Merge tag 'android-6.0.0_r26' into HEAD
Android 6.0.0 release 26
* tag 'android-6.0.0_r26': (71 commits)
CDD: Add BASE_OS and SECURITY_PATCH build parameters
CDD: Add android.hardware.type.automotive feature for Automotive
CDD: Requirement updates for the assistant
CDD: Add adoptable storage section
Standardize use of STRONGLY RECOMMENDED
CDD: Add devices must be able to decode all formats it can encode to Mulitmedia (formerly change 787297)
Use STRONGLY RECOMMENDED for reporting supported audio features
CDD: Clarify TV app requirements for devices with TV input Framework support.
CDD: Updates to changelog, TOC fix
Docs: Adding new cover image and current date
CDD: Add Data Deletion section
CDD: Add requirements for the new HiFi sensor feature
Fix mis-matched tags
CDD: Add requirements for the Android Keystore System
CDD: Clarify SELinux CDD requirements.
CDD: Require rotation vector when accel, gyro, magneto available
CDD: Update requirements for new density buckets
CDD: Add requirements related to the new fingerprint API
Docs: Changelog additions for M version merges as of 10-15-2015
Docs: Fixing plural carriers ref
...
Change-Id: I5c2546dba78d06423f42507c1682d005599a984c
diff --git a/src/accessories/accessories_toc.cs b/src/accessories/accessories_toc.cs
index 654ff7b..f4954a0 100644
--- a/src/accessories/accessories_toc.cs
+++ b/src/accessories/accessories_toc.cs
@@ -1,5 +1,5 @@
<!--
- Copyright 2014 The Android Open Source Project
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -30,9 +30,20 @@
</a>
</div>
<ul>
- <li><a href="<?cs var:toroot ?>accessories/headset-spec.html">Headset specification</a></li>
+ <li class="nav-section">
+ <div class="nav-section-header">
+ <a href="<?cs var:toroot ?>accessories/headset/index.html">
+ <span class="en">Headset</span>
+ </a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>accessories/headset/specification.html">Specification</a></li>
+ <li><a href="<?cs var:toroot ?>accessories/headset/requirements.html">Requirements</a></li>
+ <li><a href="<?cs var:toroot ?>accessories/headset/testing.html">Testing</a></li>
</ul>
- </li>
+ </li>
+ </ul>
+ </li>
<li class="nav-section">
<div class="nav-section-header">
<a href="<?cs var:toroot ?>accessories/custom.html">
@@ -41,16 +52,19 @@
</div>
<ul>
<li class="nav-section">
- <div class="nav-section-header"><a href="<?cs var:toroot ?>accessories/protocol.html"><span class="en">Open Accessory Protocol</span>
+ <div class="nav-section-header"><a href="<?cs var:toroot ?>accessories/protocol.html"><span class="en">AOA</span>
</a>
</div>
<ul>
- <li><a href="<?cs var:toroot ?>accessories/aoa2.html">Version 2.0</a></li>
- <li><a href="<?cs var:toroot ?>accessories/aoa.html">Version 1.0</a></li>
+ <li><a href="<?cs var:toroot ?>accessories/aoa2.html">AOA 2.0</a></li>
+ <li><a href="<?cs var:toroot ?>accessories/aoa.html">AOA 1.0</a></li>
</ul>
</li>
+ <div class="nav-section-header"><a href="<?cs var:toroot ?>accessories/stylus.html"><span class="en">Stylus</span>
+ </a>
+ </div>
</ul>
</li>
</li>
<!-- End Accessories -->
-</ul>
+</ul>
\ No newline at end of file
diff --git a/src/accessories/aoa.jd b/src/accessories/aoa.jd
index 7388d54..7c728fe 100644
--- a/src/accessories/aoa.jd
+++ b/src/accessories/aoa.jd
@@ -2,7 +2,7 @@
@jd:body
<!--
- Copyright 2013 The Android Open Source Project
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -16,55 +16,81 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<p>An Android USB accessory must adhere to Android Accessory Protocol, which defines how
-an accessory detects and sets up communication with an Android-powered device. In general, an
-accessory should carry out the following steps:</p>
+<p>Android USB accessories must adhere to the Android Open Accessory (AOA)
+protocol, which defines how an accessory detects and sets up communication with
+an Android-powered device. Accessories should carry out the following steps:</p>
+
<ul>
-<li>Wait for and detect connected devices</li>
-<li>Determine the device's accessory mode support</li>
-<li>Attempt to start the device in accessory mode if needed</li>
-<li>Establish communication with the device if it supports the Android accessory protocol</li>
+<li>Wait for and detect a connected device.</li>
+<li>Determine the device's accessory mode support.</li>
+<li>Attempt to start the device in accessory mode (if needed).</li>
+<li>If the device supports AOA, establish communication with the device.</li>
</ul>
+
<p>The following sections explain how to implement these steps.</p>
-<h2 id="wait-for-and-detect-connected-devices">Wait for and Detect Connected Devices</h2>
-<p>Your accessory should have logic to continuously check for connected Android-powered devices.
-When a device is connected, your accessory should determine if the device supports accessory mode.</p>
-<h2 id="determine-accessory-mode-support">Determine Accessory Mode Support</h2>
-<p>When an Android-powered device is connected, it can be in one of three states:</p>
+
+<p class="note">When developing a new accessory that connects to an Android
+device over USB, use <a href="{@docRoot}accessories/aoa2.html">AOAv2</a>.</p>
+
+<h2 id="wait-for-and-detect-connected-devices">Wait for and detect connected
+devices</h2>
+
+<p>Accessories should continuously check for connected Android-powered devices.
+When a device is connected, the accessory should determine if the device
+supports accessory mode.</p>
+
+<h2 id="determine-accessory-mode-support">Determine accessory mode support</h2>
+
+<p>When an Android-powered device connects, it can be in one of three states:
+</p>
+
<ul>
-<li>The attached device supports Android accessory mode and is already in accessory mode.</li>
-<li>The attached device supports Android accessory mode, but it is not in accessory mode.</li>
-<li>The attached device does not support Android accessory mode.</li>
+<li>Supports Android accessory mode and is already in accessory mode.</li>
+<li>Supports Android accessory mode but it is not in accessory mode.</li>
+<li>Does not support Android accessory mode.</li>
</ul>
-<p>During the initial connection, the accessory should check the vendor and product IDs of the
-connected device's USB device descriptor. The vendor ID should match Google's ID (<code>0x18D1</code>) and the
-product ID should be <code>0x2D00</code> or <code>0x2D01</code> if the device is already in accessory mode (case A). If
-so, the accessory can now
-<a href="#establish-communication-with-the-device">establish communication with the device</a> through
-bulk transfer endpoints with its own communication protocol. There is no need to start the device
-in accessory mode.</p>
-<p><strong>Note:</strong> <code>0x2D00</code> is reserved for Android-powered devices that
-support accessory mode. <code>0x2D01</code> is reserved for devices that support accessory mode as well as the
-ADB (Android Debug Bridge) protocol, which exposes a second interface with two bulk endpoints for
-ADB. You can use these endpoints for debugging the accessory application if you are simulating
-the accessory on a computer. In general, do not use this interface unless your accessory is
-implementing a passthrough to ADB on the device.</p>
-<p>If the vendor and product ID do not match, there is no way to distinguish between states b and c, so
-the accessory <a href="#attempt-to-start-in-accessory-mode">attempts to start the device in accessory mode</a>
-to determine if the device is supported.</p>
-<h2 id="attempt-to-start-in-accessory-mode">Attempt to Start in Accessory Mode</h2>
-<p>If the vendor and product IDs do not correspond to an Android-powered device in accessory
-mode, the accessory cannot discern whether the device supports accessory mode and is not in that
-state, or if the device does not support accessory mode at all. This is because devices that
-support accessory mode but aren't in it initially report the device's manufacturer vendor ID and
-product ID, and not the special Android Open Accessory ones. In either case, the accessory should
-try to start the device into accessory mode to figure out if the device supports it. The following
-steps explain how to do this:</p>
+
+<p>During the initial connection, the accessory should check the vendor ID and
+product ID of the connected device's USB device descriptor. The vendor ID
+should match Google's ID (<code>0x18D1</code>). If the device is already in
+accessory mode, the product ID should be <code>0x2D00</code> or
+<code>0x2D01</code> and the accessory can
+<a href="#establish-communication-with-the-device">establish communication with
+the device</a> through bulk transfer endpoints using its own communication
+protocol (the device does not need to be started in accessory mode).</p>
+
+<p class="note"><strong>Note:</strong> <code>0x2D00</code> is reserved for
+Android-powered devices that support accessory mode. <code>0x2D01</code> is
+reserved for devices that support accessory mode as well as the Android Debug
+Bridge (ADB) protocol, which exposes a second interface with two bulk endpoints
+for ADB. You can use these endpoints for debugging the accessory application if
+you are simulating the accessory on a computer. In general, do not use this
+interface unless the accessory implements a passthrough to ADB on the device.
+</p>
+
+<p>If the vendor ID or the product ID found in USB device descriptor do not
+match expected values, the accessory cannot determine if the device supports
+Android accessory mode. The accessory should attempt to start the device in
+accessory mode (detailed below) to determine device support.</p>
+
+<h2 id="attempt-to-start-in-accessory-mode">Attempt to start in accessory
+mode</h2>
+
+<p>If the vendor and product IDs do not correspond to an Android-powered device
+in accessory mode, the accessory cannot discern whether the device supports (but
+is not in) accessory mode or if the device does not support accessory mode. This
+can occur because devices that support accessory mode (but are not in that mode)
+initially report the <em>device</em> manufacturer vendor and product IDs instead
+of the <em>AOA</em> vendor and product IDs.</p>
+
+<p>The accessory should try to start the device in accessory mode to determine
+if the device supports that mode:</p>
+
<ul>
- <li>Send a 51 control request ("Get Protocol") to figure out if the device supports the Android
- accessory protocol. A non-zero number is returned if the protocol is supported, which
- represents the version of the protocol that the device supports (currently, only version 1
- exists). This request is a control request on endpoint 0 with the following characteristics:
+ <li>Send a 51 control request ("Get Protocol") to determine if the device
+ supports the Android accessory protocol. If the device supports the protocol,
+ it returns a non-zero number that represents the supported protocol version.
+ The control request is on endpoint 0 with the following characteristics:
<pre>
requestType: USB_DIR_IN | USB_TYPE_VENDOR
@@ -75,10 +101,12 @@
device to the accessory)
</pre>
</li>
- <li>If the device returns a proper protocol version, send identifying string information to the
- device. This information allows the device to figure out an appropriate application for this
- accessory and also present the user with a URL if an appropriate application does not exist.
- These requests are control requests on endpoint 0 (for each string ID) with the following
+
+ <li>If the device returns a supported protocol version, send a control request
+ with identifying string information to the device. This information allows the
+ device to determine an appropriate application for the accessory (or present a
+ URL to the user if an appropriate application does not exist). The control
+ request is on endpoint 0 (for each string ID) with the following
characteristics:
<pre>
@@ -89,8 +117,8 @@
data zero terminated UTF8 string sent from accessory to device
</pre>
- <p>The following string IDs are supported, with a maximum size of 256 bytes for each string
- (must be zero terminated with `\0`).</p>
+ <p>The following string IDs are supported, with a maximum size of 256 bytes
+ for each string (must be zero-terminated with <code>\0</code>).</p>
<pre>
manufacturer name: 0
@@ -101,8 +129,9 @@
serial number: 5
</pre>
</li>
- <li>When the identifying strings are sent, request the device start up in accessory mode. This
- request is a control request on endpoint 0 with the following characteristics:
+
+ <li>Send a control request to ask the device to start in accessory mode. The
+ control request is on endpoint 0 with the following characteristics:
<pre>
requestType: USB_DIR_OUT | USB_TYPE_VENDOR
@@ -114,25 +143,37 @@
</li>
</ul>
-<p>After sending the final control request, the connected USB device should re-introduce itself
-on the bus in accessory mode and the accessory can re-enumerate the connected devices. The
-algorithm jumps back to
-<a href="#determine-accessory-mode-support">determining the device's accessory mode support</a>
-to check for the vendor and product ID. The vendor ID and product ID of the device will be
-different if the device successfully switched to accessory mode and will now correspond to
-Google's vendor and product IDs instead of the device manufacturer's IDs. The accessory can now
-<a href="#establish-communication-with-the-device">establish communication with the device</a>.</p>
-<p>If at any point these steps fail, the device does not support Android accessory mode and the
-accessory should wait for the next device to be connected.</p>
-<h2 id="establish-communication-with-the-device">Establish Communication with the Device</h2>
-<p>If an Android-powered device in accessory mode is detected, the accessory can query the
-device's interface and endpoint descriptors to obtain the bulk endpoints to communicate with the
-device. An Android-powered device that has a product ID of <code>0x2D00</code> has one interface with two bulk
-endpoints for input and output communication. A device with product ID of <code>0x2D01</code> has two
-interfaces with two bulk endpoints each for input and output communication. The first interface
-is for standard communication while the second interface is for ADB communication. To communicate
-on an interface, all you need to do is find the first bulk input and output endpoints, set the
-device's configuration to a value of 1 with a <code>SET_CONFIGURATION</code> (<code>0x09</code>) device request, then
-communicate using the endpoints.</p>
+<p>After completing these steps, the accessory should wait for the connected USB
+device to re-introduce itself on the bus in accessory mode, then re-enumerate
+connected devices. The algorithm returns to
+<a href="#determine-accessory-mode-support">determine accessory mode support</a>
+to check the vendor and product IDs, which should be correct (e.g. correspond to
+Google's vendor and product IDs instead of the device manufacturer's IDs) if the
+device successfully switched to accessory mode. If IDs are correct, the
+accessory moves to <a href="#establish-communication-with-the-device">establish
+communication with the device</a>.</p>
+
+<p>If any step fails, the accessory determines the device does not support
+Android accessory mode and waits for the next device to connect.</p>
+<h2 id="establish-communication-with-the-device">Establish communication with
+the device</h2>
+
+<p>If the accessory detects an Android-powered device in accessory mode, the
+accessory can query the device interface and endpoint descriptors to obtain the
+bulk endpoints for communicating with the device.</p>
+
+<p>The number of interfaces and bulk endpoints depends on the product ID. An
+Android-powered device with a product ID of:</p>
+
+<ul>
+<li><code>0x2D00</code> has one interface with two bulk endpoints for input and
+output communication.</li>
+<li><code>0x2D01</code> has two interfaces with two bulk endpoints each for
+input and output communication. The first interface handles standard
+communication and the second interface handles ADB communication. To use an
+interface, locate the first bulk input and output endpoints, set the
+device configuration to a value of 1 with a <code>SET_CONFIGURATION</code>
+(<code>0x09</code>) device request, then communicate using the endpoints.</li>
+</ul>
\ No newline at end of file
diff --git a/src/accessories/aoa2.jd b/src/accessories/aoa2.jd
index c48bf25..2cbdc47 100644
--- a/src/accessories/aoa2.jd
+++ b/src/accessories/aoa2.jd
@@ -2,7 +2,7 @@
@jd:body
<!--
- Copyright 2013 The Android Open Source Project
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -16,24 +16,37 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<p>This document describes the changes to the Android Open Accessory (AOA) protocol since its
-initial release, and is a supplement to the documentation of the
-<a href="{@docRoot}accessories/aoa.html">first release of AOA</a>.</p>
-<p>The Android Open Accessory Protocol 2.0 adds two new features: audio output (from the Android
-device to the accessory) and support for the accessory acting as one or more Human Interface Devices
-(HID) to the Android device. The Android SDK APIs available to Android application developers
-remain unchanged.</p>
-<h2 id="detecting-android-open-accessory-20-support">Detecting Android Open Accessory 2.0 Support</h2>
-<p>In order for an accessory to determine if a connected Android device supports accessories and at
-what protocol level, the accessory must send a <code>getProtocol()</code> command and check the result.
-Android devices supporting the initial version of the Android Open Accessory protocol return a
-<code>1</code>, representing the protocol version number. Devices that support the new features described
-in this document must return <code>2</code> for the protocol version. Version 2.0 of the protocol is
-upwardly compatible, so accessories designed for the original accessory protocol still work
-with newer Android devices. The following example from the Accessory Development Kit 2011
+<p>This document describes changes in the Android Open Accessory (AOA) protocol
+since its initial release and supplements
+<a href="{@docRoot}accessories/aoa.html">AOA 1.0 documentation</a>. AOAv2
+adds the following features:</p>
+
+<ul>
+<li>Audio output (from the Android device to the accessory).</li>
+<li>Support for the accessory acting as one or more Human Interface Devices
+(HID) to the Android device.</li>
+</ul>
+
+<p>Android SDK APIs available to Android application developers are unchanged.
+</p>
+
+
+<h2 id="detecting-android-open-accessory-20-support">Detecting AOAv2 support</h2>
+
+<p>To determine if a connected Android device supports accessories and the
+supported protocol version, an accessory must send a <code>getProtocol()</code>
+command and check the result. Android devices that support only the feautures
+in AOAv1 must return <code>1</code> as the protocol version; devices that
+support the additional feautres in AOAv2 must return <code>2</code> as the
+protocol version. AOAv2 is backward-compatible with AOAv1, so accessories
+designed for the original accessory protocol continue to work with newer Android
+devices.</p>
+
+<p>The following example from the Accessory Development Kit 2011
<a href="http://developer.android.com/tools/adk/adk2.html#src-download">source code</a>
-(<code><adk-src>/adk1/board/AndroidAccessory/AndroidAccessory.cpp</code>) library demonstrates this protocol
-check:</p>
+(<code><adk-src>/adk1/board/AndroidAccessory/AndroidAccessory.cpp</code>)
+library demonstrates this protocol check:</p>
+
<pre><code>bool AndroidAccessory::switchDevice(byte addr)
{
int protocol = getProtocol(addr);
@@ -56,35 +69,77 @@
return true;
}
</code></pre>
-<p>AOA 2.0 includes new USB product IDs, one for each combination of USB interfaces available when
-in accessory mode. The possible USB interfaces are:</p>
-<ul>
-<li><strong>accessory</strong> - An interface providing 2 bulk endpoints for communicating with an
-Android application.</li>
-<li><strong>audio</strong> - A new standard USB audio class interface for streaming audio
-from an Android device to an accessory.</li>
-<li><strong>adb</strong> - An interface intended only for debugging purposes while developing an
-accessory. Only enabled if the user has USB Debugging enabled in Settings on the Android device.</li>
-</ul>
-<p>In AOA 1.0, there are only two USB product IDs:</p>
-<ul>
-<li><code>0x2D00</code> - accessory</li>
-<li><code>0x2D01</code> - accessory + adb</li>
-</ul>
-<p>AOA 2.0 adds an optional USB audio interface and, therefore, includes product IDs for the new
-combinations of USB interfaces:</p>
-<ul>
-<li><code>0x2D02</code> - audio</li>
-<li><code>0x2D03</code> - audio + adb</li>
-<li><code>0x2D04</code> - accessory + audio</li>
-<li><code>0x2D05</code> - accessory + audio + adb</li>
-</ul>
-<h2 id="audio-support">Audio Support</h2>
-<p>AOA 2.0 includes optional support for audio output from an Android device to an accessory. This
-version of the protocol supports a standard USB audio class interface that is capable of 2 channel
-16-bit PCM audio with a bit rate of 44100 Khz. AOA 2.0 is currently limited to this output mode, but
-additional audio modes may be added in the future.</p>
-<p>To enable the audio support, the accessory must send a new USB control request:</p>
+
+<p>AOAv2 includes new USB product IDs for each combination of USB interfaces
+available in accessory mode:</p>
+
+<table id="AOA-version-comparison">
+<tbody>
+
+<tr>
+<th>Version</th>
+<th>Product ID</th>
+<th>Communication</th>
+<th>Description</th>
+</tr>
+
+<tr>
+<td rowspan="2">AOAv1</td>
+<td><code>0x2D00</code></td>
+<td>accessory</td>
+<td>Provides two bulk endpoints for communicating with an Android
+application.</td>
+</tr>
+
+<tr>
+<td><code>0x2D01</code></td>
+<td>accessory + adb</td>
+<td>For debugging purposes during accessory development. Available only if the
+user has enabled <em>USB Debugging</em> in the Android device settings.</td>
+</tr>
+
+<tr>
+<td rowspan="4">AOAv2</td>
+<td><code>0x2D02</code></td>
+<td>audio</td>
+<td>For streaming audio from an Android device to an accessory.</td>
+</tr>
+
+<tr>
+<td><code>0x2D03</code></td>
+<td>audio + adb</td>
+<td></td>
+</tr>
+
+<tr>
+<td><code>0x2D04</code></td>
+<td>accessory + audio</td>
+<td></td>
+</tr>
+
+<tr>
+<td><code>0x2D05</code></td>
+<td>accessory + audio + adb</td>
+<td></td>
+</tr>
+
+</tbody>
+</table>
+
+
+<p>Product IDs used in AOAv1 (<code>0x2D00</code> and <code>0x2D01</code>)
+continue to be supported in AOAv2.</p>
+
+<h2 id="audio-support">Audio support</h2>
+
+<p>AOAv2 includes support for audio output from an Android device to an
+accessory via a standard USB audio class interface capable of 2 channel, 16-bit
+PCM audio with a bit rate of 44100 Khz (additional audio modes may be added in
+the future).</p>
+
+<p>To enable audio support, the accessory must send a new USB control request:
+</p>
+
<pre><code>**SET_AUDIO_MODE**
requestType: USB_DIR_OUT | USB_TYPE_VENDOR
request: 58
@@ -93,39 +148,53 @@
index: 0
data none
</code></pre>
-<p>This command must be sent <em>before</em> sending the <code>ACCESSORY_START</code> command for
-entering accessory mode.</p>
-<h2 id="hid-support">HID Support</h2>
-<p>AOA 2.0 allows the accessory to register one or more USB Human Interface Devices (HID) with
-an Android device. This approach reverses the direction of communication for typical USB HID
-devices like USB mice and keyboards. Normally, the HID device is a peripheral connected to a USB
-host like a personal computer. But in the case of the AOA protocol, the USB host acts as one or more
-input devices to a USB peripheral.</p>
-<p>HID support in AOA 2.0 is simply a proxy for standard HID events. The implementation makes no
-assumptions about the content or type of events and merely passes it through to the input system,
-so an AOA 2.0 accessory can act as any HID device (mouse, keyboard, game controller, etc.). It
-can be used for something as simple as the play/pause button on a media dock, or something as
-complicated as a docking station with a mouse and full QWERTY keyboard.</p>
-<p>The AOA 2.0 protocol adds four new USB control requests to allow the accessory to act as one or
-more HID input devices to the Android device. Since HID support is done entirely through
-control requests on endpoint zero, no new USB interface is needed to provide this support. The
-control requests are as follows:</p>
+
+<p>This command must be sent <em>before</em> sending the
+<code>ACCESSORY_START</code> command for entering accessory mode.</p>
+
+<h2 id="hid-support">HID support</h2>
+
+<p>AOAv2 allows accessories to register one or more USB Human Interface
+Devices (HID) with an Android device. This approach reverses the direction of
+communication for typical USB HID devices such as USB mice and keyboards.
+Normally, the HID device is a peripheral connected to a USB host (i.e. a
+personal computer), but in AOA the USB host can act as one or more input
+devices to a USB peripheral.</p>
+
+<p>HID support is a proxy for standard HID events; the
+implementation makes no assumptions about the content or type of events and
+simply passes it through to the input system, enabling an AOAv2 accessory to
+act as any HID device (mouse, keyboard, game controller, etc.). You can use HID
+support to provide basic functionality, such as a play/pause button on a media
+dock, or for advanced functionality such as a docking station with a mouse and
+full QWERTY keyboard.</p>
+
+<p>AOAv2 adds new USB control requests that allow the accessory to act as
+one or more HID input devices to the Android device. HID support is handled
+entirely through control requests on endpoint zero, so no new USB interface is
+needed. The four new control requests are:</p>
+
<ul>
-<li><strong>ACCESSORY_REGISTER_HID</strong> registers a new HID device with the Android device.
-The accessory provides an ID number that is used to identify the HID device for the other three
-calls. This ID is valid until USB is disconnected or until the accessory sends
-<code>ACCESSORY_UNREGISTER_HID</code> to unregister the HID device.</li>
-<li><strong>ACCESSORY_UNREGISTER_HID</strong> unregisters a HID device that was previously
-registered with <code>ACCESSORY_REGISTER_HID</code>.</li>
-<li><strong>ACCESSORY_SET_HID_REPORT_DESC</strong> sends a report descriptor for a HID device to
-the Android device. This request is used to describe the capabilities of the HID device, and must
-be sent before reporting any HID events to the Android device. If the report descriptor is larger
-than the maximum packet size for endpoint zero, multiple <code>ACCESSORY_SET_HID_REPORT_DESC</code> commands
-are sent in order to transfer the entire descriptor.</li>
-<li><strong>ACCESSORY_SEND_HID_EVENT</strong> sends input events from the accessory to the Android
+<li><strong>ACCESSORY_REGISTER_HID</strong> registers a new HID device with the
+Android device. The accessory provides an ID used to identify the HID device for
+the other three calls. This ID is valid until USB disconnects or until the
+accessory sends <code>ACCESSORY_UNREGISTER_HID</code> to unregister the HID
device.</li>
+<li><strong>ACCESSORY_UNREGISTER_HID</strong> unregisters a HID device
+previously registered with <code>ACCESSORY_REGISTER_HID</code>.</li>
+<li><strong>ACCESSORY_SET_HID_REPORT_DESC</strong> sends a report descriptor for
+a HID device to the Android device. This request is used to describe the
+capabilities of the HID device and must be sent before reporting any HID events
+to the Android device. If the report descriptor is larger than the maximum
+packet size for endpoint zero, multiple
+<code>ACCESSORY_SET_HID_REPORT_DESC</code> commands are sent to transfer the
+entire descriptor.</li>
+<li><strong>ACCESSORY_SEND_HID_EVENT</strong> sends input events from the
+accessory to the Android device.</li>
</ul>
-<p>The code definitions for these new control requests are as follows:</p>
+
+<p>The code definitions for the new control requests are:</p>
+
<pre><code>/* Control request for registering a HID device.
* Upon registering, a unique ID is sent by the accessory in the
* value parameter. This ID will be used for future commands for
@@ -174,23 +243,34 @@
*/
#define ACCESSORY_SEND_HID_EVENT 57
</code></pre>
-<h2 id="interoperability-with-aoa-10-features">Interoperability with AOA 1.0 Features</h2>
-<p>The original <a href="{@docRoot}accessories/aoa.html">AOA protocol</a> provided support for an Android
-application to communicate directly with a USB host (accessory) over USB. AOA 2.0 keeps that
-support, but adds new features to allow the accessory to communicate with the Android operating
-system itself (specifically the audio and input systems). The design of the AOA 2.0 makes it is
-possible to build an accessory that also makes use of the new audio and/or HID support in addition
-to the original feature set. Simply use the new features described in this document in addition to
-the original AOA protocol features.</p>
-<h2 id="connecting-aoa-20-without-an-android-app">Connecting AOA 2.0 without an Android App</h2>
-<p>It is possible to design an accessory (for example, an audio dock) that uses the new audio and
-HID support, but does not need to communicate with an application on the Android device. In that
-case, the user would not want to see the dialog prompts related to finding and associating the newly
-attached accessory with an Android application that can communicate with it. To prevent these
-dialogs from appearing after the device and accessory are connected, the accessory can simply not
-send the manufacturer and model names to the Android device. If these strings are not provided to
-the Android device, then the accessory is able to make use of the new audio and HID support in AOA
-2.0 without the system attempting to find an application to communicate with the accessory. Also,
-if these strings are not provided, the accessory USB interface is not present in the Android
-device USB configuration after the device enters accessory mode.</p>
+<h2 id="interoperability-with-aoa-10-features">Interoperability with AOAv1</h2>
+
+<p>The original protocol (<a href="{@docRoot}accessories/aoa.html">AOAv1</a>)
+provides support for an Android application to communicate directly with a USB
+host (accessory) over USB. AOAv2 continues this support and adds new features
+to allow the accessory to communicate with the Android operating system itself
+(specifically the audio and input systems). The design of AOAv2 makes it
+possible to build an accessory that uses the new audio and HID support
+in addition to the original feature set. Simply use the new features along with
+the original features.</p>
+
+<h2 id="connecting-aoa-20-without-an-android-app">Connecting AOAv2 without an
+Android app</h2>
+
+<p>You can design an accessory (such as an audio dock) that uses audio and HID
+support but does not communicate with an application on the Android device. For
+these accessories, users do not need to receive dialog prompts for finding and
+associating the newly attached accessory with an Android application that can
+communicate with it.</p>
+
+<p>To suppress such dialogs after an accessory connects, the
+accessory can choose not to send the manufacturer and model names to the Android
+device. When these strings are not provided to the Android device:</p>
+
+<ul>
+<li>The system does not attempt to find an application to communicate with the
+accessory.</li>
+<li>The accessory USB interface is not present in the Android device USB
+configuration after the device enters accessory mode.</li>
+</ul>
\ No newline at end of file
diff --git a/src/accessories/audio.jd b/src/accessories/audio.jd
index 92ce6fe..72c5e1d 100644
--- a/src/accessories/audio.jd
+++ b/src/accessories/audio.jd
@@ -2,7 +2,7 @@
@jd:body
<!--
- Copyright 2014 The Android Open Source Project
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -24,53 +24,67 @@
</div>
</div>
-<p>In implementing an audio accessory, such as a headset, headphone amplifier,
-microphone, DAC/ADC, or dock, you should consider how your accessory will
-connect with Android devices. In particular, you should decide
-if your accessory will use wired a 3.5 mm headset connector, Universal Serial
-Bus (USB), or a Bluetooth connection to stream music or other audio content.</p>
+<p>When implementing an audio accessory such as a headset, headphone amplifier,
+microphone, DAC/ADC, or dock, consider how the accessory connects to Android
+devices. The following sections describe wired 3.5 mm headset connections,
+Universal Serial Bus (USB) connections, and Bluetooth connections for streaming
+music or other audio content.</p>
+
<h2 id="audio-over-35mm">Audio over 3.5 mm headset connector</h2>
-<p>Many Android-based devices include a 3.5 mm (“mini”) headset connector. In
-addition to the traditional stereo output and mono input features, the <a
-href="headset-spec.html">Wired audio headset specification</a> defines standard
-impedances and functions so a range of Android devices and headsets can inter-operate.</p>
+<p>Many Android devices include a 3.5 mm (“mini”) headset connector.
+In addition to traditional stereo output and mono input features, the
+<a href="headset/specification.html">Wired audio headset specification</a>
+defines standard impedances and functions that enable interoperability between
+a range of Android devices and headsets.</p>
<h2 id="audio-over-usb">Audio over USB</h2>
<p>Android can use USB in several modes:</p>
<ul>
- <li>development
- <li>accessory
- <li>host
+ <li><strong>Development</strong>. Does not support audio. </li>
+ <li><strong>Accessory</strong>. Provided by Android Open Accessory (AOA) 2.0
+ and provides limited audio capability, as described in
+ <a href="custom.html#audio-over-usb">Connecting custom audio over USB</a>.
+ </li>
+ <li><strong>Host</strong>. Enables the Android device to drive the USB bus
+ and operate with a wide range of USB-based peripherals, including audio
+ interfaces. Host mode audio is described in
+ <a href="{@docRoot}devices/audio/usb.html">USB Digital Audio</a>.</li>
</ul>
-<p>In the development mode, there is no audio capability.</p>
-<p>Accessory mode is provided by the Open Accessory (AOA) protocol version 2.0.
