code>。</p>
+
+<p><strong><code>KM_UINT</code>:</strong>32 位未签名整数。例如:<code>KM_TAG_KEY_SIZE</code></p>
+
+<p><strong><code>KM_UINT_REP</code></strong>:与 <code>KM_UINT</code> 相同,不过此标记可在授权列表中重复使用。重复使用此标记表明有多个已获授权的值。</p>
+
+<p><strong><code>KM_ULONG</code></strong>:64 位未签名整数。例如:<code>KM_TAG_RSA_PUBLIC_EXPONENT</code></p>
+
+<p><strong><code>KM_ULONG_REP</code></strong>:与 <code>KM_ULONG</code> 相同,不过此标记可在授权列表中重复使用。重复使用此标记表明有多个已获授权的值。</p>
+
+<p><strong><code>KM_DATE</code></strong>:日期/时间值,以距 1970 年 1 月 1 日的毫秒数表示。例如:<code>KM_TAG_PRIVKEY_EXPIRE_DATETIME</code></p>
+
+<p><strong><code>KM_BOOL</code></strong>:True 或 False。对于 <code>KM_BOOL</code> 类型的标记,如果不存在则被视为“false”,如果存在则被视为“true”。例如:<code>KM_TAG_ROLLBACK_RESISTANT</code></p>
+
+<p><strong><code>KM_BIGNUM</code></strong>:任意长度的整数,以字节数数组表示(采用大端字节存)。例如:<code>KM_TAG_RSA_PUBLIC_EXPONENT</code></p>
+
+<p><strong><code>KM_BYTES</code></strong>:一系列字节数。例如:<code>KM_TAG_ROOT_OF_TRUST</code></p>
+
+<h3 id="hardware_vs_software_enforcement">硬件与软件强制执行</h3>
+
+<p>并非所有安全硬件都将实现相同的功能。为了支持多种方法,Keymaster 1.0 会对安全域和非安全域访问控制强制执行(分别称为硬件强制执行和软件强制执行)加以区分。</p>
+
+<p>实现必须:</p>
+
+<ul>
+
+ <li>强制执行所有授权完全匹配(不是强制执行所有授权)。密钥 Blob 中的授权列表必须与密钥生成期间返回的授权完全匹配(包括顺序)。如有任何不匹配,必须导致进行错误诊断。
+
+ </li><li>声明语义值会被强制执行的授权。
+
+</li></ul>
+
+<p>用于声明由硬件强制执行的授权的 API 机制位于 <code>keymaster_key_characteristics_t</code> 结构中。它将授权列表划分成两个子列表:<code>hw_enforced</code> 和 <code>sw_enforced</code>。安全硬件负责根据它可以强制执行的内容在每个子列表中放入适当的值。</p>
+
+<p>此外,Keystore 会实现基于软件强制执行所有授权,无论它们是否由安全硬件强制执行。<em></em></p>
+
+<p>让我们以一个不支持密钥过期日期且基于 TrustZone 的实现为例。实现仍可能会创建一个具有过期日期的密钥。该密钥的授权列表将包含具有过期日期的 <code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code> 标记。向 Keystore 发出的密钥特性请求将会在 <code>sw_enforced</code> 列表中找到此标记,并且安全硬件不会强制执行过期日期要求。不过,如果尝试在过期日期之后使用该密钥,则会被 Keystore 拒绝。</p>
+
+<p>如果设备随后进行了升级,采用了不支持过期日期的安全硬件,那么密钥特性请求将会在 <code>hw_enforced</code> 列表中找到 <code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code>,并且即使以某种方式破坏或规避 Keystore,尝试在过期日期之后使用相应密钥也会失败。</p>
+
+<h3 id="cryptographic_message_construction_authorizations">加密消息构建授权</h3>
+
+<p>以下标记用于定义使用关联密钥的操作的加密特性:<code>KM_TAG_ALGORITHM</code>、<code>KM_TAG_KEY_SIZE</code>、<code>KM_TAG_BLOCK_MODE</code>、<code>KM_TAG_PADDING</code>、<code>KM_TAG_CALLER_NONCE</code> 和 <code>KM_TAG_DIGEST</code></p>
+
+<p><code>KM_TAG_PADDING</code>、<code>KM_TAG_DIGEST</code> 和 <code>KM_PAD_BLOCK_MODE</code> 可重复使用,这意味着可以将多个值与一个密钥相关联,并且要使用的值将在操作时指定。</p>
+
+<h3 id="purpose">目的</h3>
+
+<p>密钥有一组关联的目的,这些目的以一个或多个带有 <code>KM_TAG_PURPOSE</code> 标记(用于定义可以如何使用相应密钥)的授权条目表示。这些目的是:</p>
+
+<ul>
+ <li><code>KM_PURPOSE_ENCRYPT</code>
+ </li><li><code>KM_PURPOSE_DECRYPT</code>
+ </li><li><code>KM_PURPOSE_SIGN</code>
+ </li><li><code>KM_PURPOSE_VERIFY</code>
+</li></ul>
+
+<p>任意密钥都可以具有这些目的任意组合。请注意,有些组合会带来安全问题。例如,如果某个 RSA 密钥可用于加密和签名,那么能够诱使系统解密任意数据的攻击者就可以利用该密钥来生成签名。</p>
+
+<h3 id="import_and_export">导入和导出</h3>
+
+<p>Keymaster 仅支持以 X.509 格式导出公钥,并支持:</p>
+
+<ul>
+ <li>以未采用密码加密的 DER 编码 PKCS#8 格式导入公钥和私钥对</li><li>以原始字节形式导入对称密钥</li></ul>
+
+<p>为了确保导入的密钥可与安全生成的密钥区分开来,相应密钥授权列表中会包含 <code>KM_TAG_ORIGIN</code>。例如,如果密钥是在安全硬件中生成的,<code>hw_enforced</code> 密钥特性列表中将有值为 <code>KM_ORIGIN_GENERATED</code> 的 <code>KM_TAG_ORIGIN</code>,如果密钥是导入到安全硬件中的,值将为 <code>KM_ORIGIN_IMPORTED</code>。</p>
+
+<h3 id="user_authentication">用户身份验证</h3>
+
+<p>安全的 Keymaster 实现不会实现用户身份验证,但会依赖于其他实现用户身份验证的可信应用。对于必须由这些应用实现的接口,请参阅 Gatekeeper 页面。</p>
+
+<p>用户身份验证要求是通过两组标记指定的。第一组用于指明哪些用户可以使用相应密钥:</p>
+
+<ul>
+ <li><code>KM_TAG_ALL_USERS</code> 表示所有用户都可以使用相应密钥。如果有此标记,则不得有 <code>KM_TAG_USER_ID</code> 和 <code>KM_TAG_SECURE_USER_ID</code>。
+ </li><li><code>KM_TAG_USER_ID</code> 有一个数字值,用于指定已获授权用户的 ID。请注意,此值是 Android 用户 ID(适用于多用户环境)而非应用 UID,且仅由非安全软件强制执行。如果有此标记,则不得有 <code>KM_TAG_ALL_USERS</code>。
+ </li><li><code>KM_TAG_SECURE_USER_ID</code> 有一个 64 位数字值,用于指定安全用户 ID。必须在安全身份验证令牌中提供该 ID,才能获得使用相应密钥的授权。在重复使用此标记的情况下,只要在安全身份验证令牌中提供了此标记的任何一个值,即可使用相应密钥。
+</li></ul>
+
+<p>第二组用于指明是否必须对用户进行身份验证以及何时进行验证。如果不存在以下任一标记,但有 <code>KM_TAG_SECURE_USER_ID</code>,则表示每次使用相应密钥时均需要经过身份验证。</p>
+
+<ul>
+ <li><code>KM_NO_AUTHENTICATION_REQUIRED</code> 表示无需进行任何用户身份验证,不过仍只有以通过 <code>KM_TAG_USER_ID</code> 指定的用户身份运行的应用可以使用相应密钥。</li><li><code>KM_TAG_AUTH_TIMEOUT</code> 是一个数字值,用于指定用户身份验证必须多新(以秒数计)才能授权使用相应密钥。此标记仅适用于私钥/密钥操作。公钥操作不需要进行身份验证。设备重新启动后超时将会失效;设备重新启动后,所有密钥的状态均为“从未经过身份验证”。可以将超时设为一个较大的值,以指明每次设备启动后只需进行一次身份验证(2^32 秒约为 136 年;Android 设备的重新启动时间间隔一般不会超过该值)。
+</li></ul>
+
+<h3 id="client_binding">客户端绑定</h3>
+
+<p>客户端绑定(即将密钥与特定客户端应用相关联)是通过一个可选客户端 ID 和一些可选客户端数据(分别是 <code>KM_TAG_APPLICATION_ID</code> 和 <code>KM_TAG_APPLICATION_DATA</code>)实现的。Keystore 会将这些值视为不透明 Blob,仅用于确保密钥生成/导入期间存在的 Blob 在每次使用相应密钥时都存在,并且每个字节都完全相同。客户端绑定数据不是由 Keymaster 返回的。调用程序必须知道这些数据,才能使用相应密钥。</p>
+
+<p>此功能未提供给应用。
+
+</p><h3 id="expiration">过期日期</h3>
+
+<p>Keystore 支持按日期限制密钥的使用。可以将密钥有效期开始日期和过期日期同密钥相关联,这样一来,如果当前日期/时间不在有效期范围内,Keymaster 将拒绝执行密钥操作。密钥有效期范围是使用 <code>KM_TAG_ACTIVE_DATETIME</code>、<code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code> 和 <code>KM_TAG_USAGE_EXPIRE_DATETIME</code> 标记指定的。“ORIGINATION”和“USAGE”之间的区别在于使用相应密钥是为了“生成”新的密文/签名/等,还是“使用”现有密文/签名/等。请注意,此区别未提供给应用。</p>
+
+<p><code>KM_TAG_ACTIVE_DATETIME</code>、<code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code> 和 <code>KM_TAG_USAGE_EXPIRE_DATETIME</code> 是可选标记。如果缺少这些标记,相应密钥会被视为可随时用于解密/验证消息。</p>
+
+<p>由于挂钟时间是由非安全域提供的,因此与过期日期相关的标记不可能位于由硬件强制执行的列表中。如果由硬件强制执行过期日期,将需要安全域以某种方式获取可信时间和数据,例如通过具有可信远程时间服务器的质询响应协议。</p>
+
+<h3 id="root_of_trust_binding">信任根绑定</h3>
+
+<p>Keystore 要求将密钥绑定到一个信任根。信任根是在启动期间提供给 Keymaster 安全硬件的一个位串(最好由引导加载程序提供)。该位串必须以加密形式绑定到由 Keymaster 管理的每个密钥。</p>
+
+<p>信任根包含一个公钥,该公钥用于验证启动映像上的签名和设备的锁定状态。如果该公钥被更改了(以允许使用不同的系统映像),或锁定状态发生了变化,之前的系统创建的受 Keymaster 保护的所有密钥都将无法再使用,除非之前的信任根已恢复并且通过相应密钥签名的系统已启动。这是为了确保由攻击者安装的操作系统无法使用 Keymaster 密钥,从而提高由软件强制执行的密钥访问控制所发挥的作用。</p>
+
+<h3 id="standalone_keys">独立密钥</h3>
+
+<p>有些 Keymaster 安全硬件可以将密钥材料存储在内部并返回句柄(而非经过加密的密钥材料)。也可能会存在相应密钥在一些其他非安全域或安全域系统组件可用之前无法使用的其他情况。Keymaster 1.0 HAL 允许调用程序通过 <code>KM_TAG_STANDALONE</code> 标记请求将密钥设为“独立”密钥,这意味着,除了 Blob 和运行中的 Keymaster 系统之外,不需要任何其他资源。要想知道某个密钥是否为独立密钥,可以查看与该密钥关联的标记。目前只为此标记定义了两个值:</p>
+
+<ul>
+ <li><code>KM_BLOB_STANDALONE</code>
+ </li><li><code>KM_BLOB_REQUIRES_FILE_SYSTEM</code>
+</li></ul>
+
+<p>此功能未提供给应用。
+
+</p><h3 id="velocity">使用时间间隔</h3>
+
+<p>密钥创建好后,可以通过 <code>KM_TAG_MIN_SECONDS_BETWEEN_OPS</code> 指定使用时间间隔上限。如果距离上次使用相应密钥执行操作的时间还没有超过 <code>KM_TAG_MIN_SECONDS_BETWEEN_OPS</code> 秒,TrustZone 实现将拒绝再次使用相应密钥执行加密操作。</p>
+
+<p>要实现使用时间间隔上限,一种非常简单的方法是创建一个用于存放密钥 ID 和上次使用时间戳的表格。该表格可能有大小限制,但必须能够容纳至少 16 个条目。如果该表格已被占满,并且没有任何可以更新或舍弃的条目,那么安全硬件实现必须“安全失败”,最好是拒绝所有受密钥使用时间间隔限制的密钥操作,直到其中一个条目过期为止。可设为所有条目在设备重新启动时过期。</p>
+
+<p>也可以通过 <code>KM_TAG_MAX_USES_PER_BOOT</code> 将密钥限制为每次设备启动后最多使用 n 次。<em></em>这也需要一个跟踪表格(必须能够容纳至少 4 个密钥),并且也必须能够安全失败。请注意,应用无法创建按设备启动限制使用次数的密钥。该功能不会在 Keystore 之外提供,而且仅用于系统操作。</p>
+
+<p>此功能未提供给应用。</p>
+
+<h3 id="random_number_generator_re-seeding">随机数生成器补种</h3>
+
+<p>由于安全硬件必须生成随机数(在密钥材料中使用)和初始化矢量 (IV),而且硬件随机数生成器可能并非始终可信,因此 Keymaster HAL 会提供一个接口,以便客户端提供额外的熵(将与生成的随机数混合在一起)。</p>
+
+<p>必须使用硬件随机数生成器作为主要种子来源,并且通过外部 API 提供的种子数据不能是生成数字时所用随机数据的唯一来源。此外,如果有任何一个种子来源不可预测,所使用的混合操作必须要确保随机输出不可预测。</p>
+
+<p>此功能未提供给应用,但可供框架使用。框架会定期为安全硬件提供从 Java SecureRandom 实例获取的其他熵。
+
+</p></body></html>
\ No newline at end of file
diff --git a/zh-cn/security/keystore/index.html b/zh-cn/security/keystore/index.html
new file mode 100644
index 0000000..a586cbe
--- /dev/null
+++ b/zh-cn/security/keystore/index.html
@@ -0,0 +1,55 @@
+<html devsite><head>
+ <title>由硬件支持的 Keystore</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>借助系统芯片 (SoC) 中提供的可信执行环境,Android 设备可以为 Android 操作系统、平台服务甚至是第三方应用提供由硬件支持的强大安全服务。寻求 Android 专用扩展程序的开发者应访问 <a href="https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.html">android.security.keystore</a>。</p>
+
+<p>Keystore 在 Android 6.0 中得到了<a href="features.html">显著增强</a>,不仅增加了对称加密基元(AES 和 HMAC),还增加了针对由硬件支持的密钥的访问控制系统。访问控制在密钥生成期间指定,并会在密钥的整个生命周期内被强制执行。可以将密钥限定为仅在用户通过身份验证后才可使用,并且只能用于指定的目的或只有在具有指定的加密参数时才可使用。如需更多信息,请参阅<a href="implementer-ref.html">面向实现人员的参考资料</a>。</p>
+
+<p>在 Android 6.0 之前的版本中,Android 已有一个非常简单的由硬件支持的加密服务 API(由 0.2 和 0.3 版的 Keymaster 硬件抽象层 (HAL) 提供)。该 Keystore 能够提供数字签名和验证操作,以及不对称签名密钥对的生成和导入操作。该 API 在许多设备上都已实现,但有许多安全目标无法只通过一个签名 API 来轻松达成。Android 6.0 中的 Keystore 在该 Keystore API 的基础上进行了扩展,能够提供更广泛的功能。</p>
+
+<h2 id="goals">目标</h2>
+
+<p>Android 6.0 Keystore API 和底层 Keymaster 1.0 HAL 的目标是提供一套基本的但足以满足需求的加密基元,以便使用访问受控且由硬件支持的密钥实现相关协议。</p>
+
+<p>除了扩大加密基元的范围外,Android 6.0 中的 Keystore 还增加了以下内容:</p>
+
+<ul>
+ <li>一种使用控制方案:用于限制密钥的使用,并降低因滥用密钥而导致安全性受损的风险</li><li>一种访问控制方案:用于限定只有指定的用户和客户端能够使用相应密钥,并且只能在定义的时间范围内使用</li></ul>
+
+<h2 id="architecture">架构</h2>
+
+<p>Keymaster HAL 是由原始设备制造商 (OEM) 提供的动态加载库,Keystore 服务使用它来提供由硬件支持的加密服务。HAL 实现不得在用户空间(甚至是内核空间)中执行任何敏感操作。敏感操作会被委派给通过某个内核接口连接的安全处理器。最终的架构如下所示:</p>
+
+<div align="center">
+ <img src="../images/access-to-keymaster.png" alt="访问 Keymaster" id="figure1"/>
+</div>
+<p class="img-caption"><strong>图 1. </strong> 访问 Keymaster</p>
+
+<p>在 Android 设备中,Keymaster HAL 的“客户端”包含多个层(例如,应用、框架、Keystore 守护进程),但在本文档中可以将其忽略。这意味着,所介绍的 Keymaster HAL API 为底层 API,供平台内部组件使用,不面向应用开发者提供。<a href="https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.html">Android 开发者网站</a>对更高层 API(第 23 层 API)进行了介绍。</p>
+
+<p>Keymaster HAL 的目的不是实现安全敏感型算法,而只是对发送到安全域的请求进行编排和解排。传输格式是由实现定义的。</p>
+
+<h2 id="compatibility_with_previous_versions">与之前版本的兼容性</h2>
+
+<p>Keymaster v1.0 HAL 与之前发布的 HAL(例如,Keymaster v0.2 和 v0.3)完全不兼容。为了在采用旧版 Keymaster HAL 且搭载的 Android 版本低于 Marshmallow 的设备上实现互用性,Keystore 提供了一个可通过调用现有硬件库来实现 1.0 HAL 的适配器。但结果是,它并不能提供 1.0 HAL 中的全部功能。尤其是,它仅支持 RSA 和 ECDSA 算法,而且所有密钥授权强制执行都将由该适配器在非安全域中进行。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/overview/app-security.html b/zh-cn/security/overview/app-security.html
new file mode 100644
index 0000000..0f69ae7
--- /dev/null
+++ b/zh-cn/security/overview/app-security.html
@@ -0,0 +1,154 @@
+<html devsite><head>
+ <title>应用安全</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<h2 id="elements-of-applications">应用元素</h2>
+<p>Android 提供了一个适用于移动设备的开放源代码平台和应用环境。核心操作系统基于 Linux 内核。Android 应用通常都是使用 Java 编程语言编写的,并在 Dalvik 虚拟机中运行。不过,也可以使用本机代码编写应用。应用是通过文件扩展名为 .apk 的单个文件安装的。</p>
+<p>Android 应用的主要构造块包括:</p>
+<ul>
+ <li>
+ <p><strong>AndroidManifest.xml</strong>:<a href="https://developer.android.com/guide/topics/manifest/manifest-intro.html">AndroidManifest.xml</a> 是控制文件,用于告诉系统如何处理应用中的所有顶级组件(具体来说就是下面介绍的活动、服务、广播接收器和内容提供程序)。该文件还用于指定需要哪些权限。</p>
+ </li>
+ <li>
+ <p><strong>活动</strong>:一般情况下,<a href="https://developer.android.com/guide/topics/fundamentals/activities.html">活动</a>是指聚焦于用户的单个任务的代码。活动通常包括向用户显示界面,但并不一定会这样,有些活动就从不显示界面。通常情况下,应用的入口点是应用的其中一项活动。</p>
+ </li>
+ <li>
+ <p><strong>服务</strong>:<a href="https://developer.android.com/guide/topics/fundamentals/services.html">服务</a>是指在后台运行的代码的主体。服务可以在自己的进程中运行,也可以在其他应用的进程中运行。其他组件会“绑定”到某项服务,并通过远程过程调用来调用该服务的方法。比如媒体播放器就是一项服务:即使用户退出媒体选择界面,也可能仍然希望音乐继续播放。即使界面已关闭,服务也可使音乐继续播放。</p>
+ </li>
+ <li>
+ <p><strong>广播接收器</strong>:<a href="https://developer.android.com/reference/android/content/BroadcastReceiver.html">BroadcastReceiver</a> 是在操作系统或其他应用发出称为 <a href="https://developer.android.com/reference/android/content/Intent.html">Intent</a> 的 IPC 机制时实例化的对象。例如,应用可以注册一个接收器来接收电量不足消息,并可以根据该信息改变自己的行为。</p>
+ </li>
+</ul>
+<h2 id="the-android-permission-model-accessing-protected-apis">Android 权限模式:访问受保护的 API</h2>
+<p>Android 上的所有应用均在应用沙盒(本文档的前面对其进行了介绍)内运行。默认情况下,Android 应用只能访问有限的系统资源。系统负责管理 Android 应用对资源的访问权限。如果资源使用不当或被恶意使用,可能会给用户体验、网络或设备上的数据带来不利影响。</p>
+<p>这些限制是通过多种不同的形式实现的。有些功能会因 Android 有意未提供针对敏感功能的 API(例如,Android 中没有用于直接操控 SIM 卡的 Android API)而受到限制。在某些情况下,角色分离能够提供一种安全措施,就像按应用隔离存储空间一样。在其他情况下,敏感 API 旨在供可信应用使用,并由一种称为“权限”的安全机制进行保护。</p>
+<p>这些受保护的 API 包括:</p>
+<ul>
+ <li>摄像头功能</li>
+ <li>位置数据 (GPS)</li>
+ <li>蓝牙功能</li>
+ <li>电话功能</li>
+ <li>短信/彩信功能</li>
+ <li>网络/数据连接</li>
+</ul>
+<p>这些资源只能通过操作系统进行访问。要使用设备上受保护的 API,应用必须在其清单中定义所需的功能。在准备安装应用时,系统会向用户显示一个对话框,其中会注明应用请求的权限并询问是否继续安装。如果用户选择继续安装,系统会认定用户已授予应用请求的所有权限。用户不能单独授予或拒绝个别权限,而是必须要一起授予或拒绝应用请求的所有权限。</p>
+<p>获得授权后,应用只要安装在设备上,便会一直拥有这些权限。为了避免用户混淆,系统不会再次通知用户向应用授予的权限,而核心操作系统中包含的应用或由原始设备制造商 (OEM) 绑定的应用不会向用户请求权限。应用卸载后,权限也会被移除,因此如果用户之后重新安装卸载的应用,系统会再次显示应用请求的权限。</p>
+<p>在设备设置中,用户可以查看之前安装的应用的权限。此外,用户还可以根据需要在全局范围内停用某些功能,例如停用 GPS、无线功能或 WLAN。</p>
+<p>如果应用尝试使用未在其清单中声明的受保护功能,权限失败通常会导致系统向应用抛回一个安全异常。受保护 API 权限检查会在最底层被强制执行,以防止出现规避行为。<em></em>图 2 中显示了如果应用在安装时请求获得受保护 API 的访问权限,会导致系统向用户显示的消息示例。</p>
+<p>如需关于系统默认权限的说明,请访问:<a href="https://developer.android.com/reference/android/Manifest.permission.html">https://developer.android.com/reference/android/Manifest.permission.html</a>。
+应用可以声明自己的权限以供其他应用使用。上述位置中未列出此类权限。</p>
+<p>在定义权限时,protectionLevel 属性用于告诉系统如何让用户知道哪些应用需要或可以获得相应权限。如需关于如何创建和使用应用特有权限的详细信息,请访问:<a href="https://develo
+per.android.com/guide/topics/security/security.html">https://developer.android.com/guide/topics/security/security.html</a>。</p>
+<p>有些设备功能(例如,发送短信广播 Intent 的功能)不会供第三方应用使用,但可供原始设备制造商 (OEM) 预先安装的应用使用。这些应用使用 signatureOrSystem 权限。</p>
+<h2 id="how-users-understand-third-party-applications">用户如何了解第三方应用</h2>
+<p>当用户与第三方应用互动时,Android 会尽力让用户清楚这一情况,并让用户知道这些应用具备的功能。在安装任何应用之前,系统都会向用户显示一条明晰的消息,让用户知道要安装的应用请求获得的各项权限。安装完毕后,系统不会再次提示用户确认任何权限。</p>
+<p>在安装前一刻显示权限的原因有很多。这时用户正在主动查看应用、开发者和功能方面的信息,以确定其是否符合自己的需求和期望。同样非常重要的一点是,他们尚未对要安装的应用做出心理或财务方面的承诺,并且可以轻松地将要安装的应用与其他替代应用进行比较。</p>
+<p>有些其他平台会使用不同的方式通知用户,即在每个会话开始时或用户正在使用应用时请求权限。Android 的愿景是让用户能够随意在应用之间无缝切换。每次都让用户确认会拖慢用户的操作速度,而且会导致 Android 无法提供良好的用户体验。如果让用户在安装应用时查看权限,用户便可以在不愿意授予相应权限时选择不进行安装。</p>
+<p>此外,许多界面研究表明,过度提示用户会导致用户开始在看到任何对话框时都选择“确定”。Android 的安全目标之一是向用户有效地传达重要的安全信息,而使用让用户习惯性忽略的对话框则无法做到这一点。如果只向用户提供一次重要信息并且仅在重要时刻提供,用户更有可能慎重思考他们要同意的是什么。</p>
+<p>有些平台会选择完全不显示与应用功能有关的任何信息。这种方式会导致用户无法轻松了解和讨论应用功能。尽管无法使所有用户都是在充分了解相关信息的情况下做出决定,但 Android 权限模式可让众多用户轻松获取与应用相关的信息。例如,如果遇到意外的权限请求,经验更丰富的用户可能会询问有关应用功能的关键问题,并在 <a href="htts://play.google.com">Google Play</a> 等所有用户都可以看到的位置分享他们的疑问。</p>
+<table>
+ <tbody><tr>
+ <td><strong>应用安装时显示权限 - Google 地图</strong></td>
+ <td><strong>应用安装后显示权限 - Gmail</strong></td>
+ </tr>
+ <tr>
+ <td><img alt="应用安装时显示权限 - Google 地图" width="250" src="../images/image_install.png"/></td>
+ <td><img alt="应用安装后显示权限 - Gmail" width="250" src="../images/image_gmail_installed.png" id="figure1"/></td>
+ </tr>
+</tbody></table>
+<p class="img-caption">
+ <strong>图 1.</strong> 应用所需权限的显示方式</p>
+<h2 id="interprocess-communication">进程间通信</h2>
+<p>进程可以使用 UNIX 类型的任何传统机制进行通信。例如,文件系统、本地套接字或信号。不过,Linux 权限仍然适用。</p>
+<p>Android 还提供了一些新的 IPC 机制:</p>
+<ul>
+ <li>
+ <p><strong>Binder</strong>:一种基于功能的轻量型远程过程调用机制,在执行进程内调用和跨进程调用时能够实现出色的性能。Binder 是使用自定义 Linux 驱动程序实现的。请访问 <a href="https://developer
+.android.com/reference/android/os/Binder.html">https://developer.android.com/reference/android/os/Binder.html</a>。</p>
+ </li>
+ <li>
+ <p><strong>服务</strong>:服务(如上文所述)可提供能够使用 Binder 直接访问的接口。</p>
+ </li>
+ <li>
+ <p><strong>Intent</strong>:Intent 是简单的消息对象,表示想要执行某项操作的“意图”。例如,如果您的应用想要显示某个网页,则会创建一个 Intent 实例并将其传递给系统,以此来表示想要访问相应网址的“意图”。然后,系统会找到一些知道如何处理该 Intent 的其他代码(在本例中为浏览器),然后运行该代码。Intent 也可用于在系统范围内广播有趣的事件(例如通知)。请访问 <a href="https://developer.android.com/reference/android/content/Intent.html">https://developer.android.com/reference/android/content/Intent.html</a>。</p>
+ </li>
+ <li>
+ <p><strong>ContentProvider</strong>:ContentProvider 是一个数据存储库,用于访问设备上的数据;典型的示例就是用于访问用户通讯录的 ContentProvider。应用可以访问其他应用通过 ContentProvider 提供的数据,还可以定义自己的 ContentProviders 来提供自己的数据。请访问 <a href="https://developer.android.com/reference/android/content/ContentProvider.html">https://developer.android.com/reference/android/content/ContentProvider.html</a>。</p>
+ </li>
+</ul>
+<p>虽然可以使用其他机制(例如,网络套接字或全局可写文件)来实现 IPC,但上面这些都是建议使用的 Android IPC 框架。建议 Android 开发者遵循保护用户数据及避免引入安全漏洞方面的最佳做法。</p>
+<h2 id="cost-sensitive-apis">费用敏感 API</h2>
+<p>费用敏感 API 指可能会给用户或网络带来费用的任何功能。Android 平台已将费用敏感 API 放入由操作系统控制的受保护 API 列表中。如果有第三方应用请求使用费用敏感 API,必须要由用户授予明确的权限,它们才能使用这些 API。这些 API 包括:</p>
+<ul>
+ <li>电话</li>
+ <li>短信/彩信</li>
+ <li>网络/数据</li>
+ <li>应用内结算</li>
+ <li>NFC 访问</li>
+</ul>
+<p>Android 4.2 进一步增强了对使用短信的控制。如果有应用尝试向使用付费服务的短代码发送短信(可能会产生额外的费用),Android 将会通知用户。用户可以选择是允许还是阻止该应用发送短信。</p>
+<h2 id="sim-card-access">SIM 卡访问</h2>
+<p>第三方应用无法对 SIM 卡进行底层访问。操作系统负责处理与 SIM 卡之间的所有通信,包括访问 SIM 卡内存中的个人信息(通讯录)。应用也无法访问 AT 命令,因为这些命令完全由无线接口层 (RIL) 进行管理。RIL 不会为这些命令提供任何高层 API。</p>
+<h2 id="personal-information">个人信息</h2>
+<p>Android 已将能够用于访问用户数据的 API 放入受保护 API 组中。在正常使用期间,Android 设备还会收集用户安装的第三方应用内的用户数据。选择分享这些信息的应用可以使用 Android 操作系统权限检查功能保护来自第三方应用的数据。</p>
+<img alt="只能通过受保护的 API 访问敏感用户数据" src="../images/permissions_check.png" id="figure2"/>
+<p class="img-caption">
+ <strong>图 2.</strong> 只能通过受保护的 API 访问敏感的用户数据</p>
+<p>可能包含个人信息或个人身份信息(例如,通讯录和日历)的系统内容提供程序在创建时便已拥有明确确定的权限。这种精细的设计可让用户清楚地知道哪些类型的信息可能会提供给相应应用。在安装过程中,第三方应用可能会请求获得访问这些资源的权限。获得授权后,应用便可以进行安装,并且只要安装在设备上,便会一直有权访问请求的数据。</p>
+<p>默认情况下,收集个人信息的所有应用都会仅限特定应用访问这些数据。如果某个应用选择通过 IPC 将数据提供给其他应用,那么这个授予访问权限的应用便可以限制由操作系统强制执行的 IPC 机制的权限。</p>
+<h2 id="sensitive-data-input-devices">敏感数据输入设备</h2>
+<p>Android 设备经常会提供可让应用与周围环境进行互动的敏感数据输入设备(例如,摄像头、麦克风或 GPS)。对于要使用这些设备的第三方应用,必须先由用户通过使用 Android 操作系统权限向其明确提供使用权限。安装应用时,安装程序会以提供名称的方式请求用户授予使用相应传感器的权限。</p>
+<p>如果某个应用想要知道用户所在的位置,则需要获得获取用户位置信息的权限。安装应用时,安装程序会询问用户是否允许相应应用获取用户的位置信息。如果用户不希望任何应用获取其位置信息,可以随时运行“设置”应用,转到“位置和安全”,然后取消选中“使用无线网络”和“启用 GPS 卫星”。这将针对用户设备上的所有应用停用需要使用位置信息的服务。</p>
+<h2 id="device-metadata">设备元数据</h2>
+<p>Android 还会尽力限制访问本身并不属于敏感数据,但可能会间接透露用户特征、用户偏好以及用户使用设备的方式的数据。</p>
+<p>默认情况下,应用无权访问操作系统日志、浏览器历史记录、电话号码以及硬件/网络标识信息。如果应用在安装时请求获得访问此类信息的权限,安装程序会询问用户是否允许相应应用访问此类信息。如果用户没有授予该权限,系统将不会安装相应应用。</p>
+<h2 id="certificate-authorities">证书授权中心</h2>
+<p>Android 中收录了一组已安装的系统证书授权中心,这些授权中心在整个系统范围内均可信。在 Android 7.0 之前的版本中,设备制造商可以修改其设备上搭载的 CA 组。不过,运行 7.0 及更高版本的设备将具有一组统一的系统 CA,并且不再允许设备制造商对其进行修改。
+</p>
+<p>要作为新的公共 CA 添加到 Android 收录的 CA 组中,相应 CA 必须要完成 <a href="https://wiki.mozilla.org/CA:How_to_apply">Mozilla CA 收录流程</a>,然后提交一项针对 Android 的功能请求 (<a href="https://code.google.com/p/android/issues/entry">https://code.google.com/p/android/issues/entry</a>),以便请求添加到 <a href="https://android.googlesource.com/">Android 开放源代码项目</a> (AOSP) 收录的 Android CA 组中。
+</p>
+<p>此外还有一些设备专用 CA,这些 CA 不应被收录到 AOSP CA 核心组中,例如,安全访问运营商基础架构组件(例如,短信/彩信网关)时可能需要的运营商私有 CA。建议设备制造商将私有 CA 仅收录在需要信任这些 CA 的组件/应用中。如需更多详细信息,请参阅<a href="https://developer.android.com/preview/features/security-config.html">网络安全配置</a>。
+</p>
+<h2 id="application-signing">应用签名</h2>
+<p>通过<a href="/security/apksigning/index.html">代码签名</a>,开发者可以标识应用创作者并更新其应用,而无需创建复杂的接口和权限。在 Android 平台上运行的每个应用都必须要有开发者的签名。Google Play 或 Android 设备上的软件包安装程序会拒绝没有获得签名就尝试安装的应用。</p>
+<p>在 Google Play 上,应用签名可以将 Google 对开发者的信任和开发者对自己的应用的信任联系在一起。开发者知道自己的应用是以未经修改的形式提供给 Android 设备的,并且开发者可以对自己的应用的行为负责。</p>
+<p>在 Android 上,应用签名是将应用放入其应用沙盒的第一步。已签名的应用证书定义了哪个用户 ID 与哪个应用相关联;不同的应用要以不同的用户 ID 运行。应用签名可确保一个应用无法访问任何其他应用,通过明确定义的 IPC 进行访问时除外。</p>
+<p>当应用(APK 文件)安装到 Android 设备上时,软件包管理器会验证 APK 是否已经过适当签名(已使用 APK 中包含的证书签名)。如果该证书(或更准确地说,证书中的公钥)与为设备上的任何其他 APK 签名时使用的密钥一致,那么这个新 APK 可以选择在清单中指定它将与其他以类似方式签名的 APK 共用一个 UID。</p>
+<p>应用可以由第三方(原始设备制造商(OEM)、运营商、其他相关方)签名,也可以自行签名。Android 提供了使用自签名证书进行代码签名的功能,而开发者无需外部协助或许可即可生成自签名证书。应用并非必须由核心机构签名。Android 目前不对应用证书进行 CA 认证。</p>
+<p>应用还可以在“签名”保护级别声明安全权限,以便仅限使用同一个密钥签名的应用访问它们,同时维持单独的 UID 和应用沙盒。通过<a href="https://developer.android.com/guide/topics/manifest/manifest-element.html#uid">共用 UID 功能</a>,可以与共用的应用沙盒建立更紧密的联系,这是因为借助该功能,使用同一个开发者密钥签名的两个或更多应用可以在其清单中声明共用的 UID。</p>
+<h2 id="app-verification">应用验证</h2>
+<p>Android 4.2 及更高版本均支持应用验证。用户可以选择启用“验证应用”,并在安装应用之前由应用验证程序对其进行评估。如果用户尝试安装的应用可能有害,应用验证功能可以提醒用户;如果应用的危害性非常大,应用验证功能可以阻止安装。</p>
+<h2 id="digital-rights-management">数字版权管理</h2>
+<p>Android 平台提供了一个可扩展的 DRM 框架,以便应用根据与受版权保护的内容相关的许可限制条件来管理这些内容。DRM 框架支持多种 DRM 方案;设备具体支持哪些 DRM 方案由设备制造商决定。</p>
+<p><a href="https://developer.android.com/reference/android/drm/package-summary.html">Android DRM 框架</a>是在以下两个架构层中实现的(请参见下图):</p>
+<ul>
+ <li>
+ <p>DRM 框架 API:通过 Android 应用框架提供给应用,并通过适用于标准应用的 Dalvik VM 运行。</p>
+ </li>
+ <li>
+ <p>本机代码 DRM 管理器:用于实现 DRM 框架,并为 DRM 插件(代理)提供接口,以便处理各种 DRM 方案的版权管理和解密操作。</p>
+ </li>
+</ul>
+<p><img alt="Android 平台上的数字版权管理架构" src="/devices/images/ape_fwk_drm_2.png" id="figure3"/></p>
+<p class="img-caption">
+ <strong>图 3.</strong> Android 平台上的数字版权管理架构</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/overview/implement.html b/zh-cn/security/overview/implement.html
new file mode 100644
index 0000000..affefe3
--- /dev/null
+++ b/zh-cn/security/overview/implement.html
@@ -0,0 +1,218 @@
+<html devsite><head>
+ <title>实现安全保护措施</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 安全团队经常会收到用户发来的请求,希望我们提供关于如何防止 Android 设备上出现潜在安全问题的信息。我们偶尔也会对设备进行抽查,并让设备制造商和受影响的合作伙伴知晓潜在问题。</p>
+
+<p>在本页中,我们提供了根据自己的经验总结的安全方面的最佳做法(扩展了我们为开发者提供的<a href="http://developer.android.com/guide/practices/security.html">安全设计</a>文档),以及关于如何在设备上编译或安装系统级软件的详细信息。</p>
+
+<p>为了方便相关人员采用这些最佳做法,Android 安全团队会尽可能将相关测试整合到 <a href="/compatibility/cts">Android 兼容性测试套件</a> (CTS) 和 <a href="http://tools.android.com/tips/lint">Android Lint</a> 中。我们竭诚欢迎设备实现人员贡献可以帮助其他 Android 用户的相关测试(要查看与安全相关的测试,请访问 <code>root/cts/tests/tests/security/src/android/security/cts</code>)。</p>
+
+<h2 id="dev-process">开发流程</h2>
+<p>请在开发流程和环境中遵循以下最佳做法。</p>
+
+<h3 id="sec-review">审核源代码</h3>
+<p>进行源代码审核可以发现大量安全问题,包括本文档中指出的问题。Android 强烈建议采用手动和自动两种方式审核源代码。最佳做法:</p>
+
+<ul>
+<li>对所有使用 Android SDK 的应用代码运行 <a href="http://tools.android.com/tips/lint">Android Lint</a>,并更正发现的所有问题。</li>
+<li>应使用可以发现内存管理问题(例如,缓冲区溢出和差一错误)的自动工具分析本机代码。</li>
+<li>Android 编译系统支持很多 LLVM 清理程序,例如可用于进行自动源代码审核的 AddressSanitizer 和 UndefinedBehaviorSanitizer。</li>
+</ul>
+
+<h3 id="auto-test">使用自动测试功能</h3>
+<p>自动测试功能可以发现大量安全问题,包括下文中讨论的一些问题。最佳做法:</p>
+
+<ul>
+<li>定期更新 CTS 并运行安全性测试;运行最新版本的 CTS 来验证兼容性。</li>
+<li>在整个开发流程中定期运行 CTS,以便提早发现问题并缩短解决问题所需的时间。在自动编译流程(每天会编译多次)的连续集成期间,Android 会使用 CTS。
+</li>
+<li>设备制造商应使接口的安全性测试实现自动化,包括使用格式有误的输入内容进行测试(模糊测试)。</li>
+</ul>
+
+<h3 id="sign-sysimg">为系统映像签名</h3>
+<p>系统映像的签名对于判断设备的完整性至关重要。最佳做法:</p>
+
+<ul>
+<li>不得使用众所周知的密钥为设备签名。</li>
+<li>应按照与处理敏感密钥方面的业界标准做法一致的方式管理用于为设备签名的密钥,包括使用能够提供有限、可审核访问权限的硬件安全模块 (HSM)。</li>
+</ul>
+
+<h3 id="sign-apk">为应用 (APK) 签名</h3>
+<p>应用签名在保障设备安全方面发挥着重要作用,可用于进行权限检查以及软件更新。在选择为应用签名使用的密钥时,务必要考虑应用是仅在一台设备上使用,还是供多台设备共用。最佳做法:</p>
+
+<ul>
+<li>不得使用众所周知的密钥为应用签名。</li>
+<li>应按照与处理敏感密钥方面的业界标准做法一致的方式管理用于为应用签名的密钥,包括使用能够提供有限、可审核访问权限的 HSM。</li>
+<li>不应使用平台密钥为应用签名。</li>
+<li>不应使用不同的密钥为软件包名称相同的应用签名。在针对不同的设备开发应用时,经常会出现这种情况,尤其是在使用平台密钥时。如果应用独立于设备,则在多台设备之间使用相同的密钥。如果应用是特定设备专用的,则按设备和密钥创建独一无二的软件包名称。</li>
+</ul>
+
+<h3 id="apps-pub">发布应用</h3>
+<p>在 Google Play 中,设备制造商能够直接更新应用,而无需进行完整的系统更新。这不仅有助于加快应对安全问题和推出新功能的速度,还有助于确保您的应用具有独一无二的软件包名称。最佳做法:</p>
+
+<ul>
+<li>将您的应用上传到 Google Play,以便能够进行自动更新,而无需进行完整的无线下载 (OTA) 更新。已上传但并未发布的应用无法供用户直接下载,但仍可进行更新。之前安装过相应应用的用户可以重新安装它和/或在其他设备上安装它。</li>
+<li>创建与您的公司明确相关的应用包名称,例如在名称中使用公司商标。</li>
+<li>设备制造商发布的应用应上传到 Google Play 商店,以免第三方用户冒用软件包名称。如果某个设备制造商在设备上安装了某个应用,但没有在 Play 商店中发布该应用,其他开发者便可以上传同样的应用,使用同样的软件包名称,并更改该应用的元数据。当用户获得该应用后,这些不相关的元数据可能会带来困扰。</li>
+</ul>
+
+<h3 id="incident-response">应对安全事件</h3>
+<p>外部各方必须能够就设备特有的安全问题与设备制造商联系。我们建议创建一个公开的电子邮件地址来管理安全事件。最佳做法:</p>
+
+<ul>
+<li>创建 security@your-company.com 或类似地址,并将其公开。<em></em></li>
+<li>如果您发现了影响 Android 操作系统或多个设备制造商提供的 Android 设备的安全问题,则应填写<a href="https://code.google.com/p/android/issues/entry?template=Security%20bug%20report">安全错误报告</a>与 Android 安全团队联系。</li>
+</ul>
+
+<h2 id="prod-implement">产品实现</h2>
+<p>在实现产品时,请遵循以下最佳做法。</p>
+
+<h3 id="root-processes">隔离 Root 进程</h3>
+<p>Root 进程是最常受到提权攻击的目标,因此减少 Root 进程数量有助于降低提权风险。CTS 中包含一个能够列出 Root 进程的信息测试。最佳做法:</p>
+
+<ul>
+<li>应尽可能减少设备上作为 Root 代码运行的必要代码的数量。尽可能使用常规 Android 进程而非 Root 进程。ICS Galaxy Nexus 只有 6 个 Root 进程:vold、inetd、zygote、tf_daemon、ueventd 和 init。如果某个进程必须要在设备上作为 Root 进程运行,请将该进程记录在 AOSP 功能请求中,以便对其进行公开审核。</li>
+<li>应尽可能将 Root 代码与不可信数据隔离开来,并尽可能通过 IPC 访问 Root 代码。例如,将 Root 功能缩减成可通过 Binder 访问的小型服务,并将这个具有签名权限的服务提供给网络流量处理权限很小或没有此类权限的应用。</li>
+<li>Root 进程不得通过网络套接字进行监听。</li>
+<li>Root 进程不得为应用提供通用运行时(例如 Java VM)。</li>
+</ul>
+
+<h3 id="sys-apps">隔离系统应用</h3>
+<p>一般而言,预先安装的应用不应使用共用系统 UID 运行。不过,如果某个应用必须使用共用系统 UID 或其他特权服务(例如,电话服务),那么该应用不应导出由用户安装的第三方应用可访问的任何服务、广播接收器或内容提供程序。最佳做法:</p>
+
+<ul>
+<li>应尽可能减少设备上作为系统代码运行的必要代码的数量。尽可能通过 Android 进程自身的 UID 使用此类进程,而非重复使用系统 UID。</li>
+<li>应尽可能将系统代码与不可信数据隔离开来,并且系统代码应尽可能仅向其他可信进程提供 IPC。</li>
+<li>系统进程不得通过网络套接字进行监听。</li>
+</ul>
+
+<h3 id="process-isolate">隔离进程</h3>
+<p>Android 应用沙盒要求应用与系统中的其他进程(包括 Root 进程和调试程序)隔离开来。除非应用或用户特意启用了调试功能,否则任何应用都不应违反这一要求。最佳做法:</p>
+
+<ul>
+<li>Root 进程不得访问各个应用数据文件夹内的数据,使用已记录的 Android 调试方法时除外。</li>
+<li>Root 进程不得访问应用内存,使用已记录的 Android 调试方法时除外。</li>
+<li>设备上不得有任何会访问其他应用/进程的数据或内存的应用。</li>
+</ul>
+
+<h3 id="suid-files">保护 SUID 文件</h3>
+<p>新的 SetUID 程序应该不能被不可信程序访问。SetUID 程序过去经常是可被用来获取 Root 权限的漏洞位置,因此务必要最大限度地降低 SetUID 程序对不可信应用的可用性。最佳做法:</p>
+
+<ul>
+<li>SUID 进程不得提供可被用来规避 Android 安全模型的 shell 或后门程序。</li>
+<li>必须确保任何用户都无法对 SUID 程序执行写入操作。</li>
+<li>SUID 程序不应为全局可读或全局可执行程序。创建一个组,限定只有该组的成员能够访问相应的 SUID 二进制文件,并将应该能够执行相应 SUID 程序的所有应用放入该组中。
+</li>
+<li>SUID 程序经常会被用户用作获取设备 Root 权限的来源。为了降低这种风险,应确保 shell 用户无法执行 SUID 程序。</li>
+</ul>
+
+<p>CTS 验证程序包括一个可列出 SUID 文件的信息测试;根据 CTS 测试,有些 SetUID 文件是不允许使用的。</p>
+
+<h3 id="listening-sockets">保护监听套接字</h3>
+<p>当设备通过任何端口或任何接口进行监听时,CTS 测试都会失败。如果测试失败,Android 会验证是否遵循了以下最佳做法:</p>
+
+<ul>
+<li>设备上不应存在监听端口。</li>
+<li>必须能够在不使用 OTA 的情况下停用监听端口。停用这些端口的方法可以是更改服务器或用户设备配置。</li>
+<li>Root 进程不得通过任何端口进行监听。</li>
+<li>归系统 UID 所有的进程不得通过任何端口进行监听。</li>
+<li>对于使用套接字的本地 IPC,应用必须使用只有某个组可以访问的 UNIX 域套接字。为 IPC 创建文件描述符,并允许特定 UNIX 组对其执行 +RW 操作。所有客户端应用都必须在该 UNIX 组内。</li>
+<li>有些拥有多个处理器的设备(例如,无线装置/调制解调器从应用处理器中分离出来)会借助网络套接字在处理器之间进行通信。在这种情况下,处理器间通信所用的网络套接字必须使用单独的网络接口,以防止设备上未经授权的应用访问(例如,使用 iptables 防止设备上的其他应用访问)。</li>
+<li>负责处理监听端口的守护进程必须能够防范格式有误的数据。Google 可能会使用未经授权的客户端针对端口进行模糊测试,也可能会在可能的情况下使用已获授权的客户端针对端口进行模糊测试。所有崩溃事件都将记录为具有适当严重程度的错误。</li>
+</ul>
+
+<h3 id="logging">记录数据</h3>
+<p>记录数据的做法会增加数据遭泄露的风险并降低系统性能。之前曾发生过多起因 Android 设备上默认安装的应用记录敏感用户数据而导致的公共安全事件。最佳做法:</p>
+
+<ul>
+<li>应用或系统服务不应记录第三方应用提供的可能包含敏感信息的数据。</li>
+<li>应用不得在正常操作过程中记录任何个人身份信息 (PII)。</li>
+</ul>
+
+<p>CTS 中包含一些能够检查系统日志中是否存在可能敏感的信息的测试。</p>
+
+<h3 id="directories">限制对目录的访问</h3>
+<p>全局可写目录可能会引入安全漏洞,并且可能会使应用能够重命名可信文件、替换文件或进行基于符号链接的攻击(攻击者可能会利用指向某个文件的符号链接诱使可信程序执行不应执行的操作)。可写目录还可能会导致卸载应用后无法适当清除与相应应用关联的所有文件。</p>
+
+<p>作为最佳做法,系统用户或 Root 用户创建的目录不应为全局可写目录。CTS 测试能够测试已知目录,从而有助于强制执行这种最佳做法。</p>
+
+<h3 id="config-files">保护配置文件</h3>
+<p>许多驱动程序和服务都依赖于存储在 <code>/system/etc</code>、<code>/data</code> 等目录中的配置文件和数据文件。如果这些文件由某个特权进程处理且为全局可写文件,应用可能能够通过在全局可写文件中创建恶意内容来利用该特权进程中的漏洞。最佳做法:</p>
+
+<ul>
+<li>特权进程使用的配置文件不应为全局可读文件。</li>
+<li>特权进程使用的配置文件不得为全局可写文件。</li>
+</ul>
+
+<h3 id="native-code">存储本机代码库</h3>
+<p>特权设备制造商进程使用的所有代码都必须位于 <code>/vendor</code> 或 <code>/system</code> 中;这些文件系统会在设备启动时以只读模式装载。作为最佳做法,系统使用的库或手机上安装的其他权限非常高的应用使用的库也应位于这些文件系统中。这有助于防止出现可让攻击者用来控制特权进程执行的代码的安全漏洞。</p>
+
+<h3 id="device-drivers">限制对设备驱动程序的访问</h3>
+<p>应该只有可信代码能够直接访问驱动程序。首选架构要尽可能提供一个单一用途守护进程来代理向驱动程序发出的调用,并仅限该守护进程访问驱动程序。作为最佳做法,驱动程序设备节点不应为全局可读或全局可写节点。CTS 测试能够检查是否存在全局可读或全局可写驱动程序的已知实例,从而有助于强制执行这种最佳做法。
+</p>
+
+<h3 id="adb">停用 ADB</h3>
+<p>Android 调试桥 (ADB) 是一款非常实用的开发和调试工具,但它只适合在受控的安全环境中使用,不应针对一般使用情况启用该工具。最佳做法:</p>
+
+<ul>
+<li>ADB 必须默认处于停用状态。</li>
+<li>ADB 必须要求用户先将其开启,然后再接受连接。</li>
+</ul>
+
+<h3 id="unlockable-bootloaders">解锁引导加载程序</h3>
+<p>许多 Android 设备都支持解锁引导加载程序。解锁引导加载程序后,设备所有者将能够修改系统分区和/或安装自定义操作系统。常见用例包括在设备上安装第三方 ROM 以及进行系统级开发。例如,Google Nexus 设备所有者可以运行 <code>fastboot oem unlock</code> 来启动解锁过程,该进程会向用户显示以下消息:</p>
+
+<div style="background-color: #B2EBF2; padding: 10px;margin-right:25px">
+
+<p><strong>Unlock bootloader?</strong></p>
+
+<p>If you unlock the bootloader, you will be able to install custom operating system software on this phone.</p>
+
+<p>A custom OS is not subject to the same testing as the original OS, and can cause your phone and installed applications to stop working properly.</p>
+
+<p>To prevent unauthorized access to your personal data, unlocking the bootloader will also delete all personal data from your phone (a "factory data reset").</p>
+
+<p>Press the Volume Up/Down buttons to select Yes or No. Then press the Power button to continue.</p>
+
+<p><strong>Yes</strong>: Unlock bootloader (may void warranty)</p>
+
+<p><strong>No</strong>: Do not unlock bootloader and restart phone.</p>
+</div>
+
+<br />
+<p>作为最佳做法,在解锁之前,可解锁的 Android 设备必须先安全地清除所有用户数据。如果未能适当删除所有数据便进行解锁,能够接触到这些设备的攻击者便可以在未经授权的情况下获取机密的 Android 用户数据。为了防止用户数据泄露,支持解锁的设备必须正确实现解锁(我们已见到过设备制造商以不当方式实现解锁的无数实例)。正确实现的解锁过程具有以下特性:</p>
+
+<ul>
+<li>在用户确认解锁命令后,设备必须立即开始清除数据。在安全删完数据之前,不得设置 <code>unlocked</code> 标记。</li>
+<li>如果无法安全删完数据,设备必须保持锁定状态。</li>
+<li>如果底层块设备支持 <code>ioctl(BLKSECDISCARD)</code> 或等同命令,则应使用此类命令。对于 eMMC 设备,这意味着使用 Secure Erase 或 Secure Trim 命令。对于 eMMC 4.5 及更高版本,这意味着先使用常规的 Erase 或 Trim 命令,然后再执行 Sanitize 操作。</li>
+<li>如果底层块设备不支持 <code>BLKSECDISCARD</code>,则必须改用 <code>ioctl(BLKDISCARD)</code>。在 eMMC 设备上,这是一个常规的 Trim 操作。</li>
+<li>如果 <code>BLKDISCARD</code> 不受支持,可以将块设备中的数据重写为全零。</li>
+<li>最终用户必须能够要求在刷写分区之前先清除用户数据。例如,在 Nexus 设备上,这可以通过 <code>fastboot oem lock</code> 命令来实现。</li>
+<li>无论设备处于解锁和/或重新锁定状态,都可以通过 eFuses 或类似机制进行记录。</li>
+</ul>
+
+<p>这些要求旨在确保在完成解锁操作时所有数据都已被销毁。未能实现这些保护措施会被视为存在中级安全漏洞。</p>
+
+<p>将设备解锁后,可以使用 <code>fastboot oem lock</code> 命令重新将其锁定。使用新的自定义操作系统时,锁定引导加载程序能够为用户数据提供的保护与原始设备制造商操作系统提供的保护相同(例如,如果设备被再次解锁,用户数据将会被清除)。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/overview/kernel-security.html b/zh-cn/security/overview/kernel-security.html
new file mode 100644
index 0000000..7ad6ddf
--- /dev/null
+++ b/zh-cn/security/overview/kernel-security.html
@@ -0,0 +1,86 @@
+<html devsite><head>
+ <title>系统和内核安全</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>在操作系统级别,Android 平台不仅提供 Linux 内核的安全功能,而且还提供安全的进程间通信 (IPC) 机制,以便在不同进程中运行的应用之间安全通信。操作系统级别的这些安全功能旨在确保即使是本机代码也要受应用沙盒的限制。无论相应代码是自带应用行为导致的结果,还是利用应用漏洞导致的结果,系统都能防止恶意应用危害其他应用、Android 系统或设备本身。要了解您可以采取哪些措施来增强设备上的内核,请参阅<a href="/devices/tech/config/kernel.html">内核配置</a>。要了解必需的设置,请参阅 <a href="/compatibility/cdd.html">Android 兼容性定义文档 (CDD)</a>。</p>
+<h2 id="linux-security">Linux 安全</h2>
+<p>Android 平台的基础是 Linux 内核。Linux 内核多年来一直应用得非常广泛,并且用在了数百万种安全敏感型环境中。在历经数以千计的开发者不断研究、攻击和修复之后,Linux 已成为许多公司和安全专业人士信任的一款既稳定又安全的内核。</p>
+<p>作为移动计算环境的基础,Linux 内核为 Android 提供了一些关键的安全功能,其中包括:</p>
+<ul>
+ <li>基于用户的权限模式</li>
+ <li>进程隔离</li>
+ <li>用于实现安全 IPC 的可扩展机制</li>
+ <li>能够移除内核中不必要的和可能不安全的部分</li>
+</ul>
+<p>作为多用户操作系统,Linux 内核的一个基本安全目标是将用户资源彼此隔离开来。Linux 的安全理念是防范用户资源之间相互侵扰。因此,Linux 可以:</p>
+<ul>
+ <li>防止用户 A 读取用户 B 的文件</li>
+ <li>确保用户 A 不会占用用户 B 的内存</li>
+ <li>确保用户 A 不会占用用户 B 的 CPU 资源</li>
+ <li>确保用户 A 不会占用用户 B 的设备(例如,电话、GPS、蓝牙)</li>
+</ul>
+<h2 id="the-application-sandbox">应用沙盒</h2>
+<p>Android 平台利用基于用户的 Linux 保护机制来识别和隔离应用资源。Android 系统会为每个 Android 应用分配一个独一无二的用户 ID (UID),并使它们以这个用户身份在单独的进程中运行。这种方法与其他操作系统(包括传统的 Linux 配置)采用的方法不同。在其他操作系统中,多个应用会以相同的用户权限运行。</p>
+<p>这样就设置了一个内核级应用沙盒。内核会在进程级别通过标准的 Linux 内容(例如,分配给应用的用户 ID 和组 ID)强制执行应用和系统之间的安全功能。默认情况下,应用不能彼此交互,而且应用对操作系统的访问权限会受到限制。如果应用 A(一个单独的应用)尝试执行恶意操作,例如在没有权限的情况下读取应用 B 的数据或拨打电话,操作系统会阻止此类操作,因为应用 A 没有适当的用户权限。沙盒非常简单,可审核,并且基于已有数十年历史的 UNIX 风格的进程用户隔离和文件权限机制。</p>
+<p>由于应用沙盒位于内核中,因此该安全模型的保护范围扩展到了本机代码和操作系统应用。位于内核上方的所有软件(例如,操作系统库、应用框架、应用运行时和所有应用)都会在应用沙盒中运行。在某些平台上,为了强制执行安全功能,会限制开发者只能使用特定的开发框架、API 组或语言。在 Android 上,并没有限制必须如何编写应用才能强制执行安全功能;在这一方面,本机代码与直译码一样安全。</p>
+<p>在某些操作系统中,一个应用中的内存损坏错误可能会导致位于同一内存空间中的其他应用出现损坏,进而导致设备的安全性完全遭到破坏。由于所有应用及其资源都在操作系统级别的沙盒内,因此,如果出现内存损坏错误,将只有在相应应用的环境中才能发生任意执行代码的行为,而且只能是以操作系统确立的权限执行代码。</p>
+<p>与所有安全功能一样,应用沙盒并不是坚不可摧的。不过,要在经过适当配置的设备上攻破应用沙盒这道防线,必须要先攻破 Linux 内核的安全功能。</p>
+<h2 id="system-partition-and-safe-mode">系统分区和安全模式</h2>
+<p>系统分区包含 Android 的内核,以及操作系统库、应用运行时、应用框架和应用。该分区设为了只读分区。当用户将设备启动到安全模式时,第三方应用可由设备所有者手动启动,但不会默认启动。</p>
+<h2 id="filesystem-permissions">文件系统权限</h2>
+<p>在 UNIX 风格的环境中,文件系统权限可确保一个用户不能更改或读取另一个用户的文件。在 Android 中,每个应用都以自己的用户身份运行。除非开发者明确地与其他应用共享文件,否则一个应用不能读取或更改另一个应用创建的文件。</p>
+<h2 id="se-linux">安全增强型 Linux</h2>
+<p>Android 使用安全增强型 Linux (SELinux) 来应用访问控制策略并对进程建立强制访问控制 (mac)。如需详细信息,请参阅 <a href="/security/selinux/index.html">Android 中的安全增强型 Linux</a>。</p>
+<h2 id="verified-boot">验证启动</h2>
+<p>Android 6.0 及更高版本支持验证启动功能和 device-mapper-verity。验证启动功能旨在保证设备软件(从硬件信任根直到系统分区)的完整性。在启动过程中,无论是在每个阶段,都会在进入下一个阶段之前先验证下一个阶段的完整性和真实性。