-There is limited audio capability in accessory mode, as described in <a
-href="custom.html#audio-over-usb">Connecting custom audio over USB</a>.</p>
-<p>Host mode enables the Android device to drive the USB bus and operate with a
-wide range of USB-based peripherals, including audio interfaces. Host mode
-audio is described in <a href="{@docRoot}devices/audio/usb.html">USB Digital Audio</a>
<h2 id="audio-over-bluetooth">Audio over Bluetooth</h2>
-<p>An accessory that connects with Android over Bluetooth can use an Advanced Audio Distribution
-Profile (A2DP) connection stream music for playback. Playing audio over a Bluetooth with A2DP is
-supported on Android 1.5 (API Level 3) and higher. An Android user can connect to an accessory
-that supports this profile using the system Settings > Bluetooth and play music directly to the
-accessory without the need for a secondary application.</p>
-<p><strong>Note:</strong> If you want to provide a custom application for output to your audio
-accessory, note that the Android 3.0 (API Level 11) allows applications to operate an A2DP
-connection using the
-<a href="http://developer.android.com/reference/android/bluetooth/BluetoothA2dp.html"><code>BluetoothA2dp</code></a>
-class.</p>
+<p>An accessory that connects with Android over Bluetooth can use an Advanced
+Audio Distribution Profile (A2DP) connection stream music for playback. Playing
+audio over a Bluetooth with A2DP is supported on Android 1.5 (API Level 3) and
+higher. An Android user can connect to an accessory that supports this profile
+using the system Settings > Bluetooth and play music directly to the
+accessory without a secondary application.</p>
+
+<p>As of Android 3.0 (API Level 11), applications can operate an A2DP connection
+using the
+<a href="http://developer.android.com/reference/android/bluetooth/BluetoothA2dp.html">
+<code>BluetoothA2dp</code></a> class. To provide a custom application for
+output to an audio accessory, you must use Android 3.0 or higher.
+</p>
+
<h3 id="next-steps_1">Next steps</h3>
-<p>To get started on building an audio accessory that uses a Bluetooth connection:</p>
+<p>To get started building an audio accessory that uses a Bluetooth connection:
+</p>
<ul>
-<li>Select a hardware platform or build an hardware device that can support Bluetooth
- communications and the A2DP connection profile.</li>
+<li>Select a hardware platform or build an hardware device that can support
+Bluetooth communications and the A2DP connection profile.</li>
<li>Review the ADK 2012
- <a href="http://developer.android.com/tools/adk/adk2.html#src-download">firmware source code</a>
- (<code><adk-src>/adk2012/board/library/ADK2/</code>), which includes an example implementation
- of an audio playback accessory using a Bluetooth connection.</li>
+ <a href="http://developer.android.com/tools/adk/adk2.html#src-download">firmware
+ source code</a> (<code><adk-src>/adk2012/board/library/ADK2/</code>),
+ which includes an example implementation of an audio playback accessory using
+ a Bluetooth connection.</li>
</ul>
-<p><strong>Note:</strong> The ADK 2012 source code includes an open source Bluetooth stack that
-is built for the Texas Instruments CC2564 chip, but can work with any Bluetooth chip that
-implements a standard Host/Controller Interface (HCI).</p>
+
+<p class="note"><strong>Note:</strong> The ADK 2012 source code includes an open
+source Bluetooth stack built for the Texas Instruments CC2564 chip, but is
+designed to work with any Bluetooth chip that implements a standard
+Host/Controller Interface (HCI).</p>
+
+<h2 id="midi-over-usb">MIDI over USB and Bluetooth LE</h2>
+<p>Both USB and Bluetooth Low Energy can be used as transports for the
+<a href="http://en.wikipedia.org/wiki/MIDI">MIDI</a> protocol. For details, see
+<a href="{@docRoot}devices/audio/midi.html">MIDI</a>.</p>
\ No newline at end of file
diff --git a/src/accessories/custom.jd b/src/accessories/custom.jd
index 560f182..c4ff0f6 100644
--- a/src/accessories/custom.jd
+++ b/src/accessories/custom.jd
@@ -2,7 +2,7 @@
@jd:body
<!--
- Copyright 2014 The Android Open Source Project
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -24,88 +24,109 @@
</div>
</div>
-<p>An accessory for Android can be anything: keyboard, thermometer, robot, lighting control or
-anything else you can imagine. Accessories for Android all have one thing in common; they all
-connect to an Android device in some way. When starting out to build an accessory, you should
-decide how your accessory will connect to Android devices. This page gives you quick overview of
-your options for connecting your Android accessory and resources to help you get started.</p>
+<p>An accessory for Android can be anything: keyboard, thermometer, robot,
+lighting control, or anything else you can imagine. All Android accessories
+connect to an Android device in some way, so when building an accessory you must
+consider the type of connections your accessory will use. This page provides a
+quick overview of your options for connecting your Android accessory and
+a list of resources to help you get started.</p>
+
<h2 id="connecting-over-usb">Connecting over USB</h2>
-<p>An accessory that connects to an Android device through a USB cable must support the Android
-Open Accessory (AOA) protocol, which specifies how an accessory can establish communication with
-an Android device over a USB cable. Due to the low power output of Android devices, the AOA
-protocol requires the accessory act as a USB host, which means that the connecting accessory must
-power the bus.</p>
-<p>The AOA protocol has two versions which support different types of communication. Version
-1.0 supports a generic accessory communication and adb debugging. This version of the protocol is
-supported by the platform in Android 3.1 (API Level 12) and higher, and supported through an
-<a href="https://developers.google.com/android/add-ons/google-apis/">Add-On Library</a> in Android
-2.3.4 (API Level 10) and higher. Version 2.0 of the protocol is available in Android 4.1 (API Level
-16) and adds audio streaming and human interface device (HID) capabilities.</p>
-<p>If you use the general accessory protocol to communicate with your accessory (rather than the
-adb or audio protocol), you must provide an Android application that can detect the connection of
-your USB accessory and establish communication.</p>
-<h3 id="next-steps">Next steps</h3>
-<p>To get started on building an Android accessory that uses a USB connection:</p>
+<p>An accessory that connects to an Android device through a USB cable must
+support the Android Open Accessory (AOA) protocol, which specifies how an
+accessory can establish communication with an Android device via USB.
+Due to the low power output of Android devices, AOA requires the accessory to
+act as a USB host, meaning the connecting accessory must power the bus.</p>
+
+<p>AOA has two versions that support different types of communication:</p>
<ul>
-<li>Select a hardware platform or build a hardware device that can support USB host mode.</li>
-<li>Review the <a href="{@docRoot}accessories/index.html">AOA protocol</a> specifications to understand
- how to implement this protocol on your accessory hardware. Implementing the
- <a href="{@docRoot}accessories/aoa2.html">AOA 2.0 protocol</a> is recommended for all new Android USB
- accessories.</li>
-<li>Review the ADK 2012 <a href="http://developer.android.com/tools/adk/adk2.html#src-download">firmware source code</a>
- (<code><adk-src>/adk2012/board/library/ADK2/</code>), which demonstrates an implementation of an accessory
- using a USB connection for general data communications and audio streaming.</li>
-<li>If you are planning to build an Android application that communicates with your accessory
- via USB, review the ADK 2012 Android
- <a href="http://developer.android.com/tools/adk/adk2.html#src-download">application source code</a>
- (<code><adk-src>/adk2012/app/</code>).</li>
+<li><strong>AOAv1</strong>. Supports generic accessory communication and adb
+debugging. Available in Android 3.1 (API Level 12) and higher and supported
+through an
+<a href="https://developers.google.com/android/add-ons/google-apis/">Add-On
+Library</a> in Android 2.3.4 (API Level 10) and higher.</li>
+<li><strong>AOAv2</strong>. Supports audio streaming and human interface
+device (HID) capabilities. Available in Android 4.1 (API Level 16).</li>
</ul>
+
+<p>If you use the general accessory protocol to communicate with your accessory
+(rather than the adb or audio protocol), you must provide an Android application
+that can detect the connection of your USB accessory and establish communication.
+</p>
+
+<h3 id="next-steps_0">Next steps</h3>
+<p>To get started building an Android accessory that uses a USB connection:
+</p>
+<ul>
+<li>Select a hardware platform or build a hardware device that can support USB
+host mode.</li>
+<li>Review <a href="{@docRoot}accessories/protocol.html">AOA</a> specifications to
+understand how to implement this protocol on your accessory hardware.
+Implementing <a href="{@docRoot}accessories/aoa2.html">AOAv2</a> is
+recommended for all new Android USB accessories.</li>
+<li>Review the ADK 2012
+<a href="http://developer.android.com/tools/adk/adk2.html#src-download">firmware
+source code</a> (<code><adk-src>/adk2012/board/library/ADK2/</code>),
+which demonstrates an implementation of an accessory using a USB connection for
+general data communications and audio streaming.</li>
+<li>When planning to build an Android application that communicates with your
+accessory via USB, review the ADK 2012 Android
+<a href="http://developer.android.com/tools/adk/adk2.html#src-download">application
+source code</a> (<code><adk-src>/adk2012/app/</code>).</li>
+</ul>
+
<h2 id="connecting-over-bluetooth">Connecting over Bluetooth</h2>
-<p>An accessory that connects with Android devices over a Bluetooth connection can use the
-various connection profiles supported by Android, including the Simple Serial Protocol (SSP) and
-Advanced Audio Distribution Profile (A2DP) profile. An accessory that uses Bluetooth to connect to
-Android devices must support Bluetooth communications and at least one of the supported connection
-profiles.</p>
-<p>Users must enable Bluetooth on their Android device and pair with your accessory in order to
-use it. You can also provide a secondary Android application that handles any specialized
-communication, such as data input or control outputs, to interface with your accessory.</p>
+<p>An accessory that connects with Android devices over a Bluetooth connection
+can use connection profiles supported by Android, including the Simple Serial
+Protocol (SSP) and Advanced Audio Distribution Profile (A2DP) profile. An
+accessory that uses Bluetooth to connect to Android devices must support
+Bluetooth communications and at least one of the supported connection profiles.
+</p>
+<p>Users must enable Bluetooth on their Android device and pair with your
+accessory to use the accessory. You can also provide a secondary Android
+application that handles specialized communication such as data input or control
+outputs to interface with your accessory.</p>
+
<h3 id="next-steps_1">Next steps</h3>
-<p>To get started on building an Android accessory that uses a Bluetooth connection:</p>
+<p>To get started building an Android accessory that uses a Bluetooth connection:
+</p>
<ul>
-<li>Select a hardware platform or build an hardware device that can support Bluetooth
- communications and an Android supported connection profile, such as SSP or A2DP.</li>
-<li>Review the ADK 2012 <a href="http://developer.android.com/tools/adk/adk2.html#src-download">firmware source code</a>
- (<code><adk-src>/adk2012/board/library/ADK2/</code>), which includes an example implementation
- of general data communications and audio streaming using a Bluetooth connection.</li>
-<li>If you are planning to build an Android application that communicates with your accessory
- via Bluetooth, review the ADK 2012 Android
- <a href="http://developer.android.com/tools/adk/adk2.html#src-download">application source code</a>
- (<code><adk-src>/adk2012/app/</code>).</li>
+<li>Select a hardware platform or build an hardware device that can support
+Bluetooth communications and an Android supported connection profile, such as
+SSP or A2DP.</li>
+<li>Review the ADK 2012
+<a href="http://developer.android.com/tools/adk/adk2.html#src-download">firmware
+source code</a> (<code><adk-src>/adk2012/board/library/ADK2/</code>),
+which includes an example implementation of general data communications and
+audio streaming using a Bluetooth connection.</li>
+<li>When planning to build an Android application that communicates with your
+accessory via Bluetooth, review the ADK 2012 Android
+<a href="http://developer.android.com/tools/adk/adk2.html#src-download">application
+source code</a> (<code><adk-src>/adk2012/app/</code>).</li>
</ul>
-<p><strong>Note:</strong> The ADK 2012 source code includes an open source Bluetooth stack which
-is built for the Texas Instruments CC2564 chip, but can work with any Bluetooth chip that
-supports a standard Host/Controller Interface (HCI).</p>
+
+<p class="note"><strong>Note:</strong> The ADK 2012 source code includes an open
+source Bluetooth stack built for the Texas Instruments CC2564 chip but is
+designed to work with any Bluetooth chip that supports a standard
+Host/Controller Interface (HCI).</p>
<h2 id="audio-over-usb">Connecting audio over USB</h2>
-<p>An accessory that connects with Android over USB connection may use the Android Open
-Accessory (AOA) protocol version 2.0. This version of the AOA protocol is supported on Android 4.1
-(API Level 16) and higher. Once an Android device connects to an accessory that supports this
-protocol, the Android system treats it as a standard audio output device and routes all audio to
-that accessory. No secondary software application is required on the Android device.</p>
-<p><strong>Note:</strong> Due to the low power output of Android devices, the Android Open Accessory
-Protocol requires that accessories act as a USB host, which means that the connecting accessory
-must power the bus.</p>
-<h3 id="next-steps">Next steps</h3>
-<p>To get started on building an audio accessory that uses a USB connection:</p>
-<ul>
-<li>Select a hardware platform or build a hardware device that can support USB host mode.</li>
-<li>Review the <a href="{@docRoot}accessories/aoa2.html">AOA 2.0 protocol</a> specification to understand
- how to implement this protocol on your accessory hardware.</li>
-<li>Review the ADK 2012 <a href="http://developer.android.com/tools/adk/adk2.html#src-download">firmware source code</a>
- (<code><adk-src>/adk2012/board/library/ADK2/</code>), which includes an example implementation
- of an audio playback accessory using a USB connection.</li>
-</ul>
-<p><strong>Note:</strong> The AOA 2.0 protocol also supports the
-<a href="{@docRoot}accessories/aoa2.html#hid-support">human interface device</a> (HID) protocol through a USB
-connection, enabling accessories such as audio docks to provide hardware play back controls such
-as pause, fast-forward or volume buttons.</p>
+<p>An accessory that connects with Android over USB can use AOAv2 (supported on
+Android 4.1 (API Level 16) and higher. After an Android device connects to an
+accessory that supports this protocol, the Android system treats it as a
+standard audio output device and routes all audio to that accessory. No
+secondary software application is required on the Android device.</p>
+
+<p class="note"><strong>Note:</strong> Due to the low power output of Android
+devices, AOA requires accessories to act as a USB host, meaning the connecting
+accessory must power the bus.</p>
+
+<h3 id="next-steps_2">Next steps</h3>
+<p>To get started building an audio accessory that uses a USB connection, see
+<a href="#next-steps_0">next steps for USB connections.</a></p>
+
+<p>AOAv2 also supports the
+<a href="{@docRoot}accessories/aoa2.html#hid-support">human interface device</a>
+(HID) protocol through a USB connection, enabling accessories such as audio
+docks to provide hardware play back controls such as pause, fast-forward or
+volume buttons.</p>
\ No newline at end of file
diff --git a/src/accessories/headset-spec.jd b/src/accessories/headset-spec.jd
deleted file mode 100644
index c9a749e..0000000
--- a/src/accessories/headset-spec.jd
+++ /dev/null
@@ -1,697 +0,0 @@
-page.title=Wired audio headset specification
-@jd:body
-
-<!--
- Copyright 2014 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<div id="qv-wrapper">
- <div id="qv">
- <h2>In this document</h2>
- <ol id="auto-toc">
- </ol>
- </div>
-</div>
-
-<p><em>Version 1.1</em></p>
-
-<p>This document specifies the requirements for headsets and mobile devices to
-function uniformly across the Android ecosystem. It is separated into two
-sections beginning with the specifications for the headset
-accessory followed by the specifications for the mobile device.</p>
-
-<h2 id=headset_accessory_plug_specifications>Headset Accessory (Plug) Specifications</h2>
-
-<p>The requirements in the following section apply to the headset accessory.</p>
-
-<h3 id=functions>Functions</h3>
-
-<table>
- <tr>
- <th>
-<p><strong>Function</strong></p>
-</th>
- <th>
-<p><strong>Accessory Support</strong></p>
-</th>
- </tr>
- <tr>
- <td>
-<p>Stereo Audio Out</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Audio in (Mic)</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Ground</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- </tr>
-</table>
-
-<h3 id=control-function_mapping>Control-Function Mapping</h3>
-
-<table>
- <tr>
- <th>
-<p><strong>Control Function</strong></p>
-</th>
- <th>
-<p><strong>Accessory Support</strong></p>
-</th>
- <th>
-<p><strong>Description</strong></p>
-</th>
- </tr>
- <tr>
- <td>
-<p>Function A</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>Play/pause/hook (Short Press), Trigger Assist (Long Press), Next (double press)</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Function B</p>
-</td>
- <td>
-<p>Optional</p>
-</td>
- <td>
-<p>Vol+</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Function C</p>
-</td>
- <td>
-<p>Optional</p>
-</td>
- <td>
-<p>Vol-</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Function D</p>
-</td>
- <td>
-<p>Optional</p>
-</td>
- <td>
-<p>Reserved (Nexus devices will use this reserved function to launch Google
-voice search)</p>
-</td>
- </tr>
-</table>
-
-<p><strong>Assign functions to buttons as follows</strong>:</p>
-
-<ul>
- <li> All one-button headsets must implement Function A.
- <li> Headsets with multiple buttons must implement functions according to the
-following pattern:
- <ul>
- <li> 2 functions: A and D
- <li> 3 functions: A, B, C
- <li> 4 functions: A, B, C, D
- </ul>
-</ul>
-
-<h3 id=mechanical>Mechanical</h3>
-
-<table>
- <tr>
- <th>
-<p><strong>Function</strong></p>
-</th>
- <th>
-<p><strong>Accessory Support</strong></p>
-</th>
- <th>
-<p><strong>Notes</strong></p>
-</th>
- </tr>
- <tr>
- <td>
-<p>4 conductor 3.5mm plug</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>Ref: EIAJ-RC5325A standard</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>CTIA pinout order (LRGM)</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>Except in regions with legal requirements for OMTP pinout</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>OMTP pinout order (LRMG)</p>
-</td>
- <td>
-<p>Optional</p>
-</td>
- <td></td>
- </tr>
- <tr>
- <td>
-<p>Microphone</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>Must not be obstructed when operating headset controls</p>
-</td>
- </tr>
-</table>
-
-<h3 id=electrical>Electrical</h3>
-
-<table>
- <tr>
- <th>
-<p><strong>Function</strong></p>
-</th>
- <th>
-<p><strong>Accessory Support</strong></p>
-</th>
- <th>
-<p><strong>Description</strong></p>
-</th>
- </tr>
- <tr>
- <td>
-<p>Ear speaker impedance</p>
-</td>
- <td>
-<p><strong>16 ohms or higher</strong></p>
-</td>
- <td>
-<p>Recommend 32 - 300 ohms</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Mic DC resistance</p>
-</td>
- <td>
-<p><strong>1000 ohms or higher</strong></p>
-</td>
- <td>
-<p>Mic characteristics must be compliant with section 5.4 “Audio Recording” of
-current Android Compatibility Definition Document (CDD)</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Control Function Equivalent impedance*</p>
-
-<p>*Total impedance from positive mic terminal to GND when button is pressed with
-2.2 V mic bias applied through 2.2 kOhm resistor</p>
-</td>
- <td>
-<p><strong>0 ohm</strong></p>
-</td>
- <td>
-<p>[Function A] Play/Pause/Hook</p>
-</td>
- </tr>
- <tr>
- <td></td>
- <td>
-<p><strong>240 ohm</strong> +/- 1% resistance</p>
-</td>
- <td>
-<p>[Function B]</p>
-</td>
- </tr>
- <tr>
- <td></td>
- <td>
-<p><strong>470 ohm</strong> +/- 1% resistance</p>
-</td>
- <td>
-<p>[Function C] </p>
-</td>
- </tr>
- <tr>
- <td></td>
- <td>
-<p><strong>135 ohm</strong> +/- 1% resistance</p>
-</td>
- <td>
-<p>[Function D]</p>
-</td>
- </tr>
-</table>
-
-<p>In the following diagrams, Button A is mapped to Function A, Button B to
-Function B, and so on.</p>
-
-<h3 id=reference_headset_test_circuit_1>Reference Headset Test Circuit 1</h3>
-
-<img src="images/headset-circuit1.png" alt="Reference Headset Test Circuit 1" />
-<p class="img-caption"><strong>Figure 1.</strong> Reference headset test circuit 1</p>
-
-<p class="note"><strong>Note:</strong> The above diagram shows the CTIA pinout
-for a 4-segment plug. For the OMTP pinout, switch the positions of the MIC and
-GND segments.</p>
-
-<h3 id=reference_headset_test_circuit_2>Reference Headset Test Circuit 2</h3>
-
-<p>The second reference circuit shows how the actual resistor values (R1 - R4)
-are altered to meet this specification.</p>
-
-<img src="images/headset-circuit2.png" alt="Reference Headset Test Circuit 2" />
-<p class="img-caption"><strong>Figure 2.</strong> Reference headset test circuit 2</p>
-
-<p>The actual resistance of the buttons parallel with the microphone (R1-R4) is
-based on the microphone capsule resistance (Rmic) and the equivalent impedance
-values (ReqA-ReqD). Use the following formula:</p>
-
-<p><em>Rn=(Rmic*ReqN) / (ReqN-Rmic)</em></p>
-
-<p>Where R<em>n</em> is the actual resistance of a button, Req<em>N</em> is the
-equivalent impedance value of that button (provided), and Rmic is the
-microphone impedance value.</p>
-
-<p>The example above assumes a 5 kohm microphone impedance (Rmic). Therefore, to
-achieve an equivalent R4 impedance of 135 ohm (ReqD), the actual resistor value
-(R4) needs to be 139 ohms.</p>
-
-
-<h2 id=mobile_device_jack_specifications>Mobile Device (Jack) Specifications</h2>
-
-<p class="caution"><strong>Caution:</strong> To achieve compatibility with the
-headset specification above, devices that include a 4 conductor 3.5mm audio
-jack must meet the following specifications. Please see the <em>Analog audio
-ports</em> section of the <a
-href="{@docRoot}compatibility/android-cdd.pdf">Android Compatibility Definition
-Document (CDD)</a> for Android compatibility requirements.</p>
-
-<p><strong>Headset Jack Functions</strong></p>
-<table>
- <tr>
- <th>
-<p><strong>Function</strong></p>
-</th>
- <th>
-<p><strong>Device Support</strong></p>
-</th>
- </tr>
- <tr>
- <td>
-<p>Stereo Audio Out</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Audio in (Mic)</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Ground</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- </tr>
-</table>
-
-<h3 id=software_mapping>Software mapping</h3>
-
-<table>
- <tr>
- <th>
-<p><strong>Function</strong></p>
-</th>
- <th>
-<p><strong>Device Support</strong></p>
-</th>
- <th>
-<p><strong>Description</strong></p>
-</th>
- </tr>
- <tr>
- <td>
-<p>Function A control event </p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>input event KEY_MEDIA</p>
-
-<p>Android key KEYCODE_HEADSETHOOK</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Function D control event</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>input event KEY_VOICECOMMAND</p>
-
-<p>Android key KEYCODE_VOICE_ASSIST</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Function B control event</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>input event KEY_VOLUMEUP</p>
-
-<p>Android key VOLUME_UP</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Function C control event</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>input event KEY_VOLUMEDOWN</p>
-
-<p>Android key VOLUME_DOWN</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Headset insertion detection</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>input event SW_JACK_PHYSICAL_INSERT 7</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Headset type detection</p>
-</td>
- <td>
-<p><strong>Mic</strong></p>
-</td>
- <td>
-<p>input event SW_MICROPHONE_INSERT 4</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Headset type detection</p>
-</td>
- <td>
-<p><strong>No Mic</strong></p>
-</td>
- <td>
-<p>input event SW_HEADPHONE_INSERT 2</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Headset speaker impedance</p>
-</td>
- <td>
-<p><strong>Required Headphone (low)</strong></p>
-</td>
- <td>
-<p>Failure mode is to indicate headphones so that limitation would be on</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Headset speaker impedance</p>
-</td>
- <td>
-<p><strong>Required Line In (high)</strong></p>
-</td>
- <td>
-<p>input event SW_LINEOUT_INSERT 6</p>
-</td>
- </tr>
-</table>
-
-<h3 id=mechanical11>Mechanical</h3>
-
-<table>
- <tr>
- <th>
-<p><strong>Function</strong></p>
-</th>
- <th>
-<p><strong>Device Support</strong></p>
-</th>
- <th>
-<p><strong>Description</strong></p>
-</th>
- </tr>
- <tr>
- <td>
-<p>4 conductor 3.5mm jack</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td></td>
- </tr>
- <tr>
- <td>
-<p>CTIA pinout order (LRGM)</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>3 Pin & Mono Plug Compatible</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>OMTP pinout order (LRMG)</p>
-</td>
- <td>
-<p>Optional but <strong>Strongly Recommended</strong></p>
-</td>
- <td></td>
- </tr>
- <tr>
- <td>
-<p>Headset detect sequence</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>Plug insert notification must only be triggered after all contacts on plug are
-touching their relevant segments. This will prevent unreliable headset
-detection due to slow insertion. </p>
-</td>
- </tr>
-</table>
-
-<h3 id=electrical12>Electrical</h3>
-
-<h4 id=general>General</h4>
-
-<table>
- <tr>
- <th>
-<p><strong>Function</strong></p>
-</th>
- <th>
-<p><strong>Device Support</strong></p>
-</th>
- <th>
-<p><strong>Notes</strong></p>
-</th>
- </tr>
- <tr>
- <td>
-<p>Maximum output voltage drive</p>
-</td>
- <td>
-<p>150mV </p>
-</td>
- <td>
-<p>>= 150mV on 32 ohm</p>
-
-<p>Test conditions: EN50332-2</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Mic bias resistance </p>
-</td>
- <td>
-<p>Required</p>
-</td>
- <td>
-<p>Flexible on detection method used and microphone bias resistor selection.
-Require that all button resistance value ranges specified below be detected and
-related to their respective function</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>Mic bias voltage</p>
-</td>
- <td>
-<p>1.8V - 2.9V</p>
-</td>
- <td>
-<p>To guarantee compatibility to common microphone capsules.</p>
-</td>
- </tr>
-</table>
-
-<h4 id=function_impedance_and_threshold_detection>Function Impedance and Threshold Detection</h4>
-
-<p>Devices must detect the following resistor ladder on the accessories. The
-accessories will be tested to the standardized circuit diagram in the diagram
-illustrated earlier (Reference Headset Test Circuit) where the total impedance
-is measured from MIC terminal to GND when a button is pressed with 2.2V mic
-bias applied through 2.2 kOhm resistor. This is the same effective resistance
-as the button detection circuit with the microphone in parallel with the button
-resistor.</p>
-<table>
- <tr>
- <th>
-<p><strong>Button Impedance Level</strong></p>
-</th>
- <th>
-<p><strong>Device Support</strong></p>
-</th>
- <th>
-<p><strong>Notes</strong></p>
-</th>
- </tr>
- <tr>
- <td>
-<p><strong>70 ohm or less</strong></p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>[Function A]</p>
-</td>
- </tr>
- <tr>
- <td>
-<p><strong>110 - 180 ohm </strong></p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>[Function D]</p>
-</td>
- </tr>
- <tr>
- <td>
-<p><strong>210 - 290 ohm</strong></p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>[Function B]</p>
-</td>
- </tr>
- <tr>
- <td>
-<p><strong>360 - 680 ohm </strong></p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>[Function C]</p>
-</td>
- </tr>
- <tr>
- <td>
-<p><strong>Headset speaker impedance level</strong></p>
-</td>
- <td></td>
- <td></td>
- </tr>
- <tr>
- <td>
-<p>Low Threshold Detection</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>Headphone (low) < 1 Kohm</p>
-</td>
- </tr>
- <tr>
- <td>
-<p>High Threshold Detection</p>
-</td>
- <td>
-<p><strong>Required</strong></p>
-</td>
- <td>
-<p>Line In (high) > 5 Kohm</p>
-</td>
- </tr>
-</table>
diff --git a/src/accessories/headset/images/button_configuration.png b/src/accessories/headset/images/button_configuration.png
new file mode 100644
index 0000000..52a0750
--- /dev/null
+++ b/src/accessories/headset/images/button_configuration.png
Binary files differ
diff --git a/src/accessories/headset/images/button_icons.png b/src/accessories/headset/images/button_icons.png
new file mode 100644
index 0000000..e7b695a
--- /dev/null
+++ b/src/accessories/headset/images/button_icons.png
Binary files differ
diff --git a/src/accessories/headset/images/button_spacing.png b/src/accessories/headset/images/button_spacing.png
new file mode 100644
index 0000000..2bc6cdf
--- /dev/null
+++ b/src/accessories/headset/images/button_spacing.png
Binary files differ
diff --git a/src/accessories/images/headset-circuit1.png b/src/accessories/headset/images/headset-circuit1.png
similarity index 100%
rename from src/accessories/images/headset-circuit1.png
rename to src/accessories/headset/images/headset-circuit1.png
Binary files differ
diff --git a/src/accessories/images/headset-circuit2.png b/src/accessories/headset/images/headset-circuit2.png
similarity index 100%
rename from src/accessories/images/headset-circuit2.png
rename to src/accessories/headset/images/headset-circuit2.png
Binary files differ
diff --git a/src/accessories/headset/images/icon_sizing.png b/src/accessories/headset/images/icon_sizing.png
new file mode 100644
index 0000000..8bfd128
--- /dev/null
+++ b/src/accessories/headset/images/icon_sizing.png
Binary files differ
diff --git a/src/accessories/headset/images/media_four.png b/src/accessories/headset/images/media_four.png
new file mode 100644
index 0000000..128dba0
--- /dev/null
+++ b/src/accessories/headset/images/media_four.png
Binary files differ
diff --git a/src/accessories/headset/images/media_one.png b/src/accessories/headset/images/media_one.png
new file mode 100644
index 0000000..3f9d4db
--- /dev/null
+++ b/src/accessories/headset/images/media_one.png
Binary files differ
diff --git a/src/accessories/headset/images/media_three.png b/src/accessories/headset/images/media_three.png
new file mode 100644
index 0000000..5f1105c
--- /dev/null
+++ b/src/accessories/headset/images/media_three.png
Binary files differ
diff --git a/src/accessories/headset/images/media_two.png b/src/accessories/headset/images/media_two.png
new file mode 100644
index 0000000..3b1e26c
--- /dev/null
+++ b/src/accessories/headset/images/media_two.png
Binary files differ
diff --git a/src/accessories/headset/images/microphone.png b/src/accessories/headset/images/microphone.png
new file mode 100644
index 0000000..1b19015
--- /dev/null
+++ b/src/accessories/headset/images/microphone.png
Binary files differ
diff --git a/src/accessories/headset/images/telephony_four.png b/src/accessories/headset/images/telephony_four.png
new file mode 100644
index 0000000..bea091e
--- /dev/null
+++ b/src/accessories/headset/images/telephony_four.png
Binary files differ
diff --git a/src/accessories/headset/images/telephony_one.png b/src/accessories/headset/images/telephony_one.png
new file mode 100644
index 0000000..0760f25
--- /dev/null
+++ b/src/accessories/headset/images/telephony_one.png
Binary files differ
diff --git a/src/accessories/headset/images/telephony_three.png b/src/accessories/headset/images/telephony_three.png
new file mode 100644
index 0000000..b2c8e29
--- /dev/null
+++ b/src/accessories/headset/images/telephony_three.png
Binary files differ
diff --git a/src/accessories/headset/images/telephony_two.png b/src/accessories/headset/images/telephony_two.png
new file mode 100644
index 0000000..1ba31e2
--- /dev/null
+++ b/src/accessories/headset/images/telephony_two.png
Binary files differ
diff --git a/src/accessories/headset/index.jd b/src/accessories/headset/index.jd
new file mode 100644
index 0000000..d66c6ac
--- /dev/null
+++ b/src/accessories/headset/index.jd
@@ -0,0 +1,29 @@
+page.title=Android Audio Headset
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<p>This section describes the development and testing of the Android headset
+accessory interface. This documentation presents the interface guidelines for the
+Android headset inline remote.</p>
+
+<p>The goal is to maintain certain standards for consistency and design while
+allowing for freedom in design expression. If you choose to implement a
+dedicated Android headset accessory, please follow these guidelines to ensure
+your headset is compatible with devices following the recommendations in the <a
+href="{@docRoot}compatibility/android-cdd.pdf">Android Compatibility Definition
+Document (CDD)</a>.</p>
diff --git a/src/accessories/headset/requirements.jd b/src/accessories/headset/requirements.jd
new file mode 100644
index 0000000..1f5c0d0
--- /dev/null
+++ b/src/accessories/headset/requirements.jd
@@ -0,0 +1,189 @@
+page.title=Headset Requirements
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<h2 id=media>Media</h2>
+
+<p>If a user connects a headset to the device while playing media, the audio
+output (sound) should be heard only via the headset.</p>
+
+<p>For example, while playing media with the <a
+href="https://github.com/googlesamples/android-UniversalMusicPlayer">open
+source</a> <a
+href="https://android-developers.blogspot.com/2015/03/a-new-reference-app-for-multi-device.html">Universal
+Music Player</a>, pressing the play/pause button should pause playback.
+Pressing the same button when media is paused should resume playback.</p>
+
+<p>If the headset has volume control buttons: </p>
+
+<ul>
+ <li> Pressing the volume-up button should increase the volume incrementally each
+time the button is pressed until maximum volume is reached. If the volume-up
+button is pressed and held, the volume should gradually increase to maximum
+volume setting.
+ <li> Pressing the volume-down button should decrease the volume incrementally each
+time the button is pressed until entirely muted. If the volume-down button is
+pressed and held, the volume should gradually decrease to silent.
+ <li> Pressing the volume-up button when in a muted state should increase the volume
+one notch at a time starting from silent.
+</ul>
+
+<p><strong>Recommended for Apps</strong>: On disconnecting the headset, sound output should stop and playback should
+pause. On reconnecting, playback should not start again unless the user presses
+the play button. Upon pressing play, sound output should again be limited to
+the headset.</p>
+
+<h3 id=one_button>One button</h3>
+
+<img src="images/media_one.png" alt="Button functions for one-button headsets handling a media stream.">
+</span>
+
+<p class="img-caption"><strong>Figure 1.</strong> Button functions for one-button headsets handling a media stream.</p>
+
+<h3 id=two_buttons>Two buttons</h3>
+
+<img src="images/media_two.png" alt="Button functions for two-button headsets handling a media stream.">
+
+<p class="img-caption"><strong>Figure 2.</strong> Button functions for two-button headsets handling a media stream.</p>
+
+<h3 id=three_buttons>Three buttons</h3>
+
+<img src="images/media_three.png" alt="Button functions for three-button headsets handling a media stream.">
+
+<p class="img-caption"><strong>Figure 3.</strong> Button functions for three-button headsets handling a media stream.</p>
+
+<h3 id=four_buttons>Four buttons</h3>
+
+<img src="images/media_four.png" alt="Button functions for four-button headsets handling a media stream.">
+
+<p class="img-caption"><strong>Figure 4.</strong> Button functions for four-button headsets handling a media stream.</p>
+
+<h2 id=telephony>Telephony</h2>
+
+
+<p>If a user connects a headset to the device while a call is in progress, the
+conversation should continue on the headset. The call should not get
+disconnected, and the microphone should not be muted. If present, volume
+buttons should behave identically to media playback.</p>
+
+<p>Pressing the play/pause button while a phone call is in progress should toggle
+the microphone state between muted and unmuted. If a user receives calls while
+using the headset, the voice assistance button should allow handling of those
+calls:</p>
+
+<ul>
+ <li> While in a phone call, pressing quickly on the play/pause button should mute
+the microphone. And if pressed quickly again, the microphone should un-mute.
+ <li> While in a phone call, a long press on the play/pause button should end the
+telephone call.
+ <li> While receiving a phone call, pressing quickly on the play/pause button should
+accept the call.
+ <li> While receiving a phone call, a long press on the play/pause button should
+reject the call.
+</ul>
+
+<h3 id=one_button>One button</h3>
+
+<img src="images/telephony_one.png" alt="Button functions for one-button headsets handling a phone call.">
+
+<p class="img-caption"><strong>Figure 5.</strong> Button functions for one-button headsets handling a phone call. </p>
+
+<h3 id=two_buttons>Two buttons</h3>
+
+<img src="images/telephony_two.png" alt="Button functions for two-button headsets handling a phone call.">
+
+<p class="img-caption"><strong>Figure 6.</strong> Button functions for two-button headsets handling a phone call. </p>
+
+<h3 id=three_buttons>Three buttons</h3>
+
+<img src="images/telephony_three.png" alt="Button functions for three-button headsets handling a phone call.">
+
+<p class="img-caption"><strong>Figure 7.</strong> Button functions for three-button headsets handling a phone call. </p>
+
+<h3 id=four_buttons>Four buttons</h3>
+
+<img src="images/telephony_four.png" alt="Button functions for four-button headsets handling a phone call.">
+<p class="img-caption"><strong>Figure 8.</strong> Button functions for four-button headsets handling a phone call. </p>
+
+<h2 id=voice_assistance>Voice assistance</h2>
+
+<p>The voice assistance button is a new inline control standard for consistently
+and conveniently accessing a voice search feature from any approved wearable
+audio device. By pressing the button defined here, users will hear the two-tone
+signature <a href="http://en.wikipedia.org/wiki/Earcon">earcon</a> indicating that the device is listening and ready to receive the query.</p>
+
+<p>Whether embedded into a multi-function button or highlighted as a single
+button, it should always be quickly accessible, ergonomically correct, and
+placed intuitively as described in the following section.</p>
+
+<h2 id=buttons_and_function_mapping>Buttons and function mapping recommendations</h2>
+
+<p>The following diagrams depict the acceptable configuration of the Android voice
+assistance button.</p>
+
+<h3 id=options>Options</h3>
+
+<img src="images/button_configuration.png" alt="Button configuration options.">
+
+<p class="img-caption"><strong>Figure 9.</strong> Button configuration options. </p>
+
+<p>Buttons should always be front facing and spaced out so they can be easily
+located by touch only.</p>
+
+<h3 id=spacing>Spacing</h3>
+
+<p>Buttons must be more than 5mm and must have at least 5mm distance between
+buttons. For four-button headsets, there must be at least 9mm of space between
+button D and the cluster of other buttons. </p>
+
+<img src="images/button_spacing.png" alt="Button spacing requirements">
+
+<p class="img-caption"><strong>Figure 10.</strong> Button spacing requirements.</p>
+
+<h3 id=icon>Icon</h3>
+
+<p>In the following diagram, A is unlabeled or labeled with a dot. B is labeled
+with a + or an arrow pointing up. C is labeled with a - or an arrow pointing
+down. D is labeled with the selected button icon.</p>
+
+<img src="images/button_icons.png" alt="Button icon requirements">
+<p class="img-caption"><strong>Figure 11.</strong> Button icon requirements. </p>
+
+<h3 id=sizing>Sizing</h3>
+
+<p>The following diagram shows the ratio of button icon to the space around it.</p>
+
+<img src="images/icon_sizing.png" alt="Voice search button icon sizing requirements">
+
+<p class="img-caption"><strong>Figure 12.</strong> Voice search button icon sizing requirements. </p>
+
+<h3 id=microphone_port>Microphone port</h3>
+
+<p>The microphone should never be obstructed when operating the buttons. Place the
+port away from finger interface area.</p>
+
+<img src="images/microphone.png" alt="Microphone placement">
+
+<p class="img-caption"><strong>Figure 13.</strong> Microphone placement. </p>
diff --git a/src/accessories/headset/specification.jd b/src/accessories/headset/specification.jd
new file mode 100644
index 0000000..d1616b1
--- /dev/null
+++ b/src/accessories/headset/specification.jd
@@ -0,0 +1,410 @@
+page.title=Wired Audio Headset Specification (v1.1)
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>This section specifies requirements for headsets and mobile devices to
+function uniformly across the Android ecosystem.</p>
+
+<h2 id="headset_accessory_plug_specifications">Headset accessory (plug)
+specifications</h2>
+
+<p>The following requirements apply to headset accessories.</p>
+
+<h3 id="functions">Functions</h3>
+
+<table style="width:50%">
+ <tr>
+ <th>Function</th>
+ <th>Accessory Support</th>
+ </tr>
+ <tr>
+ <td>Stereo Audio Out</td>
+ <td>Required</td>
+ </tr>
+ <tr>
+ <td>Audio in (Mic)</td>
+ <td>Required</td>
+ </tr>
+ <tr>
+ <td>Ground</td>
+ <td>Required</td>
+ </tr>
+</table>
+
+<h3 id="control-function_mapping">Control-function mapping</h3>
+
+<table>
+ <tr>
+ <th style="width:33%">Control Function</th>
+ <th style="width:33%">Accessory Support</th>
+ <th style="width:33%">Description</th>
+ </tr>
+ <tr>
+ <td>Function A</td>
+ <td>Required</td>
+ <td>Play/pause/hook (Short Press), Trigger Assist (Long Press), Next
+ (Double Press)</td>
+ </tr>
+ <tr>
+ <td>Function B</td>
+ <td>Optional</td>
+ <td>Vol+</td>
+ </tr>
+ <tr>
+ <td>Function C</td>
+ <td>Optional</td>
+ <td>Vol-</td>
+ </tr>
+ <tr>
+ <td>Function D</td>
+ <td>Optional</td>
+ <td>Reserved (Nexus devices use this to launch Voice Assist)
+</td>
+ </tr>
+</table>
+
+<p>Assign functions to buttons as follows:</p>
+
+<ul>
+ <li> All one-button headsets must implement Function A.
+ <li> Headsets with multiple buttons must implement functions according to the
+following pattern:
+ <ul>
+ <li> 2 functions: A and D
+ <li> 3 functions: A, B, C
+ <li> 4 functions: A, B, C, D
+ </ul>
+</ul>
+
+<h3 id="mechanical">Mechanical</h3>
+
+<table>
+ <tr>
+ <th style="width:33%">Function</th>
+ <th style="width:33%">Accessory Support</th>
+ <th style="width:33%">Notes</th>
+ </tr>
+ <tr>
+ <td>4 conductor 3.5mm plug</td>
+ <td>Required</td>
+ <td>Ref: EIAJ-RC5325A standard</td>
+ </tr>
+ <tr>
+ <td>CTIA pinout order (LRGM)</td>
+ <td>Required</td>
+ <td>Except in regions with legal requirements for OMTP pinout</td>
+ </tr>
+ <tr>
+ <td>OMTP pinout order (LRMG)</td>
+ <td>Optional</td>
+ <td></td>
+ </tr>
+ <tr>
+ <td>Microphone</td>
+ <td>Required</td>
+ <td>Must not be obstructed when operating headset controls</td>
+ </tr>
+</table>
+
+<h3 id="electrical">Electrical</h3>
+
+<table>
+ <tr>
+ <th style="width:33%">Function</th>
+ <th style="width:33%">Accessory Support</th>
+ <th style="width:33%">Description</th>
+ </tr>
+ <tr>
+ <td>Ear speaker impedance</td>
+ <td>16 ohms or higher</td>
+ <td>Recommend 32 - 300 ohms</td>
+ </tr>
+ <tr>
+ <td>Mic DC resistance</td>
+ <td>1000 ohms or higher
+</td>
+ <td>Mic characteristics must be compliant with section 5.4 “Audio
+ Recording” of the current
+ <a href="{@docRoot}compatibility/android-cdd.pdf">Android CDD</a></td>
+ </tr>
+ <tr>
+ <td rowspan="4">Control Function Equivalent impedance*</td>
+ <td>0 ohm</td>
+ <td>[Function A] Play/Pause/Hook</td>
+ </tr>
+ <tr>
+ <td>240 ohm +/- 1% resistance</td>
+ <td>[Function B]</td>
+ </tr>
+ <tr>
+ <td>470 ohm +/- 1% resistance</td>
+ <td>[Function C]</td>
+ </tr>
+ <tr>
+ <td>135 ohm +/- 1% resistance</td>
+ <td>[Function D]</td>
+ </tr>
+</table>
+
+<p><em>*Total impedance from positive mic terminal to GND when button is
+pressed with 2.2 V mic bias applied through 2.2 kOhm resistor</em></p>
+
+<p>In the following diagrams, Button A maps to Function A, Button B to
+Function B, and so on.</p>
+
+<h3 id="reference_headsets">Reference headset test circuits</h3>
+
+<p>The following diagram for Reference Headset Test Circuit 1 shows the CTIA
+pinout for a 4-segment plug. For the OMTP pinout, switch the positions of the
+MIC and GND segments.</p>
+
+<img src="images/headset-circuit1.png" alt="Reference Headset Test Circuit 1" />
+<p class="img-caption"><strong>Figure 1.</strong> Reference headset test circuit 1</p>
+
+<p>The following diagram for Reference Headset Test Circuit 2 shows how the
+actual resistor values (R1 - R4) are altered to meet this specification.</p>
+
+<img src="images/headset-circuit2.png" alt="Reference Headset Test Circuit 2" />
+<p class="img-caption"><strong>Figure 2.</strong> Reference headset test circuit 2</p>
+
+<p>The actual resistance of the buttons parallel with the microphone (R1-R4) is
+based on the microphone capsule resistance (Rmic) and the equivalent impedance
+values (ReqA-ReqD). Use the following formula:</p>
+
+<p><em>Rn=(Rmic*ReqN) / (ReqN-Rmic)</em></p>
+
+<p>Where R<em>n</em> is the actual resistance of a button, Req<em>N</em> is the
+equivalent impedance value of that button (provided), and Rmic is the
+microphone impedance value.</p>
+
+<p>The example above assumes a 5 kohm microphone impedance (Rmic); to achieve
+an equivalent R4 impedance of 135 ohm (ReqD), the actual resistor value (R4)
+must be 139 ohms.</p>
+
+<h2 id="mobile_device_jack_specifications">Mobile device (jack) specifications</h2>
+
+<p class="caution"><strong>Caution:</strong> To achieve compatibility with the
+headset specification, devices that include a 4 conductor 3.5mm audio jack
+must meet the following specifications. For Android compatibility requirements,
+refer to the <em>Analog audio ports</em> section of the <a
+href="{@docRoot}compatibility/android-cdd.pdf">Android CDD</a>.</p>
+
+<h3 id="headset_jack_functions">Functions</h3>
+
+<table>
+ <tr>
+ <th>Function</th>
+ <th>Device Support</th>
+ </tr>
+ <tr>
+ <td>Stereo Audio Out</td>
+ <td>Required</td>
+ </tr>
+ <tr>
+ <td>Audio in (Mic)</td>
+ <td>Required</td>
+ </tr>
+ <tr>
+ <td>Ground</td>
+ <td>Required</td>
+ </tr>
+</table>
+
+<h3 id="software_mapping">Software mapping</h3>
+
+<table>
+ <tr>
+ <th style="width:33%">Function</th>
+ <th style="width:33%">Device Support</th>
+ <th style="width:33%">Description</th>
+ </tr>
+ <tr>
+ <td>Function A control event</td>
+ <td>Required</td>
+ <td>input event KEY_MEDIA
+<p>Android key KEYCODE_HEADSETHOOK</p></td>
+ </tr>
+ <tr>
+ <td>Function D control event</td>
+ <td>Required</td>
+ <td>input event KEY_VOICECOMMAND
+<p>Android key KEYCODE_VOICE_ASSIST</p></td>
+ </tr>
+ <tr>
+ <td>Function B control event</td>
+ <td>Required
+</td>
+ <td>input event KEY_VOLUMEUP
+<p>Android key VOLUME_UP</p></td>
+ </tr>
+ <tr>
+ <td>Function C control event</td>
+ <td>Required</td>
+ <td>input event KEY_VOLUMEDOWN
+<p>Android key VOLUME_DOWN</p></td>
+ </tr>
+ <tr>
+ <td>Headset insertion detection</td>
+ <td>Required</td>
+ <td>input event SW_JACK_PHYSICAL_INSERT 7</td>
+ </tr>
+ <tr>
+ <td rowspan="2">Headset type detection</td>
+ <td>Mic</td>
+ <td>input event SW_MICROPHONE_INSERT 4</td>
+ </tr>
+ <tr>
+ <td>No Mic</td>
+ <td>input event SW_HEADPHONE_INSERT 2</td>
+ </tr>
+ <tr>
+ <td rowspan="2">Headset speaker impedance</td>
+ <td>Required Headphone (low)</td>
+ <td>Failure mode is to indicate headphones so limitation would be on</td>
+ </tr>
+ <tr>
+ <td>Required Line In (high)</td>
+ <td>input event SW_LINEOUT_INSERT 6</td>
+ </tr>
+</table>
+
+<h3 id="mechanical11">Mechanical</h3>
+
+<table>
+ <tr>
+ <th style="width:33%">Function</th>
+ <th style="width:33%">Device Support</th>
+ <th style="width:33%">Description</th>
+ </tr>
+ <tr>
+ <td>4 conductor 3.5mm jack</td>
+ <td>Required</td>
+ <td></td>
+ </tr>
+ <tr>
+ <td>CTIA pinout order (LRGM)</td>
+ <td>Required</td>
+ <td>3 Pin & Mono Plug Compatible</td>
+ </tr>
+ <tr>
+ <td>OMTP pinout order (LRMG)</td>
+ <td>Optional but strongly recommended</td>
+ <td></td>
+ </tr>
+ <tr>
+ <td>Headset detect sequence</td>
+ <td>Required</td>
+ <td>Plug insert notification must be triggered only after all contacts on
+ plug are touching their relevant segments (this prevents unreliable headset
+ detection due to slow insertion.</td>
+ </tr>
+</table>
+
+<h3 id="electrical12">Electrical</h3>
+
+<h4 id="general">General</h4>
+
+<table>
+ <tr>
+ <th style="width:33%">Function</th>
+ <th style="width:33%">Device Support</th>
+ <th style="width:33%">Notes</th>
+ </tr>
+ <tr>
+ <td>Maximum output voltage drive</td>
+ <td>150mV</td>
+ <td>>= 150mV on 32 ohm
+<p>Test conditions: EN50332-2</p></td>
+ </tr>
+ <tr>
+ <td>Mic bias resistance</td>
+ <td>Required</td>
+ <td>Flexible on detection method used and microphone bias resistor
+ selection. Require that all button resistance value ranges specified below
+ be detected and related to their respective function</td>
+ </tr>
+ <tr>
+ <td>Mic bias voltage</td>
+ <td>1.8V - 2.9V</td>
+ <td>To guarantee compatibility to common microphone capsules.</td>
+ </tr>
+</table>
+
+<h4 id="function_impedance_and_threshold_detection">Function impedance and
+threshold detection</h4>
+
+<p>Devices must detect the following resistor ladder on the accessories. The
+accessories will be tested to the standardized circuit diagram in the diagram
+illustrated earlier (Reference Headset Test Circuit) where the total impedance
+is measured from MIC terminal to GND when a button is pressed with 2.2V mic
+bias applied through 2.2 kOhm resistor. This is the same effective resistance
+as the button detection circuit with the microphone in parallel with the button
+resistor.</p>
+
+<table>
+ <tr>
+ <th style="width:40%">Button Impedance Level</th>
+ <th style="width:20%">Device Support</th>
+ <th style="width:40%">Notes</th>
+ </tr>
+ <tr>
+ <td>70 ohm or less</td>
+ <td>Required</td>
+ <td>[Function A]</td>
+ </tr>
+ <tr>
+ <td>110 - 180 ohm</td>
+ <td>Required</td>
+ <td>[Function D]</td>
+ </tr>
+ <tr>
+ <td>210 - 290 ohm</td>
+ <td>Required</td>
+ <td>[Function B]</td>
+ </tr>
+ <tr>
+ <td>360 - 680 ohm</td>
+ <td>Required</td>
+ <td>[Function C]</td>
+ </tr>
+ </table>
+
+ <table>
+ <tr>
+ <th style="width:40%">Headset Speaker Impedance Level</th>
+ <th style="width:20%">Device Support</th>
+ <th style="width:40%">Notes</th>
+ </tr>
+ <tr>
+ <td>Low Threshold Detection</td>
+ <td>Required</td>
+ <td>Headphone (low) < 1 Kohm</td>
+ </tr>
+ <tr>
+ <td>High Threshold Detection</td>
+ <td>Required</td>
+ <td>Line In (high) > 5 Kohm</td>
+ </tr>
+</table>
diff --git a/src/accessories/headset/testing.jd b/src/accessories/headset/testing.jd
new file mode 100644
index 0000000..c66d4f0
--- /dev/null
+++ b/src/accessories/headset/testing.jd
@@ -0,0 +1,112 @@
+page.title=Testing
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<h2 id=headset_insertion>Headset insertion</h2>
+
+<ol>
+ <li> Start with the Android device turned off.
+ <li> Plug in the headset.
+ <li> Turn the device on.
+ <li> Unlock.
+ <li> Open the <a
+ href="https://github.com/googlesamples/android-UniversalMusicPlayer">open
+ source</a> <a
+ href="https://android-developers.blogspot.com/2015/03/a-new-reference-app-for-multi-device.html">Universal
+ Music Player</a>.
+ <li> Press the DUT volume buttons to maximize media volume.
+ <li> Start playing music and verify audio comes out of the headset.
+ <li> While Music is playing, disconnect the headset and verify music stops.
+ <li> Reconnect the headset, start playing music again, and verify audio comes out of
+the headset.
+</ol>
+
+<h2 id=volume_buttons>Volume buttons</h2>
+
+<ol>
+ <li> Play music and ensure it is coming out of the headset.
+ <li> Press (“short press”) on the volume-down button. Then verify the volume panel
+displays the media volume decrease by one notch and the volume output is
+reduced as expected.
+ <li> Long press on the volume-down button. Then verify the volume panel shows media
+volume going all the way down and volume output is reduced gradually to muted.
+ <li> Press on the volume-up button. Then verify the volume panel displays the media
+volume go up one notch and the volume output is increased as expected.
+ <li> Long press on the volume-up button. Then verify the volume panel shows the
+media volume go all the way up to maximum and the volume output is increased as
+expected.
+</ol>
+
+<h2 id=play_pause_for_music>Play/pause for music</h2>
+
+<p>Press quickly on the play/pause button and verify music stops playing out of
+the headset. If music was not already playing, then it should start playing out
+of the headset.</p>
+
+<h2 id=play_pause_for_telephony>Play/pause for telephony</h2>
+
+<ol>
+ <li> Make a phone call.
+ <li> Press quickly on the play/pause button while in the call.
+ <li> Verify the microphone mutes. And if you press quickly again, the microphone
+should un-mute.
+ <li> While still in the call, long press on the play/pause button.
+ <li> Verify the long press ends the telephone call
+ <li> Receive a phone call on the Android device.
+ <li> Press quickly on the play/pause button while the phone is ringing and verify
+the call is accepted.
+ <li> Receive another phone call on the Android device.
+ <li> Long press on the play/pause button while the phone is ringing and verify the
+call is rejected.
+</ol>
+
+<h2 id=play_pause_for_voice_actions_microphone>Play/pause for voice actions + microphone</h2>
+
+<ol>
+ <li> Open the screen on your Android device, unlock it, and go to the home screen.
+ <li> Long press on the play/pause button.
+ <li> Verify:
+ <ol>
+ <li> you hear a beep after which you should be able to make a voice search query,
+such as “What time is it?”
+ <li> you hear a response, such as “The time is ...”
+ </ol>
+ </ol>
+
+<h2 id=voice_button_for_voice_actions_microphone>Voice button for voice actions + microphone</h2>
+
+<ol>
+ <li> Open the screen on your Android device, unlock it, and go to the home screen.
+ <li> Short press on the voice button.
+ <li> Verify:
+ <ol>
+ <li> you hear a beep after which you should be able to make a search query, such as
+“What time is it?”
+ <li> you hear a response, such as “The time is ...”
+ </ol>
+ </ol>
+
+<p><strong>Important</strong>: A press on the voice button can launch launch any search app, for example
+Google search.</p>
diff --git a/src/accessories/index.jd b/src/accessories/index.jd
index d30c0ce..709b26a 100644
--- a/src/accessories/index.jd
+++ b/src/accessories/index.jd
@@ -2,7 +2,7 @@
@jd:body
<!--
- Copyright 2014 The Android Open Source Project
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -16,10 +16,8 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<p>Implement compelling accessories to extend the capabilities of your users'
-Android-powered devices. Android relies on a suite of standard protocols you
-can implement in your accessories to be compatible with a wide range of
-Android-powered devices.
+<p>Using a suite of standard protocols, you can implement compelling accessories
+that extend Android capabilities in a wide range of Android-powered devices.
</p>
<div class="layout-content-row">
@@ -29,8 +27,8 @@
<p>Android supports local on-device audio and remote off-device audio
over a wired 3.5 mm headset jack, USB connection, or Bluetooth.
Manufacturers should see the <a
- href="{@docRoot}accessories/headset-spec.html">wired audio headset
- specification</a>, while users may learn how to <a
+ href="{@docRoot}accessories/headset/specification.html">wired audio headset
+ specification</a>, while users can learn how to <a
href="https://support.google.com/nexus/answer/6127700">record and play
back audio using USB host mode</a>.</p>
<p><a href="{@docRoot}accessories/audio.html">» Audio Accessories</a></p>
@@ -38,9 +36,10 @@
<div class="layout-content-col span-6">
<h4 id="custom-accessories">Custom Accessories</h4>
- <p>What do you want to connect to your Android device? Alarm clock? Keyboard? Thermostat? Robot?
- Learn how to connect existing equipment or your own unique hardware to
- Android using the Android Open Accessory Protocol.</p>
+ <p>What do you want to connect to your Android device? Alarm clock?
+ Keyboard? Thermostat? Robot? Learn how to connect existing equipment or
+ your own unique hardware to Android using the Android Open Accessory
+ (AOA) protocol.</p>
<p><a href="{@docRoot}accessories/custom.html">» Custom Accessories</a></p>
</div>
diff --git a/src/accessories/protocol.jd b/src/accessories/protocol.jd
index 7ce3bb4..b04e634 100644
--- a/src/accessories/protocol.jd
+++ b/src/accessories/protocol.jd
@@ -1,44 +1,52 @@
-page.title=Android Open Accessory Protocol
+page.title=Android Open Accessory (AOA)
@jd:body
<!--
- Copyright 2013 The Android Open Source Project
+ Copyright 2015 The Android Open Source Project
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
-->
-<p> Android Open Accessory support allows external USB hardware (an Android USB accessory) to interact
-with an Android-powered device in a special accessory mode. When an Android-powered powered device
-is in accessory mode, the connected accessory acts as the USB host (powers the bus and enumerates
-devices) and the Android-powered device acts in the USB accessory role. Android USB accessories are
-specifically designed to attach to Android-powered devices and adhere to the Android Open Accessory
-Protocol, that allows them to detect Android-powered devices that support
-accessory mode. Accessories must also provide 500mA at 5V for charging power. Many previously
-released Android-powered devices are only capable of acting as a USB device and cannot initiate
-connections with external USB devices. Android Open Accessory support overcomes this limitation
-and allows you to build accessories that can interact with an assortment of Android-powered
-devices by allowing the accessory to initiate the connection.</p>
+<p>Android Open Accessory (AOA) support allows external USB hardware
+(Android USB accessories) to interact with Android-powered devices in
+<em>accessory mode</em>. When an Android-powered powered device is in
+accessory mode, the connected accessory acts as the USB host (powers the bus and
+enumerates devices) and the Android-powered device acts as the USB accessory.
+</p>
+<p>Android USB accessories are designed to attach to Android-powered devices.
+Such accessories adhere to AOA, enabling them to detect Android-powered devices
+that support accessory mode, and must provide 500mA at 5V for charging power.
+Some previously-released Android-powered devices are capable of acting only
+as a USB device and cannot initiate connections with external USB devices. AOA
+support overcomes this limitation, enabling you to build accessories that can
+initiate connections and interact with an assortment of Android-powered devices.
+</p>
-<p><strong>Note:</strong> Accessory mode is ultimately dependent on the device's hardware and not all devices
-support accessory mode. Devices that support accessory mode can be filtered using a <code><uses-feature></code>
-element in your corresponding application's Android manifest. For more information, see the
-<a href="http://developer.android.com/guide/topics/connectivity/usb/accessory.html#manifest">USB Accessory</a>
-developer guide.</p>
-
+<p class="note"><strong>Note:</strong> Accessory mode is dependent on device
+hardware; not all devices support accessory mode. Devices that support accessory
+mode can be filtered using a <code><uses-feature></code> element in the
+corresponding application's Android manifest. For details, see the
+<a href="http://developer.android.com/guide/topics/connectivity/usb/accessory.html#manifest">USB
+Accessory</a> developer guide.</p>
-<p>Android Open Accessory support is included in Android 3.1 (API Level 12) and higher, and supported
-through an <a href="https://developers.google.com/android/add-ons/google-apis/">Add-On Library</a> in Android
-2.3.4 (API Level 10) and higher.</p>
-
-
+<p>AOA has two versions that support different types of communication:</p>
+<ul>
+<li><strong>AOAv1</strong>. Supports generic accessory communication and adb
+debugging. Available in Android 3.1 (API Level 12) and higher and supported
+through an
+<a href="https://developers.google.com/android/add-ons/google-apis/">Add-On
+Library</a> in Android 2.3.4 (API Level 10) and higher.</li>
+<li><strong>AOAv2</strong>. Supports audio streaming and human interface
+device (HID) capabilities. Available in Android 4.1 (API Level 16).</li>
+</ul>
\ No newline at end of file
diff --git a/src/accessories/stylus.jd b/src/accessories/stylus.jd
new file mode 100644
index 0000000..03c2e14
--- /dev/null
+++ b/src/accessories/stylus.jd
@@ -0,0 +1,121 @@
+page.title=Stylus
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>Android 6.0 and higher supports a standard data format for Bluetooth stylus
+connections over Bluetooth (BT), Bluetooth Low Energy (BTLE), or USB. The
+platform correlates timing between touch input and stylus data then provides
+stylus data to render MotionEvents to the active application. The following
+sections provide guidelines for OEM partners, stylus accessory creators, and
+stylus application developers.</p>
+
+<h2 id="guide-partners">Guidelines for OEM partners</h2>
+<p>To enable Bluetooth stylus support, OEM partners must support Bluetooth
+(and should support BTLE for wider compatibility). The platform handles data
+collection, timing correlation, and rendering to the application for supported
+stylus events.</p>
+
+<p>At this time, the Android CTS <strong>does not</strong> include tests to
+ensure existing APIs for touch events support default behavior. As a
+workaround, we recommend creating a stylus accessory or emulator that can
+simulate stylus events.</p>
+
+<h2 id="guide-creators">Guidelines for stylus accessory creators</h2>
+<p>To implement support on a stylus device, partners must use the Stylus
+Human Interface Device (HID) Descriptor shown below to describe how stylus data
+(pressure sensitivity, eraser, side buttons, device ID, etc.) is represented.