+</p>
+<p>Android 7.0 及更高版本支持严格强制执行的验证启动,这意味着遭到入侵的设备将无法启动。
+</p>
+<p>如需更多详细信息,请参阅<a href="/security/verifiedboot/index.html">验证启动</a>。
+</p>
+
+<h2 id="crypto">加密</h2>
+<p>Android 提供了一套加密 API 供应用使用,其中包括标准和常用加密基元(例如,AES、RSA、DSA 和 SHA)的实现 API。此外,Android 还提供了适用于更高级别协议(例如,SSL 和 HTTPS)的 API。</p>
+<p>Android 4.0 中引入了 <a href="http://developer.android.com/reference/android/security/KeyChain.html">KeyChain</a> 类,以便应用使用系统凭据存储空间来存储私钥和证书链。</p>
+<h2 id="rooting-devices">获取设备的 Root 权限</h2>
+<p>默认情况下,在 Android 上,只有内核和一小部分核心应用能够以 Root 权限运行。Android 不会阻止具有 Root 权限的用户或应用修改操作系统、内核或任何其他应用。一般来说,Root 对所有应用和所有应用数据拥有完整访问权限。如果用户在 Android 设备上更改权限来向应用授予 Root 访问权限,则会使遭受恶意应用攻击以及遭受潜在应用缺陷侵扰的安全风险增加。</p>
+<p>能够修改自己的 Android 设备对于使用 Android 平台的开发者来说非常重要。在许多 Android 设备上,用户都可以解锁引导加载程序,以便安装替代操作系统。这些替代操作系统可能会允许所有者获得 Root 访问权限,以便他们调试应用和系统组件,或者访问 Android API 未提供给应用的功能。</p>
+<p>在有些设备上,能够亲手控制设备并拥有 USB 数据线的用户可以安装能够向其提供 Root 权限的新操作系统。为了保护所有现有用户数据免遭入侵,引导加载程序解锁机制要求引导加载程序在解锁期间清空所有现有用户数据。利用内核错误或安全漏洞获得 Root 访问权限后,可以绕过这种保护机制。</p>
+<p>使用存储在设备上的密钥对数据进行加密的做法并不能防止 Root 用户访问应用数据。应用可以使用存储在设备之外的密钥(例如,存储在服务器上的密钥,或用户密码)进行加密,从而添加一道数据保护屏障。如果不提供密钥的话,这种方法可以提供临时保护,但在某些时候,必须要先将密钥提供给应用,然后 Root 用户才能访问相应应用。</p>
+<p>一种更强大的防止 Root 用户获取数据的方式是使用硬件解决方案。原始设备制造商 (OEM) 可以选择实现仅允许访问特定类型的内容的硬件解决方案,例如,适用于视频播放的 DRM 或适用于 Google 电子钱包的 NFC 相关可信存储空间。</p>
+<p>如果设备丢失或被盗,Android 设备上的全文件系统加密功能可以使用设备密码来保护加密密钥,这样一来,修改启动加载程序或操作系统的做法将不足以在没有用户设备密码的情况下访问用户数据。</p>
+<h2 id="user-security">用户安全功能</h2>
+<h3 id="filesystem-encryption">文件系统加密</h3>
+<p>Android 3.0 及更高版本提供全文件系统加密功能,因此所有用户数据都可以在内核中进行加密。</p>
+<p>Android 5.0 及更高版本支持<a href="/security/encryption/full-disk.html">全盘加密</a>。全盘加密功能旨在使用单个密钥(由用户的设备密码加以保护)来保护设备的整个用户数据分区。在启动时,用户必须先提供其凭据,然后才能访问磁盘的任何部分。
+</p>
+<p>Android 7.0 及更高版本支持<a href="/security/encryption/file-based.html">文件级加密</a>。采用文件级加密时,可以使用不同的密钥对不同的文件进行加密,并且可以对这些文件进行单独解密。
+</p>
+
+<p>如需关于实现文件系统加密的更多详细信息,请参阅<a href="/security/encryption/index.html">加密</a>部分。</p>
+<h3 id="password-protection">密码保护</h3>
+<p>Android 可以配置为在提供对设备的访问权限之前先验证用户提供的密码。除了防止未经授权使用设备外,该密码还可以保护用于进行全文件系统加密的加密密钥。</p>
+<p>设备管理员可以要求使用密码和/或密码复杂度规则。</p>
+<h2 id="device-administration">设备管理</h2>
+<p>Android 2.2 及更高版本提供 Android Device Administration API,该 API 在系统级别提供设备管理功能。例如,内置的 Android 电子邮件应用可以使用该 API 来改善 Exchange 支持。通过电子邮件应用,Exchange 管理员可以跨设备强制执行密码政策(其中密码包括字母数字密码或数字 PIN 码)。管理员还可以远程清除(即恢复出厂默认设置)丢失或被盗手机上的数据。</p>
+<p>除了在 Android 系统自带的应用中使用外,该 API 还可供提供设备管理解决方案的第三方使用。如需关于该 API 的详细信息,请参阅<a href="https://developer.android.com/guide/topics/admin/device-admin.html">设备管理</a>。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/overview/updates-resources.html b/zh-cn/security/overview/updates-resources.html
new file mode 100644
index 0000000..818cba8
--- /dev/null
+++ b/zh-cn/security/overview/updates-resources.html
@@ -0,0 +1,183 @@
+<html devsite><head>
+ <title>安全更新和资源</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<h2 id="android_security_bug_lifecycle">Android 安全错误生命周期</h2>
+
+<p>Android 安全团队负责管理在 Android 平台中发现的以及在 Android 设备绑定的众多核心 Android 应用中发现的安全漏洞。</p>
+
+<p>Android 安全团队会通过内部研究找出安全漏洞,并会对第三方报告的错误采取应对措施。外部错误的来源包括:通过 <a href="https://issuetracker.google.com/issues/new?component=190951">Android 安全问题模板</a>报告的问题、已发布和预发布的学术研究、上游开放源代码项目维护人员、来自设备制造商合作伙伴的通知,以及博客或社交媒体中发布的已公开披露的问题。</p>
+
+<h2 id="report-issues">报告安全问题</h2>
+
+<p>任何开发者、Android 用户或安全研究人员都可以通过 <a href="https://issuetracker.google.com/issues/new?component=190951">Android 安全问题模板</a>将潜在安全问题通知给 Android 安全团队。</p>
+
+<p>外部人员无法查看标记为安全问题的错误,不过在问题经过评估或得到解决后,这些错误最终可能会对外公开。如果您打算提交旨在解决安全问题的补丁程序或兼容性测试套件 (CTS) 测试,请将其附加到错误报告中,然后等待我们的回复,得到我们的回复后再将相应代码上传到 AOSP。</p>
+
+<h2 id="triaging_bugs">为错误分类</h2>
+
+<p>在处理安全漏洞时,第一项任务是确定错误的严重程度以及受影响的 Android 组件。严重程度决定问题的优先级,受影响的组件决定由谁来修复错误、谁将会收到通知以及如何将修复程序提供给用户。</p>
+
+<h3 id="process_types">进程类型</h3>
+<p>下表涵盖了各类进程的定义。进程类型可以按应用或进程的类型来定义,也可以按进程的运行区域来定义。下表按照权限从小到大的顺序排列。</p>
+<table>
+ <tbody><tr>
+ <th>进程类型</th>
+ <th>类型定义</th>
+ </tr>
+ <tr>
+ <td>受限进程</td>
+ <td>在高度受限的 SELinux 域中运行的进程。<br />或<br />受限程度远远超过普通应用的进程。</td>
+ </tr>
+ <tr>
+ <td>非特权进程</td>
+ <td>第三方应用或进程。<br />或<br />在 SELinux <code>untrusted_app</code> 域中运行的应用或进程。</td>
+ </tr>
+ <tr>
+ <td>特权进程</td>
+ <td>功能受 SELinux <code>untrusted_app</code> 域限制的应用或进程。<br />或<br />拥有第三方应用无法获得的重要权限的应用或进程。</td>
+ </tr>
+ <tr>
+ <td>内核</td>
+ <td>属于内核一部分的功能,或在与内核相同的 CPU 环境中运行的功能(例如,设备驱动程序)。</td>
+ </tr>
+ <tr>
+ <td>可信执行环境 (TEE)</td>
+ <td>一种受保护的组件,甚至可以抵御恶意内核的攻击。</td>
+ </tr>
+</tbody></table>
+
+<h3 id="severity">严重程度</h3>
+
+<p>错误的严重程度通常能够反映错误被成功利用后可能造成的潜在危害。可以按照以下条件判断严重程度:</p>
+<table>
+ <tbody><tr>
+ <th>分级</th>
+ <th>被成功利用的后果</th>
+ </tr>
+ <tr>
+ <td><strong>严重</strong></td>
+ <td>
+ <ul>
+ <li>攻击者可以在特权进程中远程执行任意代码</li><li>设备永久损坏(只有重新刷写整个操作系统才能修复设备)</li><li>攻击者可以在未经授权的情况下访问受 TEE 保护的数据</li><li>设备遭到远程发起的永久性拒绝服务攻击(设备无法再使用:完全永久性损坏,或需要重新刷写整个操作系统)</li></ul>
+ </td>
+ </tr>
+ <tr>
+ <td><strong>高</strong></td>
+ <td>
+ <ul>
+ <li>攻击者可以在非特权进程中远程执行任意代码</li><li>攻击者可以远程访问受保护的数据(通常仅限本地安装的应用在请求并获得权限后才可以访问的数据,或仅限特权进程访问的数据)</li><li>攻击者可以远程绕过用户互动要求(攻击者能够访问通常需要由用户发起的功能或需要获得用户许可后方可使用的功能)</li><li>攻击者可以从本地在特权进程中执行任意代码</li><li>设备遭到从本地发起的永久性拒绝服务攻击(设备无法再使用:完全永久性损坏,或需要重新刷写整个操作系统)</li><li>攻击者可以全面深入地绕过内核级防护功能,或利用缓解技术存在的漏洞</li><li>设备遭到远程发起的设备暂时性拒绝服务攻击(远程挂起或重新启动设备)</li><li>攻击者可以从本地绕过针对任何开发者或针对任何安全设置修改的用户互动要求</li><li>攻击者可以全面绕过将应用数据与其他应用隔离开来的操作系统保护功能</li><li>攻击者可以绕过锁定屏幕</li></ul>
+ </td>
+ </tr>
+ <tr>
+ <td><strong>中</strong></td>
+ <td>
+ <ul>
+ <li>攻击者可以在受限进程中远程执行任意代码</li><li>攻击者可以从本地绕过用户互动要求(攻击者能够访问通常需要由用户发起的功能或需要获得用户许可后方可使用的功能)</li><li>设备遭到从本地发起的暂时性拒绝服务攻击(设备需要恢复出厂设置)</li><li>攻击者可以全面深入地绕过用户级防护功能,或在特权进程中利用缓解技术存在的漏洞</li><li>攻击者可以远程访问不受保护的数据(通常可供本地安装的所有应用访问的数据)</li><li>攻击者可以绕过设备保护功能/恢复出厂设置保护功能</li></ul>
+ </td>
+ </tr>
+ <tr>
+ <td><strong>低</strong></td>
+ <td>
+ <ul>
+ <li>攻击者可以全面深入地绕过用户级防护功能,或在非特权进程中利用缓解技术存在的漏洞</li><li>设备遭到从本地发起的暂时性拒绝服务攻击(可通过以下方法解决:使设备启动到安全模式并移除存在问题的应用;或者如果设备不支持安全模式,则将设备恢复出厂设置)</li></ul>
+ </td>
+ </tr>
+</tbody></table>
+
+<h4 id="local_vs_remote">本地和远程</h4>
+
+<p>远程攻击向量指攻击者可以在不安装应用或不实际接触设备的情况下利用的错误。这包括因浏览网页、阅读电子邮件、接收短信或连接到恶意网络而触发的错误。为了进行严重程度分级,Android 安全团队还会将“邻近”攻击向量视为远程攻击向量。这包括只能被实际接近目标设备的攻击者利用的错误,例如需要发送格式错误的 WLAN 数据包或蓝牙数据包的错误。</p>
+
+<p>本地攻击需要受害者安装应用才能得逞。为了进行严重程度分级,Android 安全团队还会将现实攻击向量视为本地攻击。这包括只能被实际接触到设备的攻击者利用的错误,例如锁定屏幕中的错误,或需要插入 USB 数据线的错误。Android 安全团队还会将基于 NFC 的攻击视为本地攻击。</p>
+
+<h3 id="rating_modifiers">分级调节方式</h3>
+<p>虽然通常可以轻松确定安全漏洞的严重程度,但分级可能会因具体情况而异。</p>
+<table>
+ <tbody><tr>
+ <th>原因</th>
+ <th>影响</th>
+ </tr>
+ <tr>
+ <td>需要作为特权进程运行才能执行攻击</td>
+ <td>严重程度降低 1 级</td>
+ </tr>
+ <tr>
+ <td>漏洞特有的详细信息会限制相应问题造成的影响</td>
+ <td>严重程度降低 1 级</td>
+ </tr>
+</tbody></table>
+
+<h3 id="affected_component">受影响的组件</h3>
+
+<p>开发团队负责根据错误所在的组件来修复错误。该组件可能是 Android 平台的核心组件、原始设备制造商 (OEM) 提供的内核驱动程序,或 Nexus 设备上某个预先加载的应用。</p>
+
+<p>AOSP 代码中的错误由 Android 工程团队负责修复。严重程度为“低”的错误、特定组件内的错误或者已经是众所周知的错误可以直接在已公开发布的 AOSP master 分支中进行修复;除此之外的其他错误都会先在我们的内部代码库中进行修复。</p>
+
+<p>组件也是会影响用户如何获取更新的一种因素。如果是框架或内核存在的错误,用户将需要使用无线下载 (OTA) 的固件更新,每个原始设备制造商 (OEM) 都需要推送此类更新。如果是 Google Play 中发布的应用或库(例如,Lollipop 及更高版本中的 Gmail、Google Play 服务、WebView)存在的错误,可以通过 Google Play 向 Android 用户发送更新。</p>
+
+<h2 id="notifying_partners">通知合作伙伴</h2>
+
+<p>当 AOSP 内严重程度为“中”或更高的安全漏洞得到修复后,我们会将问题详细信息通知 Android 合作伙伴,并至少提供针对 3 种最新 Android 版本的补丁程序。Android 安全团队目前提供针对 Android 4.4 版 (KitKat)、5.0 版 (Lollipop)、5.1 版 (Lollipop MR1) 以及 6.0 版 (Marshmallow) 的补丁程序。具体会针对哪些最新版本提供补丁程序会随着每个新 Android 版本的发布而发生变化。</p>
+
+<h2 id="releasing_code_to_aosp">向 AOSP 发布代码</h2>
+
+<p>如果安全错误发生在 AOSP 组件内,我们会先向用户发布 OTA 更新,然后再将修复程序推送到 AOSP。如果问题的严重程度为“低”,我们可能会先直接将修复程序提交到 AOSP master 分支,然后再发布修复程序。</p>
+
+<h2 id="android_updates">接收 Android 更新</h2>
+
+<p>对 Android 系统的更新一般会通过 OTA 更新文件包提供给设备。这些更新可能来自生产相应设备的原始设备制造商 (OEM),也可能来自向相应设备提供服务的运营商。Google Nexus 设备更新由 Google Nexus 团队在相应更新通过运营商技术验收 (TA) 测试程序之后予以提供。Google 还会发布可以旁加载到设备的 <a href="https://developers.google.com/android/nexus/images">Nexus 出厂映像</a>。</p>
+
+<h2 id="updating_google_services">更新 Google 服务</h2>
+
+<p>除了针对安全错误提供补丁程序之外,Android 安全团队还会审核安全错误,以确定是否有其他方式来保护用户。例如,Google Play 会扫描所有应用并移除任何试图利用安全错误的应用。对于通过 Google Play 之外的途径安装的应用,带有 Google Play 服务的设备可能还会使用<a href="https://support.google.com/accounts/answer/2812853">验证应用</a>功能来警告用户注意可能有害的应用。</p>
+
+<h2 id="other_resources">其他资源</h2>
+
+<p>面向 Android 应用开发者的信息:<a href="https://developer.android.com">https://developer.android.com</a></p>
+
+<p>您可以从各个 Android 开放源代码和开发者网站上找到安全信息。建议您先查看以下网址中提供的安全信息:<br />
+<a href="/security/index.html">https://source.android.com/security/index.html</a><br />
+<a href="https://developer.android.com/training/articles/security-tips.html">https://developer.android.com/training/articles/security-tips.html</a></p>
+
+<h3 id="reports">报告</h3>
+<p>Android 安全团队有时会发布报告或白皮书。以下是一些最新发布的内容。</p>
+<ul>
+ <li><a href="/security/reports/Google_Android_Security_2016_Report_Final.pdf">Android 安全性 2016 年年度回顾报告</a></li>
+ <li><a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf">Android 安全性 2015 年年度回顾报告</a></li>
+ <li><a href="/security/reports/Google_Android_Security_2014_Report_Final.pdf">Android 安全性 2014 年年度回顾报告</a></li>
+ <li><a href="/security/reports/Android_WhitePaper_Final_02092016.pdf">Android 安全性白皮书</a></li>
+ <li><a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">潜在有害应用分类</a></li>
+</ul>
+
+<h3 id="slides">演示文稿</h3>
+<p>Android 安全团队会开展各种会议和对话活动。以下是他们使用的一些幻灯片:</p>
+<ul>
+ <li><a href="/security/reports/Android-Bootcamp-2016-Verified-Boot-and-Encryption.pdf">验证启动和加密</a></li>
+ <li><a href="/security/reports/Android-Bootcamp-2016-SafetyNet.pdf">SafetyNet</a></li>
+ <li><a href="/security/reports/Android-Bootcamp-2016-New-App-Lifecycle-for-Encryption.pdf">新应用加密生命周期</a></li>
+ <li><a href="/security/reports/Android-Bootcamp-2016-Keeping-Google-Play-safe.pdf">维护 Google Play 的安全</a></li>
+ <li><a href="/security/reports/Android-Bootcamp-2016-Defense-in-depth-efforts.pdf">深度防御措施</a></li>
+ <li><a href="/security/reports/Android-Bootcamp-2016-Android-Keystore-Attestation.pdf">Keystore 认证</a></li>
+ <li><a href="/security/reports/Android-Bootcamp-2016-Android-Attack-Team.pdf">Android 防攻击团队</a></li>
+</ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/selinux/concepts.html b/zh-cn/security/selinux/concepts.html
new file mode 100644
index 0000000..3eaf564
--- /dev/null
+++ b/zh-cn/security/selinux/concepts.html
@@ -0,0 +1,106 @@
+<html devsite><head>
+ <title>SELinux 概念</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>请查看此页中的内容,熟悉 SELinux 中使用的概念。</p>
+
+<h2 id="mandatory_access_control">强制访问控制</h2>
+
+<p>安全增强型 Linux (SELinux) 是适用于 Linux 操作系统的强制访问控制 (MAC) 系统。作为 MAC 系统,它与 Linux 中用户非常熟悉的自主访问控制 (DAC) 系统不同。在 DAC 系统中,存在所有权的概念,即特定资源的所有者可以控制与相应资源关联的访问权限。这种系统通常比较粗放,并且容易出现无意中提权的问题。MAC 系统则会在决定是否允许每次访问尝试时都咨询核心机构。</p>
+
+<p>SELinux 已作为 Linux 安全模块 (LSM) 框架的一部分实现,该框架可识别各种内核对象以及对这些对象执行的敏感操作。其中每项操作要执行时,系统都会调用 LSM 钩子函数,以便根据不透明安全对象中存储的关于相应操作的信息来确定是否应允许执行相应操作。SELinux 针对这些钩子以及这些安全对象的管理提供了相应的实现,该实现可结合自己的政策来决定是否允许相应访问。</p>
+
+<p>通过结合使用其他 Android 安全措施,Android 的访问控制政策能够大大降低遭到入侵的计算机和帐号可能蒙受的损失。Android 的自主访问控制和强制访问控制等工具可为您提供一种结构,确保您的软件仅以最低权限级别运行。这样可降低攻击造成的影响,并降低错误进程重写数据甚至是传输数据的可能性。</p>
+
+<p>从 Android 4.3 起,SELinux 开始为传统的自主访问控制 (DAC) 环境提供强制访问控制 (MAC) 保护功能。例如,软件通常情况下必须以 Root 用户帐号的身份运行,才能向原始块设备写入数据。在基于 DAC 的传统 Linux 环境中,如果 Root 用户遭到入侵,攻击者便可以利用该用户身份向每个原始块设备写入数据。不过,可以使用 SELinux 为这些设备添加标签,以便被分配了 Root 权限的进程只能向相关政策中指定的设备写入数据。这样一来,该进程便无法重写特定原始块设备之外的数据和系统设置。</p>
+
+<p>如需更多威胁示例以及使用 SELinux 解决威胁的方法,请参阅<a href="implement.html#use_cases">用例</a>。</p>
+
+<h2 id="enforcement_levels">强制执行级别</h2>
+
+<p>请熟悉以下术语,了解如何按不同的强制执行级别实现 SELinux。</p>
+
+<ul>
+ <li><em></em>宽容模式 - 仅记录但不强制执行 SELinux 安全政策。
+ </li><li><em></em>强制模式 - 强制执行并记录安全政策。如果失败,则显示为 EPERM 错误。
+</li></ul>
+
+<p>在选择强制执行级别时只能二择其一,您的选择将决定您的政策是采取操作,还是仅允许您收集潜在的失败事件。宽容模式在实现过程中尤其有用。</p>
+
+<ul>
+ <li><em></em>不受限 - 一种非常宽松的政策,会在开发过程中禁止执行某些任务并提供暂时的权宜之计。不应对 Android 开放源代码项目 (AOSP) 之外的任何内容使用这种政策。
+ </li><li><em></em>受限 - 针对相应服务编写的自定义政策。这种政策应精确定义允许的事项。
+</li></ul>
+
+<p>不受限政策可用于协助在 Android 中快速实现 SELinux。这种政策适用于大多数 Root 级应用。但应尽可能逐渐将这种政策转换为受限政策,以精确限制每个应用只能使用所需的资源。</p>
+
+<p>您的政策最好是处于强制模式的受限政策。处于强制模式的不受限政策可以掩盖采用受限政策时在宽容模式下会记录的可能违规行为。因此,我们强烈建议设备实现人员实现真正的受限政策。</p>
+
+<h2 id="labels_rules_and_domains">标签、规则和域</h2>
+
+<p><em></em>SELinux 依靠标签来匹配操作和政策。标签用于决定允许的事项。套接字、文件和进程在 SELinux 中都有标签。SELinux 决定基本上是根据为这些对象分配的标签以及定义这些对象可以如何交互的政策做出的。在 SELinux 中,标签采用以下形式:user:role:type:mls_level,其中 type 是访问决定的主要组成部分,可通过构成标签的其他组成部分进行修改。对象会映射到类,对每个类的不同访问类型由权限表示。</p>
+
+<p>政策规则采用以下形式:allow domains types:classes permissions;,其中:<em></em><em></em><em></em><em></em></p>
+
+<ul>
+ <li>Domain<em></em> - 一个进程或一组进程的标签。也称为域类型,因为它只是指进程的类型。
+ </li><li><em></em>Type - 一个对象(例如,文件、套接字)或一组对象的标签。
+ </li><li><em></em>Class - 要访问的对象(例如,文件、套接字)的类型。
+ </li><li><em></em>Permission - 要执行的操作(例如,读取、写入)。
+</li></ul>
+
+<p>使用政策规则时将遵循的结构示例:</p>
+<code>allow appdomain app_data_file:file rw_file_perms;</code>
+
+<p>这表示所有应用域都可以读取和写入带有 app_data_file 标签的文件。请注意,该规则依赖于在 global_macros 文件中定义的宏,您还可以在 te_macros 文件中找到一些其他非常实用的宏。这两个文件均位于 AOSP 源代码树的 <a href="https://android.googlesource.com/platform/system/sepolicy/">system/sepolicy</a> 目录中,其中提供了一些适用于常见的类、权限和规则分组的宏。应尽可能使用这些宏,以便降低因相关权限被拒而导致失败的可能性。</p>
+
+<p><em></em>除了在规则中逐个列出域或类型之外,还可以通过属性引用一组域或类型。简单来说,属性是一组域或类型的名称。每个域或类型都可以与任意数量的属性相关联。当编写的规则指定了某个属性名称时,该名称会自动扩展为列出与该属性关联的所有域或类型。<em></em><em></em>例如,domain 属性与所有进程域相关联,file_type 属性与所有文件类型相关联。</p>
+
+<p>使用上述语法可以创建构成 SELinux 政策基本内容的 avc 规则。规则采用以下形式:</p><pre>
+<rule variant> <source_types> <target_types> : <classes> <permissions>
+</pre>
+
+<p><em></em><em></em><em></em><em></em>该规则指明了,当带有任何 source_types 标签的主体尝试对某个对象执行与任何 permissions 对应的操作时,如果该对象包含带有任何 target_types 标签的任何 classes 类,会发生什么情况。这些规则的一个最常见示例是 allow 规则,例如:</p>
+
+<pre>
+allow domain null_device:chr_file { open };
+</pre>
+
+<p><em></em><em></em><em></em><em></em>该规则允许具有与“domain”属性关联的任何域的进程对 target_type 标签为“null_device”的“chr_file”类(字符设备文件)的对象执行“open”权限所描述的操作。在实际中,该规则可能会扩展为包含其他权限:</p>
+
+<pre>
+allow domain null_device:chr_file { getattr open read ioctl lock append write};
+</pre>
+
+<p>当了解到“domain”是分配给所有进程域的属性,并且 null_device 是字符设备 /dev/null 的标签时,该规则基本上会允许对 <code>/dev/null</code> 进行读写操作。</p>
+
+<p><em></em>一个 domain 通常对应一个进程,而且具有与其关联的标签。</p>
+
+<p>例如,典型的 Android 应用会在自己的进程中运行,并且具有授予其特定受限权限的 untrusted_app 标签。</p>
+
+<p>系统中内置的平台应用会以单独的标签运行,并会被授予一组不同的权限。作为核心 Android 系统的一部分,系统 UID 应用以表示另一组权限的 system_app 标签运行。</p>
+
+<p>在任何情况下,都不应直接允许域访问以下通用标签;而应为一个或多个对象创建一个更具体的类型:</p>
+
+<ul>
+ <li>socket_device</li><li>device</li><li>block_device</li><li>default_service</li><li>system_data_file</li><li>tmpfs</li></ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/selinux/customize.html b/zh-cn/security/selinux/customize.html
new file mode 100644
index 0000000..2b96e18
--- /dev/null
+++ b/zh-cn/security/selinux/customize.html
@@ -0,0 +1,247 @@
+<html devsite><head>
+ <title>自定义 SELinux</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>集成这一基本级别的功能并全面分析结果后,您可以添加自己的政策设置,以便涵盖自己对 Android 操作系统进行的自定义。当然,这些政策仍必须要满足 <a href="/compatibility/index.html">Android 兼容性计划</a>的要求,并且不会移除默认的 SELinux 设置。</p>
+
+<p>制造商不得移除现有的安全设置,否则可能会破坏 Android SELinux 实现及其管控的应用。这包括可能需要进行改进以符合政策并正常运行的第三方应用。应用必须无需进行任何修改即可继续在启用了 SELinux 的设备上正常运行。</p>
+
+<p>当开始着手自定义 SELinux 时,制造商应记得做以下事情:</p>
+
+<ul>
+ <li>为所有新的守护进程编写 SELinux 政策</li><li>尽可能使用预定义的域</li><li>为作为 <code>init</code> 服务衍生的所有进程分配域</li><li>在编写政策之前先熟悉相关的宏</li><li>向 AOSP 提交对核心政策进行的更改</li></ul>
+
+<p>不要做以下事情:</p>
+
+<ul>
+ <li>创建不兼容的政策</li><li>允许对最终用户政策进行自定义</li><li>允许对 MDM 政策进行自定义</li><li>恐吓违反政策的用户</li><li>添加后门程序</li></ul>
+
+<p><em></em>如需查看具体要求,请参阅 <a href="/compatibility/android-cdd.pdf">Android 兼容性定义文档</a>中的“内核安全功能”部分。</p>
+
+<p>SELinux 采用白名单方法,这意味着只能授予政策中明确允许的访问权限。由于 Android 的默认 SELinux 政策已经支持 Android 开放源代码项目,因此原始设备制造商 (OEM) 无需以任何方式修改 SELinux 设置。如果他们要自定义 SELinux 设置,则应格外谨慎,以免破坏现有应用。以下是我们建议的做法:</p>
+
+<ol>
+ <li>使用<a href="https://android.googlesource.com/kernel/common/">最新的 Android 内核</a>。
+ </li><li>采用<a href="http://en.wikipedia.org/wiki/Principle_of_least_privilege">最小权限原则</a>。
+ </li><li>仅针对您向 Android 添加的内容调整 SELinux 政策。默认政策能够自动适用于 <a href="https://android.googlesource.com/">Android 开放源代码项目</a>代码库。