+The stylus device sends the HID information to the Android mobile device,
+enabling the platform to correlate HID data with touch data from the touchscreen
+to produce stylus events via MotionEvent. Data can be sent over Bluetooth (BT),
+Bluetooth Low Energy (BTLE), or USB.</p>
+
+<h3 id="hid-descriptor">HID descriptor</h3>
+
+<p><pre>
+UsagePage(Digitizer)
+Usage(Pen)
+Collection(Application)
+ Usage(Stylus)
+ Collection(Logical)
+ Usage(Tip Pressure)
+ Logical Minimum(0)
+ Logical Maximum(1023)
+ Report Count(1)
+ Report Size(10)
+ Input(Data, Variable, Absolute, No Null)
+
+ Usage(Barrel Switch)
+ Usage(Secondary Barrel Switch)
+ Usage(Tip Switch)
+ Usage(Invert)
+ Logical Maximum(1)
+ Report Count(4)
+ Report Size(1)
+ Input(Data, Variable, Absolute, No Null)
+
+ Usage(Transducer Serial Number)
+ Report Count(1)
+ Report Size(128)
+ Feature(Constant, Variable)
+ EndCollection
+EndCollection
+
+unsigned char HID_DESC[] = {
+ 0x05, 0x0D, // UsagePage(Digitizer)
+ 0x09, 0x02, // Usage(Pen)
+ 0xA1, 0x01, // Collection(Application)
+ 0x09, 0x20, // Usage(Stylus)
+ 0xA1, 0x02, // Collection(Logical)
+ 0x09, 0x30, // Usage(Tip Pressure)
+ 0x15, 0x00, // Logical Minimum(0)
+ 0x26, 0xFF, 0x03, // Logical Maximum(1023)
+ 0x95, 0x01, // Report Count(1)
+ 0x75, 0x0A, // Report Size(10)
+ 0x81, 0x02, // Input(Data, Variable, Absolute, No Null)
+
+ 0x09, 0x44, // Usage(Barrel Switch)
+ 0x09, 0x5A, // Usage(Secondary Barrel Switch)
+ 0x09, 0x42, // Usage(Tip Switch)
+ 0x09, 0x3C, // Usage(Invert)
+ 0x25, 0x01, // Logical Maximum(1)
+ 0x95, 0x04, // Report Count(4)
+ 0x75, 0x01, // Report Size(1)
+ 0x81, 0x02, // Input(Data, Variable, Absolute, No Null)
+
+ 0x09, 0x5B, // Usage(Transducer Serial Number)
+ 0x95, 0x01, // Report Count(1)
+ 0x75, 0x80, // Report Size(128)
+ 0xB1, 0x03, // Feature(Constant, Variable)
+ 0xC0, // End Collection
+ 0xC0, // End Collection
+}
+</pre></p>
+
+<h2 id="guidelines-devs">Guidelines for stylus application developers</h2>
+<p>The Android 6.0 platform automatically handles pairing and event correlation,
+so both existing and new applications running on Android 6.0 support Bluetooth
+stylus by default. For details on Bluetooth stylus APIs, refer to
+<a href="http://developer.android.com/about/versions/marshmallow/android-6.0.html#bluetooth-stylus">developer.android.com</a>.
\ No newline at end of file
diff --git a/src/compatibility/6.0/versions.jd b/src/compatibility/6.0/versions.jd
new file mode 100644
index 0000000..d0c9eca
--- /dev/null
+++ b/src/compatibility/6.0/versions.jd
@@ -0,0 +1,18 @@
+page.title=Permitted Version Strings for Android 6.0
+@jd:body
+
+<p>As described in Section 3.2.2 of the <a
+href="/compatibility/android-6.0-cdd.pdf">Android 6.0 Compatibility Definition</a>,
+only certain strings are allowable for the system property
+<code>android.os.Build.VERSION.RELEASE</code>. The reason for this is that
+applications and web sites may rely on predictable values for this string, and
+so that end users can easily and reliably identify the version of Android
+running on their devices.</p>
+<p>Because subsequent releases of the Android software may revise this string,
+but not change any API behavior, such releases may not be accompanied by a new
+Compatibility Definition Document. This page lists the versions that are
+allowable by an Android 6.0-based system. The only permitted values for
+<code>android.os.Build.VERSION.RELEASE</code> for Android 6.0 are:</p>
+<ul>
+<li>6.0</li>
+</ul>
diff --git a/src/compatibility/android-cdd.html b/src/compatibility/android-cdd.html
index ac1867b..d8f7e6b 100644
--- a/src/compatibility/android-cdd.html
+++ b/src/compatibility/android-cdd.html
@@ -80,28 +80,41 @@
<p class="toc_h3"><a href="#3_8_10_lock_screen_media_control">3.8.10. Lock Screen Media Control</a></p>
+</div>
+
+<div id="toc_right">
+
<p class="toc_h3"><a href="#3_8_11_dreams">3.8.11. Dreams</a></p>
<p class="toc_h3"><a href="#3_8_12_location">3.8.12. Location</a></p>
<p class="toc_h3"><a href="#3_8_13_unicode_and_font">3.8.13. Unicode and Font</a></p>
-
-
-</div>
-
-<div id="toc_right"><br>
-
-
-
<p class="toc_h2"><a href="#3_9_device_administration">3.9. Device Administration</a></p>
+<p class="toc_h3"><a href="#3_9_1_device_provisioning">3.9.1 Device Provisioning</a></p>
+
+<p class="toc_h4"><a href="#3_9_1_2_device_owner_provisioning">3.9.1.1 Device Owner provisioning</a></p>
+
+<p class="toc_h4"><a href="#3_9_1_2_managed_profile_provisioning">3.9.1.2 Managed profile provisioning</a></p>
+
+<p class="toc_h3"><a href="#3_9_2_managed_profile_support">3.9.2. Managed Profile Support</a></p>
+
+
<p class="toc_h2"><a href="#3_10_accessibility">3.10. Accessibility</a></p>
<p class="toc_h2"><a href="#3_11_text-to-speech">3.11. Text-to-Speech</a></p>
<p class="toc_h2"><a href="#3_12_tv_input_framework">3.12. TV Input Framework</a></p>
+<p class="toc_h3"><a href="#3_12_1_tv_app">3.12.1. TV App</a></p>
+
+<p class="toc_h4"><a href="#3_12_1_1_electronic_program_guide">3.12.1.1. Electronic Program Guide</a></p>
+
+<p class="toc_h4"><a href="#3_12_1_2_navigation">3.12.1.2. Navigation</a></p>
+
+<p class="toc_h4"><a href="#3_12_1_3_tv_input_app_linking">3.12.1.3. TV input app linking</a></p>
+
<p class="toc_h1"><a href="#4_application_packaging_compatibility">4. Application Packaging Compatibility</a></p>
<p class="toc_h1"><a href="#5_multimedia_compatibility">5. Multimedia Compatibility</a></p>
@@ -142,6 +155,14 @@
<p class="toc_h2"><a href="#5_9_midi">5.9. Musical Instrument Digital Interface (MIDI)</a></p>
+<p class="toc_h2"><a href="#5_10_pro_audio">5.10. Professional Audio</a></p>
+
+</div>
+
+<div style="clear: both; page-break-after:always; height:1px"></div>
+
+<div id="toc_left">
+
<p class="toc_h1"><a href="#6_developer_tools_and_options_compatibility">6. Developer Tools and Options Compatibility</a></p>
<p class="toc_h2"><a href="#6_1_developer_tools">6.1. Developer Tools</a></p>
@@ -160,14 +181,6 @@
<p class="toc_h4"><a href="#7_1_1_3_screen_density">7.1.1.3. Screen Density</a></p>
-
-</div>
-
-<div style="clear: both; page-break-after:always; height:1px"></div>
-
-
-<div id="toc_left_2">
-
<p class="toc_h3"><a href="#7_1_2_display_metrics">7.1.2. Display Metrics</a></p>
<p class="toc_h3"><a href="#7_1_3_screen_orientation">7.1.3. Screen Orientation</a></p>
@@ -206,6 +219,10 @@
<p class="toc_h3"><a href="#7_3_3_gps">7.3.3. GPS</a></p>
+</div>
+
+<div id="toc_right">
+
<p class="toc_h3"><a href="#7_3_4_gyroscope">7.3.4. Gyroscope</a></p>
<p class="toc_h3"><a href="#7_3_5_barometer">7.3.5. Barometer</a></p>
@@ -216,6 +233,10 @@
<p class="toc_h3"><a href="#7_3_8_proximity_sensor">7.3.8. Proximity Sensor</a></p>
+<p class="toc_h3"><a href="#7_3_9_hifi_sensors">7.3.9. High Fidelity Sensors</a></p>
+
+<p class="toc_h3"><a href="#7_3_10_fingerprint">7.3.10. Fingerprint Sensor</a></p>
+
<p class="toc_h2"><a href="#7_4_data_connectivity">7.4. Data Connectivity</a></p>
<p class="toc_h3"><a href="#7_4_1_telephony">7.4.1. Telephony</a></p>
@@ -244,14 +265,6 @@
<p class="toc_h3"><a href="#7_5_4_camera_api_behavior">7.5.4. Camera API Behavior</a></p>
-
-
-
-
-</div>
-
-<div id="toc_right_2">
-
<p class="toc_h3"><a href="#7_5_5_camera_orientation">7.5.5. Camera Orientation</a></p>
<p class="toc_h2"><a href="#7_6_memory_and_storage">7.6. Memory and Storage</a></p>
@@ -260,6 +273,8 @@
<p class="toc_h3"><a href="#7_6_2_application_shared_storage">7.6.2. Application Shared Storage</a></p>
+<p class="toc_h3"><a href="#7_6_3_adoptable_storage">7.6.3. Adoptable Storage</a></p>
+
<p class="toc_h2"><a href="#7_7_usb">7.7. USB</a></p>
<p class="toc_h2"><a href="#7_8_audio">7.8. Audio</a></p>
@@ -270,11 +285,19 @@
<p class="toc_h4"><a href="#7_8_2_1_analog_audio_ports">7.8.2.1. Analog Audio Ports</a></p>
+<p class="toc_h3"><a href="#7_8_3_near_ultrasound">7.8.3. Near-Ultrasound</a></p>
+
<p class="toc_h1"><a href="#8_performance_compatibility">8. Performance Compatibility</a></p>
<p class="toc_h2"><a href="#8_1_user_experience_consistency">8.1. User Experience Consistency</a></p>
-<p class="toc_h2"><a href="#8_2_memory_performance">8.2. Memory Performance</a></p>
+<p class="toc_h2"><a href="#8_2_file_i_o_access_performance">8.2. File I/O Access Performance</a></p>
+
+</div>
+
+<div style="clear: both; page-break-after:always; height:1px"></div>
+
+<div id="toc_left">
<p class="toc_h1"><a href="#9_security_model_compatibility">9. Security Model Compatibility</a></p>
@@ -298,6 +321,10 @@
<p class="toc_h2"><a href="#9_10_verified_boot">9.10. Verified Boot</a></p>
+<p class="toc_h2"><a href="#9_11_keys_and_credentials">9.11. Keys and Credentials</a></p>
+
+<p class="toc_h2"><a href="#9_12_data_deletion">9.12. Data Deletion</a></p>
+
<p class="toc_h1"><a href="#10_software_compatibility_testing">10. Software Compatibility Testing</a></p>
<p class="toc_h2"><a href="#10_1_compatibility_test_suite">10.1. Compatibility Test Suite</a></p>
@@ -326,7 +353,7 @@
<p>This document enumerates the requirements that must be met in order for devices
to be compatible with Android ANDROID_VERSION.</p>
-<p>The use of “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”,“SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” is per the IETF standard
+<p>The use of “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” is per the IETF standard
defined in RFC2119 [<a href="http://www.ietf.org/rfc/rfc2119.txt">Resources, 1</a>].</p>
<p>As used in this document, a “device implementer” or “implementer” is a person
@@ -342,10 +369,10 @@
implementer to ensure compatibility with existing implementations.</p>
<p>For this reason, the Android Open Source Project [<a href="http://source.android.com/">Resources, 2</a>] is both the reference and preferred implementation of Android. Device
-implementers are strongly encouraged to base their implementations to the
+implementers are STRONGLY RECOMMENDED to base their implementations to the
greatest extent possible on the “upstream” source code available from the
Android Open Source Project. While some components can hypothetically be
-replaced with alternate implementations this practice is strongly discouraged,
+replaced with alternate implementations, it is STRONGLY RECOMMENDED to not follow this practice,
as passing the software tests will become substantially more difficult. It is
the implementer’s responsibility to ensure full behavioral compatibility with
the standard Android implementation, including and beyond the Compatibility
@@ -400,8 +427,15 @@
<p><strong>Android Automotive implementation</strong> refers to a vehicle head
unit running Android as an operating system for part or all of the system and/or
-infotainment functionality. Android Automotive implementations MUST support
-uiMode = UI_MODE_TYPE_CAR [<a href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_CAR">Resources, 111</a>].</p>
+infotainment functionality. Android Automotive implementations:</p>
+
+<ul>
+ <li>MUST declare the feature android.hardware.type.automotive.</li>
+ <li>MUST support
+uiMode = UI_MODE_TYPE_CAR [<a
+href="http://developer.android.com/reference/android/content/res/Configuration.html#UI_MODE_TYPE_CAR">Resources,
+ 111</a>].</li>
+<ul>
<p>All Android device implementations that do not fit into any of the above device
types still MUST meet all requirements in this document to be Android ANDROID_VERSION
@@ -587,13 +621,13 @@
<td>VERSION.SDK</td>
<td>The version of the currently-executing Android system, in a format accessible
to third-party application code. For Android ANDROID_VERSION, this field MUST have the
-integer value 22.</td>
+integer value ANDROID_VERSION_INT.</td>
</tr>
<tr>
<td>VERSION.SDK_INT</td>
<td>The version of the currently-executing Android system, in a format accessible
to third-party application code. For Android ANDROID_VERSION, this field MUST have the
-integer value 22.</td>
+integer value ANDROID_VERSION_INT.</td>
</tr>
<tr>
<td>VERSION.INCREMENTAL</td>
@@ -653,17 +687,17 @@
<tr>
<td>FINGERPRINT</td>
<td>A string that uniquely identifies this build. It SHOULD be reasonably
-human-readable. It MUST follow this template:</p>
-
-<p class="small">$(BRAND)/$(PRODUCT)/$(DEVICE):$(VERSION.RELEASE)/$(ID)/$(VERSION.INCREMENTAL):$(TYPE)/$(TAGS)</p>
-
-<p>For example: acme/myproduct/mydevice:ANDROID_VERSION/LMYXX/3359:userdebug/test-keys</p>
-
+human-readable. It MUST follow this template:
+<p class="small">$(BRAND)/$(PRODUCT)/<br>
+ $(DEVICE):$(VERSION.RELEASE)/$(ID)/$(VERSION.INCREMENTAL):$(TYPE)/$(TAGS)</p>
+<p>For example:</p>
+<p class="small">acme/myproduct/<br>
+ mydevice:ANDROID_VERSION/LMYXX/3359:userdebug/test-keys</p>
<p>The fingerprint MUST NOT include whitespace characters. If other fields
included in the template above have whitespace characters, they MUST be
replaced in the build fingerprint with another character, such as the
underscore ("_") character. The value of this field MUST be encodable as 7-bit
-ASCII.</td>
+ASCII.</p></td>
</tr>
<tr>
<td>HARDWARE</td>
@@ -708,7 +742,8 @@
</tr>
<tr>
<td>SERIAL</td>
- <td>A hardware serial number, which MUST be available. The value of this field MUST
+ <td>A hardware serial number, which MUST be available and unique across
+devices with the same MODEL and MANUFACTURER. The value of this field MUST
be encodable as 7-bit ASCII and match the regular expression “^([a-zA-Z0-9]{6,20})$”.</td>
</tr>
<tr>
@@ -734,6 +769,20 @@
There are no requirements on the specific format of this field, except that it
MUST NOT be null or the empty string ("").</td>
</tr>
+ <tr>
+ <td>SECURITY_PATCH</td>
+ <td>An value indicating the security patch level of a build. It MUST signify that the
+build includes all security patches issued up through the designated Android Public
+Security Bulletin. It MUST be in the format, [YYYY-MM-DD], matching the Public Security
+Bulletin's broadcast date, for example [2015-10-01].</td>
+ </tr>
+ <tr>
+ <td>BASE_OS</td>
+ <td>An value representing the FINGERPRINT parameter of the build that is otherwise
+ identical to this build except for the patches provided in the Android Public
+ Security Bulletin. It MUST report the correct value and if such a build does not
+ exist, report an emtpy string ("").</td>
+ </tr>
</table>
@@ -862,9 +911,13 @@
android.os.Build.SUPPORTED_32_BIT_ABIS, and
android.os.Build.SUPPORTED_64_BIT_ABIS parameters, each a comma separated list
of ABIs ordered from the most to the least preferred one</li>
- <li>MUST report, via the above parameters, only those ABIs documented in the latest
-version of the Android NDK, “NDK Programmer’s Guide | ABI Management” in docs/
-directory</li>
+ <li>MUST report, via the above parameters, only those ABIs documented and
+described in the latest version of the Android NDK ABI Management documentation
+[<a href="https://developer.android.com/ndk/guides/abis.html">Resources, XX</a>],
+and MUST include support for the Advanced SIMD (a.k.a. NEON)
+[<a href="http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0388f/Beijfcja.html">Resources,XX</a>]
+extension
+ </li>
<li>SHOULD be built using the source code and header files available in the
upstream Android Open Source Project</li>
</ul>
@@ -903,8 +956,11 @@
versions and extensions actually supported by the device must be fully
implemented.</p>
+<p>Device implementations MUST NOT include a native library with the
+name libvulkan.so.</p>
+
<p>Native code compatibility is challenging. For this reason, device implementers
-are <strong>very strongly encouraged</strong> to use the implementations of the libraries listed above from the upstream
+are <strong>STRONGLY RECOMMENDED</strong> to use the implementations of the libraries listed above from the upstream
Android Open Source Project. </p>
<h3 id="3_3_2_32-bit_arm_native_code_compatibility">
@@ -962,14 +1018,12 @@
build from the upstream Android Open Source Project for Android ANDROID_VERSION. This build
includes a specific set of functionality and security fixes for the WebView [<a href="http://www.chromium.org/">Resources, 13</a>].</li>
<li>The user agent string reported by the WebView MUST be in this format:
-<p>Mozilla/5.0 (Linux; Android $(VERSION); $(MODEL) Build/$(BUILD)$(WEBVIEW))
+<p>Mozilla/5.0 (Linux; Android $(VERSION); $(MODEL) Build/$(BUILD); wv)
AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 $(CHROMIUM_VER) Mobile
Safari/537.36</p>
<ul>
<li>The value of the $(VERSION) string MUST be the same as the value for
android.os.Build.VERSION.RELEASE.</li>
- <li>The $(WEBVIEW) string MAY be omitted, but if included MUST be "; wv" to
- note that this is a webview</li>
<li>The value of the $(MODEL) string MUST be the same as the value for
android.os.Build.MODEL.</li>
<li>The value of the $(BUILD) string MUST be the same as the value for
@@ -1116,7 +1170,52 @@
<th>Minimum Application Memory</th>
</tr>
<tr>
- <td rowspan="10">small/normal</td>
+ <td rowspan="12">Android Watch</td>
+ <td>120 dpi (ldpi)</td>
+ <td rowspan="3">32MB</td>
+ </tr>
+ <tr>
+ <td>160 dpi (mdpi)</td>
+ </tr>
+ <tr>
+ <td>213 dpi (tvdpi)</td>
+ </tr>
+ <tr>
+ <td>240 dpi (hdpi)</td>
+ <td rowspan="2">36MB</td>
+ </tr>
+ <tr>
+ <td>280 dpi (280dpi)</td>
+ </tr>
+ <tr>
+ <td>320 dpi (xhdpi)</td>
+ <td rowspan="2">48MB</td>
+ </tr>
+ <tr>
+ <td>360 dpi (360dpi)</td>
+ </tr>
+ <tr>
+ <td>400 dpi (400dpi)</td>
+ <td>56MB</td>
+ </tr>
+ <tr>
+ <td>420 dpi (420dpi)</td>
+ <td>64MB</td>
+ </tr>
+ <tr>
+ <td>480 dpi (xxhdpi)</td>
+ <td>88MB</td>
+ </tr>
+ <tr>
+ <td>560 dpi (560dpi)</td>
+ <td>112MB</td>
+ </tr>
+ <tr>
+ <td>640 dpi (xxxhdpi)</td>
+ <td>154MB</td>
+ </tr>
+ <tr>
+ <td rowspan="12">small/normal</td>
<td>120 dpi (ldpi)</td>
<td rowspan="2">32MB</td>
</tr>
@@ -1135,13 +1234,20 @@
</tr>
<tr>
<td>320 dpi (xhdpi)</td>
- <td>80MB</td>
+ <td rowspan="2">80MB</td>
+ </tr>
+ <tr>
+ <td>360 dpi (360dpi)</td>
</tr>
<tr>
<td>400 dpi (400dpi)</td>
<td>96MB</td>
</tr>
<tr>
+ <td>420 dpi (420dpi)</td>
+ <td>112MB</td>
+ </tr>
+ <tr>
<td>480 dpi (xxhdpi)</td>
<td>128MB</td>
</tr>
@@ -1154,7 +1260,7 @@
<td>256MB</td>
</tr>
<tr>
- <td rowspan="10">large</td>
+ <td rowspan="12">large</td>
<td>120 dpi (ldpi)</td>
<td>32MB</td>
</tr>
@@ -1178,10 +1284,18 @@
<td>128MB</td>
</tr>
<tr>
+ <td>360 dpi (360dpi)</td>
+ <td>160MB</td>
+ </tr>
+ <tr>
<td>400 dpi (400dpi)</td>
<td>192MB</td>
</tr>
<tr>
+ <td>420 dpi (420dpi)</td>
+ <td>228MB</td>
+ </tr>
+ <tr>
<td>480 dpi (xxhdpi)</td>
<td>256MB</td>
</tr>
@@ -1194,7 +1308,7 @@
<td>512MB</td>
</tr>
<tr>
- <td rowspan="10">xlarge</td>
+ <td rowspan="12">xlarge</td>
<td>120 dpi (ldpi)</td>
<td>48MB</td>
</tr>
@@ -1218,10 +1332,18 @@
<td>192MB</td>
</tr>
<tr>
+ <td>360 dpi (360dpi)</td>
+ <td>240MB</td>
+ </tr>
+ <tr>
<td>400 dpi (400dpi)</td>
<td>288MB</td>
</tr>
<tr>
+ <td>420 dpi (420dpi)</td>
+ <td>336MB</td>
+ </tr>
+ <tr>
<td>480 dpi (xxhdpi)</td>
<td>384MB</td>
</tr>
@@ -1256,7 +1378,7 @@
<p>Android defines a component type and corresponding API and lifecycle that
-allows applications to expose an “AppWidget” to the end user [<a href="http://developer.android.com/guide/practices/ui_guidelines/widget_design.html">Resources, 21</a>] a feature that is strongly RECOMMENDED to be supported on Handheld Device
+allows applications to expose an “AppWidget” to the end user [<a href="http://developer.android.com/guide/practices/ui_guidelines/widget_design.html">Resources, 21</a>] a feature that is STRONGLY RECOMMENDED to be supported on Handheld Device
implementations. Device implementations that support embedding widgets on the
home screen MUST meet the following requirements and declare support for
platform feature android.software.app_widgets.</p>
@@ -1337,6 +1459,20 @@
applications are installed that make use of this functionality, the default
behavior SHOULD be to display web search engine results and suggestions.</p>
+<p>Android device implementations SHOULD implement an assistant on the device
+to handle the Assist action [<a
+href="http://developer.android.com/reference/android/content/Intent.html#ACTION_ASSIST">Resources,
+69</a>].</p>
+
+<p>Android also includes the Assist APIs to allow applications to elect how much
+information of the current context are shared with the assistant on the device [<a
+href="https://developer.android.com/reference/android/app/assist/package-summary.html">Resources,
+XX</a>]. Device implementations supporting the Assist action MUST indicate clearly to
+the end user when the the context is shared by showing a white light that runs around
+the edges of the screen. To ensure clear visibility to the end user, the indication MUST
+be with a duration as long as, and a visibility as strong as, at least the Android Open
+Source Project implementation.</p>
+
<h3 id="3_8_5_toasts">3.8.5. Toasts</h3>
@@ -1367,14 +1503,17 @@
implementations MAY modify the Device Default theme attributes exposed to
applications [<a href="http://developer.android.com/reference/android/R.style.html">Resources, 29</a>].</p>
-<p>Android supports a new variant theme with translucent system bars, which allows
+<p>Android supports a variant theme with translucent system bars, which allows
application developers to fill the area behind the status and navigation bar
with their app content. To enable a consistent developer experience in this
configuration, it is important the status bar icon style is maintained across
different device implementations. Therefore, Android device implementations
MUST use white for system status icons (such as signal strength and battery
level) and notifications issued by the system, unless the icon is indicating a
-problematic status [<a href="http://developer.android.com/reference/android/R.style.html">Resources, 29</a>].</p>
+problematic status or an app requests a light status bar using the
+SYSTEM_UI_FLAG_LIGHT_STATUS_BAR flag. When an app requests a light status bar,
+Android device implementations MUST change the color of the system status icons
+to black [<a href="http://developer.android.com/reference/android/R.style.html">Resources, 29</a>].</p>
<h3 id="3_8_7_live_wallpapers">3.8.7. Live Wallpapers</h3>
@@ -1422,7 +1561,7 @@
interacts with screens.</li>
</ul>
-<p>Device implementations are STRONGLY ENCOURAGED to use the upstream Android user
+<p>Device implementations are STRONGLY RECOMMENDED to use the upstream Android user
interface (or a similar thumbnail-based interface) for the overview screen.</p>
<h3 id="3_8_9_input_management">3.8.9. Input Management</h3>
@@ -1480,7 +1619,6 @@
<h2 id="3_9_device_administration">3.9. Device Administration</h2>
-
<p>Android includes features that allow security-aware applications to perform
device administration functions at the system level, such as enforcing password
policies or performing remote wipe, through the Android Device Administration
@@ -1493,9 +1631,86 @@
[<a href="http://developer.android.com/guide/topics/admin/device-admin.html">Resources, 39</a>]
and report the platform feature android.software.device_admin.</p>
-<p>Device implementations MAY have a preinstalled application performing device
-administration functions but this application MUST NOT be set out-of-the box as
-the default Device Owner app [<a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isDeviceOwnerApp(java.lang.String)">Resources, 41</a>].</p>
+<h3 id="3_9_1_device_provisioning">3.9.1 Device Provisioning</h3>
+<h4 id="3_9_1_1_device_owner_provisioning">3.9.1.1 Device owner provisioning</h4>
+<p>If a device implementation declares the android.software.device_admin feature,
+the out of box setup flow MUST make it possible to enroll a Device Policy
+Controller (DPC) application as the Device Owner app
+[<a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isDeviceOwnerApp(java.lang.String)">
+Resources, XX</a>]. Device implementations MAY have a preinstalled application
+performing device administration functions but this application MUST NOT be set
+as the Device Owner app without explicit consent or action from the user or the
+administrator of the device.</p>
+
+<p>The device owner provisioning process (the flow initiated by
+android.app.action.PROVISION_MANAGED_DEVICE
+[<a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_DEVICE">
+Resources, XX</a>]) user experience MUST align with the AOSP implementation</p>
+
+<p>If the device implementation reports android.hardware.nfc, it MUST have NFC
+enabled, even during the out-of-box setup flow, in order to allow for NFC
+provisioning of Device owners
+<a href="https://source.android.com/devices/tech/admin/provision.html#device_owner_provisioning_via_nfc">[Resources, XX]</a>.
+</p>
+
+<h4 id="3_9_1_2_managed_profile_provisioning">3.9.1.2 Managed profile provisioning</h4>
+<p>If a device implementation declares the android.software.managed_users,
+it MUST be possible to enroll a Device Policy Controller (DPC) application
+as the owner of a new Managed Profile
+[<a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProfileOwnerApp(java.lang.String)">
+Resources, XX</a>]</p>
+
+<p>The managed profile provisioning process (the flow initiated by
+android.app.action.PROVISION_MANAGED_PROFILE
+[<a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">
+Resources, XX</a>]) user experience MUST align with the AOSP implementation
+</p>
+
+
+<h2 id="3_9_2_managed_profile_support">3.9.2 Managed Profile Support</h2>
+
+<p>Managed profile capable devices are those devices that:</p>
+<ul>
+ <li>Declare android.software.device_admin (see <a href="#3_9_device_administration">section 3.9 Device Administration)</a></li>
+ <li>Are not low RAM devices (see <a href="#7_6_1_minimum_memory_and_storage">section 7.6.1</a></li>
+ <li>Allocate internal (non-removable) storage as shared storage (see
+ <a href="#7_6_2_application_shared_storage">section 7.6.2</a>)</li>
+</ul>
+<p>Managed profile capable devices MUST:</p>
+<ul>
+ <li>Declare the platform feature flag android.software.managed_users.</li>
+ <li>Support managed profiles via the android.app.admin.DevicePolicyManager APIs</li>
+ <li>Allow a managed profile to be created [<a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE"> Resources, XX</a>]</li>
+ <li>Use an icon badge (similar to the AOSP upstream work badge) to represent
+the managed applications and widgets and other badged UI elements like Recents
+& Notifications</li>
+ <li>Display a notification icon (similar to the AOSP upstream work badge) to
+indicate when user is within a managed profile application</li>
+ <li>Display a toast indicating that the user is in the managed profile if and when the
+device wakes up (ACTION_USER_PRESENT) and the foreground application is within
+the managed profile</li>
+ <li>Where a managed profile exists, show a visual affordance in the Intent
+'Chooser' to allow the user to forward the intent from the managed to the personal
+profiles or vice versa, if enabled by the Device Policy Controller</li>
+ <li>Expose the following user affordances for both primary and managed profiles
+(when they exist):
+ <ul>
+ <li>Separate accounting for battery, location, mobile data and storage usage
+ for the primary and managed profiles</li>
+ <li>Independent management of VPN Applications installed within the primary
+ or managed profiles</li>
+ <li>Independent management of applications installed within the primary or
+ managed profiles</li>
+ <li>Independent management of user accounts within the primary or managed
+ profiles</li>
+ </ul>
+ </li>
+ <li>Ensure the default dialer can look up caller information from the managed
+profile (if one exists) alongside those from the primary profile</li>
+ <li>Ensure that all the security requirements for multi user (see
+<a href="#9_5_multi-user_support">section 9.5</a>) apply to
+managed profiles.</li>
+</ul>
<h2 id="3_10_accessibility">3.10. Accessibility</h2>
@@ -1569,11 +1784,72 @@
<p>The Android Television Input Framework (TIF) simplifies the delivery of live
content to Android Television devices. TIF provides a standard API to create
input modules that control Android Television devices. Android Television
-device implementations MUST support Television Input Framework [<a href="http://source.android.com/devices/tv/index.html">Resources, 46</a>].</p>
+device implementations MUST support TV Input Framework
+[<a href="http://source.android.com/devices/tv/index.html">Resources, 46</a>].</p>
<p>Device implementations that support TIF MUST declare the platform feature
android.software.live_tv.</p>
+<h3 id="3_12_1_tv_app">3.12.1. TV App</h3>
+
+<p>Any device implementation that declares support for Live TV MUST have an
+installed TV application (TV App). The Android Open Source Project provides an implementation of the TV
+App.</p>
+
+<p>The TV App MUST provide facilities to install and use TV Channels
+[<a href="http://developer.android.com/reference/android/media/tv/TvContract.Channels.html">Resources, XX</a>]
+ and meet the following requirements:</p>
+
+<ul>
+ <li>Device implementations MUST allow third-party TIF-based inputs (third-party inputs)
+[<a href="https://source.android.com/devices/tv/index.html#third-party_input_example">Resources, XX</a>]
+ to be installed and managed.
+ <li>Device implementations MAY provide visual separation between pre-installed
+ TIF-based inputs (installed inputs)
+[<a href="https://source.android.com/devices/tv/index.html#tv_inputs">Resources, XX</a>]
+ and third-party inputs.
+ <li>The device implementations MUST NOT display the third-party inputs more than a
+single navigation action away from the TV App (i.e. expanding a list of
+third-party inputs from the TV App).
+</ul>
+
+<h4 id="3_12_1_1_electronic_program_guide">3.12.1.1. Electronic Program Guide</h4>
+
+<p>Android Television device implementations MUST show an informational and
+interactive overlay, which MUST include an electronic program guide (EPG)
+generated from the values in the TvContract.Programs fields
+[<a href="https://developer.android.com/reference/android/media/tv/TvContract.Programs.html">Resources, XX</a>].
+ The EPG MUST meet the following requirements:</p>
+
+<ul>
+ <li>The EPG MUST display information from all installed inputs and third-party
+inputs.
+ <li>The EPG MAY provide visual separation between the installed inputs and
+third-party inputs.
+ <li>The EPG is STRONGLY RECOMMENDED to display installed inputs and third-party
+inputs with equal prominence. The EPG MUST NOT display the third-party inputs
+more than a single navigation action away from the installed inputs on the EPG.
+ <li>On channel change, device implementations MUST display EPG data for the
+currently playing program.
+</ul>
+
+<h4 id="3_12_1_2_navigation">3.12.1.2. Navigation</h4>
+
+<p>Android Television device input devices (i.e. remote control, remote control
+application, or game controller) MUST allow navigation to all actionable
+sections of the screen via the D-pad. D-pad up and down MUST be used to change
+live TV channels when there is no actionable section on the screen.</p>
+
+<p>The TV App SHOULD pass key events to HDMI inputs through CEC.</p>
+
+<h4 id="3_12_1_3_tv_input_app_linking">3.12.1.3. TV input app linking</h4>
+
+<p>Android Television device implementations MUST support TV input app linking,
+which allows all inputs to provide activity links from the current activity to
+another activity (i.e. a link from live programming to related content)
+[<a href="http://developer.android.com/reference/android/media/tv/TvContract.Channels.html#COLUMN_APP_LINK_INTENT_URI">Resources, XX</a>].
+ The TV App MUST show TV input app linking when it is provided.</p>
+
<h1 id="4_application_packaging_compatibility">4. Application Packaging Compatibility</h1>
@@ -1590,13 +1866,14 @@
<p>Device implementations MUST support the core media formats specified in the
-Android SDK documentation [<a href="http://developer.android.com/guide/appendix/media-formats.html">Resources, 50</a>] except where explicitly permitted in this document. Specifically, device
+Android SDK documentation [<a href="http://developer.android.com/guide/appendix/media-formats.html">Resources, 50</a>]
+except where explicitly permitted in this document. Specifically, device
implementations MUST support the media formats, encoders, decoders, file types,
and container formats defined in the tables below and reported via MediaCodecList
[<a href="http://developer.android.com/reference/android/media/MediaCodecList.html">Resources,112</a>].
Device implementations MUST also be able to decode all profiles reported in its CamcorderProfile
[<a href="http://developer.android.com/reference/android/media/CamcorderProfile.html">Resources,
-113</a>].
+113</a>] and MUST be able to decode all formats it can encode.
All of these codecs are
provided as software implementations in the preferred Android implementation
@@ -1619,9 +1896,9 @@
<th>Supported File Types/Container Formats</th>
</tr>
<tr>
- <td>MPEG-4 AAC Profile</p>
+ <td>MPEG-4 AAC Profile<br />
-<p>(AAC LC)</td>
+(AAC LC)</td>
<td>REQUIRED<sup>1</sup></td>
<td>REQUIRED</td>
<td>Support for mono/stereo/5.0/5.1<sup>2</sup> content with standard sampling rates from 8 to
@@ -1643,9 +1920,9 @@
<td></td>
</tr>
<tr>
- <td>MPEG-4 HE AACv2</p>
+ <td>MPEG-4 HE AACv2<br />
-<p>Profile (enhanced AAC+)</td>
+Profile (enhanced AAC+)</td>
<td> </td>
<td>REQUIRED</td>
<td>Support for mono/stereo/5.0/5.1<sup>2</sup> content with standard sampling rates from 16
@@ -1654,12 +1931,12 @@
</tr>
<tr>
<td>AAC ELD (enhanced low delay AAC)</td>
- <td>REQUIRED<sup>1</sup> </p>
+ <td>REQUIRED<sup>1</sup> <br />
-<p>(Android 4.1+)</td>
- <td>REQUIRED</p>
+(Android 4.1+)</td>
+ <td>REQUIRED<br />
-<p>(Android 4.1+)</td>
+(Android 4.1+)</td>
<td>Support for mono/stereo content with standard sampling rates from 16 to 48 kHz.</td>
<td></td>
</tr>
@@ -1667,14 +1944,14 @@
<td>AMR-NB</td>
<td>REQUIRED<sup>3</sup></td>
<td>REQUIRED<sup>3</sup></td>
- <td>4.75 to 12.2 kbps sampled @ 8kHz</td>
+ <td>4.75 to 12.2 kbps sampled @ 8 kHz</td>
<td>3GPP (.3gp)</td>
</tr>
<tr>
<td>AMR-WB</td>
<td>REQUIRED<sup>3</sup></td>
<td>REQUIRED<sup>3</sup></td>
- <td>9 rates from 6.60 kbit/s to 23.85 kbit/s sampled @ 16kHz</td>
+ <td>9 rates from 6.60 kbit/s to 23.85 kbit/s sampled @ 16 kHz</td>
<td></td>
</tr>
<tr>
@@ -1682,8 +1959,8 @@
<td></td>
<td>REQUIRED <br>(Android 3.1+)</td>
<td>Mono/Stereo (no multichannel). Sample rates up to 48 kHz (but up to 44.1 kHz is
-recommended on devices with 44.1 kHz output, as the 48 to 44.1 kHz downsampler
-does not include a low-pass filter). 16-bit recommended; no dither applied for
+RECOMMENDED on devices with 44.1 kHz output, as the 48 to 44.1 kHz downsampler
+does not include a low-pass filter). 16-bit RECOMMENDED; no dither applied for
24-bit.</td>
<td>FLAC (.flac) only</td>
</tr>
@@ -1795,8 +2072,6 @@
<h3 id="5_1_3_video_codecs">5.1.3. Video Codecs</h3>
-<p>Video codecs are optional for Android Watch device implementations.</p>
-
<table>
<tr>
<th>Format/Codec</th>
@@ -1822,7 +2097,7 @@
<td><ul>
<li class="table_list">3GPP (.3gp)</li>
<li class="table_list">MPEG-4 (.mp4)</li>
- <li class="table_list">MPEG-TS (.ts, AAC audio only, not seekable, Android 3.0+)</li></ul></td>
+ <li class="table_list">MPEG-2 TS (.ts, AAC audio only, not seekable, Android 3.0+)</li></ul></td>
</tr>
<tr>
<td>H.265 HEVC</td>
@@ -1831,6 +2106,13 @@
<td>See <a href="#5_3_video_decoding">section 5.3</a> for details</td>
<td>MPEG-4 (.mp4)</td>
</tr>
+<tr>
+ <td>MPEG-2</td>
+ <td></td>
+ <td>STRONGLY RECOMMENDED<sup>6</sup></td>
+ <td>Main Profile</td>
+ <td>MPEG2-TS</td>
+</tr>
<tr>
<td>MPEG-4 SP</td>
<td></td>
@@ -1840,12 +2122,12 @@
</tr>
<tr>
<td>VP8<sup>3</sup></td>
- <td>REQUIRED<sup>2</sup></p>
+ <td>REQUIRED<sup>2</sup><br />
-<p>(Android 4.3+)</td>
- <td>REQUIRED<sup>2</sup></p>
+(Android 4.3+)</td>
+ <td>REQUIRED<sup>2</sup><br />
-<p>(Android 2.3.3+)</td>
+(Android 2.3.3+)</td>
<td>See <a href="#5_2_video_encoding">section 5.2</a> and <a href="#5_3_video_decoding">5.3</a> for details</td>
<td><ul>
<li class="table_list">WebM (.webm) [<a href="http://www.webmproject.org/">Resources, 110</a></li>
@@ -1874,7 +2156,9 @@
<p class="table_footnote">4 Device implementations SHOULD support writing Matroska WebM files.</p>
-<p class="table_footnote">5 Strongly recommended for Android Automotive, optional for Android Watch, and required for all other device types.</p>
+<p class="table_footnote">5 STRONGLY RECOMMENDED for Android Automotive, optional for Android Watch, and required for all other device types.</p>
+
+<p class="table_footnote">6 Applies only to Android Television device implementations.</p>
<h2 id="5_2_video_encoding">5.2. Video Encoding</h2>
@@ -1882,19 +2166,20 @@
<p>Video codecs are optional for Android Watch device implementations.</p>
</div>
+<p>Android device implementations with H.263 encoders, MUST support Baseline Profile Level 45.</p>
<p>Android device implementations with H.264 codec support, MUST support Baseline
Profile Level 3 and the following SD (Standard Definition) video encoding
profiles and SHOULD support Main Profile Level 4 and the following HD (High
-Definition) video encoding profiles. Android Television devices are STRONGLY
-RECOMMENDED to encode HD 1080p video at 30 fps.</p>
+Definition) video encoding profiles. Android Television devices are STRONGLY RECOMMENDED
+to encode HD 1080p video at 30 fps.</p>
<table>
<tr>
<th></th>
<th>SD (Low quality)</th>
<th>SD (High quality)</th>
- <th>HD 720p1</th>
- <th>HD 1080p1</th>
+ <th>HD 720p<sup>1</sup></th>
+ <th>HD 1080p<sup>1</sup></th>
</tr>
<tr>
<th>Video resolution</th>
@@ -1931,8 +2216,8 @@
<th></th>
<th>SD (Low quality)</th>
<th>SD (High quality)</th>
- <th>HD 720p1</th>
- <th>HD 1080p1</th>
+ <th>HD 720p<sup>1</sup></th>
+ <th>HD 1080p<sup>1</sup></th>
</tr>
<tr>
<th>Video resolution</th>
@@ -1965,22 +2250,27 @@
<p>Video codecs are optional for Android Watch device implementations.</p>
</div>
-
<p>Device implementations MUST support dynamic video resolution switching within
the same stream for all VP8, VP9, H.264, and H.265 codecs exposed through the
standard Android APIs.</p>
-<p>Android device implementations with H.264 decoders, MUST support Baseline
-Profile Level 3 and the following SD video decoding profiles and SHOULD support
-the HD decoding profiles. Android Television devices MUST support High Profile
+<p>Android device implementations with H.263 decoders, MUST support Baseline
+Profile Level 30.</p>
+
+<p>Android device implementations with MPEG-4 decoders, MUST support Simple
+Profile Level 3.</p>
+
+<p>Android device implementations with H.264 decoders, MUST support Main Profile
+Level 3 and the following SD video decoding profiles and SHOULD support the
+HD decoding profiles. Android Television devices MUST support High Profile
Level 4.2 and the HD 1080p decoding profile.</p>
<table>
<tr>
<th></th>
<th>SD (Low quality)</th>
<th>SD (High quality)</th>
- <th>HD 720p1</th>
- <th>HD 1080p1</th>
+ <th>HD 720p<sup>1</sup></th>
+ <th>HD 1080p<sup>1</sup></th>
</tr>
<tr>
<th>Video resolution</th>
@@ -1993,8 +2283,8 @@
<th>Video frame rate</th>
<td>30 fps</td>
<td>30 fps</td>
- <td>30 fps / 60 fps2</td>
- <td>30 fps / 60 fps2</td>
+ <td>60 fps</td>
+ <td>30 fps / 60 fps<sup>2</sup></td>
</tr>
<tr>
<th>Video bitrate</th>
@@ -2019,8 +2309,8 @@
<th></th>
<th>SD (Low quality)</th>
<th>SD (High quality)</th>
- <th>HD 720p1</th>
- <th>HD 1080p1</th>
+ <th>HD 720p<sup>1</sup></th>
+ <th>HD 1080p<sup>1</sup></th>
</tr>
<tr>
<th>Video resolution</th>
@@ -2033,8 +2323,8 @@
<th>Video frame rate</th>
<td>30 fps</td>
<td>30 fps</td>
- <td>30 fps / 60 fps2</td>
- <td>30 / 60 fps2</td>
+ <td>30 fps / 60 fps<sup>2</sup></td>
+ <td>30 / 60 fps<sup>2</sup></td>
</tr>
<tr>
<th>Video bitrate</th>
@@ -2054,16 +2344,16 @@
<p>Android device implementations, when supporting VP9 codec as described in <a href="#5_1_3_video_codecs">section 5.1.3</a>, MUST support the following SD video decoding profiles and SHOULD support the
HD decoding profiles. Android Television devices are STRONGLY RECOMMENDED to
support the HD 1080p decoding profile and SHOULD support the UHD decoding
-profile. When the UHD video decoding profile is supported, it MUST support 8
-bit color depth.</p>
+profile. When the UHD video decoding profile is supported, it MUST support 8-bit
+color depth and SHOULD support VP9 Profile 2 (10-bit).</p>
<table>
<tr>
<th></th>
<th>SD (Low quality)</th>
<th>SD (High quality)</th>
- <th>HD 720p 1</th>
- <th>HD 1080p 2</th>
- <th>UHD 2</th>
+ <th>HD 720p<sup>1</sup></th>
+ <th>HD 1080p<sup>2</sup></th>
+ <th>UHD<sup>2</sup></th>
</tr>
<tr>
<th>Video resolution</th>
@@ -2078,8 +2368,55 @@
<td>30 fps</td>
<td>30 fps</td>
<td>30 fps</td>
+ <td>60 fps</td>
+ <td>60 fps</td>
+ </tr>
+ <tr>
+ <th>Video bitrate</th>
+ <td>600 Kbps</td>
+ <td>1.6 Mbps</td>
+ <td>4 Mbps</td>
+ <td>10 Mbps</td>
+ <td>20 Mbps</td>
+ </tr>
+</table>
+
+
+<p class="table_footnote">1 Required for Android Television device implementations, but for other type of
+devices only when supported by hardware.</p>
+
+<p class="table_footnote">2 STRONGLY RECOMMENDED for existing Android Television device implementations when
+supported by hardware.</p>
+
+<p>Android device implementations, when supporting H.265 codec as described in <a href="#5_1_3_video_codecs">section 5.1.3</a>, MUST support the Main Profile Level 3 Main tier and the following SD video
+decoding profiles and SHOULD support the HD decoding profiles. Android
+Television devices MUST support the Main Profile Level 4.1 Main tier and the HD
+1080p decoding profile and SHOULD support Main10 Level 5 Main Tier profile and
+the UHD decoding profile.</p>
+<table>
+ <tr>
+ <th></th>
+ <th>SD (Low quality)</th>
+ <th>SD (High quality)</th>
+ <th>HD 720p<sup>1</sup></th>
+ <th>HD 1080p<sup>1</sup></th>
+ <th>UHD<sup>2</sup></th>
+ </tr>
+ <tr>
+ <th>Video resolution</th>
+ <td>352 x 288 px</td>
+ <td>640 x 360 px</td>
+ <td>1280 x 720 px</td>
+ <td>1920 x 1080 px</td>
+ <td>3840 x 2160 px</td>
+ </tr>
+ <tr>
+ <th>Video frame rate</th>
<td>30 fps</td>
<td>30 fps</td>
+ <td>30 fps</td>
+ <td>60 fps<sup>2</sup></td>
+ <td>60 fps</td>
</tr>
<tr>
<th>Video bitrate</th>
@@ -2095,63 +2432,17 @@
<p class="table_footnote">1 Required for Android Television device implementations, but for other type of
devices only when supported by hardware.</p>
-<p class="table_footnote">2 STRONGLY RECOMMENDED for Android Television device implementations when
-supported by hardware.</p>
-
-<p>Android device implementations, when supporting H.265 codec as described in <a href="#5_1_3_video_codecs">section 5.1.3</a>, MUST support the Main Profile Level 3 Main tier and the following SD video
-decoding profiles and SHOULD support the HD decoding profiles. Android
-Television devices MUST support the Main Profile Level 4.1 Main tier and the HD
-1080p decoding profile and SHOULD support Main10 Level 5 Main Tier profile and
-the UHD decoding profile.</p>
-<table>
- <tr>
- <th></th>
- <th>SD (Low quality)</th>
- <th>SD (High quality)</th>
- <th>HD 720p </strong>1 </td>
- <th>HD 1080p </strong>1 </td>
- <th>UHD </strong>2</td>
- </tr>
- <tr>
- <th>Video resolution</th>
- <td>352 x 288 px</td>
- <td>640 x 360 px</td>
- <td>1280 x 720 px</td>
- <td>1920 x 1080 px</td>
- <td>3840 x 2160 px</td>
- </tr>
- <tr>
- <th>Video frame rate</th>
- <td>30 fps</td>
- <td>30 fps</td>
- <td>30 fps</td>
- <td>30 fps</td>
- <td>30 fps</td>
- </tr>
- <tr>
- <th>Video bitrate</th>
- <td>600 Kbps </td>
- <td>1.6 Mbps</td>
- <td>4 Mbps</td>
- <td>10 Mbps</td>
- <td>20 Mbps</td>
- </tr>
-</table>
-
-
-<p class="table_footnote">1 Required for Android Television device implementation, but for other type of
-devices only when supported by hardware.</p>
-
-<p class="table_footnote">2 Required for Android Television device implementations when supported by
-hardware.</p>
+<p class="table_footnote">2 STRONGLY RECOMMENDED
+for existing Android Television device implementations when supported by hardware.</p>
<h2 id="5_4_audio_recording">5.4. Audio Recording</h2>
<p>While some of the requirements outlined in this section are stated as SHOULD
since Android 4.3, the Compatibility Definition for a future version is planned
-to change these to MUST. Existing and new Android devices are <strong>very strongly encouraged</strong> to meet these requirements, or they will not be able to attain Android
-compatibility when upgraded to the future version.</p>
+to change these to MUST. Existing and new Android devices are <strong>STRONGLY RECOMMENDED</strong>
+to meet these requirements, or they will not be able to attain Android compatibility when upgraded
+to the future version.</p>
<h3 id="5_4_1_raw_audio_capture">5.4.1. Raw Audio Capture</h3>
@@ -2165,6 +2456,9 @@
<li><strong>Channels</strong>: Mono
</ul>
+<p>The capture for the above sample rates MUST be done without up-sampling, and
+any down-sampling MUST include an appropriate anti-aliasing filter.</p>
+
<p>Device implementations that declare android.hardware.microphone SHOULD allow
capture of raw audio content with the following characteristics:</p>
@@ -2174,6 +2468,11 @@
<li><strong>Channels</strong>: Stereo
</ul>
+<p>If capture for the above sample rates is supported,
+then the capture MUST be done without up-sampling at any ratio higher than 16000:22050
+or 44100:48000.
+Any up-sampling or down-sampling MUST include an appropriate anti-aliasing filter.</p>
+
<h3 id="5_4_2_capture_for_voice_recognition">5.4.2. Capture for Voice Recognition</h3>
@@ -2188,7 +2487,7 @@
source at 1000 Hz yields RMS of 2500 for 16-bit samples.
<li>PCM amplitude levels SHOULD linearly track input SPL changes over at least a 30
dB range from -18 dB to +12 dB re 90 dB SPL at the microphone.
- <li>Total harmonic distortion SHOULD be less than 1% for 1Khz at 90 dB SPL input
+ <li>Total harmonic distortion SHOULD be less than 1% for 1 kHz at 90 dB SPL input
level at the microphone.
<li>Noise reduction processing, if present, MUST be disabled.
<li>Automatic gain control, if present, MUST be disabled
@@ -2289,13 +2588,16 @@
<li><strong>continuous input latency</strong>. The input latency for subsequent frames, while the device is capturing audio.</li>
<li><strong>cold output jitter</strong>. The variance among separate measurements of cold output latency values.</li>
<li><strong>cold input jitter</strong>. The variance among separate measurements of cold input latency values.</li>
- <li><strong>continuous round-trip latency</strong>. The sum of continuous input latency plus continuous output latency plus 5
-milliseconds.</li>
+ <li><strong>continuous round-trip latency</strong>. The sum of continuous input latency plus continuous output latency plus
+ one buffer period.
+ The buffer period term allows processing time for the app and for the app to
+ mitigate phase difference between input and output streams.
+ </li>
<li><strong>OpenSL ES PCM buffer queue API</strong>. The set of PCM-related OpenSL ES APIs within Android NDK; see
NDK_root/docs/opensles/index.html.</li>
</ul>
-<p>Device implementations that declare android.hardware.audio.output SHOULD meet
+<p>Device implementations that declare android.hardware.audio.output are STRONGLY RECOMMENDED to meet
or exceed these audio output requirements:</p>
<ul>
@@ -2307,12 +2609,12 @@
<p>If a device implementation meets the requirements of this section after any
initial calibration when using the OpenSL ES PCM buffer queue API, for
continuous output latency and cold output latency over at least one supported
-audio output device, it MAY report support for low-latency audio, by reporting
+audio output device, it is STRONGLY RECOMMENDED to report support for low-latency audio, by reporting
the feature android.hardware.audio.low_latency via the
android.content.pm.PackageManager class [<a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">Resources, 53</a>]. Conversely, if the device implementation does not meet these requirements it
MUST NOT report support for low-latency audio.</p>
-<p>Device implementations that include android.hardware.microphone SHOULD meet
+<p>Device implementations that include android.hardware.microphone are STRONGLY RECOMMENDED to meet
these input audio requirements:</p>
<ul>
@@ -2355,7 +2657,7 @@
If a device implementation supports the inter-app MIDI software transport
(virtual MIDI devices), and it supports MIDI over
<em>all</em> of the following MIDI-capable hardware transports
-for which it provides generic non-MIDI connectivity, it MAY report
+for which it provides generic non-MIDI connectivity, it is STRONGLY RECOMMENDED to report
support for feature android.software.midi via the
android.content.pm.PackageManager class
[<a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">Resources, 53</a>].
@@ -2380,6 +2682,61 @@
over Bluetooth LE, SHOULD support MIDI over Bluetooth LE.
</p>
+<h2 id="5_10_pro_audio">5.10. Professional Audio</h2>
+
+<p>
+If a device implementation meets <em>all</em> of the following requirements,
+it is STRONGLY RECOMMENDED to report support for feature android.hardware.audio.pro via the
+android.content.pm.PackageManager class
+[<a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">Resources, 53</a>].
+</p>
+
+<ul>
+
+<li>
+The device implementation MUST report support for feature android.hardware.audio.low_latency.
+</li>
+
+<li> The continuous round-trip audio latency, as defined in section 5.6 Audio Latency,
+MUST be 20 milliseconds or less and SHOULD be 10 milliseconds or less over at least one
+supported path.
+</li>
+
+<li>
+If the device includes a 4 conductor 3.5mm audio jack,
+the continuous round-trip audio latency MUST be 20 milliseconds or less over the audio jack path,
+and SHOULD be 10 milliseconds or less over at the audio jack path.
+</li>
+
+<li>
+The device implementation MUST include a USB port(s) supporting USB host mode and
+USB peripheral mode.
+</li>
+
+<li>
+The USB host mode MUST implement the USB audio class.
+</li>
+
+<li>
+If the device includes an HDMI port, the device implementation
+MUST support output in stereo and eight channels
+at 20-bit or 24-bit depth and 192 kHz without bit-depth loss or resampling.
+</li>
+
+<li>
+The device implementation MUST report support for feature android.software.midi.
+</li>
+
+<li>
+If the device includes a 4 conductor 3.5mm audio jack,
+the device implementation is STRONGLY RECOMMENDED to comply with section
+<a href="https://source.android.com/accessories/headset/specification.html#mobile_device_jack_specifications">Mobile device (jack) specifications</a>
+of the
+<a href="https://source.android.com/accessories/headset/specification.html">Wired Audio Headset Specification (v1.1)</a>.
+</li>
+
+</ul>
+
<h1 id="6_developer_tools_and_options_compatibility">6. Developer Tools and Options Compatibility</h1>
<h2 id="6_1_developer_tools">6.1. Developer Tools</h2>
@@ -2432,7 +2789,8 @@
adb tool as provided in the standard Android SDK, device implementers MUST
provide Windows drivers allowing developers to connect to the device using the
adb protocol. These drivers MUST be provided for Windows XP, Windows Vista,
-Windows 7, Windows 8, and Windows 9 in both 32-bit and 64-bit versions.</p>
+Windows 7, Windows 8 and Windows 10 in both 32-bit and 64-bit versions.
+</p>
<h2 id="6_2_developer_options">6.2. Developer Options</h2>
@@ -2573,7 +2931,9 @@
<li>240 dpi (hdpi)</li>
<li>280 dpi (280dpi)</li>
<li>320 dpi (xhdpi)</li>
+ <li>360 dpi (360dpi)</li>
<li>400 dpi (400dpi)</li>
+ <li>420 dpi (420dpi)</li>
<li>480 dpi (xxhdpi)</li>
<li>560 dpi (560dpi)</li>
<li>640 dpi (xxxhdpi)</li>
@@ -2834,13 +3194,11 @@
button, a software key, or gestures. This Menu function should be presented
unless hidden together with other navigation functions.</p>
-<p>Android supports Assist action [<a href="http://developer.android.com/reference/android/content/Intent.html#ACTION_ASSIST">Resources, 69</a>]. Android device implementations except for Android Watch devices MUST make
-the Assist action available to the user at all times when running applications.