+ </li><li>将各个软件组件拆分成多个负责执行单项任务的模块。
+ </li><li>创建用于将这些任务与无关功能隔离开来的 SELinux 政策。
+ </li><li>将这些政策放在 <code>/device/manufacturer/device-name/sepolicy</code> 目录中的 *.te 文件(te 是 SELinux 政策源代码文件使用的扩展名)内,然后使用 <code>BOARD_SEPOLICY</code> 变量将它们纳入到您的版本中。
+ </li><li>先将新域设为宽容域。通过在相应域的 .te 文件中使用宽容声明,可以做到这一点。
+ </li><li>分析结果并优化域定义。
+ </li><li>当 userdebug 版本中不再出现拒绝事件时,移除宽容声明。
+</li></ol>
+
+<p>集成工作完成后,原始设备制造商 (OEM) 的 Android 开发过程还应包含一个确保向前兼容 SELinux 的步骤。在理想的软件开发过程中,仅当软件模型发生变化时,SELinux 政策才需要进行更改,而当实际实现发生变化时,SELinux 政策将不需要进行更改。</p>
+
+<p>当设备制造商开始自定义 SELinux 时,他们应首先审核自己向 Android 添加的内容。如果他们添加了执行新功能的组件,在开启强制模式之前,他们需要先确认该组件是否符合 Android 采用的安全政策,以及原始设备制造商 (OEM) 制定的所有相关政策。</p>
+
+<p>为了防止出现不必要的问题,过度宽泛和过度兼容要好于过度限制和不兼容,后者会导致设备功能损坏。不过,如果制造商进行的更改能够惠及其他人,则应将这些更改作为<a href="/source/submit-patches.html">补丁程序</a>提供给默认 SELinux 政策。如果相应补丁程序已应用于默认安全政策,制造商将不再需要针对每个新的 Android 版本进行此项更改。</p>
+
+<h2 id="example_policy_statements">政策声明示例</h2>
+
+<p>首先请注意,SELinux 基于 <a href="https://www.gnu.org/software/m4/manual/index.html">M4</a> 计算机语言,因此支持多种有助于节省时间的宏。</p>
+
+<p>在以下示例中,所有域都被授予从 <code>/dev/null</code> 读取数据或向其写入数据的权限以及从 <code>/dev/zero</code> 读取数据的权限。</p>
+
+<pre>
+# Allow read / write access to /dev/null
+allow domain null_device:chr_file { getattr open read ioctl lock append write};
+
+# Allow read-only access to /dev/zero
+allow domain zero_device:chr_file { getattr open read ioctl lock };
+</pre>
+
+<p>可以使用 SELinux <code>*_file_perms</code> 宏编写相同的声明(代码非常简短):</p>
+
+<pre>
+# Allow read / write access to /dev/null
+allow domain null_device:chr_file rw_file_perms;
+
+# Allow read-only access to /dev/zero
+allow domain zero_device:chr_file r_file_perms;
+</pre>
+
+<h2 id="example_policy">政策示例</h2>
+
+<p>以下是一个完整的 DHCP 政策示例,我们将在下文中对其进行分析:</p>
+
+<pre>
+type dhcp, domain;
+permissive dhcp;
+type dhcp_exec, exec_type, file_type;
+type dhcp_data_file, file_type, data_file_type;
+
+init_daemon_domain(dhcp)
+net_domain(dhcp)
+
+allow dhcp self:capability { setgid setuid net_admin net_raw net_bind_service
+};
+allow dhcp self:packet_socket create_socket_perms;
+allow dhcp self:netlink_route_socket { create_socket_perms nlmsg_write };
+allow dhcp shell_exec:file rx_file_perms;
+allow dhcp system_file:file rx_file_perms;
+# For /proc/sys/net/ipv4/conf/*/promote_secondaries
+allow dhcp proc_net:file write;
+allow dhcp system_prop:property_service set ;
+unix_socket_connect(dhcp, property, init)
+
+type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
+allow dhcp dhcp_data_file:dir create_dir_perms;
+allow dhcp dhcp_data_file:file create_file_perms;
+
+allow dhcp netd:fd use;
+allow dhcp netd:fifo_file rw_file_perms;
+allow dhcp netd:{ dgram_socket_class_set unix_stream_socket } { read write };
+allow dhcp netd:{ netlink_kobject_uevent_socket netlink_route_socket
+netlink_nflog_socket } { read write };
+</pre>
+
+<p>下面我们来分析一下该示例:</p>
+
+<p>在第一行(即类型声明)中,该政策声明 DHCP 守护进程将沿用基本的安全政策 (<code>domain</code>)。从前面的声明示例中,我们知道 DHCP 可以从 <code>/dev/null.</code> 读取数据以及向其写入数据。</p>
+
+<p>在第二行中,DHCP 被声明为宽容域。</p>
+
+<p>在 <code>init_daemon_domain(dhcp)</code> 这一行中,该政策声明 DHCP 是从 <code>init</code> 衍生而来的,并且可以与其进行通信。</p>
+
+<p>在 <code>net_domain(dhcp)</code> 这一行中,该政策允许 DHCP 使用 <code>net</code> 域中的常用网络功能,例如读取和写入 TCP 数据包、通过套接字进行通信,以及执行 DNS 请求。</p>
+
+<p>在 <code>allow dhcp proc_net:file write;</code> 这一行中,该政策声明 DHCP 可以向 <code>/proc</code> 中的特定文件写入数据。这一行显示了 SELinux 的详细文件标签。它使用 <code>proc_net</code> 标签来限定 DHCP 仅对 <code>/proc/sys/net</code> 中的文件具有写入权限。</p>
+
+<p>该示例的最后一部分以 <code>allow dhcp netd:fd use;</code> 开头,描述了允许应用之间如何进行交互。该政策声明 DHCP 和 netd 之间可通过文件描述符、FIFO 文件、数据报套接字以及 UNIX 信息流套接字进行通信。DHCP 只能从数据报套接字和 UNIX 信息流套接字中读取数据以及向它们写入数据,但不能创建或打开此类套接字。</p>
+
+<h2 id="available_controls">可用控件</h2>
+
+<table>
+ <tbody><tr>
+ <td>
+<p><strong>类</strong></p>
+</td>
+ <td>
+<p><strong>权限</strong></p>
+</td>
+ </tr>
+ <tr>
+ <td>
+<p>文件</p>
+</td>
+ <td>
+<pre>
+
+ioctl read write create getattr setattr lock relabelfrom relabelto append
+unlink link rename execute swapon quotaon mounton</pre>
+</td>
+ </tr>
+ <tr>
+ <td>
+<p>目录</p>
+</td>
+ <td>
+<pre>
+
+add_name remove_name reparent search rmdir open audit_access execmod</pre>
+</td>
+ </tr>
+ <tr>
+ <td>
+<p>套接字</p>
+</td>
+ <td>
+<pre>
+
+ioctl read write create getattr setattr lock relabelfrom relabelto append bind
+connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg
+name_bind</pre>
+</td>
+ </tr>
+ <tr>
+ <td>
+<p>文件系统</p>
+</td>
+ <td>
+<pre>
+
+mount remount unmount getattr relabelfrom relabelto transition associate
+quotamod quotaget</pre>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<p>进程</p>
+ </td>
+ <td>
+<pre>
+
+fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched
+getsession getpgid setpgid getcap setcap share getattr setexec setfscreate
+noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem
+execstack execheap setkeycreate setsockcreate</pre>
+</td>
+ </tr>
+ <tr>
+ <td>
+<p>安全</p>
+</td>
+ <td>
+<pre>
+
+compute_av compute_create compute_member check_context load_policy
+compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot
+read_policy</pre>
+</td>
+ </tr>
+ <tr>
+ <td>
+<p>功能</p>
+</td>
+ <td>
+<pre>
+
+chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap
+linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock
+ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin
+sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write
+audit_control setfcap</pre>
+</td>
+ </tr>
+ <tr>
+ <td>
+<p><strong>更多</strong></p>
+</td>
+ <td>
+<p><strong>还有更多</strong></p>
+</td>
+ </tr>
+</tbody></table>
+
+<h2 id="neverallow">neverallow 规则</h2>
+
+<p>SELinux <code>neverallow</code> 规则用于禁止在任何情况下都不应该发生的行为。通过<a href="/compatibility/index.html">兼容性</a>测试,现在各种合作伙伴设备上都会强制执行 SELinux <code>neverallow</code> 规则。</p>
+
+<p>以下准则旨在协助制造商在自定义过程中避免与 <code>neverallow</code> 规则相关的错误。此处使用的规则编号与 Android 5.1 中使用的编号一致,并且会因版本而异。</p>
+
+<p>规则 48:<code>neverallow { domain -debuggerd -vold -dumpstate
+-system_server } self:capability sys_ptrace;</code><br />请参阅 <code>ptrace</code> 的帮助页面。<code>sys_ptrace</code> 功能用于授予对任何进程执行 <code>ptrace</code> 命令的权限。拥有该权限后,可以对其他进程进行广泛的控制。应该只有该规则中列出的指定系统组件享有该权限。如果需要该功能,则通常表明存在的某些内容不适用于面向用户的版本或存在不需要的功能。请移除不必要的组件。</p>
+
+<p>规则 76:<code>neverallow { domain -appdomain -dumpstate -shell -system_server -zygote } { file_type -system_file -exec_type }:file execute;</code><br />该规则旨在防止执行系统中的任意代码。具体来说就是,该规则声明仅执行 <code>/system</code> 中的代码,以便通过验证启动等机制实现安全保证。通常情况下,当遇到与这个 <code>neverallow</code> 规则相关的问题时,最好的解决办法是将违规代码移到 <code>/system</code> 分区。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/selinux/device-policy.html b/zh-cn/security/selinux/device-policy.html
new file mode 100644
index 0000000..9f2708d
--- /dev/null
+++ b/zh-cn/security/selinux/device-policy.html
@@ -0,0 +1,193 @@
+<html devsite><head>
+ <title>编写 SELinux 政策</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 开放源代码项目 (AOSP) 针对所有 Android 设备中常用的应用和服务提供了一个可靠实用的基本政策。AOSP 的贡献者会定期完善该政策。该核心政策应占设备上最终政策的 90-95%,而剩下的 5-10% 则为设备专用自定义政策。本文重点介绍了这些设备专用自定义政策、如何编写设备专用政策,以及在编写此类政策时要避免的一些陷阱。</p>
+
+<h2 id="device_bringup">设备启动</h2>
+
+<p>在编写设备专用政策时,请按顺序执行以下步骤。</p>
+
+<h3 id="run_in_permissive_mode">在宽容模式下运行</h3>
+
+<p>当设备处于<a href="index.html#background">宽容模式</a>时,拒绝事件会被记录下来,但不会被强制执行。宽容模式非常重要,原因有以下两个:</p>
+
+<ol>
+ <li>宽容模式可确保政策启用不会延误其他早期设备启动任务。
+ </li><li>被强制执行的拒绝事件可能会掩盖其他拒绝事件。例如,文件访问通常会涉及目录搜索、文件打开和文件读取操作。在强制模式下,只会发生目录搜索拒绝事件。宽容模式可确保所有拒绝事件都会显示出来。
+</li></ol>
+
+<p>要使设备进入宽容模式,最简单的方法是通过<a href="validate.html#switching_to_permissive">内核命令行</a>来实现。相应命令可以添加到设备的 BoardConfig.mk 文件中:<code>platform/device/<vendor>/<target>/BoardConfig.mk</code>。修改命令行之后,执行 <code>make clean</code>,接着执行 <code>make bootimage</code>,然后刷写新的启动映像。</p>
+
+<p>在此之后,通过以下命令确认宽容模式:</p>
+
+<p><code>adb getenforce</code></p>
+
+<p>将处于全局宽容模式的时间设为两周比较合理。在解决大多数拒绝事件之后,返回到强制模式,并在出现错误时加以解决。对于仍然不断出现拒绝事件的域或仍处于密集开发阶段的服务,可以暂时使其进入宽容模式,但要尽快使其返回到强制模式。</p>
+
+<h3 id="enforce_early">提早采用强制模式</h3>
+
+<p>在强制模式下,拒绝事件会被记录下来,并且会被强制执行。最佳做法是尽早使您的设备进入强制模式。如果花时间等待创建和强制执行设备专用政策,通常会导致有问题的产品和糟糕的用户体验。在实际使用过程中,要提前足够长的时间开始参与 <a href="https://en.wikipedia.org/wiki/Eating_your_own_dog_food">dogfooding</a>,确保对功能进行全面测试。提早开始有助于确保安全问题能够在相关人员做出设计决策时被考虑在内。相反,仅根据观察到的拒绝事件来授予权限是一种不安全的做法。可以利用这段时间对设备进行安全审核,并针对不应被允许的行为提出错误。</p>
+
+<h3 id="remove_or_delete_existing_policy">移除或删除现有政策</h3>
+
+<p>之所以要在新设备上从头开始创建设备专用政策,有很多合理的理由,其中包括:</p>
+
+<ul>
+ <li>安全审核</li><li> <a href="#overuse_of_negation">过度宽容的政策</a>
+ </li><li> <a href="#policy_size_explosion">政策规模缩小</a>
+ </li><li>Dead 政策</li></ul>
+
+<h3 id="address_denials_of_core_services">解决核心服务生成的拒绝事件</h3>
+
+<p>核心服务生成的拒绝事件通常是通过为文件添加标签来解决的。例如:</p>
+
+<pre class="no-pretty-print">
+avc: denied { open } for pid=1003 comm=”mediaserver” path="/dev/kgsl-3d0”
+dev="tmpfs" scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
+tclass=chr_file permissive=1
+avc: denied { read write } for pid=1003 name="kgsl-3d0" dev="tmpfs"
+scontext=u:r:mediaserver:s0
+tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
+</pre>
+
+<p>是完全通过为 <code>/dev/kgsl-3d0</code> 添加适当的标签来解决的。在此示例中,<code>tcontext</code> 是 <code>device</code>。这表示默认环境,在该环境中,<code>/dev</code> 内的所有文件都会获得“<a href="https://android.googlesource.com/platform/external/sepolicy/+/marshmallow-dev/file_contexts#31">device</a>”标签,除非被分配了更具体的标签。直接在此处接受来自 <a href="validate.html#using_audit2allow">audit2allow</a> 的输出会导致不正确且过度宽容的规则。</p>
+
+<p>要解决这种问题,可以为文件添加更具体的标签,在此示例中为 <a href="https://android.googlesource.com/device/lge/hammerhead/+/marshmallow-dev/sepolicy/file_contexts#1">gpu_device</a>。由于 <a href="https://android.googlesource.com/platform/external/sepolicy/+/marshmallow-dev/mediaserver.te#24">mediaserver 在核心政策中已有访问 gpu_device 所需的必要权限</a>,因此不再需要更多权限。</p>
+
+<p>其他需要以核心政策中预定义的类型作为标签的设备专用文件:</p>
+
+<ol>
+ <li> <a href="https://android.googlesource.com/device/lge/hammerhead/+/marshmallow-dev/sepolicy/file_contexts#31">块设备</a>
+ </li><li> <a href="https://android.googlesource.com/device/lge/hammerhead/+/marshmallow-dev/sepolicy/file_contexts#80">音频设备</a>
+ </li><li> <a href="https://android.googlesource.com/device/lge/hammerhead/+/marshmallow-dev/sepolicy/file_contexts#21">视频设备</a>
+ </li><li> <a href="https://android.googlesource.com/device/lge/hammerhead/+/marshmallow-dev/sepolicy/file_contexts#89">传感器</a>
+ </li><li> <a href="https://android.googlesource.com/device/lge/hammerhead/+/marshmallow-dev/sepolicy/file_contexts#8">nfc</a>
+ </li><li>gps_device</li><li> <a href="https://android.googlesource.com/device/lge/hammerhead/+/marshmallow-dev/sepolicy/file_contexts#139">/sys 中的文件</a>
+ </li><li>/proc 中的文件</li></ol>
+
+<p>一般情况下,向默认标签授予权限的做法是错误的。其中许多权限都是 <a href="customize.html#neverallow">neverallow</a> 规则所不允许的,但即使该规则并未明确禁止这些权限,也最好是提供具体标签。</p>
+
+<h3 id="label_new_services_and_address_denials">为新服务添加标签并解决拒绝事件</h3>
+
+<p>通过 init 启动的服务需要在各自的 SELinux 域中运行。以下示例会将服务“foo”放入它自己的 SELinux 域中并为其授予权限。</p>
+
+<p>该服务是在设备的 <code>init.<target>.rc</code> 文件中启动的,如下所示:</p>
+
+<pre class="no-pretty-print">
+service foo /system/bin/foo
+ class core
+</pre>
+
+<ol>
+ <li>创建一个新域“foo”<br />
+
+ <p>创建包含以下内容的文件 <code>device/<oem>/<target>/sepolicy/foo.te</code>:</p>
+
+<pre class="no-pretty-print">
+# foo service
+type foo, domain;
+type foo_exec, exec_type, file_type;
+
+init_daemon_domain(foo)
+</pre>
+
+ <p>这是 foo SELinux 域的初始模板,您可以根据该可执行文件执行的具体操作为该模板添加规则。</p>
+ </li>
+
+ <li>为 <code>/system/bin/foo</code> 添加标签<br />
+
+ <p>将以下内容添加到 <code>device/<oem>/<target>/sepolicy/
+ file_contexts</code>:</p>
+
+<pre class="no-pretty-print">
+/system/bin/foo u:object_r:foo_exec:s0
+</pre>
+
+ <p>这可确保为该可执行文件添加适当的标签,以便 SELinux 在适当的域中运行相应服务。</p>
+ </li>
+
+ <li>编译并刷写启动映像和系统映像。</li>
+
+ <li>优化相应域的 SELinux 规则。<br />
+
+ <p>根据拒绝事件确定所需的权限。<a href="validate.html#using_audit2allow">audit2allow</a> 工具提供了一些实用的指南,但该工具仅适用于提供编写政策时所需的信息。切勿只是复制输出内容。</p>
+ </li>
+</ol>
+
+<h3 id="enforcing_mode">切换回强制模式</h3>
+
+<p>可以在宽容模式下进行问题排查,但要尽早切换回强制模式,并尽量保持该模式。</p>
+
+<h2 id="common_mistakes">常见错误</h2>
+
+<p>下面介绍了在编写设备专用政策时发生的常见错误的一些解决方法。</p>
+
+<h3 id="overuse_of_negation">过度使用否定</h3>
+
+<p>以下示例规则类似于锁着前门,但开着窗户:</p>
+
+<p><code>allow { domain -untrusted_app } scary_debug_device:chr_file rw_file_perms</code>。</p>
+
+<p>该规则的意图很明确:除了第三方应用之外,其他所有应用都可以访问调试设备。</p>
+
+<p>该规则存在几个方面的缺陷。排除 <code>untrusted_app</code> 能起到的效果微不足道,因为所有应用都可以选择在 <code>isolated_app</code> 域中运行服务。同样,如果第三方应用的新域被添加到了 AOSP,它们也可以访问 <code>scary_debug_device</code>。该规则过于宽容。对于大多数域来说,能够访问该调试工具并不能使它们获益。该规则应编写为仅允许需要访问该调试工具的域。</p>
+
+<h3 id="debugging_features_in_production">正式版中的调试功能</h3>
+
+<p>调试功能及其政策不应存在于正式版中。</p>
+
+<p>最简单的替代方案是,仅当 eng/userdebug 版本中停用了 SELinux 时,才允许使用调试功能,例如 <code>adb root</code> 和 <code>adb setenforce 0</code>。</p>
+
+<p>另一种安全的替代方案是在 <a href="https://android.googlesource.com/device/lge/hammerhead/+/marshmallow-dev/sepolicy/platform_app.te#3">userdebug_or_eng</a> 声明中包含调试权限。</p>
+
+<h3 id="policy_size_explosion">政策规模扩张</h3>
+
+<p><a href="http://arxiv.org/abs/1510.05497">在 Wild 中描述 SEAndroid 政策</a>中介绍了一个令人关注的设备政策自定义发展趋势。设备专用政策应占设备上运行的总体政策的 5-10%。如果自定义政策所占的比例超过 20%,则几乎肯定会包含超特权域和 Dead 政策。</p>
+
+<p>过大的政策:</p>
+
+<ul>
+ <li>由于此类政策位于 ramdisk 中,并且还会加载到内核内存中,因此会占据两倍的内存。
+ </li><li>需要较大的启动映像,浪费磁盘空间。
+ </li><li>影响运行时政策查询次数。
+</li></ul>
+
+<p>以下示例显示了制造商专用政策分别占设备上政策 50% 和 40% 的两种设备。重写政策大幅提高了安全性,而且功能方面没有任何损失,如下所示。(AOSP 设备 Shamu 和 Flounder 也包含在了该示例中,以便进行比较。)</p>
+
+<p><img alt="图 1:安全审核后的设备专用政策规模对比。" src="images/selinux_device_policy_reduction.png"/></p>
+<p class="img-caption"><strong>图 1</strong>. 安全审核后的设备专用政策规模对比。</p>
+
+<p>在两种设备中,政策的规模和权限数量都大大减小了。政策规模的减小几乎完全是因为移除了不必要的权限,其中许多权限可能是由 audit2allow 生成且被随意添加到政策中的规则。对于这两种设备来说,Dead 域也是一个问题。</p>
+
+<h3 id="granting_the_dac_override_capability">授予 dac_override 权限</h3>
+
+<p><code> dac_override</code> 拒绝事件意味着违规进程正在尝试使用错误的 unix user/group/world 权限访问某个文件。正确的解决方案几乎从不授予 <code>dac_override</code> 权限,而是<a href="https://android-review.googlesource.com/#/c/174530/5/update_engine.te@11">更改相应文件或进程的 unix 权限</a>。有些域(例如 init、vold 和 installd)确实需要能够替换 unix 文件权限才能访问其他进程的文件。要查看更深入的讲解,请访问 <a href="http://danwalsh.livejournal.com/69478.html">Dan Walsh 的博客</a>。</p>
+
+<h2 id="additional_resources">其他资源</h2>
+
+<p>如果要提问或提出代码审核请求,<a href="http://seandroid.bitbucket.org/ForMoreInformation.html">SEAndroid 论坛</a>是一个的绝佳场所。</p>
+
+<p>AOSP 提供了关于 <a href="index.html">Android 上的 SELinux</a> 的简要介绍。</p>
+
+<p>如需更深入的说明,请点击<a href="http://seandroid.bitbucket.org/">此处</a>。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/selinux/implement.html b/zh-cn/security/selinux/implement.html
new file mode 100644
index 0000000..69abd1c
--- /dev/null
+++ b/zh-cn/security/selinux/implement.html
@@ -0,0 +1,129 @@
+<html devsite><head>
+ <title>实现 SELinux</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>SELinux 设为了“默认拒绝”模式,也就是说,对于在内核中存在钩子的每一次访问,都必须获得政策的明确许可。这意味着政策文件中包含规则、类型、类、权限等方面的大量信息。关于 SELinux 的完整注意事项不在本文档的讨论范围之内,现在您必须要了解的是在启动新的 Android 设备时如何编写政策规则。目前有大量关于 SELinux 的信息可供您参考。关于建议的资源,请参阅<a href="/security/selinux#supporting_documentation">支持文档</a>。</p>
+
+<h2 id="summary_of_steps">步骤总结</h2>
+
+<p>下面简要总结了在 Android 设备上实现 SELinux 时需要执行的步骤:</p>
+
+<ol>
+ <li>在内核和配置中添加 SELinux 支持。
+ </li><li>为通过 <code>init</code> 启动的每项服务(进程或守护进程)分配专用的域。
+ </li><li>通过以下方式标识这些服务:<ul>
+ <li>查看 init.<device>.rc 文件并找到所有服务。
+ </li><li>检查 <code>dmesg</code> 输出中以下形式的警告:“init: Warning! Service name needs a SELinux domain defined; please fix!”(init:警告!服务名称需要一个已定义的 SELinux 域;请更正!)。<em></em>
+ </li><li>检查 <code>ps -Z | grep init</code> 输出,看看哪些服务正在 init 域中运行。
+ </li></ul>
+ </li><li>为所有新进程、驱动程序、套接字等添加标签。需要为所有对象添加适当的标签,以确保它们能够与您应用的政策正确交互。请参阅 AOSP 中使用的标签,以便在创建标签名称时参考。
+ </li><li>制定全面涵盖所有标签的安全政策,并将权限限定到其绝对最低级别。
+</li></ol>
+
+<p>原始设备制造商 (OEM) 最好从 AOSP 中的政策入手,然后在这些政策的基础上创建自己的自定义政策。</p>
+
+<h2 id="key_files">关键文件</h2>
+
+<p>SELinux for Android 随附了立即启用 SELinux 所需的一切。您只需集成<a href="https://android.googlesource.com/kernel/common/">最新的 Android 内核</a>,然后整合 <a href="https://android.googlesource.com/platform/system/sepolicy/">system/sepolicy</a> 目录中的文件即可:</p>