-The Assist action SHOULD be implemented as a long-press on the Home button or a
-swipe-up gesture on the software Home key. This function MAY be implemented via
-another physical button, software key, or gesture, but MUST be accessible with
-a single action (e.g. tap, double-click, or gesture) when other navigation keys
-are visible.</p>
+<p>Android device implementations with the support of the Assist action [<a
+href="http://developer.android.com/reference/android/content/Intent.html#ACTION_ASSIST">Resources,
+69</a>] MUST make this accessisble with a single action (e.g. tap, double-click,
+or gesture) when other navigation keys are visible, and are STRONGLY RECOMMENDED to
+use the long-press on the Home button or software key as the single action.</p>
<p>Device implementations MAY use a distinct portion of the screen to display the
navigation keys, but if so, MUST meet these requirements:</p>
@@ -2949,7 +3307,7 @@
<table>
<tr>
<th>Button</th>
- <th>HID Usage</strong><sup>2</sup></td>
+ <th>HID Usage<sup>2</sup></th>
<th>Android Button</th>
</tr>
<tr>
@@ -2973,16 +3331,16 @@
<td>KEYCODE_BUTTON_Y (100)</td>
</tr>
<tr>
- <td><a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_UP">D-pad up</a><sup>1</sup></p>
+ <td><a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_UP">D-pad up</a><sup>1</sup><br />
-<p><a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_DOWN">D-pad down</a><sup>1</sup></td>
+<a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_DOWN">D-pad down</a><sup>1</sup></td>
<td>0x01 0x0039<sup>3</sup></td>
<td><a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_HAT_Y">AXIS_HAT_Y</a><sup>4</sup></td>
</tr>
<tr>
- <td><a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_LEFT">D-pad left</a>1</p>
+ <td><a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_LEFT">D-pad left</a>1<br />
-<p><a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_RIGHT">D-pad right</a><sup>1</sup></td>
+<a href="http://developer.android.com/reference/android/view/KeyEvent.html#KEYCODE_DPAD_RIGHT">D-pad right</a><sup>1</sup></td>
<td>0x01 0x0039<sup>3</sup></td>
<td><a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_HAT_X">AXIS_HAT_X</a><sup>4</sup></td>
</tr>
@@ -3034,7 +3392,7 @@
<table>
<tr>
- <th>Analog Controls</strong><sup>1</sup></td>
+ <th>Analog Controls<sup>1</sup></th>
<th>HID Usage</th>
<th>Android Button</th>
</tr>
@@ -3050,21 +3408,21 @@
</tr>
<tr>
<td><a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_Y">Left Joystick</a></td>
- <td>0x01 0x0030</p>
+ <td>0x01 0x0030<br />
-<p>0x01 0x0031</td>
- <td>AXIS_X</p>
+0x01 0x0031</td>
+ <td>AXIS_X<br />
-<p>AXIS_Y</td>
+AXIS_Y</td>
</tr>
<tr>
<td><a href="http://developer.android.com/reference/android/view/MotionEvent.html#AXIS_Z">Right Joystick</a></td>
- <td>0x01 0x0032</p>
+ <td>0x01 0x0032<br />
-<p>0x01 0x0035</td>
- <td>AXIS_Z</p>
+0x01 0x0035</td>
+ <td>AXIS_Z<br />
-<p>AXIS_RZ</td>
+AXIS_RZ</td>
</tr>
</table>
@@ -3110,9 +3468,12 @@
<li>SHOULD report the event time in nanoseconds as defined in the Android SDK
documentation, representing the time the event happened and synchronized with
the SystemClock.elapsedRealtimeNano() clock. Existing and new Android devices
-are <strong>very strongly encouraged</strong> to meet these requirement so they will be able to upgrade to the future
+are <strong>STRONGLY RECOMMENDED</strong> to meet these requirement so they will be able to upgrade to the future
platform releases where this might become a REQUIRED component. The
synchronization error SHOULD be below 100 milliseconds [<a href="http://developer.android.com/reference/android/hardware/SensorEvent.html#timestamp">Resources, 75</a>].</li>
+ <li>MUST report sensor data with a maximum latency of 100 milliseconds + 2 * sample_time for the case of a sensor streamed
+ with a minimum required latency of 5 ms + 2 * sample_time when the application processor is active. This delay does not include any filtering delays.</li>
+ <li>MUST report the first sensor sample within 400 milliseconds + 2 * sample_time of the sensor being activated. It is acceptable for this sample to have an accuracy of 0.</li>
</ul>
<p>The list above is not comprehensive; the documented behavior of the Android SDK
@@ -3145,7 +3506,7 @@
<p>Device implementations SHOULD include a 3-axis accelerometer. Android Handheld
-devices and Android Watch devices are strongly encouraged to include this
+devices and Android Watch devices are STRONGLY RECOMMENDED to include this
sensor. If a device implementation does include a 3-axis accelerometer, it:</p>
<ul>
@@ -3158,7 +3519,7 @@
Android APIs [<a href="http://developer.android.com/reference/android/hardware/SensorEvent.html">Resources, 74</a>].</li>
<li>MUST be capable of measuring from freefall up to four times the gravity (4g) or
more on any axis.</li>
- <li>MUST have a resolution of at least 8-bits and SHOULD have a resolution of at
+ <li>MUST have a resolution of at least 12-bits and SHOULD have a resolution of at
least 16-bits.</li>
<li>SHOULD be calibrated while in use if the characteristics changes over the life
cycle and compensated, and preserve the compensation parameters between device
@@ -3169,15 +3530,15 @@
period of at least 3 seconds at the fastest sampling rate.</li>
<li>SHOULD implement the TYPE_SIGNIFICANT_MOTION, TYPE_TILT_DETECTOR,
TYPE_STEP_DETECTOR, TYPE_STEP_COUNTER composite sensors as described in the
-Android SDK document. Existing and new Android devices are <strong>very strongly encouraged</strong> to implement the TYPE_SIGNIFICANT_MOTION composite sensor. If any of these
+Android SDK document. Existing and new Android devices are <strong>STRONGLY RECOMMENDED</strong> to implement the TYPE_SIGNIFICANT_MOTION composite sensor. If any of these
sensors are implemented, the sum of their power consumption MUST always be less
than 4 mW and SHOULD each be below 2 mW and 0.5 mW for when the device is in a
dynamic or static condition.</li>
<li>If a gyroscope sensor is included, MUST implement the TYPE_GRAVITY and
TYPE_LINEAR_ACCELERATION composite sensors and SHOULD implement the
TYPE_GAME_ROTATION_VECTOR composite sensor. Existing and new Android devices
-are strongly encouraged to implement the TYPE_GAME_ROTATION_VECTOR sensor.</li>
- <li>SHOULD implement a TYPE_ROTATION_VECTOR composite sensor, if a gyroscope sensor
+are STRONGLY RECOMMENDED to implement the TYPE_GAME_ROTATION_VECTOR sensor.</li>
+ <li>MUST implement a TYPE_ROTATION_VECTOR composite sensor, if a gyroscope sensor
and a magnetometer sensor is also included.</li>
</ul>
@@ -3190,7 +3551,7 @@
<ul>
<li>MUST implement the TYPE_MAGNETIC_FIELD sensor and SHOULD also implement
TYPE_MAGNETIC_FIELD_UNCALIBRATED sensor. Existing and new Android devices are
-strongly encouraged to implement the TYPE_MAGNETIC_FIELD_UNCALIBRATED sensor.</li>
+STRONGLY RECOMMENDED to implement the TYPE_MAGNETIC_FIELD_UNCALIBRATED sensor.</li>
<li>MUST be able to report events up to a frequency of at least 10 Hz and SHOULD
report events up to at least 50 Hz.</li>
<li>MUST comply with the Android sensor coordinate system as detailed in the
@@ -3210,7 +3571,7 @@
<li>SHOULD have a standard deviation, calculated on a per axis basis on samples
collected over a period of at least 3 seconds at the fastest sampling rate, no
greater than 0.5 µT.</li>
- <li>SHOULD implement a TYPE_ROTATION_VECTOR composite sensor, if an accelerometer
+ <li>MUST implement a TYPE_ROTATION_VECTOR composite sensor, if an accelerometer
sensor and a gyroscope sensor is also included.</li>
<li>MAY implement the TYPE_GEOMAGNETIC_ROTATION_VECTOR sensor if an accelerometer
sensor is also implemented. However if implemented, it MUST consume less than
@@ -3234,7 +3595,7 @@
<ul>
<li>MUST implement the TYPE_GYROSCOPE sensor and SHOULD also implement
TYPE_GYROSCOPE_UNCALIBRATED sensor. Existing and new Android devices are
-strongly encouraged to implement the SENSOR_TYPE_GYROSCOPE_UNCALIBRATED sensor.</li>
+STRONGLY RECOMMENDED to implement the SENSOR_TYPE_GYROSCOPE_UNCALIBRATED sensor.</li>
<li>MUST be capable of measuring orientation changes up to 1,000 degrees per second.</li>
<li>MUST be able to report events up to a frequency of at least 50 Hz for
Android Watch devices as such devices have a stricter power constraint and
@@ -3249,12 +3610,12 @@
or rad^2 / s). The variance is allowed to vary with the sampling rate, but must
be constrained by this value. In other words, if you measure the variance of
the gyro at 1 Hz sampling rate it should be no greater than 1e-7 rad^2/s^2.</li>
- <li>SHOULD implement a TYPE_ROTATION_VECTOR composite sensor, if an accelerometer
+ <li>MUST implement a TYPE_ROTATION_VECTOR composite sensor, if an accelerometer
sensor and a magnetometer sensor is also included.</li>
<li>If an accelerometer sensor is included, MUST implement the TYPE_GRAVITY and
TYPE_LINEAR_ACCELERATION composite sensors and SHOULD implement the
TYPE_GAME_ROTATION_VECTOR composite sensor. Existing and new Android devices
-are strongly encouraged to implement the TYPE_GAME_ROTATION_VECTOR sensor.</li>
+are STRONGLY RECOMMENDED to implement the TYPE_GAME_ROTATION_VECTOR sensor.</li>
</ul>
<h3 id="7_3_5_barometer">7.3.5. Barometer</h3>
@@ -3304,6 +3665,169 @@
<li>MUST have 1-bit of accuracy or more.</li>
</ul>
+
+<h3 id="7_3_9_hifi_sensors">7.3.9. High Fidelity Sensors</h3>
+
+<p>Device implementations supporting a set of higher quality sensors that can meet all
+the requirements listed in this section MUST identify the support through the
+<code>android.hardware.sensor.hifi_sensors</code> feature flag.</p>
+
+<p>A device declaring android.hardware.sensor.hifi_sensors MUST support all of the following
+sensor types meeting the quality requirements as below:</p>
+
+<ul>
+ <li>SENSOR_TYPE_ACCELEROMETER
+ <ul>
+ <li>MUST have a measurement range between at least -8g and +8g</li>
+ <li>MUST have a measurement resolution of at least 1024 LSB/G</li>
+ <li>MUST have a minimum measurement frequency of 12.5 Hz or lower</li>
+ <li>MUST have a maxmium measurement frequency of 200 Hz or higher</li>
+ <li>MUST have a measurement noise not above 400uG/√Hz</li>
+ <li>MUST implement a non-wake-up form of this sensor with a buffering capability of at least 3000 sensor events</li>
+ <li>MUST have a batching power consumption not worse than 3 mW</li>
+ </ul>
+ </li>
+ <li>SENSOR_TYPE_GYROSCOPE
+ <ul>
+ <li>MUST have a measurement range between at least -1000 and +1000 dps</li>
+ <li>MUST have a measurement resolution of at least 16 LSB/dps</li>
+ <li>MUST have a minimum measurement frequency of 12.5 Hz or lower</li>
+ <li>MUST have a maxmium measurement frequency of 200 Hz or higher</li>
+ <li>MUST have a measurement noise not above 0.014°/s/√Hz</li>
+ </ul>
+ </li>
+ <li>SENSOR_TYPE_GYROSCOPE_UNCALIBRATED with the same quality requirements as
+ SENSOR_TYPE_GYROSCOPE</li>
+ <li>SENSOR_TYPE_GEOMAGNETIC_FIELD
+ <ul>
+ <li>MUST have a measurement range between at least -900 and +900 uT</li>
+ <li>MUST have a measurement resolution of at least 5 LSB/uT</li>
+ <li>MUST have a minimum measurement frequency of 5 Hz or lower</li>
+ <li>MUST have a maxmium measurement frequency of 50 Hz or higher</li>
+ <li>MUST have a measurement noise not above 0.5 uT</li>
+ </ul>
+ </li>
+ <li>SENSOR_TYPE_MAGNETIC_FIELD_UNCALIBRATED with the same quality requirements as
+ SENSOR_TYPE_GEOMAGNETIC_FIELD and in addition:
+ <ul>
+ <li>MUST implement a non-wake-up form of this sensor with a buffering capability of at least 600 sensor events</li>
+ </ul>
+ </li>
+ <li>SENSOR_TYPE_PRESSURE
+ <ul>
+ <li>MUST have a measurement range between at least 300 and 1100 hPa</li>
+ <li>MUST have a measurement resolution of at least 80 LSB/hPa</li>
+ <li>MUST have a minimum measurement frequency of 1 Hz or lower</li>
+ <li>MUST have a maximum measurement frequency of 10 Hz or higher</li>
+ <li>MUST have a measurement noise not above 2 Pa/√Hz</li>
+ <li>MUST implement a non-wake-up form of this sensor with a buffering capability of at least 300 sensor events</li>
+ <li>MUST have a batching power consumption not worse than 2 mW</li>
+ </ul>
+ </li>
+ <li>SENSOR_TYPE_ROTATION_VECTOR
+ <ul>
+ <li>MUST have a batching power consumption not worse than 4 mW</li>
+ </ul>
+ </li>
+ <li>SENSOR_TYPE_GAME_ROTATION_VECTOR MUST implement a non-wake-up form of this sensor with a buffering capability of at least 300 sensor events</li>
+ <li>SENSOR_TYPE_SIGNIFICANT_MOTION
+ <ul>
+ <li>MUST have a power consumption not worse than 0.5 mW when device is static
+ and 1.5 mW when device is moving</li>
+ </ul>
+ </li>
+ <li>SENSOR_TYPE_STEP_DETECTOR
+ <ul>
+ <li>MUST implement a non-wake-up form of this sensor with a buffering capability of at least 100 sensor events</li>
+ <li>MUST have a power consumption not worse than 0.5 mW when device is static
+ and 1.5 mW when device is moving</li>
+ <li>MUST have a batching power consumption not worse than 4 mW</li>
+ </ul>
+ </li>
+ <li>SENSOR_TYPE_STEP_COUNTER
+ <ul>
+ <li>MUST have a power consumption not worse than 0.5 mW when device is static
+ and 1.5 mW when device is moving</li>
+ </ul>
+ </li>
+ <li>SENSOR_TILT_DETECTOR
+ <ul>
+ <li>MUST have a power consumption not worse than 0.5 mW when device is static
+ and 1.5 mW when device is moving</li>
+ </ul>
+ </li>
+</ul>
+
+<p>Also such a device MUST meet the following sensor subsystem requirements:</p>
+
+<ul>
+ <li>The event timestamp of the same physical event reported by the Accelerometer, Gyroscope
+ sensor and Magnetometer MUST be within 2.5 milliseconds of each other.</li>
+ <li>The Gyroscope sensor event timestamps MUST be on the same time base as the camera
+ subsystem and within 1 millisconds of error.</li>
+ <li>The latency of delivery of samples to the HAL SHOULD be below 5 milliseconds from
+ the instant the data is available on the physical sensor hardware.</li>
+ <li>The power consumption MUST not be higher than 0.5 mW when device is static and 2.0 mW
+ when device is moving when any combination of the following sensors are enabled:
+ <ul>
+ <li>SENSOR_TYPE_SIGNIFICANT_MOTION</li>
+ <li>SENSOR_TYPE_STEP_DETECTOR</li>
+ <li>SENSOR_TYPE_STEP_COUNTER</li>
+ <li>SENSOR_TILT_DETECTORS</li>
+ </ul>
+ </li>
+</ul>
+
+<p>Note that all power consumption requirements in this section do not include the power
+ consumption of the Application Processor. It is inclusive of the power drawn by the entire
+ sensor chain - the sensor, any supporting circuitry, any dedicated sensor processing system,
+ etc.</p>
+
+<p>The following sensor types MAY also be supported on a device implementation declaring
+ android.hardware.sensor.hifi_sensors, but if these sensor types are present they MUST meet the
+ following minimum buffering capability requirement:</p>
+
+<ul>
+ <li>SENSOR_TYPE_PROXIMITY: 100 sensor events</li>
+</ul>
+
+<h3 id="7_3_10_fingeprint">7.3.10. Fingerprint Sensor</h3>
+
+<p>Device implementations with a secure lock screen SHOULD include a fingerprint sensor.
+If a device implementation includes a fingerprint sensor and has a corresponding API for
+third-party developers, it:</p>
+
+<ul>
+ <li>MUST declare support for the android.hardware.fingerprint feature.</li>
+ <li>MUST fully implement the corresponding API as described in the Android SDK documentation
+[<a href="https://developer.android.com/reference/android/hardware/fingerprint/package-summary.html">Resources, XX</a>].
+ </li>
+ <li>MUST have a false acceptance rate not higher than 0.002%.</li>
+ <li>Is STRONGLY RECOMMENDED to have a false rejection rate not higher than 10%, and a
+ latency from when the fingerprint sensor is touched until the screen is unlocked below
+ 1 second, for 1 enrolled finger.</li>
+ <li>MUST rate limit attempts for at least 30 seconds after 5 false trials for fingerprint
+ verification.</li>
+ <li>MUST have a hardware-backed keystore implementation, and perform the fingerprint matching
+ in a Trusted Execution Environment (TEE) or on a chip with a secure channel to the TEE.
+ </li>
+ <li>MUST have all identifiable fingerprint data encrypted and cryptographically
+ authenticated such that they cannot be acquired, read or altered outside of the
+ Trusted Execution Environment (TEE) as documented in the implementation guidelines
+ on the Android Open Source Project site
+ [<a href="https://source.android.com/devices/tech/security/authentication/fingerprint-hal.html">Resources, XX</a>].
+ </li>
+ <li>MUST prevent adding a fingerprint without first establishing a chain of trust by
+ having the user confirm existing or add a new device credential (PIN/pattern/password)
+ using the TEE as implemented in the Android Open Source project.</li>
+ <li>MUST NOT enable 3rd-party applications to distinguish between individual fingerprints.
+ </li>
+ <li>MUST honor the DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT flag.</li>
+ <li>MUST, when upgraded from a version earlier than Android 6.0, have the fingerprint
+ data securely migrated to meet the above requirements or removed.</li>
+ <li>SHOULD use the Android Fingerprint icon provided in the Android Open Source Project.</li>
+</ul>
+
<h2 id="7_4_data_connectivity">7.4. Data Connectivity</h2>
@@ -3404,6 +3928,8 @@
<li>MUST declare the hardware feature android.hardware.bluetooth_le.</li>
<li>MUST enable the GATT (generic attribute profile) based Bluetooth APIs as
described in the SDK documentation and [<a href="http://developer.android.com/reference/android/bluetooth/package-summary.html">Resources, 82</a>].</li>
+ <li>MUST implement a Resolvable Private Address (RPA) timeout no longer than
+15 minutes, and rotate the address at timeout to protect user privacy.</li>
<li>SHOULD support offloading of the filtering logic to the bluetooth chipset when
implementing the ScanFilter API [<a href="https://developer.android.com/reference/android/bluetooth/le/ScanFilter.html">Resources, 83</a>], and MUST report the correct value of where the filtering logic is implemented whenever queried via the
android.bluetooth.BluetoothAdapter.isOffloadedFilteringSupported() method.</li>
@@ -3434,23 +3960,24 @@
<ul>
<li>NfcA (ISO14443-3A)</li>
<li>NfcB (ISO14443-3B)</li>
- <li>NfcF (JIS 6319-4)</li>
+ <li>NfcF (JIS X 6319-4)</li>
<li>IsoDep (ISO 14443-4)</li>
<li>NFC Forum Tag Types 1, 2, 3, 4 (defined by the NFC Forum)</li>
</ul>
- <li>SHOULD be capable of reading and writing NDEF messages via the following NFC
-standards. Note that while the NFC standards below are stated as SHOULD, the
-Compatibility Definition for a future version is planned to change these to
-MUST. These standards are optional in this version but will be required in
-future versions. Existing and new devices that run this version of Android are <strong>very strongly encouraged</strong> to meet these requirements now so they will be able to upgrade to the future platform releases.</li>
+ <li>MUST be capable of reading and writing NDEF messages as well as raw
+ data via the following NFC standards:
<ul>
<li>NfcV (ISO 15693)</li>
</ul></li>
+ <li>SHOULD be capable of reading the barcode and URL (if encoded) of
+ Thinfilm NFC Barcode
+ [<a href="http://developer.android.com/reference/android/nfc/tech/NfcBarcode.html">Resources, XX</a>] products.
+ </li>
<li>MUST be capable of transmitting and receiving data via the following
peer-to-peer standards and protocols:
<ul>
<li>ISO 18092</li>
- <li>LLCP 1.0 (defined by the NFC Forum)</li>
+ <li>LLCP 1.2 (defined by the NFC Forum)</li>
<li>SDP 1.0 (defined by the NFC Forum)</li>
<li>NDEF Push Protocol [<a href="http://static.googleusercontent.com/media/source.android.com/en/us/compatibility/ndef-push-protocol.pdf">Resources, 84</a>]</li>
<li>SNEP 1.0 (defined by the NFC Forum)</li>
@@ -3521,8 +4048,8 @@
<ul>
<li>MUST implement the corresponding Android APIs as documented by the Android SDK.</li>
<li>MUST report the feature com.nxp.mifare from the
-android.content.pm.PackageManager.hasSystemFeature() meth<a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">od [Resources, 53]</a>. Note that this is not a standard Android feature and as such does not appear
-as a constant on the PackageManager class.</li>
+android.content.pm.PackageManager.hasSystemFeature() method <a href="http://developer.android.com/reference/android/content/pm/PackageManager.html">[Resources, 53]</a>. Note that this is not a standard Android feature and as such does not appear
+as a constant in the android.content.pm.PackageManager class.</li>
<li>MUST NOT implement the corresponding Android APIs nor report the com.nxp.mifare
feature unless it also implements general NFC support as described in this
section.</li>
@@ -3807,7 +4334,7 @@
implementations MUST have at least 1.5GB of non-volatile storage available for
application private data. That is, the /data partition MUST be at least 5GB for
Android Television devices and at least 1.5GB for other device implementations.
-Device implementations that run Android are <strong>very strongly encouraged</strong> to have at least 3GB of non-volatile storage for application private data so
+Device implementations that run Android are <strong>STRONGLY RECOMMENDED</strong> to have at least 3GB of non-volatile storage for application private data so
they will be able to upgrade to the future platform releases.</p>
<p>The Android APIs include a Download Manager that applications MAY use to
@@ -3873,6 +4400,21 @@
<li>SHOULD report a USB interface name of 'MTP'.</li>
</ul>
+<h3 id="7_6_3_adoptable_storage">7.6.3. Adoptable Storage</h3>
+
+<p>Device implementations are STRONGLY RECOMMENDED to implement adoptable
+storage if the removable storage device port is in a long-term stable location,
+such as within the battery compartment or other protective cover
+[<a
+href="http://source.android.com/devices/storage/adoptable.html">Resources,
+XX</a>].</p>
+
+<p>Device implementations such as a television, MAY enable adoption through USB
+ports as the device is expected to be static and not mobile. But for other
+device implementations that are mobile in nature, it is STRONGLY RECOMMENDED to
+implement the adoptable storage in a long-term stable location, since accidentally
+disconnecting them can cause data loss/corruption.</p>
+
<h2 id="7_7_usb">7.7. USB</h2>
@@ -3885,12 +4427,12 @@
<li>The port MUST be connectable to a USB host that has a standard type-A or type
-C USB port.</li>
<li>The port SHOULD use micro-A, micro-AB or type-C USB form factor. Existing and
-new Android devices are <strong>very strongly encouraged to meet these requirements</strong> so they will be able to upgrade to the future platform releases.</li>
+new Android devices are <strong>STRONGLY RECOMMENDED to meet these requirements</strong> so they will be able to upgrade to the future platform releases.</li>
<li>The port SHOULD be centered in the middle of an edge. Device implementations
SHOULD either locate the port on the bottom of the device (according to natural
orientation) or enable software screen rotation for all apps (including home
screen), so that the display draws correctly when the device is oriented with
-the port at bottom. Existing and new Android devices are <strong>very strongly encouraged to meet these requirements</strong> so they will be able to upgrade to future platform releases.</li>
+the port at bottom. Existing and new Android devices are <strong>STRONGLY RECOMMENDED to meet these requirements</strong> so they will be able to upgrade to future platform releases.</li>
<li>It MUST allow a USB host connected with the Android device to access the
contents of the shared storage volume using either USB mass storage or Media
Transfer Protocol.</li>
@@ -3902,9 +4444,13 @@
<li>MUST declare support for the hardware feature android.hardware.usb.accessory [<a href="http://developer.android.com/guide/topics/connectivity/usb/accessory.html">Resources, 97</a>].</li>
<li>MUST implement the USB audio class as documented in the Android SDK
documentation [<a href="http://developer.android.com/reference/android/hardware/usb/UsbConstants.html#USB_CLASS_AUDIO">Resources, 98</a>].</li>
- </ul></li>
+ <li>And also the USB mass storage class, MUST include the string "android"
+at the end of the interface description <code>iInterface</code> string of the
+USB mass storage</li>
+ </ul>
+ </li>
<li>It SHOULD implement support to draw 1.5 A current during HS chirp and traffic
-as specified in the USB battery charging specification [<a href="http://www.usb.org/developers/docs/devclass_docs/USB_Battery_Charging_1.2.pdf">Resources, 99</a>]. Existing and new Android devices are <strong>very strongly encouraged to meet these requirements</strong> so they will be able to upgrade to the future platform releases.</li>
+as specified in the USB battery charging specification [<a href="http://www.usb.org/developers/docs/devclass_docs/USB_Battery_Charging_1.2.pdf">Resources, 99</a>]. Existing and new Android devices are <strong>STRONGLY RECOMMENDED to meet these requirements</strong> so they will be able to upgrade to the future platform releases.</li>
<li>The value of iSerialNumber in USB standard device descriptor MUST be equal to
the value of android.os.Build.SERIAL.</li>
</ul>
@@ -3917,7 +4463,7 @@
cables adapting the port to a standard type-A or type-C USB port.</li>
<li>MAY use a micro-AB USB port, but if so SHOULD ship with a cable or cables
adapting the port to a standard type-A or type-C USB port.</li>
- <li>is <strong>very strongly RECOMMENDED</strong> to implement the USB audio class as documented in the Android SDK
+ <li>is <strong>STRONGLY RECOMMENDED</strong> to implement the USB audio class as documented in the Android SDK
documentation [<a href="http://developer.android.com/reference/android/hardware/usb/UsbConstants.html#USB_CLASS_AUDIO">Resources, 98</a>].</li>
<li>MUST implement the Android USB host API as documented in the Android SDK, and
MUST declare support for the hardware feature android.hardware.usb.host [<a href="http://developer.android.com/guide/topics/connectivity/usb/host.html">Resources, 100</a>].</li>
@@ -3939,12 +4485,15 @@
<p>Device implementations MAY omit a microphone. However, if a device
implementation omits a microphone, it MUST NOT report the
android.hardware.microphone feature constant, and MUST implement the audio
-recording API at least as no-ops, per <a href="#7_hardware_compatibility">section 7</a>. Conversely, device implementations that do possess a microphone:</p>
+recording API at least as no-ops, per <a href="#7_hardware_compatibility">section 7</a>.
+Conversely, device implementations that do possess a microphone:</p>
<ul>
- <li>MUST report the android.hardware.microphone feature constant
- <li>MUST meet the audio recording requirements in <a href="#5_4_audio_recording">section 5.4</a>
- <li>MUST meet the audio latency requirements in <a href="#5_6_audio_latency">section 5.6</a>
+ <li>MUST report the android.hardware.microphone feature constant</li>
+ <li>MUST meet the audio recording requirements in <a href="#5_4_audio_recording">section 5.4</a></li>
+ <li>MUST meet the audio latency requirements in <a href="#5_6_audio_latency">section 5.6</a></li>
+ <li>STRONGLY RECOMMENDED to support near-ultrasound recording as described in
+ <a href="#7_8_3_near_ultrasound">section 7.8.3</a></li>
</ul>
<h3 id="7_8_2_audio_output">7.8.2. Audio Output</h3>
@@ -3960,6 +4509,8 @@
<li>MUST report the android.hardware.audio.output feature constant.</li>
<li>MUST meet the audio playback requirements in <a href="#5_5_audio_playback">section 5.5</a>.</li>
<li>MUST meet the audio latency requirements in <a href="#5_6_audio_latency">section 5.6</a>.</li>
+ <li>STRONGLY RECOMMENDED to support near-ultrasound playback as described in
+ <a href="#7_8_3_near_ultrasound">section 7.8.3</a></li>
</ul>
<p>Conversely, if a device implementation does not include a speaker or audio
@@ -3992,7 +4543,7 @@
the audio plug:
<ul>
<li><strong>70 ohm or less</strong>: KEYCODE_HEADSETHOOK</li>
- <li><strong>210-290 Ohm</strong>:<strong> </strong>KEYCODE_VOLUME_UP</li>
+ <li><strong>210-290 Ohm</strong>: KEYCODE_VOLUME_UP</li>
<li><strong>360-680 Ohm</strong>: KEYCODE_VOLUME_DOWN</li>
</ul></li>
<li>SHOULD support the detection and mapping to the keycode for the following range
@@ -4008,6 +4559,32 @@
<li>MUST have a microphone bias voltage between 1.8V ~ 2.9V.</li>
</ul>
+<h3 id="7_8_3_near_ultrasound">7.8.3. Near-Ultrasound </h3>
+
+<p>Near-Ultrasound audio is the 18.5 kHz to 20 kHz band.
+Device implementations MUST correctly report the support
+of near-ultrasound audio capability via the
+<a href="http://developer.android.com/reference/android/media/AudioManager.html#getProperty(java.lang.String)">AudioManager.getProperty</a>
+API as follows:
+</p>
+
+<ul>
+ <li>If
+ <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_MIC_NEAR_ULTRASOUND">PROPERTY_SUPPORT_MIC_NEAR_ULTRASOUND</a>
+ is "true", then
+ <ul>
+ <li>The microphone's mean power response in the 18.5 kHz to 20 kHz band MUST be no more than
+ 15 dB below the response at 2 kHz.</li>
+ <li>The signal to noise ratio of the microphone MUST be no lower than 80 dB.</li>
+ </ul>
+ </li>
+ <li>If
+ <a href="http://developer.android.com/reference/android/media/AudioManager.html#PROPERTY_SUPPORT_SPEAKER_NEAR_ULTRASOUND">PROPERTY_SUPPORT_SPEAKER_NEAR_ULTRASOUND</a>
+ is "true", then the speaker's mean response in 18.5 kHz - 20 kHz MUST be no lower than 40 dB
+ below the response at 2 kHz.
+ </li>
+</ul>
+
<h1 id="8_performance_compatibility">8. Performance Compatibility</h1>
@@ -4070,6 +4647,23 @@
ignored. Implementations MAY add additional permissions, provided the new
permission ID strings are not in the android.* namespace.</p>
+<p>Permissions with a protection level of dangerous are runtime permissions. Applications
+with targetSdkVersion > 22 request them at runtime. Device implementations:</p>
+
+<ul>
+<li>MUST show a dedicated interface for the user to decide whether to grant the
+requested runtime permissions and also provide an interface for the user to manage
+runtime permissions.</li>
+<li>MUST have one and only one implementation of both user interfaces.</li>
+<li>MUST NOT grant any runtime permissions to preinstalled apps unless:
+ <ul>
+ <li>the user's consent can be obtained before the application uses it</li>
+ <li>the runtime permissions are associated with an intent pattern for which the preinstalled
+ application is set as the default handler</li>
+ </ul>
+</li>
+</ul>
+
<h2 id="9_2_uid_and_process_isolation">9.2. UID and Process Isolation</h2>
@@ -4159,13 +4753,6 @@
<li>Device implementations MUST, for each user, implement a security model
consistent with the Android platform security model as defined in Security and
Permissions reference document in the APIs [<a href="http://developer.android.com/guide/topics/security/permissions.html">Resources, 102</a>].</li>
- <li>Device implementations MAY support creating users and managed profiles via the
-android.app.admin.DevicePolicyManager APIs, and if supported, MUST declare the
-platform feature flag android.software.managed_users.
- <li>Device implementations that declare the feature flag
-android.software.managed_users MUST use the upstream AOSP icon badge to
-represent the managed applications and other badge UI elements like Recents &
-Notifications.</li>
<li>Each user instance on an Android device MUST have separate and isolated
external storage directories. Device implementations MAY store multiple users'
data on the same volume or filesystem. However, the device implementation MUST
@@ -4196,9 +4783,9 @@
<h2 id="9_7_kernel_security_features">9.7. Kernel Security Features</h2>
-<p>The Android Sandbox includes features that can use the Security-Enhanced Linux
+<p>The Android Sandbox includes features that use the Security-Enhanced Linux
(SELinux) mandatory access control (MAC) system and other security features in
-the Linux kernel. SELinux or any other security features, if implemented below
+the Linux kernel. SELinux or any other security features implemented below
the Android framework:</p>
<ul>
@@ -4213,31 +4800,28 @@
affect another application (such as a Device Administration API), the API MUST
NOT allow configurations that break compatibility.</p>
-<p>Devices MUST implement SELinux or an equivalent mandatory access control system
-if using a kernel other than Linux and meet the following requirements, which
-are satisfied by the reference implementation in the upstream Android Open
-Source Project.</p>
+<p>Devices MUST implement SELinux or, if using a kernel other than Linux, an
+equivalent mandatory access control system. Devices MUST also meet the
+following requirements, which are satisfied by the reference implementation
+in the upstream Android Open Source Project.</p>
<p>Device implementations:</p>
<ul>
- <li>MUST support a SELinux policy that allows the SELinux mode to be set on a
-per-domain basis, and MUST configure all domains in enforcing mode. No
-permissive mode domains are allowed, including domains specific to a
-device/vendor.</li>
- <li>SHOULD load policy from /sepolicy file on the device.</li>
+ <li>MUST set SELinux to global enforcing mode.</li>
+ <li>MUST configure all domains in enforcing mode. No permissive mode domains
+are allowed, including domains specific to a device/vendor.</li>
<li>MUST NOT modify, omit, or replace the neverallow rules present within the
-sepolicy file provided in the upstream Android Open Source Project (AOSP) and
-the policy MUST compile with all neverallow present, for both AOSP SELinux
+external/sepolicy folder provided in the upstream Android Open Source Project (AOSP) and
+the policy MUST compile with all neverallow rules present, for both AOSP SELinux
domains as well as device/vendor specific domains.</li>
- <li>MUST support dynamic updates of the SELinux policy file without requiring a
-system image update.</li>
</ul>
<p>Device implementations SHOULD retain the default SELinux policy provided in the
-upstream Android Open Source Project, until they have first audited their
-additions to the SELinux policy. Device implementations MUST be compatible with
-the upstream Android Open Source Project.</p>
+external/sepolicy folder of the upstream Android Open Source Project and only
+further add to this policy for their own device-specific configuration. Device
+implementations MUST be compatible with the upstream Android Open Source Project.
+</p>
<h2 id="9_8_privacy">9.8. Privacy</h2>
@@ -4251,22 +4835,34 @@
service with android.permission.CONTROL_VPN granted), the device implementation
MUST ask for the user's consent before enabling that mechanism.</p>
+<p>If a device implementation has a USB port with USB peripheral mode support,
+it MUST present a user interface asking for the user's consent before allowing
+access to the contents of the shared storage over the USB port.</p>
+
<h2 id="9_9_full-disk_encryption">9.9. Full-Disk Encryption</h2>
<div class="note">
<p>Optional for Android device implementations without a lock screen.</p>
</div>
+<p>If the device implementation supports a secure lock screen reporting "<code>true</code>"
+for KeyguardManager.isDeviceSecure()
+[<a href="http://developer.android.com/reference/android/app/KeyguardManager.html#isDeviceSecure()">Resources, XX</a>],
+and is not a device with restricted memory as reported through the
+ActivityManager.isLowRamDevice() method, then the device MUST support full-disk encryption
+[<a href="http://source.android.com/devices/tech/security/encryption/index.html">Resources, 107</a>]
+of the application private data (/data partition), as well as the application
+shared storage partition (/sdcard partition) if it is a permanent, non-removable
+part of the device.</p>
-<p>If the device implementation supports a lock screen with PIN (numeric) or
-PASSWORD (alphanumeric), the device MUST support full-disk encryption of the
-application private data (/data partition), as well
-as the SD card partition if it is a permanent, non-removable part of the device
-[<a href="http://source.android.com/devices/tech/security/encryption/index.html">Resources, 107</a>]. For devices supporting full-disk encryption, the full-disk encryption SHOULD
-be enabled all the time after the user has completed the out-of-box experience.
-While this requirement is stated as SHOULD for this version of the Android
-platform, it is <strong>very strongly RECOMMENDED</strong> as we expect this to change to MUST in the future versions of Android.
-Encryption MUST use AES with a key of 128-bits (or greater) and a mode designed
+<p>For device implementations supporting full-disk encryption and with Advanced
+Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk
+encryption MUST be enabled by default at the time the user has completed the out-of-box
+setup experience. If a device implementation is already launched on an earlier Android
+version with full-disk encryption disabled by default, such a device cannot
+meet the requirement through a system software update and thus MAY be exempted.</p>
+
+<p>Encryption MUST use AES with a key of 128-bits (or greater) and a mode designed
for storage (for example, AES-XTS, AES-CBC-ESSIV). The encryption key MUST NOT
be written to storage at any time without being encrypted. Other than when in
active use, the encryption key SHOULD be AES encrypted with the lockscreen
@@ -4277,7 +4873,7 @@
stretching algorithm MUST be cryptographically bound to that keystore. The
encryption key MUST NOT be sent off the device (even when wrapped with the user
passcode and/or hardware bound key). The upstream Android Open Source project
-provides a preferred implementation of this feature based on the linux kernel
+provides a preferred implementation of this feature based on the Linux kernel
feature dm-crypt.</p>
<h2 id="9_10_verified_boot">9.10. Verified Boot</h2>
@@ -4285,24 +4881,74 @@
<p>
Verified boot is a feature that guarantees the integrity of the device software.