+
+<p><a href="https://android.googlesource.com/kernel/common/">https://android.googlesource.com/kernel/common/ </a></p>
+
+<p><a href="https://android.googlesource.com/platform/system/sepolicy/">https://android.googlesource.com/platform/system/sepolicy/</a></p>
+
+<p>这些文件在编译后会包含 SELinux 内核安全政策,并涵盖上游 Android 操作系统。您应该不需要直接修改 system/sepolicy 中的文件,而只需添加您自己的设备专用政策文件(位于 /device/manufacturer/device-name/sepolicy 目录中)即可。</p>
+
+<p>要实现 SELinux,您必须创建或修改以下文件:</p>
+
+<ul>
+ <li><em></em>新的 SELinux 政策源代码 (*.te) 文件 - 位于 <root>/device/manufacturer/device-name/sepolicy 目录中。这些文件用于定义域及其标签。在编译到单个 SELinux 内核政策文件时,新的政策文件会与现有的政策文件组合在一起。
+<p class="caution"><strong>重要提示</strong>:请勿更改 Android 开放源代码项目提供的 app.te 文件,否则可能会破坏所有第三方应用。</p>
+ </root></li><li><em></em>更新后的 BoardConfig.mk Makefile - 位于<device-name>包含 sepolicy 子目录的目录中。如果初始实现中没有 sepolicy 子目录,那么在该子目录创建之后,必须更新 BoardConfig.mk makefile,以引用该子目录。
+ </device-name></li><li><em></em>file_contexts - 位于 sepolicy 子目录中。该文件用于为文件分配标签,并且可供多种用户空间组件使用。在创建新政策时,请创建或更新该文件,以便为文件分配新标签。要应用新的 file_contexts,您必须重新构建文件系统映像,或对要重新添加标签的文件运行 <code>restorecon</code>。在升级时,对 file_contexts 所做的更改会在升级过程中自动应用于系统和用户数据分区。此外,还可以通过以下方式使这些更改在升级过程中自动应用于其他分区:在以允许读写的方式装载相应分区后,将 restorecon_recursive 调用添加到 init.<em>board</em>.rc 文件中。
+ </li><li><em></em>genfs_contexts - 位于 sepolicy 子目录中。该文件用于为不支持扩展属性的文件系统(例如,proc 或 vfat)分配标签。此配置会作为内核政策的一部分进行加载,但更改可能对核心内 inode 无效。要全面应用更改,需要重新启动设备,或卸载后重新装载文件系统。此外,通过使用 context=mount 选项,还可以为装载的特定系统文件(例如 vfat)分配特定标签。
+ </li><li><em></em>property_contexts - 位于 sepolicy 子目录中。该文件用于为 Android 系统属性分配标签,以便控制哪些进程可以设置这些属性。在启动期间以及 selinux.reload_policy 属性每次被设为 1 时,init 进程都会读取此配置。
+ </li><li><em></em>service_contexts - 位于 sepolicy 子目录中。该文件用于为 Android Binder 服务分配标签,以便控制哪些进行可以为相应服务添加(注册)和查找(查询)Binder 引用。在启动期间以及 selinux.reload_policy 属性每次被设为 1 时,servicemanager 进程都会读取此配置。
+ </li><li><em></em>seapp_contexts - 位于 sepolicy 子目录中。该文件用于为应用进程和 /data/data 目录分配标签。在每次应用启动时,Zygote 进程都会读取此配置;在启动期间以及 selinux.reload_policy 属性每次被设为 1 时,installd 都会读取此配置。
+ </li><li><em></em>mac_permissions.xml - 位于 sepolicy 子目录中。该文件用于根据应用签名和应用软件包名称(后者可选)为应用分配 seinfo 标记。然后,分配的 seinfo 标记可在 seapp_contexts 文件中用作密钥,以便为带有该 seinfo 标记的所有应用分配特定标签。在启动期间,system_server 会读取此配置。
+</li></ul>
+
+<p>接下来,只需在 sepolicy 子目录和各个政策文件创建之后,更新 BoardConfig.mk Makefile(位于包含 sepolicy 子目录的目录中)以引用该子目录和这些政策文件即可,如下所示。BOARD_SEPOLICY 变量及其含义记录在 system/sepolicy/README 文件中。</p>
+
+<pre>
+BOARD_SEPOLICY_DIRS += \
+ <root>/device/manufacturer/device-name/sepolicy
+
+BOARD_SEPOLICY_UNION += \
+ genfs_contexts \
+ file_contexts \
+ sepolicy.te
+</pre>
+
+<p class="note"><strong>注意</strong>:从 M 版开始已不再需要 BOARD_SEPOLICY_UNION,因为 BOARD_SEPOLICY_DIRS 变量中包含的任何目录内的所有政策文件都会与基本政策自动合并。</p>
+
+<p>设备在重新编译后会启用 SELinux。现在,您可以根据自己向 Android 操作系统添加的内容自定义自己的 SELinux 政策(如<a href="customize.html">自定义</a>中所述),也可以验证您的现有设置(如<a href="validate.html">验证</a>中所述)。</p>
+
+<p>在新政策文件和 BoardConfig.mk 更新部署到位后,新政策设置会立即自动内置到最终的内核政策文件中。</p>
+
+<h2 id="use_cases">用例</h2>
+
+<p>下面列举了一些在开发软件以及制定关联的 SELinux 政策时需要注意的具体漏洞:</p>
+
+<p><strong>符号链接</strong> - 由于符号链接以文件形式显示,因此通常也是作为文件被读取。这可能会导致漏洞。例如,某些特权组件(例如 init)会更改某些文件的权限,有时会使之极度开放。</p>
+
+<p>这样一来,攻击者便可以将这些文件替换成指向其控制的代码的符号链接,从而重写任意文件。但如果您知道自己的应用绝不会遍历符号链接,则可以通过 SELinux 来禁止您的应用遍历符号链接。</p>
+
+<p><strong>系统文件</strong> - 以应该只有系统服务器可以修改的一系列系统文件为例。由于 netd、init 和 vold 是以 Root 身份运行的,因此它们也可以访问这些系统文件。这样一来,如果 netd 遭到入侵,它将可以入侵这些文件,并可能会入侵系统服务器本身。</p>
+
+<p>借助 SELinux,您可以将这些文件标识为系统服务器数据文件。这样一来,系统服务器就是唯一对这些文件具有读写权限的域。即使 netd 遭到入侵,它也无法将域切换到系统服务器域并访问这些系统文件,就算它是以 Root 身份运行的也是如此。</p>
+
+<p><strong>应用数据</strong> - 另一个示例是必须以 Root 身份运行但不应获得应用数据访问权限的一系列函数。这非常有用,因为可以做出广泛的声明,例如禁止与应用数据无关的特定域访问互联网。</p>
+
+<p><strong>setattr</strong> - 对于 chmod、chown 等命令,您可以标识关联域可以在哪些文件中进行 setattr 操作。这样一来,便可以禁止对这些文件之外的任何文件进行此类更改,即使以 Root 身份进行也不例外。因此,应用可以对带 app_data_files 标签的文件运行 chmod 和 chown 命令,但不能对带 shell_data_files 或 system_data_files 标签的文件运行这些命令。</p>
+
+<h2 id="steps_in_detail">详细步骤</h2>
+
+<p>下面详细介绍了 Android 建议您如何采用并自定义 SELinux 来保护设备:</p>
+
+<ol>
+ <li>在内核中启用 SELinux:
+<code>CONFIG_SECURITY_SELINUX=y</code>
+ </li><li>更改 kernel_cmdline 参数,以便:<br />
+<code>BOARD_KERNEL_CMDLINE := androidboot.selinux=permissive</code>。
+<br />
+这仅适用于初始制定设备政策的情况。在拥有初始引导程序政策后,请移除此参数,以便将设备恢复强制模式,否则设备将无法通过 CTS 验证。</li><li>以宽容模式启动系统,看看在启动时会遇到哪些拒绝事件:<br />
+在 Ubuntu 14.04 或更高版本中:<br />
+<code>adb shell su -c dmesg | grep denied | audit2allow -p out/target/product/<em>board</em>/root/sepolicy</code>
+<br />
+在 Ubuntu 12.04 中:
+<code>adb shell su -c dmesg | grep denied | audit2allow</code>
+ </li><li>评估输出。如需查看相关说明和工具,请参阅<a href="validate.html">验证</a>。
+ </li><li>标识设备以及需要添加标签的其他新文件。
+ </li><li>为您的对象使用现有标签或新标签。查看 *_contexts 文件,了解之前是如何为内容添加标签的,然后根据对标签含义的了解分配一个新标签。这最好是一个能够融入到政策中的现有标签,但有时需要使用新标签,并且还需要关于访问该标签的规则。
+ </li><li>标识应该拥有自己的安全域的域/进程。可能需要为其中每个域/进程从头开始编写政策。例如,从 <code>init</code> 衍生的所有服务都应该有自己的安全域。可以通过以下命令查看保持运行的服务(不过所有服务都需要如此处理):<br />
+<code>$ adb shell su -c ps -Z | grep init</code><br />
+<code>$ adb shell su -c dmesg | grep 'avc: '</code>
+ </li><li>查看 init.<device>.rc,以找出所有没有类型的服务。应提早为此类服务提供域,以避免向 init 添加规则或将 <code>init</code> 访问权限与其自身政策中的访问权限混淆。
+ </li><li>将 <code>BOARD_CONFIG.mk</code> 设为使用 <code>BOARD_SEPOLICY_*</code> 变量。如需关于如何进行此项设置的详细信息,请参阅 system/sepolicy 中的 README。
+ </li><li>检查 init.<device>.rc 和 fstab.<device> 文件,确保每一次使用“mount”都对应一个添加了适当标签的文件系统,或者指定了 context= mount 选项。
+ </li><li>查看每个拒绝事件,并创建 SELinux 政策来妥善处理每个拒绝事件。请参阅<a href="customize.html">自定义</a>中的示例。
+</li></ol>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/selinux/index.html b/zh-cn/security/selinux/index.html
new file mode 100644
index 0000000..b163e3d
--- /dev/null
+++ b/zh-cn/security/selinux/index.html
@@ -0,0 +1,67 @@
+<html devsite><head>
+ <title>Android 中的安全增强型 Linux</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<h2 id="introduction">简介</h2>
+
+<p>Android 安全模型部分基于应用沙盒的概念。每个应用都在自己的沙盒内运行。在 Android 4.3 之前的版本中,这些沙盒是通过为每个应用创建独一无二的 Linux UID(在应用安装时创建)来定义的。从 Android 4.3 版起,安全增强型 Linux (SELinux) 开始用于进一步定义 Android 应用沙盒的边界。</p>
+
+<p>作为 Android <a href="/security/index.html">安全模型</a>的一部分,Android 使用 SELinux 对所有进程强制执行强制访问控制 (MAC),其中包括以 Root/超级用户权限运行的进程(也称为 Linux 功能)。SELinux 能够限制特权进程并能够自动创建安全政策,从而可提升 Android 的安全性。</p>
+
+<p>很多公司和组织都为此做出了卓越的贡献;<a href="https://android.googlesource.com/">android.googlesource.com</a> 上公开了所有 Android 代码和贡献者,以供所有人查看。借助 SELinux,Android 可以更好地保护和限制系统服务、控制对应用数据和系统日志的访问、降低恶意软件的影响,并保护用户免遭移动设备上的代码可能存在的缺陷的影响。</p>
+
+<p>Android 中包含 SELinux(处于强制模式)和默认适用于整个 <a href="https://android.googlesource.com/">Android 开放源代码项目</a>的相应安全政策。在强制模式下,非法操作会被阻止,并且所有尝试进行的违规行为都会被内核记录到 <code>dmesg</code> 和 <code>logcat</code> 中。Android 设备制造商应收集与错误相关的信息,以便在实施其软件和 SELinux 政策之前先对其进行优化。</p>
+
+<h2 id="background">背景</h2>
+
+<p>SELinux 采用默认拒绝的方式运行。任何未经明确允许的行为都会被拒绝。SELinux 可以采用以下任一种全局模式运行:宽容模式和强制模式。在宽容模式下,权限拒绝事件会被记录下来,但不会被强制执行;在强制模式下,拒绝事件会被记录下来,并且会被强制执行。此外,SELinux 还支持特定域宽容模式。在这种模式下,可将特定域(进程)设为宽容域,同时使系统的其余部分处于全局强制模式。域简单来说就是安全政策中用于标识一个进程或一组进程的标签,安全政策会以相同的方式对待使用相同域作为标签的所有进程。借助特定域宽容模式,可逐渐将 SELinux 应用于系统中越来越多的部分。此外,借助特定域宽容模式,还可以为新服务制定政策,同时确保系统的其余部分处于强制模式。</p>
+
+<p>在 Android 5.0 (L) 版本中,Android 开始全面强制执行 SELinux。这基于 4.3 版中的宽容模式和 4.4 中的部分强制模式。简而言之,Android 正在从对有限的一组关键域(<code>installd</code>、<code>netd</code>、<code>vold</code> 和 <code>zygote</code>)强制执行 SELinux 转为对所有域(超过 60 个域)强制执行 SELinux。这意味着,制造商必须要更好地了解并扩展其 SELinux 实现,以便提供兼容的设备。请注意:</p>
+
+<ul>
+<li>在 5.0 版中,所有域均处于强制模式</li>
+<li><code>init</code> 以外的任何进程都不应在 <code>init</code> 域中运行</li>
+<li>如果出现任何常规拒绝事件(对于 block_device、socket_device、default_service 等),都表示设备需要一个特殊域</li>
+</ul>
+
+<h2 id="supporting_documentation">支持文档</h2>
+
+<p>如需关于如何构建实用政策的详细信息,请参阅以下文档:</p>
+
+<p><a href="http://seandroid.bitbucket.org/PapersandPresentations.html">http://seandroid.bitbucket.org/PapersandPresentations.html</a></p>
+
+<p><a href="https://www.codeproject.com/Articles/806904/Android-Security-Customization-with-SEAndroid">https://www.codeproject.com/Articles/806904/Android-Security-Customization-with-SEAndroid</a></p>
+
+<p><a href="https://events.linuxfoundation.org/sites/events/files/slides/abs2014_seforandroid_smalley.pdf">https://events.linuxfoundation.org/sites/events/files/slides/abs2014_seforandroid_smalley.pdf</a></p>
+
+<p><a href="https://www.internetsociety.org/sites/default/files/02_4.pdf">https://www.internetsociety.org/sites/default/files/02_4.pdf</a></p>
+
+<p><a href="http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf">http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf</a></p>
+
+<p><a href="http://selinuxproject.org/page/ObjectClassesPerms">http://selinuxproject.org/page/ObjectClassesPerms</a></p>
+
+<p><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/implementing-selinux-as-linux-security-module-report.pdf">https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/implementing-selinux-as-linux-security-module-report.pdf</a></p>
+
+<p><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/configuring-selinux-policy-report.pdf">https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/configuring-selinux-policy-report.pdf</a></p>
+
+<p><a href="https://www.gnu.org/software/m4/manual/index.html">https://www.gnu.org/software/m4/manual/index.html</a></p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/selinux/validate.html b/zh-cn/security/selinux/validate.html
new file mode 100644
index 0000000..e8de1c7
--- /dev/null
+++ b/zh-cn/security/selinux/validate.html
@@ -0,0 +1,107 @@
+<html devsite><head>
+ <title>验证 SELinux</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 强烈建议原始设备制造商 (OEM) 全面测试其 SELinux 实现。制造商在实现 SELinux 时,应先为设备上需要测试的所有内容应用新政策。</p>
+
+<p>应用新政策后,可以通过执行 getenforce 命令来确认 SELinux 在设备上的运行模式是否正确</p>
+
+<p>该命令将会显示全局 SELinux 模式:强制或宽容。请注意,该命令只会显示全局 SELinux 模式。要确定每个域的 SELinux 模式,您必须查看相应的文件,或运行带有适当 (-p) 标记的最新版 <code>sepolicy-analyze</code>(位于 /platform/system/sepolicy/tools/ 中)。</p>
+
+<h2 id="reading_denials">读取拒绝事件</h2>
+
+<p>接下来是检查是否存在错误。错误会以事件日志的形式路由到 dmesg 和 <code>logcat</code>,并可在设备上从本地查看。制造商应先检查这些设备上路由到 dmesg 的 SELinux 输出并优化设置,然后再在宽容模式下公开发布,最后切换到强制模式。SELinux 日志消息中包含“avc:”,因此可以通过 <code>grep</code> 轻松找到。可以通过运行 <code>cat /proc/kmsg</code> 来获取当前的拒绝事件日志,也可以通过运行 cat <code>/proc/last_kmsg</code> 来获取上次启动时的拒绝事件日志。</p>
+
+<p>借助这种输出,制造商可以轻松发现系统用户或组件违反 SELinux 政策的行为。然后,制造商便可以通过对相应软件和/或 SELinux 政策进行更改来防范这种恶意行为。</p>
+
+<p>具体来说就是,这些日志消息会指明在强制模式下哪些进行会失败以及失败原因。示例如下:</p>
+
+<pre>
+avc: denied { connectto } for pid=2671 comm="ping" path="/dev/socket/dnsproxyd"
+scontext=u:r:shell:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket
+</pre>
+
+<p>该输出的解读如下:</p>
+
+<ul>
+ <li>上方的 <code>{ connectto }</code> 表示正在执行的操作。通过它和末尾的 <code>tclass</code> (<code>unix_stream_socket</code>),您可以大致了解正在对什么对象执行什么操作,在该示例中是某个操作方正在试图连接到 UNIX 信息流套接字。
+ </li><li><code>scontext (u:r:shell:s0)</code> 旨在告诉您发起相应操作的环境,在该示例中是某个作为 shell 运行的操作方。
+ </li><li><code>tcontext (u:r:netd:s0)</code> 旨在告诉您操作目标的环境,在该示例中是某个归 <code>netd</code> 所有的 unix_stream_socket。
+ </li><li>顶部的 <code>comm="ping"</code> 旨在为您提供更多提示,让您了解拒绝事件发生时正在运行的操作。在该示例中,这是一个非常实用的提示。
+</li></ul>
+
+<p>下面是另一个示例:</p>
+
+<pre>
+$ adb shell su root dmesg | grep 'avc: '
+<5> type=1400 audit: avc: denied { read write } for pid=177
+comm="rmt_storage" name="mem" dev="tmpfs" ino=6004 scontext=u:r:rmt:s0
+tcontext=u:object_r:kmem_device:s0 tclass=chr_file
+</pre>
+
+<p>以下是此拒绝事件的关键元素:</p>
+
+<ul>
+ <li>操作 - 试图进行的操作使用括号突出显示:<code>read write</code> 或 <code>setenforce</code>。<em></em>
+ </li><li>操作方 - <code>scontext</code>(来源环境)条目表示操作方,在该示例中是<code> rmt_storage</code> 守护进程。<em></em>
+ </li><li>对象 - <code>tcontext</code>(目标环境)条目表示正在对哪个对象执行操作,在该示例中是 kmem。<em></em>
+ </li><li>结果 - <code>tclass</code>(目标类别)条目表示操作对象的类型,在该示例中是 <code>chr_file</code>(字符设备)。<em></em>
+</li></ul>
+
+<h2 id="switching_to_permissive">切换到宽容模式</h2>
+
+<p class="caution"><strong>重要提示</strong>:生产设备不支持宽容模式。CTS 测试可确认是否已启用强制模式。</p>
+
+<p>要通过 ADB 将设备的 SELinux 执行模式切换到全局宽容模式,请以根用户的身份执行以下命令:</p>
+
+<pre>
+$ adb shell su root setenforce 0
+</pre>
+
+<p>或在内核命令行中输入以下命令(在设备启动初期):</p>
+
+<pre>
+androidboot.selinux=permissive
+androidboot.selinux=enforcing
+</pre>
+
+<h2 id="using_audit2allow">使用 audit2allow</h2>
+
+<p><code>selinux/policycoreutils/audit2allow</code> 工具可以获取 <code>dmesg</code> 拒绝事件并将其转换成相应的 SELinux 政策声明。因此,该工具有助于大幅加快 SELinux 开发速度。<code>audit2allow</code> 会作为 Android 源代码树的一部分被移植到设备上,并会在您基于源代码编译 Android 时自动进行编译。</p>
+
+<p>要使用该工具,请运行以下命令:</p>
+
+<pre>
+$ adb shell su root dmesg | audit2allow -p $OUT/root/sepolicy
+</pre>
+
+<p>不过,在检查各种潜在增加项是否存在越界权限时务必要谨慎。例如,为 audit2allow 馈送之前显示的 <code>rmt_storage</code> 拒绝事件会导致以下建议的 SELinux 政策声明:</p>
+
+<pre>
+#============= shell ==============
+allow shell kernel:security setenforce;
+#============= rmt ==============
+allow rmt kmem_device:chr_file { read write };
+</pre>
+
+<p>这会授予 <code>rmt</code> 向内核内存写入内容的权限,从而形成明显的安全漏洞。通常情况下,<code>audit2allow</code> 声明只是一个起点,在这之后,可能还需要更改来源域以及目标的标签,并纳入适当的宏,才能获得好的政策。有时,要解决正在检查的拒绝事件,不应对政策进行任何更改,而是应更改违规的应用。</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/trusty/index.html b/zh-cn/security/trusty/index.html
new file mode 100644
index 0000000..71a2436
--- /dev/null
+++ b/zh-cn/security/trusty/index.html
@@ -0,0 +1,95 @@
+<html devsite><head>
+ <title>Trusty TEE</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Trusty 是一组在移动设备上支持可信执行环境 (TEE) 的软件组件。</p>
+
+<p>Trusty 包含以下组件:</p>
+
+<ul>
+ <li>一个在用于提供 TEE 的处理器上运行的操作系统(Trusty 操作系统)</li><li>适用于 Android 内核 (Linux) 的驱动程序,旨在促进与在 Trusty 操作系统下运行的应用之间的通信</li><li>一组适用于 Android 系统软件的库,旨在使用内核驱动程序促进与在 Trusty 操作系统中执行的可信应用之间的通信</li></ul>
+
+<p><strong>重要提示</strong>:Trusty 和 Trusty API 随时可能发生变化。</p>
+
+<p>如需关于 Trusty API 的信息,请参阅 <a href="trusty-ref.html">API 参考</a>。</p>
+
+<h2 id="uses_examples">使用和示例</h2>
+
+<p>所有 TEE 操作系统(不仅仅是 Trusty)均可用于 TEE 实现。</p>
+
+<p>TEE 处理器通常是系统内的单独微处理器,或是主处理器的虚拟化实例。TEE 处理器与系统的其余部分之间使用由硬件支持的内存和 I/O 保护机制隔离开来。</p>
+
+<p>TEE 处理器如今已成为移动设备的基本组成部分。这些设备上的主处理器会被视为“不可信”,它们无法访问制造商用于存储机密数据(例如,设备专用加密密钥)的特定 RAM、硬件寄存器和 Fuse 区域。在主处理器上运行的软件会将所有需要使用机密数据的操作委派给 TEE 处理器。</p>
+
+<p>在 Android 生态系统中,最广为人知的不可信主处理器示例是用于受保护内容的 <a href="/devices/drm.html">DRM 框架</a>。在 TEE 处理器上运行的软件可以访问解密受保护内容所需的设备专用密钥。主处理器只能看到已加密的内容,这样一来,就可以针对基于软件的攻击提供高级别的安全保障和保护。</p>
+
+<p>TEE 还有许多其他用法,例如移动支付、安全银行、全盘加密、多因素身份验证、设备重置保护、抗重放攻击的持久存储、无线显示(“投射”)受保护的内容、安全的 PIN 码和指纹处理,甚至还有恶意软件检测。</p>
+
+<p>Trusty 提供用于开发以下两类应用的 API:</p>
+
+<ul>
+ <li>在 TEE 处理器上运行的可信应用或服务</li><li>在主处理器上运行并使用可信应用提供的服务的普通/不可信应用</li></ul>
+
+<p>在主处理器上运行的软件可以使用 Trusty API 连接到可信应用并与它们交换任意消息,就像通过 IP 提供的网络服务一样。应用负责使用应用级协议确定这些消息的数据格式和语义。消息传递的可靠性由底层 Trusty 基础架构(采用在主处理器上运行的驱动程序的形式)来保证,并且通信完全是异步进行的。</p>
+
+<h2 id="trusted_applications_and_services">可信应用和服务</h2>
+
+<p>可信应用会以单独进程的形式在 Trusty 操作系统内核下运行。每个进程都会利用 TEE 处理器的 MMU 功能在各自的虚拟内存沙盒中运行。内核会使用由安全计时器驱动且按优先级进行调度的轮询调度程序安排这些进程。在最新版本的 Trusty 中,所有 Trusty 应用均具有相同的优先级。</p>
+
+<p>可以使用 C/C++(对 C++ 的支持有限)编写适用于 Trusty 操作系统的应用,此类应用可以访问小型的 C 库。<code>main()</code> 函数目前不接受任何参数。系统调用存根是作为该库的一部分在本机汇编代码中提供的,因此可按名称访问系统调用。</p>
+
+<h3 id="language_threading">语言和线程支持</h3>
+
+<p>所有 Trusty 应用均为单线程应用;目前不支持在 Trusty 用户空间中使用多线程。</p>
+
+<h3 id="application_structure">应用结构</h3>
+
+<p>Trusty 应用会在加载期间初始化一次,并且在 TEE 处理器重置之前,会一直保留在内存中。Trusty 目前不支持动态加载和取消加载应用。</p>
+
+<p>可信应用是作为<strong>事件驱动型服务器</strong>编写的,会等待其他应用或主处理器上运行的应用发出的命令。此外,可信应用也可以作为其他可信服务器应用的客户端。以下 API 部分中介绍的事件将由 Trusty 内核传送到可信应用。</p>
+
+<h2 id="third-party_trusty_applications">第三方 Trusty 应用</h2>
+
+<p>目前,所有 Trusty 应用都是由一个开发方开发的,并封装了 Trusty 内核映像。整个映像会由引导加载程序在启动过程中进行签名并验证。该版本的 Trusty 中不支持第三方应用开发。</p>
+
+<p>尽管 Trusty 操作系统支持开发新应用,但在开发新应用时务必要万分谨慎;每个新应用都会使系统可信计算基 (TCB) 的范围增大。可信应用可以访问设备机密数据,并且可以利用这些数据进行计算或数据转换。</p>
+
+<p>能够开发在 TEE 中运行的新应用为进行创新提供了多种可能性。不过,根据 TEE 的定义,如果这些应用没有附带某种形式的证明其<strong>可信</strong>的凭据,则无法分发。这种凭据通常采用数字签名的形式,即由应用运行时所在产品的用户信任的实体提供的数字签名。</p>
+
+<h2 id="downloading_building">下载和编译 Trusty</h2>
+
+<p>您可以通过以下网址找到 Android 开放源代码项目 (AOSP) 中的 Trusty 实现:<br />
+<a href="https://android-review.googlesource.com/#/admin/projects/?filter=trusty">https://android-review.googlesource.com/#/admin/projects/?filter=trusty</a></p>
+