If a device implementation supports the feature, it MUST:
+</p>
<ul>
<li>Declare the platform feature flag android.software.verified_boot</li>
<li>Perform verification on every boot sequence</li>
-<li>Start verification from a hardware key that is the root of trust, and go
-all the way up to the system partition</li>
+<li>Start verification from an immutable hardware key that is the root of trust,
+and go all the way up to the system partition</li>
<li>Implement each stage of verification to check the integrity and authenticity
of all the bytes in the next stage before executing the code in the next stage</li>
<li>Use verification algorithms as strong as current recommendations
from NIST for hashing algorithms (SHA-256) and public key sizes (RSA-2048)</li>
</ul>
+
+<p>The upstream Android Open Source Project provides a preferred implementation of this
+feature based on the Linux kernel feature dm-verity.</p>
+
+<p>Starting from Android 6.0, device implementations with Advanced Encryption Standard (AES)
+crypto perfomance above 50MiB/seconds MUST support verified boot for device integrity.
+If a device implementation is already launched without supporting verified boot on an earlier
+version of Android, such a device can not add support for this feature with a system software
+update and thus are exempted from the requirement.</p>
+
+<h2 id="9_11_keys_and_credentials">9.11. Keys and Credentials</h2>
+
+<p>The Android Keystore System
+[<a href="https://developer.android.com/training/articles/keystore.html">Resources, XX</a>]
+allows app developers to store cryptographic keys in a container and use them in cryptographic
+operations through the KeyChain API
+[<a href="https://developer.android.com/reference/android/security/KeyChain.html">Resources, XX</a>]
+or the Keystore API
+ [<a href="https://developer.android.com/reference/java/security/KeyStore.html">Resources, XX</a>].
</p>
-<p>Device implementations SHOULD support verified boot for device integrity.
-While this requirement is SHOULD for this version of the Android platform,
-it is <strong>strongly RECOMMENDED</strong> as we expect this to change to MUST
-in future versions of Android. The upstream Android Open Source Project provides
-a preferred implementation of this feature based on the linux kernel feature dm-verity.
-</p>
+<p>All Android device implementations MUST meet the following requirements:</p>
+
+<ul>
+<li>SHOULD not limit the number of keys that can be generated, and MUST at least allow more
+than 8,192 keys to be imported.</li>
+<li>The lock screen authentication MUST rate limit attempts and SHOULD have an exponential
+ backoff algorithm as implemented in the Android Open Source Project.</li>
+<li>When the device implementation supports a secure lock screen and has a secure hardware
+ such as a Secure Element (SE) where a Trusted Execution Environment (TEE) can be implemented,
+ then it:
+ <ul>
+ <li>MUST back up the keystore implementation with the secure hardware. The upstream Android
+ Open Source Project provides the Keymaster Hardware Abstraction Layer (HAL) implementation
+ that can be used to satisfy this requirement.</li>
+ <li>MUST perform the lock screen authentication in the secure hardware and only when successful
+ allow the authentication-bound keys to be used. The upstream Android Open Source Project
+ provides the Gatekeeper Hardware Abstraction Layer (HAL) that can be used to satisfy this
+ requirement
+ [<a href="http://source.android.com/devices/tech/security/authentication/gatekeeper.html">Resources, XX</a>].</li>
+ </ul>
+</li>
+</ul>
+
+<p>Note that if a device implementation is already launched on an earlier Android version and has
+ not implemented a trusted operating system on the secure hardware, such a device cannot meet
+ the above TEE-related requirements through a system software update and thus is exempted from these TEE-related requirements.</p>
+
+<h2 id="9_12_data_deletion">9.12. Data Deletion</h2>
+
+<p>Devices MUST provide users with a mechanism to perform a "Factory Data Reset"
+that allows logical and physical deletion of all data. This MUST satisfy relevant
+industry standards for data deletion such as NIST SP800-88. This MUST be used for
+the implementation of the wipeData() API (part of the Android Device Administration API)
+described in <a href="#3_9_device_administration">section 3.9 Device Administration.</p>
+
+<p>Devices MAY provide a fast data wipe that conducts a logical data erase.</p>
<h1 id="10_software_compatibility_testing">10. Software Compatibility Testing</h1>
@@ -4310,7 +4956,7 @@
<p>Device implementations MUST pass all tests described in this section.</p>
<p>However, note that no software test package is fully comprehensive. For this
-reason, device implementers are <strong>very strongly encouraged</strong> to make the minimum number of changes as possible to the reference and
+reason, device implementers are <strong>STRONGLY RECOMMENDED</strong> to make the minimum number of changes as possible to the reference and
preferred implementation of Android available from the Android Open Source
Project. This will minimize the risk of introducing bugs that create
incompatibilities requiring rework and potential device updates.</p>
@@ -4397,148 +5043,143 @@
applications, the device implementer MUST correct the error via a software
update available that can be applied per the mechanism just described.</p>
+<p>Android includes features that allow the Device Owner app (if present) to control the
+installation of system updates. To facilitate this, the system update subsystem
+for devices that report android.software.device_admin MUST implement the behavior
+described in the SystemUpdatePolicy class
+[<a href="http://developer.android.com/reference/android/app/admin/SystemUpdatePolicy.html">
+Resources, XX</a>].</p>
+
<h1 id="12_document_changelog">12. Document Changelog</h1>
-
<p>The following table contains a summary of the changes to the Compatibility
-Definition in this release. </p>
+Definition in this release.</p>
<table>
<tr>
<th>Section</th>
- <th>Summary of change</th>
+ <th>Summary of changes</th>
</tr>
<tr>
- <td>2. Device Types</td>
- <td>Added definition for Android automotive implementation.</td>
+ <td>Various</td>
+ <td>Replaced instances of the "encouraged" term with "RECOMMENDED"</td>
</tr>
<tr>
- <td>2.1 Device Configurations</td>
- <td>Added column for Android automotive implementation.</td>
+ <td>3.2.2. Build Parameters</td>
+ <td>Addition regarding hardware serial number</td>
</tr>
<tr>
- <td>3.3.2. 32-bit ARM Native Code Compatibility</td>
- <td>New section added.</td>
+ <td>3.3.1. Application Binary Interfaces</td>
+ <td>Additions for Android ABI support; change related to Vulkan library name</td>
</tr>
<tr>
<td>3.4.1. WebView Compatibility</td>
- <td>Updated webview user agent string requirement to accomodate upstream
- implementation change.</td>
- </tr>
- <tr>
- <td>3.4.2. Browser compatibility</td>
- <td>Added Android automotive implementations as another case that MAY omit a
- browser application.</td>
+ <td>Change for the user agent string reported by the WebView</td>
</tr>
<tr>
<td>3.7. Runtime Compatibility</td>
- <td>Updated required runtime heap size for smaller screens and added requirement
- for the new dpi bucket (280dpi).</td>
+ <td>Updates to memory allocation table</td>
</tr>
<tr>
- <td>3.8.3. Notifications</td>
- <td>Clarified notification requirement for Android Watch, Television and
- Automotive implementations.</td>
+ <td>3.8.6. Themes</td>
+ <td>Added requirement to support black system icons when requested by the SYSTEM_UI_FLAG_LIGHT_STATUS_BAR flag</td>
</tr>
<tr>
- <td>3.8.10. Lock Screen Media Control<</td>
- <td>Clarified requirement for Android Watch and Automotive implementations.</td>
+ <td>3.9.1. Device Provisioning</td>
+ <td>Contains new sections for device owner provisioning and managed profile provisioning</td>
</tr>
<tr>
- <td>3.8.13. Unicode and font</td>
- <td>Relaxed Emoji character input method requirement.</td>
+ <td>3.9.2. Managed Profile Support</td>
+ <td>New section with requirements for device support of managed profile functionality</td>
</tr>
<tr>
- <td>3.9. Device Administration</td>
- <td>Clarified condition when the full range of device administration policies
- has to be supported.</td>
+ <td>5.1.3. Video Codecs</td>
+ <td>Changes and additions related to Android Televisions</td>
</tr>
<tr>
- <td>3.10. Accessibility</td>
- <td>Added Android automotive requirements.</td>
+ <td>5.2. Video Encoding</td>
+ <td>Changes for encoders</td>
</tr>
<tr>
- <td>3.11. Text-To-Speech</td>
- <td>Added Android automotive requirements.</td>
+ <td>5.3. Video Decoding</td>
+ <td>Changes for decoders</td>
</tr>
<tr>
- <td>5.1. Media Codecs</td>
- <td>Mandated decoding support for codecs reported by CamcorderProfile.</td>
+ <td>5.4. Audio Recording</td>
+ <td>Additions related to audio capture</td>
</tr>
- <tr>
- <td>5.1.3 Video Codecs</td>
- <td>Added Android automotive requirements.</td>
+ <tr>
+ <td>5.10. Professional Audio</td>
+ <td>General updates for professional audio support; updates for mobile device (jack) specifications, USB audio host mode, and other updates</td>
+ </tr>
+ <tr>
+ <td>5.9. Musical Instrument Digital Interface (MIDI)</td>
+ <td>Added new section on optional Musical Instrument Digital Interface (MIDI) support</td>
+ </tr>
+<tr>
+ <td>6.1. Developer Tools</td>
+ <td>Update for drivers supporting Windows 10</td>
</tr>
<tr>
<td>7.1.1.3. Screen Density</td>
- <td>Added a new screen dpi (280dpi).</td>
+ <td>Updates for screen density, for example related to an Android watch</td>
</tr>
<tr>
- <td>7.1.5. Legacy Application Compatibility Mode</td>
- <td>Added Android automotive requirements.</td>
+ <td>7.3. Sensors (and subsections)</td>
+ <td>New requirements for some sensor types</td>
</tr>
<tr>
- <td>7.2 Input Devices</td>
- <td>Added general introduction statement.</td>
+ <td>7.3.9. High Fidelity Sensors</td>
+ <td>New section with requirements for devices supporting high fidelity sensors</td>
</tr>
<tr>
- <td>7.2.1. Keyboard</td>
- <td>Added Android Automotive requirements.</td>
+ <td>7.3.10. Fingerprint Sensor</td>
+ <td>New section on requirements related to fingerprint sensors</td>
</tr>
<tr>
- <td>7.2.3. Navigation Keys</td>
- <td>Added Android Automotive requirements.</td>
- </tr>
- <tr>
- <td>7.3.1. Accelerometer</td>
- <td>Relaxed requirement for reporting frequency on Android Watch.</td>
- </tr>
- <tr>
- <td>7.3.4. Gyroscope</td>
- <td>Relaxed requirement for reporting frequency on Android Watch.</td>
- </tr>
- <tr>
- <td>7.4.3 Bluetooth</td>
- <td>Added Android Automotive requirements.</td>
+ <td>7.4.3. Bluetooth</td>
+ <td>Addition related to Resolvable Private Address (RPA) for Bluetooth Low Energy (BLE)</td>
</tr>
<tr>
<td>7.4.4. Near-Field Communications</td>
- <td>Clarified condition for when Host Card Emulation is a requirement.</td>
+ <td>Additions to requirements for Near-Field Communications (NFC)</td>
</tr>
<tr>
- <td>7.6.1. Minimum Memory and Storage</td>
- <td>Updated minimum memory requirements for lower resulution screen devices
- and added hard-limit requirement isLowRamDevice().</td>
+ <td>7.7. USB</td>
+ <td>Requirement related to implementing the AOA specification</td>
</tr>
<tr>
- <td>7.6.2. Application Shared Storage</td>
- <td>Updated requirements when support for host machine access is mandatory.</td>
+ <td>7.8.3. Near-Ultrasound</td>
+ <td>Additions related to near-ultrasound recording, playback, and audio</td>
</tr>
<tr>
- <td>7.8.1. Microphone</td>
- <td>Added Android Automotive requirements.</td>
+ <td>9.1. Permissions</td>
+ <td>Addition to Permissions requirements</td>
</tr>
- <tr>
- <td>8.2. File I/O Access Performance</td>
- <td>Clarified requirements.</td>
+<tr>
+ <td>9.7. Kernel Security Features</td>
+ <td>SE Linux updates</td>
</tr>
- <tr>
+<tr>
<td>9.8. Privacy</td>
- <td>Added privacy requirement for preloaded VPNs.</td>
+ <td>Addition regarding user's consent for access to shared storage over a USB port</td>
</tr>
<tr>
<td>9.9. Full-Disk Encryption</td>
- <td>Clarified condition when Full-Disk encryption support is mandatory.</td>
+ <td>Requirements related to full disk encryption</td>
</tr>
<tr>
<td>9.10. Verified Boot</td>
- <td>Clarified definition of verified boot.</td>
+ <td>Additional requirement for verified boot</td>
+ </tr>
+ <tr>
+ <td>9.11. Keys and Credentials</td>
+ <td>New section of requirements related to keys and credentials</td>
</tr>
<tr>
<td>11. Updatable Software</td>
- <td>Clarified the OTA download requirement is allowed but not mandatory for
- Android Automotive implementations.</td>
+ <td>Requirement related to the system update policy set by the device owner</td>
</tr>
-</table>
+ </table>
<h1 id="13_contact_us">13. Contact Us</h1>
@@ -4636,6 +5277,23 @@
<p>41. Android Device Owner App:</p>
<p><a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isDeviceOwnerApp(java.lang.String)">http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isDeviceOwnerApp(java.lang.String)</a></p>
+<p>XX. Android Device Owner Provisioning Flow:</p>
+
+<p><a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_DEVICE">http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_DEVICE</a></p>
+<p>XX. Device Owner Provisioning via NFC:</p>
+
+<p><a href="https://source.android.com/devices/tech/admin/provision.html#device_owner_provisioning_via_nfc">https://source.android.com/devices/tech/admin/provision.html#device_owner_provisioning_via_nfc</a></p>
+<p>XX. Android Managed Profile Provisioning flow:</p>
+
+<p><a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE</a></p>
+
+<p>XX. Android Profile Owner App:</p>
+
+<p><a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProfileOwnerApp(java.lang.String)">http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#isProfileOwnerApp(java.lang.String)</a></p>
+
+<p>XX. Managed profile provisioning intent</p>
+
+<p><a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE">http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#ACTION_PROVISION_MANAGED_PROFILE</a></p>
<p>42. Android Accessibility Service APIs: <a href="http://developer.android.com/reference/android/accessibilityservice/AccessibilityService.html">http://developer.android.com/reference/android/accessibilityservice/AccessibilityService.html</a></p>
diff --git a/src/compatibility/source/android-cdd-cover.html b/src/compatibility/source/android-cdd-cover.html
index eccca0c..ee76ef8 100644
--- a/src/compatibility/source/android-cdd-cover.html
+++ b/src/compatibility/source/android-cdd-cover.html
@@ -17,14 +17,14 @@
<tr>
<td>
-<img src="images/android-marshmallow.png" alt="Marshmallow logo" style="border-top: 5px solid orange; border-bottom: 5px solid orange"/>
+<img src="images/android-marshmallow-1.png" alt="Marshmallow logo" style="border-top: 5px solid orange; border-bottom: 5px solid orange"/>
</td>
</tr>
<tr>
<td>
<p class="subtitle">Android 6.0</p>
-<p class="cover-text">Last updated: August 20th, 2015</p>
+<p class="cover-text">Last updated: October 7th, 2015</p>
<p class="cover-text">Copyright © 2015, Google Inc. All rights reserved.</p>
<p class="cover-text"><a href="mailto:compatibility@android.com">compatibility@android.com</a></p>
</td>
diff --git a/src/compatibility/source/android-cdd.css b/src/compatibility/source/android-cdd.css
index 83c46bc..cef5969 100644
--- a/src/compatibility/source/android-cdd.css
+++ b/src/compatibility/source/android-cdd.css
@@ -284,16 +284,14 @@
width: 950px;
}
-#toc_left,
-#toc_left_2 {
+#toc_left {
float: left;
padding-top:15px;
padding-bottom:15px;
width: 470px;
}
-#toc_right,
-#toc_right_2 {
+#toc_right {
float: right;
padding-top:15px;
padding-bottom:15px;
diff --git a/src/compatibility/source/images/android-marshmallow-1.png b/src/compatibility/source/images/android-marshmallow-1.png
new file mode 100644
index 0000000..4d51b87
--- /dev/null
+++ b/src/compatibility/source/images/android-marshmallow-1.png
Binary files differ
diff --git a/src/devices/devices_toc.cs b/src/devices/devices_toc.cs
index 2f9c4e2..8fd6d69 100644
--- a/src/devices/devices_toc.cs
+++ b/src/devices/devices_toc.cs
@@ -77,17 +77,6 @@
<li><a href="<?cs var:toroot ?>devices/drm.html">DRM</a></li>
<li class="nav-section">
<div class="nav-section-header">
- <a href="<?cs var:toroot ?>devices/storage/index.html">
- <span class="en">External Storage</span>
- </a>
- </div>
- <ul>
- <li><a href="<?cs var:toroot ?>devices/storage/config.html">Device Specific Configuration</a></li>
- <li><a href="<?cs var:toroot ?>devices/storage/config-example.html">Typical Configuration Examples</a></li>
- </ul>
- </li>
- <li class="nav-section">
- <div class="nav-section-header">
<a href="<?cs var:toroot ?>devices/graphics/index.html">
<span class="en">Graphics</span>
</a>
@@ -130,7 +119,17 @@
<li><a href="<?cs var:toroot ?>devices/input/validate-keymaps.html">Validate Keymaps</a></li>
</ul>
</li>
- <li><a href="<?cs var:toroot ?>devices/media.html">Media</a></li>
+ <li class="nav-section">
+ <div class="nav-section-header">
+ <a href="<?cs var:toroot ?>devices/media/index.html">
+ <span class="en">Media</span>
+ </a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>devices/media/soc.html">SoC Dependencies</a></li>
+ <li><a href="<?cs var:toroot ?>devices/media/oem.html">OEM Dependencies</a></li>
+ </ul>
+ </li>
<li class="nav-section">
<div class="nav-section-header">
<a href="<?cs var:toroot ?>devices/sensors/index.html">
@@ -151,6 +150,19 @@
</li>
<li class="nav-section">
<div class="nav-section-header">
+ <a href="<?cs var:toroot ?>devices/storage/index.html">
+ <span class="en">Storage</span>
+ </a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>devices/storage/traditional.html">Traditional Storage</a></li>
+ <li><a href="<?cs var:toroot ?>devices/storage/adoptable.html">Adoptable Storage</a></li>
+ <li><a href="<?cs var:toroot ?>devices/storage/config.html">Device Configuration</a></li>
+ <li><a href="<?cs var:toroot ?>devices/storage/config-example.html">Configuration Examples</a></li>
+ </ul>
+ </li>
+ <li class="nav-section">
+ <div class="nav-section-header">
<a href="<?cs var:toroot ?>devices/tv/index.html">
<span class="en">TV</span>
</a>
@@ -182,6 +194,25 @@
<li><a href="<?cs var:toroot ?>devices/tech/dalvik/instruction-formats.html">Instruction Formats</a></li>
<li><a href="<?cs var:toroot ?>devices/tech/dalvik/constraints.html">Constraints</a></li>
<li><a href="<?cs var:toroot ?>devices/tech/dalvik/configure.html">Configuration</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/dalvik/gc-debug.html">Garbage Collection</a></li>
+ </ul>
+ </li>
+
+ <li class="nav-section">
+ <div class="nav-section-header">
+ <a href="<?cs var:toroot ?>devices/tech/config/index.html">
+ <span class="en">Configuration</span>
+ </a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>devices/tech/config/carrier.html">Carrier Customization</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/config/filesystem.html">File System</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/config/kernel.html">Kernel</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/config/low-ram.html">Low RAM</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/config/renderer.html">OpenGLRenderer</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/config/runtime_perms.html">Runtime Permissions</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/config/uicc.html">UICC</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/config/voicemail.html">Visual Voicemail</a></li>
</ul>
</li>
@@ -201,16 +232,18 @@
<li><a href="<?cs var:toroot ?>devices/tech/datausage/kernel-changes.html">Kernel Changes</a></li>
</ul>
</li>
+
<li class="nav-section">
<div class="nav-section-header">
<a href="<?cs var:toroot ?>devices/tech/debug/index.html">
- <span class="en">Debugging and Tuning</span>
+ <span class="en">Debugging</span>
</a>
</div>
<ul>
- <li><a href="<?cs var:toroot ?>devices/tech/debug/tuning.html">Performance Tuning</a></li>
- <li><a href="<?cs var:toroot ?>devices/tech/debug/native-memory.html">Native Memory Usage</a></li>
<li><a href="<?cs var:toroot ?>devices/tech/debug/dumpsys.html">Dumpsys</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/debug/native-memory.html">Native Memory Use</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/debug/netstats.html">Network Use</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/debug/procstats.html">RAM Use</a></li>
</ul>
</li>
@@ -241,7 +274,14 @@
<a href="<?cs var:toroot ?>devices/tech/power/index.html"><span class="en">Power</span></a>
</div>
<ul>
- <li><a href="<?cs var:toroot ?>devices/tech/power/batterystats.html">Battery Usage Data</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/power/mgmt.html">Power Management</a>
+ </li>
+ <li><a href="<?cs var:toroot ?>devices/tech/power/component.html">Component Power</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/power/device.html">Device Power</a>
+ </li>
+ <li><a href="<?cs var:toroot ?>devices/tech/power/values.html">Power Values</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/power/batterystats.html">Battery Use</a>
+ </li>
</ul>
</li>
@@ -286,7 +326,42 @@
</a>
</div>
<ul>
- <li><a href="<?cs var:toroot ?>devices/tech/security/encryption/index.html">Encryption</a></li>
+ <li class="nav-section">
+ <div class="nav-section-header">
+ <a href="<?cs var:toroot ?>devices/tech/security/authentication/index.html">
+ <span class="en">Authentication</span>
+ </a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/authentication/fingerprint-hal.html">Fingerprint HAL</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/authentication/gatekeeper.html">Gatekeeper</a></li>
+ <li class="nav-section">
+ <div class="nav-section-header">
+ <a href="<?cs var:toroot ?>devices/tech/security/authentication/keymaster.html">
+ <span class="en">Keymaster</span>
+ </a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/authentication/km-features.html">Features</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/authentication/km-implementer-ref.html">Implementer's Reference</a></li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/encryption/index.html">Full Disk Encryption</a></li>
+ <li class="nav-section">
+ <div class="nav-section-header">
+ <a href="<?cs var:toroot ?>devices/tech/security/selinux/index.html">
+ <span class="en">SELinux</span>
+ </a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/selinux/concepts.html">Concepts</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/selinux/implement.html">Implementation</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/selinux/customize.html">Customization</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/selinux/validate.html">Validation</a></li>
+ </ul>
+ </li>
<li class="nav-section">
<div class="nav-section-header">
<a href="<?cs var:toroot ?>devices/tech/security/verifiedboot/index.html">
@@ -298,48 +373,13 @@
<li><a href="<?cs var:toroot ?>devices/tech/security/verifiedboot/dm-verity.html">Implementing dm-verity</a></li>
</ul>
</li>
- <li class="nav-section">
- <div class="nav-section-header">
- <a href="<?cs var:toroot ?>devices/tech/security/selinux/index.html">
- <span class="en">Security-Enhanced Linux</span>
- </a>
- </div>
- <ul>
- <li><a href="<?cs var:toroot ?>devices/tech/security/selinux/concepts.html">Concepts</a></li>
- <li><a href="<?cs var:toroot ?>devices/tech/security/selinux/implement.html">Implementation</a></li>
- <li><a href="<?cs var:toroot ?>devices/tech/security/selinux/customize.html">Customization</a></li>
- <li><a href="<?cs var:toroot ?>devices/tech/security/selinux/validate.html">Validation</a></li>
- </ul>
- </li>
+
</ul>
</li>
</ul>
<li class="nav-section">
<div class="nav-section-header">
- <a href="<?cs var:toroot ?>devices/tech/resources.html">
- <span class="en">System Resources</span>
- </a>
- </div>
- <ul>
- <li><a href="<?cs var:toroot ?>devices/tech/filesystem-config.html">File System Configuration</a></li>
- <li><a href="<?cs var:toroot ?>devices/tech/kernel.html">Kernel Configuration</a></li>
- <li><a href="<?cs var:toroot ?>devices/tech/netstats.html">Network Usage Data</a></li>
- <li class="nav-section">
- <div class="nav-section-header">
- <a href="<?cs var:toroot ?>devices/tech/ram/index.html">
- <span class="en">RAM</span>
- </a>
- </div>
- <ul>
- <li><a href="<?cs var:toroot ?>devices/tech/ram/low-ram.html">Low RAM Configuration</a></li>
- <li><a href="<?cs var:toroot ?>devices/tech/ram/procstats.html">RAM Usage Data</a></li>
- </ul>
- </li>
- </ul>
-
- <li class="nav-section">
- <div class="nav-section-header">
<a href="<?cs var:toroot ?>devices/tech/test_infra/tradefed/index.html">
<span class="en">Testing Infrastructure</span>
</a>
diff --git a/src/devices/images/media.png b/src/devices/images/media.png
deleted file mode 100644
index 7aaee93..0000000
--- a/src/devices/images/media.png
+++ /dev/null
Binary files differ
diff --git a/src/devices/images/ape_fwk_hal_media.png b/src/devices/media/images/ape_fwk_hal_media.png
similarity index 100%
rename from src/devices/images/ape_fwk_hal_media.png
rename to src/devices/media/images/ape_fwk_hal_media.png
Binary files differ
diff --git a/src/devices/images/ape_fwk_media.png b/src/devices/media/images/ape_fwk_media.png
similarity index 100%
rename from src/devices/images/ape_fwk_media.png
rename to src/devices/media/images/ape_fwk_media.png
Binary files differ
diff --git a/src/devices/media.jd b/src/devices/media/index.jd
similarity index 100%
rename from src/devices/media.jd
rename to src/devices/media/index.jd
diff --git a/src/devices/media/oem.jd b/src/devices/media/oem.jd
new file mode 100644
index 0000000..a271ecd
--- /dev/null
+++ b/src/devices/media/oem.jd
@@ -0,0 +1,162 @@
+page.title=OEM Dependencies for Media Resource Manager
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>This document is intended to help original equipment manufacturers (OEMs)
+properly implement support for Android media resource manager and related APIs.</p>
+
+<h2 id=1_max_concurrent_codec_instances>1. Max concurrent codec instances</h2>
+
+<p>The <code>CodecCapabilities.getMaxSupportedInstances</code> interface
+returns the maximum number of supported concurrent codec instances.</p>
+
+<p>The CTS test
+<code>testGetMaxSupportedInstances(android.media.cts.MediaCodecCapabilitiesTest)</code>
+is used to enforce the proper maximum is set in
+<code>/etc/media_codecs.xml</code>.</p>
+
+<p>Here is an example:</p>
+
+<pre>
+...
+<MediaCodecs>
+ ...
+ <Encoders>
+ <MediaCodec name="OMX.<em><vendor></em>.video.encoder.avc" type="video/avc" >
+ ...
+ <Limit name="concurrent-instances" max="13" />
+ </MediaCodec>
+ ...
+ </Encoders>
+ ...
+</MediaCodecs>
+</pre>
+
+<p>OEMs can use this test to generate the concurrent limits that pass the test.
+To do this:</p>
+
+ <ol>
+ <li>Run the test first using cts-tradefed.
+ <li>Evaluate the resulting failure message. Here is an example:
+
+<pre>
+There was 1 failure:
+1) testGetMaxSupportedInstances(android.media.cts.MediaCodecCapabilitiesTest)
+junit.framework.AssertionFailedError: In order to pass the test, please publish
+following codecs' concurrent instances limit in /etc/media_codecs.xml:
+<MediaCodec name="OMX.<em><vendor></em>.video.encoder.mpeg4" type="video/mp4v-es" >
+ <Limit name="concurrent-instances" max="13" />
+</MediaCodec>
+<MediaCodec name="OMX.<em><vendor></em>.video.encoder.h263" type="video/3gpp" >
+ <Limit name="concurrent-instances" max="13" />
+</MediaCodec>
+<MediaCodec name="OMX.<em><vendor></em>.video.encoder.avc" type="video/avc" >
+ <Limit name="concurrent-instances" max="13" />
+</MediaCodec>
+<MediaCodec name="OMX.<em><vendor></em>.video.encoder.vp8" type="video/x-vnd.on2.vp8" >
+ <Limit name="concurrent-instances" max="13" />
+</MediaCodec>
+<MediaCodec name="OMX.<em><vendor></em>.video.decoder.avc" type="video/avc" >
+ <Limit name="concurrent-instances" max="13" />
+</MediaCodec>
+<MediaCodec name="OMX.<em><vendor></em>.video.decoder.avc.secure" type="video/avc" >
+ <Limit name="concurrent-instances" max="4" />
+</MediaCodec>
+<MediaCodec name="OMX.<em><vendor></em>.video.decoder.mpeg4" type="video/mp4v-es" >
+ <Limit name="concurrent-instances" max="12" />
+</MediaCodec>
+<MediaCodec name="OMX.<em><vendor></em>.video.decoder.h263" type="video/3gpp" >
+ <Limit name="concurrent-instances" max="12" />
+</MediaCodec>
+<MediaCodec name="OMX.<em><vendor></em>.video.decoder.vp8" type="video/x-vnd.on2.vp8" >
+ <Limit name="concurrent-instances" max="12" />
+</MediaCodec>
+</pre>
+
+ <li>Add the <code>concurrent-instances</code> lines suggested in the test
+failure message to the <code>/etc/media_codecs.xml</code> file.
+
+ <li>Re-run the test to verify its success.
+ </ol>
+
+<h2 id=2_achievable_frame_rates_for_video_codecs>2. Achievable frame rates for video codecs</h2>
+<p>The <code>VideoCapabilities.getAchievableFrameRatesFor</code> interface
+returns the range of achievable video frame rates for a video size. This
+information must be provided by the OEM for each device via an XML file placed at
+<code>/etc/media_codecs_performance.xml</code>. These settings are tested by
+the <code>com.android.cts.videoperf.VideoEncoderDecoderTest</code> and
+<code>android.media.cts.VideoDecoderPerfTest</code> CTS tests.</p>
+
+<p>OEMs can use the CTS tests to generate the XML files that pass the tests. To do this:</p>
+ <ol>
+ <li>Run the tests first using cts-tradefed. Given the
+variability of Android performance, it is recommended the tests are run
+multiple times to get more accurate minimum and maximum values.
+ <li>Use the provided <code>get_achievable_rates.py</code> script to
+generate the XML file.
+ <li>Place the XML file at: <code>/etc/media_codecs_performance.xml</code><br>
+This is usually done by placing the XML file in the device project
+(device/<em><vendor></em>/<em><product></em>) and adding a
+<code>PRODUCT_COPY_FILES</code> line to <code>device.mk</code> like so:
+<pre>
+PRODUCT_COPY_FILES += \
+...
+ device/moto/shamu/media_codecs.xml:system/etc/media_codecs.xml \
++ device/moto/shamu/media_codecs_performance.xml:system/etc/media_codecs_performance.xml
+</pre>
+ <li>Re-run the performance tests to verify their success.
+ </ol>
+
+<h2 id=3_co-exist_of_secure_codec_and_non-secure_codec>3. Co-exist of secure codec and non-secure codec</h2>
+
+<ul>
+ <li>supports-secure-with-non-secure-codec —
+If the instance of secure codec and the instance of non-secure codec can’t
+co-exist at the same time, that should be indicated as global setting in the
+<code>media_codecs.xml</code> file.
+<pre>
+<MediaCodecs>
+ <Settings>
+ <Setting name="supports-secure-with-non-secure-codec" value="false" />
+ </Settings>
+ <Encoders>
+…
+</pre>
+ <li>supports-multiple-secure-codecs —
+If co-exist of multiple secure codec instances is not supported, that should be
+indicated as a global setting in the <code>media_codecs.xml</code> file.