+<p>要查看 AOSP 上的 Trusty 内核分支,请访问:<br />
+<a href="https://android.googlesource.com/kernel/common/+/android-trusty-3.10">https://android.googlesource.com/kernel/common/+/android-trusty-3.10</a><br />
+<a href="https://android.googlesource.com/kernel/common/+/android-trusty-3.18">https://android.googlesource.com/kernel/common/+/android-trusty-3.18</a></p>
+
+<p>要实现 Trusty,请运行以下命令(假设 Android 工具链已位于路径中):</p>
+<pre>
+$ repo init -u https://android.googlesource.com/trusty/manifest
+$ repo sync
+$ make -j24 generic-arm64
+</pre>
+
+<p>您可以从 <code>device/*/*/project/*</code> 中选择其他受支持的编译目标</p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/verifiedboot/dm-verity.html b/zh-cn/security/verifiedboot/dm-verity.html
new file mode 100644
index 0000000..d28f9ae
--- /dev/null
+++ b/zh-cn/security/verifiedboot/dm-verity.html
@@ -0,0 +1,186 @@
+<html devsite><head>
+ <title>实现 dm-verity</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<h2 id="operation">操作</h2>
+
+<p>dm-verity 保护机制位于内核中。因此,如果获取 Root 权限的软件在内核启动之前入侵系统,它将会一直拥有该权限。为了降低这种风险,大多数制造商都会使用烧录到设备的密钥来验证内核。该密钥在设备出厂后将无法被更改。</p>
+
+<p>制造商会使用该密钥来验证第一级引导加载程序中的签名,而该引导加载程序会依次验证后续级别引导加载程序、应用引导加载程序和内核中的签名。希望利用<a href="verified-boot.html">验证启动</a>功能的每个制造商都应该有验证内核完整性的方法。内核经过验证后,可以在块设备装载时对其进行检查和验证。</p>
+
+<p>验证块设备的一种方法是直接对其内容进行哈希处理,然后将其与存储的值进行比较。不过,尝试验证整个块设备可能会需要较长的时间,并且会消耗设备的大量电量。设备将需要很长时间来启动,从而在可供使用之前便消耗了大量电量。</p>
+
+<p>而 dm-verity 只有在各个块被访问时才会对其进行单独验证。将块读入内存时,会以并行方式对其进行哈希处理。然后,会从第一级开始逐级验证整个哈希树的哈希。由于读取块是一项耗时又耗电的操作,因此这种块级验证带来的延时相对而言就有些微不足道了。</p>
+
+<p>如果验证失败,设备会生成 I/O 错误,指明无法读取相应块。设备看起来与文件系统损坏时一样,也与预期相同。</p>
+
+<p>应用可以选择在没有结果数据的情况下继续运行,例如,当这些结果并不是应用执行主要功能所必需的数据时。不过,如果应用在没有这些数据的情况下无法继续运行,则会失败。</p>
+
+<h2 id="implementation">实现</h2>
+
+<h3 id="summary">摘要</h3>
+
+<ol>
+<li>生成 EXT4 系统映像。</li>
+<li>为该映像<a href="#hash-tree">生成哈希树</a>。</li>
+<li>为该哈希树<a href="#mapping-table">构建 dm-verity 表</a>。</li>
+<li><a href="#signing">为该 dm-verity 表签名</a>以生成表签名。</li>
+<li>将表签名和 dm-verity 表<a href="#metadata">绑定</a>到 Verity 元数据。</li>
+<li>将系统映像、Verity 元数据和哈希树组合起来。</li>
+</ol>
+
+<p>如需关于哈希树和 dm-verity 表的详细说明,请参阅 <a href="http://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot">Chromium 项目 - 验证启动</a>。</p>
+
+<h3 id="hash-tree">生成哈希树</h3>
+
+<p>如<a href="#introduction">简介</a>中所述,哈希树是 dm-verity 不可或缺的一部分。<a href="https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity">cryptsetup</a> 工具将为您生成哈希树。或者,也可以使用下面定义的兼容方式:</p>
+
+<pre>
+<your block device name> <your block device name> <block size> <block size> <image size in blocks> <image size in blocks + 8> <root hash> <salt>
+</pre>
+
+<p>为了形成哈希,该工具会将系统映像在第 0 层拆分成 4k 大小的块,并为每个块分配一个 SHA256 哈希。然后,通过仅将这些 SHA256 哈希组合成 4k 大小的块来形成第 1 层,从而产生一个小得多的映像。接下来再使用第 1 层的 SHA256 哈希以相同的方式形成第 2 层。</p>
+
+<p>直到前一层的 SHA256 哈希可以放到一个块中,该过程就完成了。获得该块的 SHA256 哈希后,就相当于获得了树的根哈希。</p>
+
+<p>哈希树的大小(以及相应的磁盘空间使用量)会因已验证分区的大小而异。在实际中,哈希树一般都比较小,通常不到 30 MB。</p>
+
+<p>如果某个层中的某个块无法由前一层的哈希正好填满,您应在其中填充 0 来获得所需的 4k 大小。这样一来,您就知道哈希树没有被移除,而是填入了空白数据。</p>
+
+<p>为了生成哈希树,需要将第 2 层哈希组合到第 1 层哈希的上方,将第 3 层哈希组合到第 2 层哈希的上方,依次类推。然后将所有这些数据写入到磁盘中。请注意,这种方式不会引用根哈希的第 0 层。</p>
+
+<p>总而言之,构建哈希树的一般算法如下:</p>
+
+<ol>
+<li>选择一个随机盐(十六进制编码)。</li>
+<li>将系统映像拆分成 4k 大小的块。</li>
+<li>获取每个块的加盐 SHA256 哈希。</li>
+<li>组合这些哈希以形成层。</li>
+<li>在层中填充 0,直至达到 4k 块的边界。</li>
+<li>将层组合到哈希树中。</li>
+<li>重复第 2-6 步(使用前一层作为下一层的来源),直到最后只有一个哈希。</li>
+</ol>
+
+<p>该过程的结果是一个哈希,也就是根哈希。在构建 dm-verity 映射表时会用到该哈希和您选择的盐。</p>
+
+<h3 id="mapping-table">构建 dm-verity 映射表</h3>
+
+<p>构建 dm-verity 映射表,该映射表会标明内核的块设备(或目标)以及哈希树的位置(是同一个值)。在生成 <code>fstab</code> 和设备启动时会用到此映射。该映射表还会标明块的大小和 hash_start,或者哈希大小的块的偏移量(第 0 层的长度)。</p>
+
+<p>如需关于 Verity 目标映射表字段的详细说明,请参阅 <a href="https://code.google.com/p/cryptsetup/wiki/DMVerity">cryptsetup</a>。</p>
+
+<h3 id="signing">为 dm-verity 表签名</h3>
+
+<p>为 dm-verity 表签名以生成表签名。在验证分区时,会首先验证表签名。该验证是对照位于启动映像上某个固定位置的密钥来完成的。密钥通常包含在制造商的编译系统中,以便自动添加到设备上的固定位置。</p>
+
+<p>要使用这种签名和密钥的组合来验证分区,请执行以下操作:</p>
+
+<ol>
+<li>将一个格式与 libmincrypt 兼容的 RSA-2048 密钥添加到 /boot 分区的 /verity_key 中。确定用于验证哈希树的密钥所在的位置。</li>
+<li>在相关条目的 fstab 中,将“verify”添加到 fs_mgr 标记。</li>
+</ol>
+
+<h3 id="metadata">将表签名绑定到元数据</h3>
+
+<p>将表签名和 dm-verity 表绑定到 Verity 元数据。为整个元数据块添加版本号,以便它可以进行扩展,例如添加第二种签名或更改某些顺序。</p>
+
+<p>一个魔数(作为一个健全性检查项目)会与每组表元数据相关联,以协助标识表。由于长度包含在 EXT4 系统映像标头中,因此这为您提供了一种在不知道数据本身内容的情况下搜索元数据的方式。</p>
+
+<p>这可确保您未选择验证未验证的分区。如果是这样,缺少此魔数将会导致验证流程中断。该数字类似于:<br />0xb001b001</p>
+
+<p>十六进制的字节值为:</p>
+
+<ul>
+<li>第一字节 = b0</li>
+<li>第二字节 = 01</li>
+<li>第三字节 = b0</li>
+<li>第四字节 = 01</li>
+</ul>
+
+<p>下图展示了 Verity 元数据的细分:</p>
+
+<pre><magic number>|<version>|<signature>|<table length>|<table>|<padding>
+\-------------------------------------------------------------------/
+\----------------------------------------------------------/ |
+ | |
+ | 32K
+ block content
+</pre>
+
+<p>下表介绍了这些元数据字段。</p>
+
+<p class="table-caption" id="table1">
+ <strong>表 1.</strong> Verity 元数据字段</p>
+
+<table>
+<tbody><tr>
+<th>字段</th>
+<th>用途</th>
+<th>大小</th>
+<th>值</th>
+</tr>
+<tr>
+<td>魔数</td>
+<td>供 fs_mgr 用作一个健全性检查项目</td>
+<td>4 个字节</td>
+<td>0xb001b001</td>
+</tr>
+<tr>
+<td>版本</td>
+<td>用于为元数据块添加版本号</td>
+<td>4 个字节</td>
+<td>目前为 0</td>
+</tr>
+<tr>
+<td>签名</td>
+<td>PKCS1.5 填充形式的表签名</td>
+<td>256 个字节</td>
+<td></td>
+</tr>
+<tr>
+<td>表长度</td>
+<td>dm-verity 表的长度(以字节数计)</td>
+<td>4 个字节</td>
+<td></td>
+</tr>
+<tr>
+<td>表</td>
+<td>上文介绍的 dm-verity 表</td>
+<td>字节数与表长度相同</td>
+<td></td>
+</tr>
+<tr>
+<td>填充</td>
+<td>此结构会通过填充 0 达到 32k 长度</td>
+<td></td>
+<td>0</td>
+</tr>
+</tbody></table>
+
+<h3 id="optimize">优化 dm-verity</h3>
+
+<p>为了充分发挥 dm-verity 的最佳性能,您应该:</p>
+ <ul>
+ <li>在内核中开启 NEON SHA-2(如果是 ARMv7)或 SHA-2 扩展程序(如果是 ARMv8)。
+ </li><li>使用不同的预读设置和 prefetch_cluster 设置进行实验,找出适合您设备的最佳配置。
+ </li></ul>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/verifiedboot/index.html b/zh-cn/security/verifiedboot/index.html
new file mode 100644
index 0000000..4b01edf
--- /dev/null
+++ b/zh-cn/security/verifiedboot/index.html
@@ -0,0 +1,59 @@
+<html devsite><head>
+ <title>验证启动</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>Android 4.4 及更高版本支持通过可选的 device-mapper-verity (dm-verity) 内核功能进行的验证启动,以便对块设备进行透明的完整性检查。dm-verity 有助于阻止可以持续保有 Root 权限并入侵设备的持续性 Rootkit。验证启动功能有助于 Android 用户在启动设备时确定设备状态与上次使用时是否相同。</p>
+
+<p>更为狡猾且具有 Root 权限的恶意软件可以躲开检测程序的检测,并以其他方式掩蔽自己。可以获取 Root 权限的软件就能够做到这一点,因为它通常比检测程序的权限更高,从而能够“欺骗”检测程序。</p>
+
+<p>通过 dm-verity 功能,您可以查看块设备(文件系统的底部存储层),并确定它是否与预期配置一致。该功能是利用加密哈希树做到这一点的。对于每个块(通常为 4k),都有一个 SHA256 哈希。</p>
+
+<p>由于哈希值存储在页面树中,因此顶级“根”哈希必须可信,才能验证树的其余部分。能够修改任何块相当于能够破坏加密哈希。下图描绘了此结构。</p>
+
+<img src="../images/dm-verity-hash-table.png" alt="dm-verity-hash-table" id="figure1"/>
+<p class="img-caption">
+ <strong>图 1.</strong> dm-verity 哈希表</p>
+
+<p>启动分区中包含一个公钥,该公钥必须已由原始设备制造商 (OEM) 在外部进行验证。该密钥用于验证相应哈希的签名,并用于确认设备的系统分区是否受到保护且未被更改。</p>
+
+<h2 id="prerequisites">前提条件</h2>
+
+<h3 id="verified-boot">建立验证启动流程</h3>
+<p>为了大幅降低遭到入侵的风险,请使用烧录到设备上的密钥来验证内核。如需详细信息,请参阅<a href="verified-boot.html">验证启动</a>。</p>
+
+<h3 id="block-otas">切换到面向块的 OTA</h3>
+<p>要为设备启用 dm-verity,您必须使用基于块的无线下载 (OTA) 更新来确保所有设备均使用相同的系统分区。如需详细信息,请参阅<a href="/devices/tech/ota/block.html">基于块的 OTA</a>。</p>
+
+<h3 id="config-dm-verity">配置 dm-verity</h3>
+
+<p>在切换到面向块的 OTA 后,纳入最新的 Android 内核或使用现成的上游内核,然后通过添加相关配置选项 <code>CONFIG_DM_VERITY</code> 来启用 dm-verity 支持。</p>
+
+<p>如果使用 Android 内核,dm-verity 会在该内核编译后启用。如需详细信息,请参阅<a href="dm-verity.html">实现 dm-verity</a>。</p>
+
+<h2 id="supporting-docs">支持文档</h2>
+<p><a href="verified-boot.html">验证启动</a><br />
+<a href="/devices/tech/ota/block.html">基于块的 OTA</a><br />
+<a href="dm-verity.html">实现 dm-verity</a><br />
+<a href="https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity">cryptsetup - dm-verity:device-mapper 块完整性检查目标</a><br />
+<a href="http://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot">Chromium 项目 - 验证启动</a><br />
+<a href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=Documentation/device-mapper/verity.txt">Linux 内核文档:verity.txt</a></p>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-cn/security/verifiedboot/verified-boot.html b/zh-cn/security/verifiedboot/verified-boot.html
new file mode 100644
index 0000000..4068f77
--- /dev/null
+++ b/zh-cn/security/verifiedboot/verified-boot.html
@@ -0,0 +1,361 @@
+<html devsite><head>
+ <title>验证启动</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<p>验证启动功能旨在保证设备软件(从硬件信任根直到系统分区)的完整性。在启动过程中,无论是在每个阶段,都会在进入下一个阶段之前先验证下一个阶段的完整性和真实性。</p>
+
+<p>当用户对软件进行了不应进行的更改时,可以使用该功能向他们发出警告,比如当用户获得一台二手设备后告知他们软件经受了不应进行的更改。此外,该功能还可以提供进行远程认证时使用的其他设备完整性信号。该功能再加上加密功能以及可信执行环境 (TEE) 信任根绑定功能,三者共同为用户数据添加了另一道防范恶意系统软件的保护屏障。</p>
+
+<p>如果在任意阶段验证失败,用户都会收到醒目的通知。</p>
+
+<h2 id="glossary">词汇表</h2>
+
+<table>
+ <colgroup><col width="15%" />
+ <col width="85%" />
+ </colgroup><tbody><tr>
+ <th>术语</th>
+ <th>定义</th>
+ </tr>
+ <tr>
+ <td>启动状态</td>
+ <td>设备的启动状态用于说明设备启动后向最终用户提供的保护级别。启动状态为“绿色”、“黄色”、“橙色”和“红色”。</td>
+ </tr>
+ <tr>
+ <td>设备状态</td>
+ <td>设备状态用于指明能够以多大的自由度将软件刷写到设备上。设备状态为“已锁定”和“已解锁”。</td>
+ </tr>
+ <tr>
+ <td>dm-verity</td>
+ <td>Linux 内核驱动程序,用于在分区运行时使用哈希树和已签名的元数据验证分区的完整性。</td>
+ </tr>
+ <tr>
+ <td>原始设备制造商 (OEM) 密钥</td>
+ <td>原始设备制造商 (OEM) 密钥是一个固定不变的防篡改密钥,可供引导加载程序使用(在验证启动映像时必须使用该密钥)。</td>
+ </tr>
+</tbody></table>
+
+<h2 id="overview">概述</h2>
+
+<p>除了设备状态(在设备中已存在,用于控制引导加载程序是否允许刷写新软件)外,验证启动功能还引入了启动状态的概念,以便指明设备完整性状态。</p>
+
+<h3 id="classes">级别</h3>
+
+<p>验证启动有两个实现级别。根据设备在多大程度上实现此规范,这两个级别的定义如下:</p>
+
+<p><strong>A 级</strong>会实现具有完整信任链(直到已验证的分区)的验证启动。也就是说,这种级别的实现支持“已锁定”设备状态,以及“绿色”和“红色”启动状态。</p>
+
+<p><strong>B 级</strong>会实现 A 级实现的内容,并且还支持“已解锁”设备状态和“橙色”启动状态。</p>
+
+<h3 id="verification_keys">验证密钥</h3>
+
+<p>引导加载程序的完整性始终都是使用硬件信任根进行验证。在验证启动分区和恢复分区时,引导加载程序可以使用原始设备制造商 (OEM) 密钥(该密钥是固定不变的)。它始终会先尝试使用原始设备制造商 (OEM) 密钥验证启动分区,并且仅当此项验证失败时,才会尝试使用其他可能的密钥进行验证。</p>
+
+<p>在 B 级实现中,当设备处于“已解锁”状态时,用户可以刷写使用其他密钥签名的软件。如果设备随后进入“已锁定”状态,并且使用原始设备制造商 (OEM) 密钥进行的验证失败了,引导加载程序会尝试使用分区签名中嵌入的证书进行验证。不过,在使用通过原始设备制造商 (OEM) 密钥以外的任何其他凭据签名的分区时,会收到通知或警告,如下文所述。</p>
+
+<h3 id="boot_state">启动状态</h3>
+
+<p>在每次尝试启动时,已验证的设备最终都将启动到以下 4 种状态之一:</p>
+
+<ul>
+ <li>绿色:表示实现了从引导加载程序到已验证分区的完整信任链,其中包括引导加载程序、启动分区和所有已验证的分区。
+
+ </li><li>黄色:表示已使用嵌入的证书验证启动分区,并且签名有效。在允许启动过程继续之前,引导加载程序会显示一条警告以及公钥的指纹。
+
+ </li><li>橙色:表示可以随意修改设备。设备完整性由用户进行带外验证。在允许启动过程继续之前,引导加载程序会向用户显示一条警告。
+
+ </li><li>红色:表示设备验证失败了。引导加载程序会显示一条警告并停止启动过程。
+</li></ul>
+
+<p>此外,还会以完全相同的方式验证恢复分区。</p>
+
+<h3 id="device_state">设备状态</h3>
+
+<p>可能的设备状态以及它们与 4 种验证启动状态的关系如下:</p>
+<ol>
+ <li>已锁定:表示无法刷写设备。在每次尝试启动时,“已锁定”设备都会启动到“绿色”、“黄色”或“红色”状态。
+
+ </li><li>已解锁:表示可以随意刷写设备,不需要进行验证。“已解锁”设备始终会启动到“橙色”启动状态。
+</li></ol>
+
+<img src="../images/verified_boot.png" alt="验证启动流程" id="figure1"/>
+<p class="img-caption"><strong>图 1.</strong> 验证启动流程</p>
+
+<h2 id="detailed_design">详细设计</h2>
+
+<p>要实现完整的信任链,需要启动分区(负责装载更多分区)上的引导加载程序和软件的支持。验证元数据也会附加到系统分区,并附加到应接受完整性验证的所有其他分区。</p>
+
+<h3 id="bootloader_requirements">引导加载程序要求</h3>
+
+<p>引导加载程序是设备状态的监护者,负责初始化 TEE 以及绑定其信任根。</p>
+
+<p>最重要的是,引导加载程序会在将执行工作移交给内核之前先验证启动分区和/或恢复分区的完整性,并会显示<a href="#boot_state">启动状态</a>部分中指定的警告。</p>
+
+<h4 id="changing_device_state">更改设备状态</h4>
+
+<p>要更改设备状态,需要使用 <code>fastboot flashing [unlock |
+lock]</code> 命令。为了保护用户数据,只要设备状态发生变化,<strong>都</strong>会先清除数据分区中的数据,并会在删除数据之前要求用户确认。</p>
+
+<ol>
+ <li>用户购买二手开发设备后,应该将设备状态从“已解锁”改为“已锁定”。锁定设备后,只要没有警告,用户应该就会确信设备处于设备制造商开发的状态。
+
+ </li><li>如果开发者希望停用设备上的验证功能,应该将设备状态从“已锁定”改为“已解锁”。
+</li></ol>
+
+<p>下表列出了用于更改设备状态的 <code>fastboot</code> 命令:</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th><code>fastboot</code> 命令</th>
+ <th>说明</th>
+ </tr>
+ <tr>
+ <td><code>flashing lock</code></td>
+ <td>
+ <ul>
+ <li>先提示用户确认,在用户确认之后清除数据</li><li>清除引导加载程序可读取的防写位,指明设备已解锁</li></ul>
+ </td>
+ </tr>
+ <tr>
+ <td><code>flashing unlock</code></td>
+ <td>
+ <ul>
+ <li>如果用户尚未启用解锁设备设置,则中止解锁</li><li>先提示用户确认,在用户确认之后清除数据</li><li>设置引导加载程序可读取的防写位,指明设备已解锁</li></ul>
+ </td>
+ </tr>
+</tbody></table>
+
+<p>在更改分区内容时,引导加载程序会检查通过上述命令设置的位,如下表所述:</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th><code>fastboot</code> 命令</th>
+ <th>说明</th>
+ </tr>
+ <tr>
+ <td><code>flash <partition></code></td>
+ <td>如果通过 <code>flashing unlock</code> 设置的位已设置,则刷写相应分区。否则,不允许进行刷写操作。
+ </td>
+ </tr>
+</tbody></table>
+
+<p>对于可用于更改分区内容的所有 <code>fastboot</code> 命令,都应执行同样的检查。</p>
+
+<p class="note"><strong>注意</strong>:B 级实现支持更改设备状态。</p>
+
+<h4 id="binding_tee_root_of_trust">绑定 TEE 信任根</h4>
+
+<p>如果 TEE 可用,那么在启动分区/恢复分区验证和 TEE 初始化完成后,引导加载程序会将以下信息传递给 TEE,以便绑定 Keymaster 信任根:</p>
+
+<ol>
+ <li>为启动分区签名时使用的公钥</li><li>当前设备状态(“已锁定”或“已解锁”)</li></ol>
+
+<p>这会更改 TEE 派生的密钥。以磁盘加密为例,当设备状态发生变化时,这可以防止用户数据被解密。</p>
+
+<p class="note"><strong>注意</strong>:这意味着,如果系统软件或设备的状态发生变化,已加密的用户数据将无法再访问,因为 TEE 将尝试使用其他密钥来解密数据。</p>
+
+<h4 id="initializing-attestation">初始化认证</h4>
+<p>与绑定信任根时类似,如果 TEE 可用,引导加载程序会将以下信息传递给 TEE,以便初始化认证:</p>
+<ol>
+<li>当前启动状态(绿色、黄色、橙色)</li><li>操作系统版本</li><li>操作系统安全补丁程序级别</li></ol>
+<h4 id="booting_into_recovery">启动到恢复模式</h4>
+
+<p>应按照与验证启动分区时完全相同的方式验证恢复分区。</p>
+
+<h4 id="comm_boot_state">传达启动状态</h4>
+
+<p>系统软件需要能够确定之前各阶段的验证状态。引导加载程序会以内核命令行参数的形式(或通过 <code>firmware/android/verifiedbootstate</code> 下的设备树)指定当前启动状态,如下表所述:</p>
+
+<table>
+ <tbody><tr>
+ <th>内核命令行参数</th>
+ <th>说明</th>
+ </tr>
+ <tr>
+ <td><code>androidboot.verifiedbootstate=green</code></td>
+ <td>设备已启动到“绿色”启动状态。<br />已使用原始设备制造商 (OEM) 密钥验证启动分区,并且该密钥有效。</td>
+ </tr>
+ <tr>
+ <td><code>androidboot.verifiedbootstate=yellow</code></td>
+ <td>设备已启动到“黄色”启动状态。<br />已使用签名中嵌入的证书验证启动分区,并且该签名有效。</td>
+ </tr>
+ <tr>
+ <td><code>androidboot.verifiedbootstate=orange</code></td>
+ <td>设备已启动到“橙色”启动状态。<br />设备已解锁,并且未执行任何验证。</td>
+ </tr>
+</tbody></table>
+<p class="note"><strong>注意</strong>:处于“红色”启动状态时,设备无法启动到由内核执行相关工作,因此内核命令行中绝不会包含参数 <code>androidboot.verifiedbootstate=red</code>。</p>
+
+<h3 id="boot_partition">启动分区</h3>
+
+<p>当执行工作移交给启动分区后,其中的软件将负责设置其他分区的验证。由于系统分区比较大,因此通常不能采用与前面部分类似的方式对其进行验证,而是应改为在该分区被访问时使用 dm-verity 内核驱动程序或类似解决方案对其进行验证。</p>
+
+<p>如果使用 dm-verity 验证大型分区,需要先验证附加到每个已验证分区的 Verity 元数据的签名,然后再装载相应分区并为其设置 dm-verity。</p>
+
+<h4 id="managing_dm-verity">管理 dm-verity</h4>
+
+<p>在内核中作为设备映射器目标实现后,dm-verity 会在分区之上添加一个层,并根据在设置过程中传递给它的哈希树来验证每个读取块。如果 dm-verity 遇到未能通过验证的块,则会将其设为无法供用户空间访问。</p>
+
+<p>在启动过程中装载分区时,如果已在设备的 fstab 中为某个分区指定了 <code>verify</code> fs_mgr 标记,fs_mgr 会为该分区设置 dm-verity。Verity 元数据签名是根据 <code>/verity_key</code> 中的公钥进行验证的。</p>
+
+<h4 id="recovering_from_dm-verity_errors">从 dm-verity 错误恢复</h4>
+
+<p>由于系统分区比启动分区大得多,因此发生验证错误的可能性也更高。具体来说就是,出现意外磁盘损坏的可能性会更高。出现意外磁盘损坏会导致验证失败,并且如果分区中有关键块无法再访问,这还可能会导致其他功能设备无法使用。可以结合使用前向纠错与 dm-verity 来降低这种风险。建议提供这种备用恢复路径,不过这会导致元数据大小增加。</p>
+
+<p>默认情况下,dm-verity 会被配置为以“重启”模式运行。在该模式下,如果检测到损坏的块,dm-verity 会立即重启设备。这样一来,在设备损坏时就可以安全地向用户发出警告,或者回退到设备特定恢复分区(如果有)。
+</p>
+
+<p>如果设备启动时存在已知损坏,为了让用户仍可以访问自己的数据,dm-verity 会切换到 I/O 错误 (EIO) 模式。在 EIO 模式下,对于访问损坏的块的所有读取操作,dm-verity 都会返回 I/O 错误,但允许设备继续运行。要跟踪当前模式,需要持续存储 dm-verity 状态。可以通过 fs_mgr 或引导加载程序对该状态进行管理:</p>
+
+<ol>
+ <li>要在 fs_mgr 中管理 dm-verity 状态,需要为 <code>verify</code> 标记指定一个附加参数,以便让 fs_mgr 知道 dm-verity 状态要存储在哪里。例如,要将该状态存储在元数据分区中,需要指定 <code>verify=/path/to/metadata</code>。
+ <p class="note"><strong>注意</strong>:在首次检测到损坏之后,fs_mgr 会将 dm-verity 切换到 EIO 模式,并且会在任何已验证分区的元数据签名发生变化后将模式重置为“重启”。</p>
+ </li>
+ <li>要在引导加载程序中管理 dm-verity 状态,需要在 <code>androidboot.veritymode</code> 命令行参数中将当前模式传递到内核,如下所示:<table>
+ <tbody><tr>
+ <th>内核命令行参数</th>
+ <th>说明</th>
+ </tr>
+ <tr>
+ <td><code>androidboot.veritymode=enforcing</code></td>
+ <td>将 dm-verity 设置为默认的“重启”模式。</td>
+ </tr>
+ <tr>
+ <td><code>androidboot.veritymode=eio</code></td>
+ <td>将 dm-verity 设置为 EIO 模式。</td>
+ </tr>
+ </tbody></table>
+
+ <p class="note">
+ <strong>注意</strong>:要在引导加载程序中管理状态,还需要内核在设备因 dm-verity 而重启时正确设置重启原因。检测到损坏后,如果有任何已验证分区发生变化,引导加载程序都应切换回“重启”模式。</p>
+ </li>
+</ol>
+
+<p>如果出于任何原因未以“重启”模式启动 dm-verity,或如果无法验证 Verity 元数据,系统会向用户显示一条警告(如果允许设备启动),与在启动到“红色”启动状态之前显示的警告类似。必须获得用户同意,设备才能继续以 EIO 模式启动。如果在 30 秒内未获得用户同意,设备将会关机。
+</p>
+
+<p class="note">
+<strong>注意</strong>:为了防止未验证的数据泄露到用户空间,dm-verity 绝不会以记录模式启动。
+</p>
+
+<h3 id="verified_partition">已验证的分区</h3>
+
+<p>在已验证的设备中,系统分区一定已通过验证。不过,所有其他只读分区也应设为已验证。在已验证的设备中,所有包含可执行代码的只读分区都已通过验证,比如供应商分区和原始设备制造商 (OEM) 分区(如果存在)。</p>
+
+<p>要验证某个分区,需要为其附加已签名的 Verity 元数据。元数据由分区内容的哈希树以及一个 Verity 表组成(Verity 表中包含已签名的参数和哈希树的根)。如果在为分区设置 dm-verity 时未提供这些信息或提供的信息无效,设备将不会启动。</p>
+
+<h2 id="implementation_details">实现详细信息</h2>
+
+<h3 id="key_types_and_sizes">密钥类型和大小</h3>
+
+<p>AOSP 中使用的原始设备制造商 (OEM) 密钥是模数为 2048 位或更高且公开指数为 65537 (F4) 的 RSA 密钥,符合 CDD 中关于密钥安全系数不能低于此类密钥的要求。</p>
+
+<p>请注意,原始设备制造商 (OEM) 密钥遭到入侵后,通常无法再使用,因此务必要对该密钥采取保护措施,最好是使用硬件安全模块 (HSM) 或类似解决方案。另外,建议为每种类型的设备使用不同的密钥。</p>
+
+<h3 id="signature_format">签名格式</h3>
+
+<p>Android 可验证启动映像上的签名是一条经过 ASN.1 DER 编码的消息,可以使用与 <a href="https://android.googlesource.com/platform/bootable/recovery/+/f4a6ab27b335b69fbc419a9c1ef263004b561265/asn1_decoder.cpp">platform/bootable/recovery/asn1_decoder.cpp</a> 中提供的解码器类似的解码器对该消息进行解析<br />消息格式如下:</p>
+
+<pre>
+AndroidVerifiedBootSignature DEFINITIONS ::=
+ BEGIN
+ FormatVersion ::= INTEGER
+ Certificate ::= Certificate
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL
+ }
+ AuthenticatedAttributes ::= SEQUENCE {
+ target CHARACTER STRING,
+ length INTEGER
+ }
+
+ Signature ::= OCTET STRING
+ END
+</pre>
+
+<p><code>Certificate</code> 字段是一个完整的 X.509 证书(您可以在 <a href="http://tools.ietf.org/html/rfc5280#section-4.1.1.2">RFC5280</a> 第 4.1 部分中找到它的定义),其中包含用于签名的公钥。当设备处于“已锁定”状态时,引导加载程序会先使用原始设备制造商 (OEM) 密钥进行验证;如果改用嵌入的证书进行验证,设备将只能启动到“黄色”或“红色”状态。</p>
+
+<p>除了 <code>AuthenticatedAttributes</code> 字段外,其余结构与 <a href="http://tools.ietf.org/html/rfc5280#section-4.1.1.2">RFC5280</a> 第 4.1.1.2 部分和第 4.1.1.3 部分中定义的结构类似。该字段中包含要验证的映像的长度(整数形式)以及该映像所在的分区(启动分区、恢复分区等)。</p>
+
+<h3 id="signing_and_verifying_an_image">为映像签名和验证映像</h3>
+
+<p><strong>生成已签名的映像:</strong></p>
+<ol>
+ <li>生成未签名的映像。
+ </li><li>为映像填充 0,以便补齐到下一页的大小边界(如果已对齐,则忽略此步骤)。
+ </li><li>根据填充后的映像和所需的目标分区填写上述 <code>AuthenticatedAttributes</code> 部分的字段。
+ </li><li>将上述 <code>AuthenticatedAttributes</code> 结构附加到映像。
+ </li><li>为映像签名。
+</li></ol>
+
+<p><strong>验证映像:</strong></p>
+<ol>
+ <li>确定要加载的映像的大小,包括内边距(例如,通过读取标头来确定)。
+ </li><li>读取位于上述偏移量处的签名。
+ </li><li>验证 <code>AuthenticatedAttributes</code> 字段的内容。如果这些值无效,则视为签名验证错误。
+ </li><li>验证映像和 <code>AuthenticatedAttributes</code> 部分。
+</li></ol>
+
+<h3 id="user_experience">用户体验</h3>
+
+<p>设备处于“绿色”启动状态时,除了正常设备启动所需的用户互动外,用户应该不会看到任何其他用户互动。设备处于“橙色”和“黄色”启动状态时,用户会看到一条至少持续 5 秒的警告。如果用户在这段时间内与设备互动,该警告持续显示的时间至少会延长 30 秒,或者直到用户关闭该警告。设备处于“红色”启动状态时,该警告会显示至少 30 秒,之后设备将会关机。</p>
+
+<p>下表显示了其他状态下的用户互动屏幕示例:</p>
+
+<table>
+ <tbody><tr>
+ <th>设备状态</th>
+ <th>用户体验示例</th>
+ <th> </th>
+ </tr>
+ <tr>
+ <td>黄色</td>
+ <td><img src="../images/boot_yellow1.png" alt="“黄色”设备状态 1" id="figure2"/>
+ <p class="img-caption"><strong>图 2.</strong> 用户互动之前</p>
+ </td>
+ <td><img src="../images/boot_yellow2.png" alt="“黄色”设备状态 2" id="figure3"/>
+ <p class="img-caption"><strong>图 3.</strong> 用户互动之后</p>
+ </td>
+ </tr>
+ <tr>
+ <td>橙色</td>
+ <td><img src="../images/boot_orange.png" alt="“橙色”设备状态" id="figure4"/>
+ <p class="img-caption"><strong>图 4.</strong> 提示设备已解锁且无法验证的警告。</p>
+ </td>
+ <td> </td>
+ </tr>
+ <tr>
+ <td>红色</td>
+ <td><img src="../images/boot_red1.png" alt="“红色”设备状态" id="figure5"/>
+ <p class="img-caption"><strong>图 5.</strong> 提示验证启动失败的警告</p>
+ </td>
+ <td><img src="../images/boot_red2.png" alt="“红色”设备状态" id="figure6"/>
+ <p class="img-caption"><strong>图 6.</strong> 提示启动到 EIO 模式的警告</p>
+ </td>
+ </tr>
+</tbody></table>
+
+</body></html>
\ No newline at end of file
diff --git a/zh-tw/security/bulletin/2017-06-01.html b/zh-tw/security/bulletin/2017-06-01.html
new file mode 100644
index 0000000..53ab1fe
--- /dev/null
+++ b/zh-tw/security/bulletin/2017-06-01.html
@@ -0,0 +1,1268 @@
+<html devsite><head>
+ <title>Android 安全性公告 - 2017 年 6 月</title>
+ <meta name="project_path" value="/_project.yaml"/>
+ <meta name="book_path" value="/_book.yaml"/>
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<p><em>2017 年 6 月 5 日發佈 | 2017 年 6 月 7 日更新</em></p>
+
+<p>Android 安全性公告羅列了會對 Android 裝置造成影響的安全性漏洞,並說明各項相關細節。2017 年 6 月 5 日之後的安全修補等級已解決了這些問題。請參閱 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 與 Nexus 更新時間表</a>,瞭解如何查看裝置的安全修補等級。</p>
+
+<p>我們的合作夥伴在至少一個月之前已收到公告中所述問題的相關通知。這些問題的原始碼修補程式將發佈到 Android 開放原始碼計劃 (AOSP) 存放區中,且公告中亦提供相關連結。此外,本公告也提供 AOSP 以外的修補程式連結。</p>
+
+<p>在這些問題中,最嚴重的就是媒體架構中「最高」等級的安全性漏洞。遠端攻擊者可利用這類漏洞,在媒體檔案和資料處理期間,透過特製檔案造成記憶體出錯。<a href="/security/overview/updates-resources.html#severity">嚴重程度評定標準</a>是假設平台與服務的因應防護措施基於開發作業的需求而被關閉,或是遭到有心人士破解,然後推算當有人惡意運用漏洞時,使用者的裝置會受到多大的影響,據此評定漏洞的嚴重程度。</p>
+
+<p>針對這些新發現的漏洞,我們目前尚未收到任何客戶回報相關的漏洞濫用案例。如果想進一步瞭解 <a href="/security/enhancements/index.html">Android
+安全性平台防護措施</a>和 <a href="https://www.android.com/play-protect">Google Play 安全防護</a>如何加強 Android 平台的安全性,請參閱 <a href="#mitigations">Android 和 Google Play 安全防護因應措施</a>。</p>
+
+<p>我們建議所有客戶接受這些裝置更新。</p>
+
+<p class="note"><strong>注意:</strong><a href="#google-device-updates">Google 裝置更新</a>一節提供了和 Google 裝置的無線下載更新 (OTA) 與韌體映像檔有關的資訊。</p>
+
+<h2 id="announcements">公告</h2>
+<ul>
+ <li>我們簡化了每月的安全性公告,讓公告內容更易於閱讀。在這次更新中,我們依照受影響的元件將漏洞資訊分類,並依照元件名稱排序,歸類到相對應的安全修補等級中,然後將與 Google 裝置相關的資訊都彙整在<a href="#google-device-updates">這個專區</a>中。</li>
+ <li>本公告有兩個安全修補等級字串,讓 Android 合作夥伴能夠靈活運用,以快速修正某些發生在所有 Android 裝置上的類似漏洞。如需查詢其他相關資訊,請參閱<a href="#common-questions-and-answers">常見問題與解答</a>:<ul>
+ <li><strong>2017-06-01</strong>:部分安全修補等級字串。這個安全修補等級字串表示所有與 2017-06-01 相關的問題 (以及所有先前的安全修補等級字串) 都已獲得解決。</li>
+ <li><strong>2017-06-05</strong>:完整安全修補等級字串。這個安全修補等級字串表示所有與 2017-06-01 和 2017-06-05 相關的問題 (以及所有先前的安全修補等級字串) 都已獲得解決。</li>
+ </ul>
+ </li>
+</ul>
+
+<h2 id="mitigations">Android 和 Google Play 安全防護機制所提供的因應措施</h2>
+<p>本節概述 <a href="/security/enhancements/index.html">Android 安全性平台</a>和 <a href="https://www.android.com/play-protect">Google Play 安全防護</a>等服務防護方案所提供的因應措施。這些措施可有效防範有心人士在 Android 系統上惡意運用安全性漏洞來達到特定目的。</p>
+<ul>
+ <li>Android 平台持續推出新的版本來強化安全性,因此有心人士越來越難在 Android 系統上找出漏洞加以利用。我們建議所有使用者盡可能更新至最新版的 Android。</li>
+ <li>Android 安全性小組透過 <a href="https://www.android.com/play-protect">Google Play 安全防護</a>主動監控濫用情形;使用這些功能的目的是在發現<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">可能有害的應用程式</a>時警告使用者。Google Play 安全防護在搭載 <a href="http://www.android.com/gms">Google 行動服務</a>的裝置上都會預設啟用,且對於要從 Google Play 以外來源安裝應用程式的使用者來說格外重要。</li>
+</ul>
+
+<h2 id="2017-06-01-details">2017-06-01 安全修補等級 - 資安漏洞詳情</h2>
+<p>下列各節針對 2017-06-01 安全修補等級適用的各項安全性漏洞提供了詳細資訊,資安漏洞是依照受它們影響的元件分門別類。包括問題說明和一份漏洞資訊表、相關參照、<a href="#vulnerability-type">漏洞類型</a>、<a href="/security/overview/updates-resources.html#severity">嚴重程度</a>,以及更新的 AOSP 版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
+
+<h3 id="bluetooth">藍牙</h3>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0639</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/f196061addcc56878078e5684f2029ddbf7055ff">A-35310991</a></td>
+ <td>ID</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/14b7d7e1537af60b7bca6c7b9e55df0dc7c6bf41">A-35385327</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/2bcdf8ec7db12c5651c004601901f1fc25153f2c">A-33899337</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries">程式庫</h3>
+<p>本節中最嚴重的漏洞可能會讓遠端攻擊者能利用特製檔案在未獲授權的程序環境內執行任何指令。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-8871</td>
+ <td>A-35443562<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-8332</td>
+ <td>A-37761553<a href="#asterisk">*</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5131</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/0eff71008becb7f2c2b4509708da4b79985948bb">A-36554209</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-4658</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/8ea80f29ea5fdf383ee3ae59ce35e55421a339f8">A-36554207</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0663</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc">A-37104170</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7376</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4">A-36555370</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-5056</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/3f571b1bb85cf56903f06bab3a820182115c5541">A-36809819</a></td>
+ <td>RCE</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7375</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa">A-36556310</a></td>
+ <td>RCE</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/3d6a43155c702bce0e7e2a93a67247b5ce3946a5">A-36392138</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-1839</td>
+ <td><a href="https://android.googlesource.com/platform/external/libxml2/+/ff20cd797822dba8569ee518c44e6864d6b4ebfa">A-36553781</a></td>
+ <td>DoS</td>
+ <td>中</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+</tbody></table>
+<h3 id="media-framework">媒體架構</h3>
+<p>本節中最嚴重的漏洞可能會讓遠端攻擊者在媒體檔案和資料的處理期間,利用特製檔案造成記憶體出錯。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0637</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258">A-34064500</a></td>
+ <td>RCE</td>
+ <td>最高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0391</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/14bc1678a80af5be7401cf750ab762ae8c75cc5a">A-32322258</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td>A-33129467<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>6.0、6.0.1、7.0、7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0641</td>
+ <td><a href="https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb">A-34360591</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d">A-34819017</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1、7.1.2</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643</td>
+ <td>A-35645051<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>5.0.2、5.1.1、6.0、6.0.1、7.0、7.1.1</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0644</td>
+ <td>A-35472997<a href="#asterisk">*</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>4.4.4、5.0.2、5.1.1、6.0、6.0.1</td>
+ </tr>
+</tbody></table>
+<h3 id="system-ui">系統使用者介面</h3>
+<p>本節中最嚴重的漏洞可能會讓攻擊者能利用特製檔案在未獲授權的程序環境內執行任何指令。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0638</td>
+ <td><a href="https://android.googlesource.com/platform/external/libgdx/+/a98943dd4aece3024f023f00256607d50dcbcd1e">A-36368305</a></td>
+ <td>RCE</td>
+ <td>高</td>
+ <td>7.1.1、7.1.2</td>
+ </tr>
+</tbody></table>
+<h2 id="2017-06-05-details">2017-06-05 安全修補等級 - 資安漏洞詳情</h2>
+<p>下列各節針對 2017-06-05 安全修補等級適用的各項安全性漏洞提供了詳細資訊。資安漏洞是依照受它們影響的元件分門別類,並且包含一些詳細資料,例如 CVE、相關參考資料、<a href="#vulnerability-type">漏洞類型</a>、<a href="/security/overview/updates-resources.html#severity">嚴重程度</a>、元件 (在適用情況下),和更新的 AOSP 版本 (在適用情況下)。假如相關錯誤有公開變更,該錯誤 ID 會連結到相對應的變更 (例如 AOSP 變更清單)。如果單一錯誤有多項相關變更,您可以透過該錯誤 ID 後面的編號連結開啟額外的參考資料。</p>
+
+<h3 id="kernel-components">核心元件</h3>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>元件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td>A-36101220<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>FIQ 偵錯工具</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td>A-35644815<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>低</td>
+ <td>ION 子系統</td>
+ </tr>
+</tbody></table>
+<h3 id="libraries-05">程式庫</h3>
+<p>本節中最嚴重的漏洞可能會讓遠端攻擊者使用特製檔案取得機密資訊的存取權。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>更新的 AOSP 版本</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-7995</td>
+ <td>A-36810065<a href="#asterisk">*</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>4.4.4</td>
+ </tr>
+</tbody></table>
+<h3 id="mediatek-components">MediaTek 元件</h3>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>元件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>A-35310230<a href="#asterisk">*</a><br />
+ M-ALPS03162263</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>指令佇列驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>A-34468195<a href="#asterisk">*</a><br />
+ M-ALPS03162283</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>音效驅動程式</td>
+ </tr>
+</tbody></table>
+<h3 id="nvidia-components">NVIDIA 元件</h3>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式在核心環境內執行任何指令。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>元件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6247</td>
+ <td>A-34386301<a href="#asterisk">*</a><br />
+ N-CVE-2017-6247</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>音效驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6248</td>
+ <td>A-34372667<a href="#asterisk">*</a><br />
+ N-CVE-2017-6248</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>音效驅動程式</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-components">Qualcomm 元件</h3>
+<p>本節中最嚴重的漏洞可能會讓鄰近的攻擊者在核心環境內執行任何指令。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>元件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-7371</td>
+ <td>A-36250786<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e02e63b8014f7a0a5ea17a5196fb4ef1283fd1fd">QC-CR#1101054</a></td>
+ <td>RCE</td>
+ <td>最高</td>
+ <td>藍牙驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7365</td>
+ <td>A-32449913<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=da49bf21d1c19a6293d33c985066dc0273c476db">QC-CR#1017009</a></td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>系統啟動載入程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7366</td>
+ <td>A-36252171<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f4c9ffd6cd7960265f38e285ac43cbecf2459e45">QC-CR#1036161</a>
+[<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7c4d5736d32f91f0cafe6cd86d00e26389970b00">2</a>]</td>
+ <td>EoP</td>
+ <td>高</td>
+ <td>GPU 驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7367</td>
+ <td>A-34514708<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=07174af1af48c60a41c7136f0c80ffdf4ccc0b57">QC-CR#1008421</a></td>
+ <td>DoS</td>
+ <td>高</td>
+ <td>系統啟動載入程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5861</td>
+ <td>A-36251375<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d">QC-CR#1103510</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>視訊驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-5864</td>
+ <td>A-36251231<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a">QC-CR#1105441</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>音效驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-6421</td>
+ <td>A-36251986<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b">QC-CR#1110563</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>MStar 觸控螢幕驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7364</td>
+ <td>A-36252179<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3ce6c47d2142fcd2c4c1181afe08630aaae5a267">QC-CR#1113926</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>視訊驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td>A-33452365<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=143ef972be1621458930ea3fc1def5ebce7b0c5d">QC-CR#1103085</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>音效驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369</td>
+ <td>A-33751424<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=75ed08a822cf378ffed0d2f177d06555bd77a006">QC-CR#2009216</a>
+[<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ae8f1d5f60644983aba7fbab469d0e542a187c6e">2</a>]</td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>音效驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>A-34328139<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=970edf007fbe64b094437541a42477d653802d85">QC-CR#2006159</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>視訊驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7372</td>
+ <td>A-36251497<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=1806be003731d6d4be55e5b940d14ab772839e13">QC-CR#1110068</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>視訊驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7373</td>
+ <td>A-36251984<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=e5eb0d3aa6fe62ee437a2269a1802b1a72f61b75">QC-CR#1090244</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>視訊驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>A-34621613<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64b7bc25e019dd07e8042e0a6ec6dc6a1dd0c385">QC-CR#2004036</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>相機驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8234</td>
+ <td>A-36252121<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6266f954a52641f550ef71653ea83c80bdd083be">QC-CR#832920</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>相機驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8235</td>
+ <td>A-36252376<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7e4424a1b5f6a6536066cca7aac2c3a23fd39f6f">QC-CR#1083323</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>相機驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>A-35047217<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db">QC-CR#2009606</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>IPA 驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8237</td>
+ <td>A-36252377<br />
+ <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=342d16ac6fb01e304ec75344c693257e00628ecf">QC-CR#1110522</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>網路驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>A-34327981<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6a3b8afdf97e77c0b64005b23fa6d32025d922e5">QC-CR#2009231</a></td>
+ <td>EoP</td>
+ <td>中</td>
+ <td>Secure Execution Environment Communicator 驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8239</td>
+ <td>A-36251230<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=01db0e012f86b8ba6974e5cb9905261a552a0610">QC-CR#1091603</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>相機驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8240</td>
+ <td>A-36251985<br />
+ <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=22b8b6608174c1308208d5bc6c143f4998744547">QC-CR#856379</a></td>
+ <td>ID</td>
+ <td>中</td>
+ <td>腳位控制器驅動程式</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241</td>
+ <td>A-34203184<br />
+ <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=90213394b7efb28fa511b2eaebc1343ae3b54724">QC-CR#1069175</a></td>
+ <td>ID</td>
+ <td>低</td>
+ <td>Wi-Fi 驅動程式</td>
+ </tr>
+</tbody></table>
+<h3 id="synaptics-components">Synaptics 元件</h3>
+<p>本節中最嚴重的漏洞可能會讓本機惡意應用程式存取其權限範圍以外的資料。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>元件</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>A-35472278<a href="#asterisk">*</a></td>
+ <td>EoP</td>
+ <td>低</td>
+ <td>觸控螢幕驅動程式</td>
+ </tr>
+</tbody></table>
+<h3 id="qualcomm-closed-source-components">Qualcomm 封閉原始碼元件</h3>
+<p>以下列出會影響 Qualcomm 元件的安全性漏洞,詳情請參考 2014 至 2016 年之間發佈的 Qualcomm AMSS 安全性公告。我們在這個 Android 安全性公告中列出這些漏洞,方便使用者確認漏洞修正程式及其相對應的 Android 安全修補等級。Qualcomm 公司親自提供了這些漏洞的修正程式。</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="19%" />
+ <col width="9%" />
+ <col width="14%" />
+ <col width="39%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>參考資料</th>
+ <th>類型</th>
+ <th>嚴重程度</th>
+ <th>元件</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9960</td>
+ <td>A-37280308<a href="#asterisk">*</a><br />
+ QC-CR#381837</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9961</td>
+ <td>A-37279724<a href="#asterisk">*</a><br />
+ QC-CR#581093</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9953</td>
+ <td>A-36714770<a href="#asterisk">*</a><br />
+ QC-CR#642173</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9967</td>
+ <td>A-37281466<a href="#asterisk">*</a><br />
+ QC-CR#739110</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9026</td>
+ <td>A-37277231<a href="#asterisk">*</a><br />
+ QC-CR#748397</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9027</td>
+ <td>A-37279124<a href="#asterisk">*</a><br />
+ QC-CR#748407</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9008</td>
+ <td>A-36384689<a href="#asterisk">*</a><br />
+ QC-CR#762111</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9009</td>
+ <td>A-36393600<a href="#asterisk">*</a><br />
+ QC-CR#762182</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9010</td>
+ <td>A-36393101<a href="#asterisk">*</a><br />
+ QC-CR#758752</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9011</td>
+ <td>A-36714882<a href="#asterisk">*</a><br />
+ QC-CR#762167</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9024</td>
+ <td>A-37265657<a href="#asterisk">*</a><br />
+ QC-CR#740680</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9012</td>
+ <td>A-36384691<a href="#asterisk">*</a><br />
+ QC-CR#746617</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9013</td>
+ <td>A-36393251<a href="#asterisk">*</a><br />
+ QC-CR#814373</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9014</td>
+ <td>A-36393750<a href="#asterisk">*</a><br />
+ QC-CR#855220</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9015</td>
+ <td>A-36714120<a href="#asterisk">*</a><br />
+ QC-CR#701858</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9029</td>
+ <td>A-37276981<a href="#asterisk">*</a><br />
+ QC-CR#827837</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10338</td>
+ <td>A-37277738<a href="#asterisk">*</a><br />
+ QC-CR#987699</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10336</td>
+ <td>A-37278436<a href="#asterisk">*</a><br />
+ QC-CR#973605</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10333</td>
+ <td>A-37280574<a href="#asterisk">*</a><br />
+ QC-CR#947438</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10341</td>
+ <td>A-37281667<a href="#asterisk">*</a><br />
+ QC-CR#991476</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10335</td>
+ <td>A-37282802<a href="#asterisk">*</a><br />
+ QC-CR#961142</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10340</td>
+ <td>A-37280614<a href="#asterisk">*</a><br />
+ QC-CR#989028</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10334</td>
+ <td>A-37280664<a href="#asterisk">*</a><br />
+ QC-CR#949933</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10339</td>
+ <td>A-37280575<a href="#asterisk">*</a><br />
+ QC-CR#988502</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10298</td>
+ <td>A-36393252<a href="#asterisk">*</a><br />
+ QC-CR#1020465</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10299</td>
+ <td>A-32577244<a href="#asterisk">*</a><br />
+ QC-CR#1058511</td>
+ <td>無</td>
+ <td>最高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9954</td>
+ <td>A-36388559<a href="#asterisk">*</a><br />
+ QC-CR#552880</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9955</td>
+ <td>A-36384686<a href="#asterisk">*</a><br />
+ QC-CR#622701</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9956</td>
+ <td>A-36389611<a href="#asterisk">*</a><br />
+ QC-CR#638127</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9957</td>
+ <td>A-36387564<a href="#asterisk">*</a><br />
+ QC-CR#638984</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9958</td>
+ <td>A-36384774<a href="#asterisk">*</a><br />
+ QC-CR#638135</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9962</td>
+ <td>A-37275888<a href="#asterisk">*</a><br />
+ QC-CR#656267</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9963</td>
+ <td>A-37276741<a href="#asterisk">*</a><br />
+ QC-CR#657771</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9959</td>
+ <td>A-36383694<a href="#asterisk">*</a><br />
+ QC-CR#651900</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9964</td>
+ <td>A-37280321<a href="#asterisk">*</a><br />
+ QC-CR#680778</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9965</td>
+ <td>A-37278233<a href="#asterisk">*</a><br />
+ QC-CR#711585</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9966</td>
+ <td>A-37282854<a href="#asterisk">*</a><br />
+ QC-CR#727398</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9023</td>
+ <td>A-37276138<a href="#asterisk">*</a><br />
+ QC-CR#739802</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9020</td>
+ <td>A-37276742<a href="#asterisk">*</a><br />
+ QC-CR#733455</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9021</td>
+ <td>A-37276743<a href="#asterisk">*</a><br />
+ QC-CR#735148</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9025</td>
+ <td>A-37276744<a href="#asterisk">*</a><br />
+ QC-CR#743985</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9022</td>
+ <td>A-37280226<a href="#asterisk">*</a><br />
+ QC-CR#736146</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9028</td>
+ <td>A-37277982<a href="#asterisk">*</a><br />
+ QC-CR#762764</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9031</td>
+ <td>A-37275889<a href="#asterisk">*</a><br />
+ QC-CR#866015</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9032</td>
+ <td>A-37279125<a href="#asterisk">*</a><br />
+ QC-CR#873202</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9033</td>
+ <td>A-37276139<a href="#asterisk">*</a><br />
+ QC-CR#892541</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9030</td>
+ <td>A-37282907<a href="#asterisk">*</a><br />
+ QC-CR#854667</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10332</td>
+ <td>A-37282801<a href="#asterisk">*</a><br />
+ QC-CR#906713<br />
+ QC-CR#917701<br />
+ QC-CR#917702</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10337</td>
+ <td>A-37280665<a href="#asterisk">*</a><br />
+ QC-CR#977632</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10342</td>
+ <td>A-37281763<a href="#asterisk">*</a><br />
+ QC-CR#988941</td>
+ <td>無</td>
+ <td>高</td>
+ <td>封閉原始碼元件</td>
+ </tr>
+</tbody></table>
+<h2 id="google-device-updates">Google 裝置更新</h2>
+<p>此表格包含最新無線下載更新 (OTA) 中的安全修補等級和 Google 裝置的韌體映像檔。您可以前往 <a href="https://developers.google.com/android/nexus/images">Google Developer 網站</a>取得 Google 裝置韌體映像檔。</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>Google 裝置</th>
+ <th>安全修補等級</th>
+ </tr>
+ <tr>
+ <td>Pixel/Pixel XL</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus 5X</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus 6</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus 6P</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus 9</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Nexus Player</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+ <tr>
+ <td>Pixel C</td>
+ <td>2017 年 6 月 5 日</td>
+ </tr>
+</tbody></table>
+<h2 id="acknowledgements">特別銘謝</h2>
+<p>感謝以下研究人員做出的貢獻:</p>
+
+<table>
+ <colgroup><col width="17%" />
+ <col width="83%" />
+ </colgroup><tbody><tr>
+ <th>CVE</th>
+ <th>研究人員</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0643、CVE-2017-0641</td>
+ <td>趨勢科技的 Ecular Xu (徐健)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0645、CVE-2017-0639</td>
+ <td><a href="http://www.ms509.com">MS509Team</a> 的 En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) 和 Bo Liu</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0649</td>
+ <td>奇虎 360 科技有限公司 IceSword 實驗室的 Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 和 <a href="http://weibo.com/jfpan">pjf</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0646</td>
+ <td>Tencent 電腦管理員的 Godzheng (郑文选 -<a href="https://twitter.com/VirtualSeekers">@VirtualSeekers</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0636</td>
+ <td>Shellphish Grill Team 小組的 Jake Corina 和 Nick Stephens</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8233</td>
+ <td>奇虎 360 IceSword 實驗室的 Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) 和 <a href="http://weibo.com/jfpan">pjf</a></td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7368</td>
+ <td><a href="http://c0reteam.org">C0RE 小組</a>成員 Lubo Zhang (<a href="mailto:zlbzlb815@163.com">zlbzlb815@163.com</a>)、Yuan-Tsung Lo (<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>) 和 Xuxian Jiang</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8242</td>
+ <td>特斯拉產品安全小組的 Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0650</td>
+ <td>本古里安大學數位實驗室 (Ben Gurion University Cyber Labs) 的 Omer Shwartz、Amir Cohen、Dr. Asaf Shabtai 和 Dr. Yossi Oren</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0648</td>
+ <td>HCL 科技 <a href="https://alephsecurity.com/">Aleph 研究部門</a>的 Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7369、CVE-2017-6249、CVE-2017-6247、CVE-2017-6248</td>
+ <td>趨勢科技的 sevenshen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0642、CVE-2017-0637、CVE-2017-0638</td>
+ <td>Vasily Vasiliev</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0640</td>
+ <td><a href="http://www.trendmicro.com">趨勢科技</a><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">行動威脅研究小組</a>成員 V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8236</td>
+ <td>騰訊安全平台部門成員 Xiling Gong</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0647</td>
+ <td>奇虎 360 Qex 小組的 Yangkang (<a href="https://twitter.com/dnpushme">@dnpushme</a>) 和 Liyadong</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-7370</td>
+ <td>奇虎 360 科技有限公司 IceSword 實驗室的 Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>)</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0651</td>
+ <td><a href="http://c0reteam.org">C0RE 小組</a>成員 Yuan-Tsung Lo (<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>) 和 Xuxian Jiang</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-8241</td>
+ <td>Google 的 Zubin Mithra</td>
+ </tr>
+</tbody></table>
+<h2 id="common-questions-and-answers">常見問題與解答</h2>
+<p>如果您在閱讀這篇公告後有任何疑問,可參考本節的常見問答。</p>
+
+<p><strong>1. 如何判斷我目前的裝置軟體版本是否已修正這些問題?
+</strong></p>
+
+<p>要瞭解如何查看裝置的安全修補等級,請詳讀 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 和 Nexus 更新時間表</a>中的操作說明。</p>
+<ul>
+<li>2017 年 6 月 1 日之後的安全修補等級已解決了所有與 2017-06-01 安全修補等級相關的問題。</li>
+<li>2017 年 6 月 5 日之後的安全修補等級完全解決了與 2017-06-05 安全修補等級及所有先前修補等級相關的問題。</li></ul>
+<p>提供這些更新的裝置製造商應將修補程式字串等級設定為:</p>
+<ul>
+<li>[ro.build.version.security_patch]:[2017-06-01]</li>
+<li>[ro.build.version.security_patch]:[2017-06-05]</li></ul>
+<p><strong>2. 為什麼這篇公告有兩種安全修補等級?</strong></p>
+
+<p>本公告有兩種安全修補等級,讓 Android 合作夥伴能夠靈活運用,以快速修正某些發生在所有 Android 裝置上的類似漏洞。我們建議 Android 合作夥伴修正本公告所列的所有問題,並使用最新的安全修補等級。</p>
+<ul>
+<li>安全修補等級為 2017 年 6 月 1 日的裝置必須納入所有與該安全修補等級相關的問題,以及在之前安全性公告中回報的所有問題適用的修正程式。</li>
+<li>如果裝置的安全修補等級在 2017 年 6 月 5 日之後,就必須加入本安全性公告 (以及之前公告) 中的所有適用修補程式。</li></ul>
+<p>我們建議合作夥伴將所要解決的所有問題適用修補程式彙整在單一更新中。</p>
+
+<p id="vulnerability-type"><strong>3. 「類型」<em></em>欄中的項目代表什麼意義?</strong></p>
+
+<p>資安漏洞詳情表格中「類型」<em></em>欄中的項目代表的是安全性漏洞的類別。</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>縮寫詞</th>
+ <th>定義</th>
+ </tr>
+ <tr>
+ <td>RCE</td>
+ <td>遠端程式碼執行</td>
+ </tr>
+ <tr>
+ <td>EoP</td>
+ <td>權限升級</td>
+ </tr>
+ <tr>
+ <td>ID</td>
+ <td>資訊外洩</td>
+ </tr>
+ <tr>
+ <td>DoS</td>
+ <td>拒絕服務</td>
+ </tr>
+ <tr>
+ <td>無</td>
+ <td>未分類</td>
+ </tr>
+</tbody></table>
+<p><strong>4. 「參考資料」<em></em>欄中的項目代表什麼意義?</strong></p>
+
+<p>資安漏洞詳情表格中「參考資料」<em></em>欄底下的項目可能會包含一個前置字串,用以表示該參考資料值所屬的公司。</p>
+
+<table>
+ <colgroup><col width="25%" />
+ <col width="75%" />
+ </colgroup><tbody><tr>
+ <th>前置字串</th>
+ <th>參考資料</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android 錯誤 ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm 參考編號</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek 參考編號</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA 參考編號</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom 參考編號</td>
+ </tr>
+</tbody></table>
+<p id="asterisk"><strong>5. 「參考資料」<em></em>欄中 Android 錯誤 ID 旁邊的星號 (<a href="#asterisk">*</a>) 代表什麼意義?</strong></p>
+
+<p>在「參考資料」<em></em>欄中 Android 錯誤 ID 旁邊標上星號 (<a href="#asterisk">*</a>) 代表該問題並未公開,相關的更新通常是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。</p>
+
+<h2 id="versions">版本</h2>
+<table>
+ <colgroup><col width="25%" />
+ <col width="25%" />
+ <col width="50%" />
+ </colgroup><tbody><tr>
+ <th>版本</th>
+ <th>日期</th>
+ <th>附註</th>
+ </tr>
+ <tr>
+ <td>1.0</td>
+ <td>2017 年 6 月 5 日</td>
+ <td>發佈公告。</td>
+ </tr>
+ <tr>
+ <td>1.1</td>
+ <td>2017 年 6 月 7 日</td>
+ <td>修訂公告,加入 AOSP 連結。</td>
+ </tr>
+</tbody></table>
+
+</body></html>
\ No newline at end of file