+<pre>
+<MediaCodecs>
+ <Settings>
+ <Setting name="supports-multiple-secure-codecs" value="false" />
+ </Settings>
+ <Encoders>
+…
+</pre>
+ <li>Note that the both settings are true by default, meaning if they are supported,
+there’s no need to add the setting line to the <code>media_codecs.xml</code>.
+ <li>The <code>ResourceManagerTest</code> CTS tests may fail if these two settings were not set
+properly.
+</ul>
diff --git a/src/devices/media/soc.jd b/src/devices/media/soc.jd
new file mode 100644
index 0000000..e42a2af
--- /dev/null
+++ b/src/devices/media/soc.jd
@@ -0,0 +1,74 @@
+page.title=SoC Vendor Dependencies for Media Resource Manager
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>This document is intended to help system on chip vendors (SoCs) properly
+implement support for priority, operating rate and the hooks needed for Android
+media resource manager.</p>
+
+<h2 id=1_omx_errorinsufficientresources>1. OMX_ErrorInsufficientResources</h2>
+
+<p>The codec component should return
+<code>OMX_ErrorInsufficientResources</code> on <code>GetHandle</code>,
+<code>Init</code>, <code>UseBuffer</code>, <code>AllocateBuffer</code> or a
+state transition if the failure is due to insufficient resource. The error code
+will be used by the media resource manager as the indicator to potentially
+preempt media resource from other lower priority process.</p>
+
+<p>An Android Compatibility Test Suite (CTS) test exists to allocate, configure
+and start each codec repeatedly until <code>catching
+OMX_ErrorInsufficientResources</code> (pass) or any other error (fail).</p>
+
+<h2 id=2_omx_indexconfigpriority>2. OMX_IndexConfigPriority</h2>
+
+<p>This configuration lets the application describe desired codec priority.</p>
+
+<p>The associated value is an integer. Higher value means lower priority.
+Currently, only two levels are supported:</p>
+
+<ul>
+ <li>0: realtime priority - meaning that the codec shall support the given
+performance configuration (e.g. framerate) at realtime. This will only be used
+by media playback, capture, and possibly by realtime communication scenarios if
+best effort performance is not suitable.</li>
+ <li>1: non-realtime priority (best effort). This is the default value.</li>
+</ul>
+
+<p>Vendor is suggested to use this as a hint used at codec configuration and
+resource planning - to understand the realtime requirements of the application.</p>
+
+<p>Don’t assume realtime priority unless it is configured to 0.</p>
+
+<h2 id=3_omx_indexconfigoperatingrate>3. OMX_IndexConfigOperatingRate</h2>
+
+<p>This configuration lets the application describe operating frame rate for
+video or sample rate for audio at which the codec will need to operate.</p>
+
+<p>This is used for cases like high-speed/slow-motion video capture, where the
+video encoder format contains the target playback rate (e.g. 30fps), but the
+component must be able to handle the high operating capture rate (e.g. 240fps).</p>
+
+<p>This rate should be used for resource planning and setting the operating
+points.</p>
diff --git a/src/devices/storage/adoptable.jd b/src/devices/storage/adoptable.jd
new file mode 100644
index 0000000..899db9b
--- /dev/null
+++ b/src/devices/storage/adoptable.jd
@@ -0,0 +1,98 @@
+page.title=Adoptable Storage
+@jd:body
+<!--
+ Copyright 2015 The Android Open Source Project
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+
+<p>Android has always supported external storage accessories (such as SD cards), but
+these accessories were historically limited to simple file storage, due to
+their expected impermanence and the minimal data protection offered to
+<a href="{@docRoot}devices/storage/traditional.html">traditional external storage</a>.
+Android 6.0 introduces the ability to
+<a href="https://developer.android.com/preview/behavior-changes.html#behavior-adoptable-storage">adopt</a>
+external storage media to act like internal storage.</p>
+
+<p>When external storage media is adopted, it’s formatted and encrypted to only
+work with a single Android device at a time. Because the media is strongly tied
+to the Android device that adopted it, it can safely store both apps and
+private data for all users.</p>
+
+<p>When users insert new storage media (such as an SD card) in an adoptable
+location, Android asks them how they want to use the media. They can choose to
+adopt the media, which formats and encrypts it, or they can continue using it
+as-is for simple file storage. If they choose to adopt, the platform offers to
+migrate the primary shared storage contents (typically mounted at <code>/sdcard</code>)
+to the newly adopted media, freeing up valuable space on internal storage.</p>
+
+<p>Apps can be placed on adopted storage media only when the developer has
+indicated support through the <code>android:installLocation</code> attribute.
+New installs of supported apps are automatically placed on the
+storage device with the most free space, and users can move supported apps
+between storage devices in the <em>Settings</em> app. Apps moved to adopted
+media are remembered while the media is ejected,
+and return when the media is reinserted.</p>
+
+<h2 id=security>Security</h2>
+
+
+<p>The platform randomly generates an encryption key for each adopted device,
+and that key is stored on the internal storage of the Android device. This
+effectively makes the adopted media as secure as internal storage. Keys are
+associated with adopted devices based on the adopted partition GUID. The
+adopted device is encrypted using <code>dm-crypt</code> configured with the
+<code>aes-cbc-essiv:sha256</code> algorithm and a 128-bit key size.</p>
+
+<p>The on-disk layout of the adopted device closely mirrors the internal data
+partition, including SELinux labels, etc. When multi-user is supported on the
+Android device, the adopted storage device also supports multi-user with the
+same level of isolation as internal storage.</p>
+
+<p>Because the contents of an adopted storage device are strongly tied to the
+Android device that adopted it, the encryption keys should not be extractable
+from the parent device, and therefore the storage device can't be mounted elsewhere.</p>
+
+<h2 id=performance_and_stability>Performance and stability</h2>
+
+
+<p>Only external storage media in stable locations, such as a slot inside a
+battery compartment or behind a protective cover, should be considered for
+adoption to help avoid accidental data loss or corruption. In particular, USB
+devices connected to a phone or tablet should never be considered for adoption.
+One common exception would be an external USB drive connected to a TV-style
+device, because the entire TV is typically installed in a stable location.</p>
+
+<p>When a user adopts a new storage device, the platform runs a benchmark and
+compares its performance against internal storage. If the adopted device is
+significantly slower than internal storage, the platform warns the user about a
+possibly degraded experience. This benchmark was derived from the actual I/O
+behavior of popular Android apps. Currently, the AOSP implementation will only
+warn users beyond a single threshold, but device manufacturers may adapt this
+further, such as rejecting adoption completely if the card is extremely slow.</p>
+
+<p>Adopted devices must be formatted with a filesystem that supports POSIX
+permissions and extended attributes, such as <code>ext4</code> or <code>f2fs</code>.
+For optimal performance, the <code>f2fs</code> filesystem is recommended for
+flash-based storage devices.</p>
+
+<p>When performing periodic idle maintenance, the platform issues <code>FI_TRIM</code>
+to adopted media just like it does for internal storage. The current SD card
+specification does not support the <code>DISCARD</code> command; but the kernel
+instead falls back to the <code>ERASE</code> command, which SD card firmware
+may choose to use for optimization purposes.</p>
diff --git a/src/devices/storage/config-example.jd b/src/devices/storage/config-example.jd
index 347d8d5..91be81b 100644
--- a/src/devices/storage/config-example.jd
+++ b/src/devices/storage/config-example.jd
@@ -1,56 +1,53 @@
-page.title=Typical Configuration Examples
+page.title=Configuration Examples
@jd:body
-
<!--
- Copyright 2013 The Android Open Source Project
-
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
-
http://www.apache.org/licenses/LICENSE-2.0
-
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
-<p>Below are examples of external storage configurations as of Android 4.4
-for various typical devices. Only the relevant portions of the configuration
+<p>Below are examples of external storage configurations
+for various device types. Only the relevant portions of the configuration
files are included.
+<p>Due to configuration changes in Android 6.0 (like the removal of the
+<code>storage_list.xml</code> resource overlay), the configuration examples are
+split into two categories.</p>
-<h2>Physical primary only (like Nexus One)</h2>
-
+<h2 id=android_5_x>Android 5.x and earlier</h2>
+<h3 id=android_5_x_physical>Physical primary only</h3>
<p>This is a typical configuration for a device with single external storage
-device which is a physical SD card.</p>
-
+device which is a physical SD card, like Nexus One.</p>
<p>The raw physical device must first be mounted under
<code>/mnt/media_rw</code> where only the system and FUSE daemon can access
it. <code>vold</code> will then manage the <code>fuse_sdcard0</code> service
when media is inserted/removed.
-
-<h3>fstab.hardware</h3>
-
+<h4>fstab.hardware</h4>
<pre><code>[physical device node] auto vfat defaults voldmanaged=sdcard0:auto,noemulatedsd
</code></pre>
-
-<h3>init.hardware.rc</h3>
-
+<h4>init.hardware.rc</h4>
<pre><code>on init
mkdir /mnt/media_rw/sdcard0 0700 media_rw media_rw
mkdir /storage/sdcard0 0700 root root
-
export EXTERNAL_STORAGE /storage/sdcard0
-
service fuse_sdcard0 /system/bin/sdcard -u 1023 -g 1023 -d /mnt/media_rw/sdcard0 /storage/sdcard0
class late_start
disabled
</code></pre>
-
-<h3>storage_list.xml</h3>
-
+<h4>storage_list.xml</h4>
<pre><code><storage
android:mountPoint="/storage/sdcard0"
android:storageDescription="@string/storage_sd_card"
@@ -58,82 +55,57 @@
android:primary="true"
android:maxFileSize="4096" />
</code></pre>
-
-
-<h2>Emulated primary only (like Nexus 4)</h2>
-
+<h3 id=android_5_x_emulated>Emulated primary only</h3>
<p>This is a typical configuration for a device with single external storage
-device which is backed by internal storage on the device.</p>
-
-<h3>init.hardware.rc</h3>
-
+device which is backed by internal storage on the device, like Nexus 4.</p>
+<h4>init.hardware.rc</h4>
<pre><code>on init
mkdir /mnt/shell/emulated 0700 shell shell
mkdir /storage/emulated 0555 root root
-
export EXTERNAL_STORAGE /storage/emulated/legacy
export EMULATED_STORAGE_SOURCE /mnt/shell/emulated
export EMULATED_STORAGE_TARGET /storage/emulated
-
on fs
setprop ro.crypto.fuse_sdcard true
-
service sdcard /system/bin/sdcard -u 1023 -g 1023 -l /data/media /mnt/shell/emulated
class late_start
</code></pre>
-
-<h3>storage_list.xml</h3>
-
+<h4>storage_list.xml</h4>
<pre><code><storage
android:storageDescription="@string/storage_internal"
android:emulated="true"
android:mtpReserve="100" />
</code></pre>
-
-
-<h2>Emulated primary, physical secondary (like Xoom)</h2>
-
+<h3 id=android_5_x_both>Emulated primary, physical secondary</h3>
<p>This is a typical configuration for a device with multiple external
storage devices, where the primary device is backed by internal storage
-on the device, and where the secondary device is a physical SD card.</p>
-
+on the device, and where the secondary device is a physical SD card, like Xoom.</p>
<p>The raw physical device must first be mounted under
<code>/mnt/media_rw</code> where only the system and FUSE daemon can
access it. <code>vold</code> will then manage the <code>fuse_sdcard1</code>
service when media is inserted/removed.</p>
-
-<h3>fstab.hardware</h3>
-
+<h4>fstab.hardware</h4>
<pre><code>[physical device node] auto vfat defaults voldmanaged=sdcard1:auto
</code></pre>
-
-<h3>init.hardware.rc</h3>
-
+<h4>init.hardware.rc</h4>
<pre><code>on init
mkdir /mnt/shell/emulated 0700 shell shell
mkdir /storage/emulated 0555 root root
-
mkdir /mnt/media_rw/sdcard1 0700 media_rw media_rw
mkdir /storage/sdcard1 0700 root root
-
export EXTERNAL_STORAGE /storage/emulated/legacy
export EMULATED_STORAGE_SOURCE /mnt/shell/emulated
export EMULATED_STORAGE_TARGET /storage/emulated
export SECONDARY_STORAGE /storage/sdcard1
-
on fs
setprop ro.crypto.fuse_sdcard true
-
service sdcard /system/bin/sdcard -u 1023 -g 1023 -l /data/media /mnt/shell/emulated
class late_start
-
service fuse_sdcard1 /system/bin/sdcard -u 1023 -g 1023 -w 1023 -d /mnt/media_rw/sdcard1 /storage/sdcard1
class late_start
disabled
</code></pre>
-
-<h3>storage_list.xml</h3>
-
+<h4>storage_list.xml</h4>
<pre><code><storage
android:storageDescription="@string/storage_internal"
android:emulated="true"
@@ -144,3 +116,43 @@
android:removable="true"
android:maxFileSize="4096" />
</code></pre>
+
+<h2 id=android_6>Android 6.0</h2>
+<h3 id=android_6_physical>Physical primary only</h3>
+<p>This is a typical configuration for a device with single external storage
+device which is a physical SD card, like the original Android One. There is no
+secondary shared storage and the device cannot support multi-user.</p>
+<h4>fstab.device</h4>
+<pre><code>/devices/platform/mtk-msdc.1/mmc_host* auto auto defaults
+voldmanaged=sdcard0:auto,encryptable=userdata,noemulatedsd
+</code></pre>
+<h4>init.device.rc</h4>
+<pre><code>on init
+ # By default, primary storage is physical
+ setprop ro.vold.primary_physical 1
+ </code></pre>
+<h3 id=android_6_emulated> Emulated primary only</h3>
+<p>This is a typical configuration for a device with single external storage
+device which is backed by internal storage on the device, like Nexus 6.</p>
+<ul>
+ <li>Primary shared storage (<code>/sdcard</code>) is emulated on top of internal storage.
+ <li>No secondary SD card storage.
+ <li>USB OTG storage devices supported.
+ <li>Supports multi-user.
+</ul>
+<h4>fstab.device</h4>
+<pre><code>/devices/*/xhci-hcd.0.auto/usb* auto auto defaults
+ voldmanaged=usb:auto</code></pre>
+<h3 id=android_6_both>Emulated primary, physical secondary</h3>
+<p>This is a typical configuration for a device with multiple external storage
+devices, where the primary device is backed by internal storage on the device,
+and where the secondary device is a physical SD card, like Xoom.</p>
+<ul>
+ <li>Primary shared storage (<code>/sdcard</code>) is emulated on top of internal storage.
+ <li>Secondary storage is a physical SD card slot that can be adopted.
+ <li>Supports multi-user.
+</ul>
+<h4>fstab.device</h4>
+<pre><code>/devices/platform/mtk-msdc.1/mmc_host* auto auto defaults
+voldmanaged=sdcard1:auto,encryptable=userdata
+</code></pre>
diff --git a/src/devices/storage/config.jd b/src/devices/storage/config.jd
index b8e4e4f..6db706c 100644
--- a/src/devices/storage/config.jd
+++ b/src/devices/storage/config.jd
@@ -1,34 +1,36 @@
-page.title=Device Specific Configuration
+page.title=Device Configuration
@jd:body
-
<!--
- Copyright 2013 The Android Open Source Project
-
+ Copyright 2015 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
-
http://www.apache.org/licenses/LICENSE-2.0
-
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
<p>External storage is managed by a combination of the <code>vold</code> init
-service and <code>MountService</code> system servic. Mounting of physical
+service and <code>MountService</code> system service. Mounting of physical
external storage volumes is handled by <code>vold</code>, which performs
staging operations to prepare the media before exposing it to apps.</p>
+<h2 id=file_mappings>File mappings</h2>
<p>For Android 4.2.2 and earlier, the device-specific <code>vold.fstab</code>
configuration file defines mappings from sysfs devices to filesystem mount
points, and each line follows this format:</p>
-
<pre><code>dev_mount <label> <mount_point> <partition> <sysfs_path> [flags]
</code></pre>
-
<ul>
<li><code>label</code>: Label for the volume.</li>
<li><code>mount_point</code>: Filesystem path where the volume should be mounted.</li>
@@ -38,7 +40,6 @@
<li><code>flags</code>: Optional comma separated list of flags, must not contain <code>/</code>.
Possible values include <code>nonremovable</code> and <code>encryptable</code>.</li>
</ul>
-
<p>For Android releases 4.3 and later, the various fstab files used by init, vold and
recovery were unified in the <code>/fstab.<device></code> file. For external
storage volumes that are managed by <code>vold</code>, the entries should have the
@@ -58,10 +59,18 @@
be followed by a label describing the card, and a partition number or the word
<code>auto</code>. Here is an example: <code>voldmanaged=sdcard:auto</code>.
Other possible flags are <code>nonremovable</code>,
-<code>encryptable=sdcard</code>, and <code>noemulatedsd</code>.</li>
+<code>encryptable=sdcard</code>, <code>noemulatedsd</code>, and <code>encryptable=userdata</code>.</li>
</ul>
+
+<h2 id=configuration_details>Configuration details</h2>
<p>External storage interactions at and above the framework level are handled
-through <code>MountService</code>. The device-specific <code>storage_list.xml</code> configuration
+through <code>MountService</code>.
+Due to configuration changes in Android 6.0 (like the
+removal of the storage_list.xml resource overlay), the configuration details
+are split into two categories.
+
+<h3 id=android_5_x_and_earlier>Android 5.x and earlier</h3>
+The device-specific <code>storage_list.xml</code> configuration
file, typically provided through a <code>frameworks/base</code> overlay, defines the
attributes and constraints of storage devices. The <code><StorageList></code> element
contains one or more <code><storage></code> elements, exactly one of which should be marked
@@ -94,3 +103,46 @@
storage. The <code>/sdcard</code> path must also resolve to the same location, possibly
through a symlink. If a device adjusts the location of external storage between
platform updates, symlinks should be created so that old paths continue working.</p>
+
+<h3 id=android_6_0>Android 6.0</h3>
+<p>Configuration of the storage subsystem is now concentrated in the
+device-specific <code>fstab</code> file, and several historical static configuration files/variables have been
+removed to support more dynamic behavior:</p>
+<ul>
+ <li>The <code>storage_list.xml</code> resource overlay has been removed and is no longer used by the framework.
+Storage devices are now configured dynamically when detected by <code>vold</code>.
+ <li>The <code>EMULATED_STORAGE_SOURCE/TARGET</code> environment variables have been removed and are no longer used by Zygote to
+configure user-specific mount points. Instead, user separation is now enforced
+with user-specific GIDs, and primary shared storage is mounted into place by <code>vold</code> at runtime.
+ <ul>
+ <li>Developers may continue to build paths dynamically or statically depending on
+their use case. Including the UUID in the path identifies each card to make
+location clearer for developers. (For example, <code>/storage/ABCD-1234/report.txt</code> is clearly a different file than <code>/storage/DCBA-4321/report.txt</code>.)
+ </ul>
+ <li>The hard-coded FUSE services have been removed from device-specific <code>init.rc</code> files and are instead forked dynamically from <code>vold</code> when needed.
+</ul>
+<p>In addition to these configuration changes, Android 6.0 includes the notion of
+adoptable storage. For Android 6.0 devices, any physical media that is not
+adopted is viewed as portable. </p>
+
+<h4 id=adoptable_storage>Adoptable storage </h4>
+<p>To indicate an adoptable storage device in the <code>fstab</code>, use the <code>encryptable=userdata</code> attribute in the <code>fs_mgr_flags</code> field. Here’s a typical definition:</p>
+<pre><code>/devices/platform/mtk-msdc.1/mmc_host* auto auto defaults
+voldmanaged=sdcard1:auto,encryptable=userdata
+</code></pre>
+<p>When a storage device is adopted, the platform erases the contents and writes a
+GUID partition table that defines two partitions:</p>
+<ul>
+ <li>a small empty <code>android_meta</code> partition that is reserved for future use. The partition type GUID is
+19A710A2-B3CA-11E4-B026-10604B889DCF.
+ <li>a large <code>android_ext</code> partition that is encrypted using dm-crypt and formatted using either <code>ext4</code> or <code>f2fs</code> depending on the kernel capabilities. The partition type GUID is
+193D1EA4-B3CA-11E4-B075-10604B889DCF.
+</ul>
+<h4 id=portable_storage>Portable storage </h4>
+<p>In the <code>fstab</code>, storage devices with the <code>voldmanaged</code> attribute are considered to be portable by default unless another attribute
+like <code>encryptable=userdata</code> is defined. For example, here’s a typical definition for USB OTG devices:</p>
+<pre><code>/devices/*/xhci-hcd.0.auto/usb* auto auto defaults
+ voldmanaged=usb:auto
+</code></pre>
+<p>The platform uses <code>blkid</code> to detect filesystem types before mounting, and users can choose to format the
+media when the filesystem is unsupported.</p>
diff --git a/src/devices/storage/index.jd b/src/devices/storage/index.jd
index e8786ec..7e62fe6 100644
--- a/src/devices/storage/index.jd
+++ b/src/devices/storage/index.jd
@@ -1,36 +1,45 @@
-page.title=External Storage
+page.title=Storage
@jd:body
-
<!--
Copyright 2015 The Android Open Source Project
-
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
-
http://www.apache.org/licenses/LICENSE-2.0
-
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
<img style="float: right; margin: 0px 15px 15px 15px;" src="images/ape_fwk_hal_extstor.png" alt="Android external storage HAL icon"/>
+<p>Android has evolved over time to support a wide variety of storage device types
+and features. All versions of Android support devices with <a href="{@docRoot}devices/storage/traditional.html">traditional storage</a>,
+which includes portable and emulated storage. <em>Portable</em> storage can be provided by physical media, like an SD card or USB, that is for
+temporary data transfer/ file storage. The physical media may remain with the
+device for an extended period of time, but is not tied to the device and may be
+removed. SD cards have been available as portable storage since Android 1.0;
+Android 6.0 added USB support. <em>Emulated</em> storage is provided by exposing a portion of internal storage through an
+emulation layer and has been available since Android 3.0.</p>
-<p>Android supports devices with external storage, which is defined to be a
-case-insensitive filesystem with immutable POSIX permission classes and
-modes. External storage can be provided by physical media (such as an SD
-card), or by exposing a portion of internal storage through an emulation
-layer. Devices may contain multiple instances of external storage.</p>
+<p>Starting in Android 6.0, Android supports <a href="{@docRoot}devices/storage/adoptable.html"><em>adoptable</em> storage</a>, which is provided by physical media, like an SD card or USB, that is
+encrypted and formatted to behave like internal storage. Adoptable storage can
+store all types of application data. </p>
+<h2 id=permissions>Permissions</h2>
<p>Access to external storage is protected by various Android
permissions. Starting in Android 1.0, write access is protected with the
<code>WRITE_EXTERNAL_STORAGE</code> permission. Starting in Android 4.1,
read access is protected with the <code>READ_EXTERNAL_STORAGE</code>
permission.</p>
-
<p>Starting in Android 4.4, the owner, group and modes of files on external
storage devices are now synthesized based on directory structure. This
enables apps to manage their package-specific directories on external
@@ -41,65 +50,29 @@
no permissions. These synthesized permissions are accomplished by wrapping
raw storage devices in a FUSE daemon.</p>
-<p>Since external storage offers minimal protection for stored data, system
-code should not store sensitive data on external storage. Specifically,
-configuration and log files should only be stored on internal storage where
-they can be effectively protected.</p>
+<h3 id=runtime_permissions>Runtime permissions</h3>
-<h2 id="multiple-external-storage-devices">Multiple external storage devices</h2>
-
-<p>Starting in Android 4.4, multiple external storage devices are surfaced
-to developers through <code>Context.getExternalFilesDirs()</code>,
-<code>Context.getExternalCacheDirs()</code>, and
-<code>Context.getObbDirs()</code>.</p>
-
-</p>External storage devices surfaced through these APIs must be a
-semi-permanent part of the device (such as an SD card slot in a battery
-compartment). Developers expect data stored in these locations to be
-available over long periods of time. For this reason, transient storage
-devices (such as USB mass storage drives) should not be surfaced through
-these APIs.</p>
-
-<p>The <code>WRITE_EXTERNAL_STORAGE</code> permission must only grant write
-access to the primary external storage on a device. Apps must not be
-allowed to write to secondary external storage devices, except in their
-package-specific directories as allowed by synthesized
-permissions. Restricting writes in this way ensures the system can clean
-up files when applications are uninstalled.</p>
-
-
-<h2 id="multi-user-external-storage">Multi-user external storage</h2>
-
-<p>Starting in Android 4.2, devices can support multiple users, and external
-storage must meet the following constraints:</p>
+<p>Android 6.0 introduces a new <a href="{@docRoot}devices/tech/config/runtime_perms.html">runtime permissions</a> model where apps request
+capabilities when needed at runtime. Because the new model includes the <code>READ/WRITE_EXTERNAL_STORAGE</code> permissions, the platform needs to dynamically grant storage access without
+killing or restarting already-running apps. It does this by maintaining three
+distinct views of all mounted storage devices:</p>
<ul>
-<li>Each user must have their own isolated primary external storage, and
-must not have access to the primary external storage of other users.</li>
-<li>The <code>/sdcard</code> path must resolve to the correct user-specific
-primary external storage based on the user a process is running as.</li>
-<li>Storage for large OBB files in the <code>Android/obb</code> directory
-may be shared between multiple users as an optimization.</li>
-<li>Secondary external storage must not be writable by apps, except in
-package-specific directories as allowed by synthesized permissions.</li>
+ <li><code>/mnt/runtime/default</code> is shown to apps with no special storage permissions, and to the root
+namespace where <code>adbd</code> and other system components live.
+ <li><code>/mnt/runtime/read</code> is shown to apps with <code>READ_EXTERNAL_STORAGE</code>
+ <li><code>/mnt/runtime/write</code> is shown to apps with <code>WRITE_EXTERNAL_STORAGE</code>
</ul>
-<p>The default platform implementation of this feature leverages Linux kernel
-namespaces to create isolated mount tables for each Zygote-forked process,
-and then uses bind mounts to offer the correct user-specific primary external
-storage into that private namespace.</p>
+<p>At Zygote fork time, we create a mount namespace for each running app and bind
+mount the appropriate initial view into place. Later, when runtime permissions
+are granted, <code>vold</code> jumps into the mount namespace of already-running apps and bind mounts the
+upgraded view into place. Note that permission downgrades always result in the
+app being killed.</p>
-<p>At boot, the system mounts a single emulated external storage FUSE daemon
-at <code>EMULATED_STORAGE_SOURCE</code>, which is hidden from apps. After
-the Zygote forks, it bind mounts the appropriate user-specific subdirectory
-from under the FUSE daemon to <code>EMULATED_STORAGE_TARGET</code> so that
-external storage paths resolve correctly for the app. Because an app lacks
-accessible mount points for other users' storage, they can only access
-storage for the user it was started as.</p>
+<p>The <code>setns()</code> functionality used to implement this feature requires at least Linux 3.8, but
+patches have been backported successfully to Linux 3.4. The <code>PermissionsHostTest</code> CTS test can be used to verify correct kernel behavior.</p>
-<p>This implementation also uses the shared subtree kernel feature to
-propagate mount events from the default root namespace into app namespaces,
-which ensures that features like ASEC containers and OBB mounting continue
-working correctly. It does this by mounting the rootfs as shared, and then
-remounting it as slave after each Zygote namespace is created.</p>
+<p>In Android 6.0, third-party apps don’t have access to the <code>sdcard_r</code> and <code>sdcard_rw</code> GIDs. Instead, access is controlled by mounting only the appropriate runtime
+view in place for that app. Cross-user interactions are blocked using the <code>everybody</code> GID.</p>
diff --git a/src/devices/storage/traditional.jd b/src/devices/storage/traditional.jd
new file mode 100644
index 0000000..c71c644
--- /dev/null
+++ b/src/devices/storage/traditional.jd
@@ -0,0 +1,94 @@
+page.title=Traditional Storage
+@jd:body
+<!--
+ Copyright 2015 The Android Open Source Project
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<img style="float: right; margin: 0px 15px 15px 15px;" src="images/ape_fwk_hal_extstor.png" alt="Android external storage HAL icon"/>
+
+<p>Android supports devices with traditional storage, which is defined to be a
+case-insensitive filesystem with immutable POSIX permission classes and modes.
+The notion of traditional storage encompasses emulated and portable storage.
+Portable storage is defined as any external storage that is not <a href="{@docRoot}devices/storage/adoptable.html">
+adopted</a> by the
+system and therefore not formatted and encrypted or tied to a specific device.
+Because traditional external storage offers minimal protection for stored data,
+system code should not store sensitive data on external storage. Specifically,
+configuration and log files should only be stored on internal storage where
+they can be effectively protected.</p>
+
+<h2 id="multi-user-external-storage">Multi-user external storage</h2>
+<p>Starting in Android 4.2, devices can support multiple users, and external
+storage must meet the following constraints:</p>
+<ul>
+<li>Each user must have their own isolated primary external storage, and
+must not have access to the primary external storage of other users.</li>
+<li>The <code>/sdcard</code> path must resolve to the correct user-specific
+primary external storage based on the user a process is running as.</li>
+<li>Storage for large OBB files in the <code>Android/obb</code> directory
+may be shared between multiple users as an optimization.</li>
+<li>Secondary external storage must not be writable by apps, except in
+package-specific directories as allowed by synthesized permissions.</li>
+</ul>
+<p>The default platform implementation of this feature leverages Linux kernel
+namespaces to create isolated mount tables for each Zygote-forked process,
+and then uses bind mounts to offer the correct user-specific primary external
+storage into that private namespace.</p>
+<p>At boot, the system mounts a single emulated external storage FUSE daemon
+at <code>EMULATED_STORAGE_SOURCE</code>, which is hidden from apps. After
+the Zygote forks, it bind mounts the appropriate user-specific subdirectory
+from under the FUSE daemon to <code>EMULATED_STORAGE_TARGET</code> so that
+external storage paths resolve correctly for the app. Because an app lacks
+accessible mount points for other users' storage, they can only access
+storage for the user it was started as.</p>
+<p>This implementation also uses the shared subtree kernel feature to
+propagate mount events from the default root namespace into app namespaces,
+which ensures that features like ASEC containers and OBB mounting continue
+working correctly. It does this by mounting the rootfs as shared, and then
+remounting it as slave after each Zygote namespace is created.</p>
+
+<h2 id="multiple-external-storage-devices">Multiple external storage devices</h2>
+<p>Starting in Android 4.4, multiple external storage devices are surfaced
+to developers through <code>Context.getExternalFilesDirs()</code>,
+<code>Context.getExternalCacheDirs()</code>, and
+<code>Context.getObbDirs()</code>.</p>
+</p>External storage devices surfaced through these APIs must be a
+semi-permanent part of the device (such as an SD card slot in a battery
+compartment). Developers expect data stored in these locations to be
+available over long periods of time. For this reason, transient storage
+devices (such as USB mass storage drives) should not be surfaced through
+these APIs.</p>
+<p>The <code>WRITE_EXTERNAL_STORAGE</code> permission must only grant write
+access to the primary external storage on a device. Apps must not be
+allowed to write to secondary external storage devices, except in their
+package-specific directories as allowed by synthesized
+permissions. Restricting writes in this way ensures the system can clean
+up files when applications are uninstalled.</p>
+
+<h2 id=support_usb_media>USB media support</h2>
+
+<p>Android 6.0 supports portable storage devices which are only connected to the
+device for a short period of time, like USB flash drives. When a user inserts a
+new portable device, the platform shows a notification to let them copy or
+manage the contents of that device.</p>
+
+<p>In Android 6.0, any device that is not adopted is considered portable. Because
+portable storage is connected for only a short time, the platform avoids heavy
+operations such as media scanning. Third-party apps must go through the <a href="https://developer.android.com/guide/topics/providers/document-provider.html">Storage Access Framework</a> to interact with files on portable storage; direct access is explicitly
+blocked for privacy and security reasons.</p>
diff --git a/src/devices/tech/config/carrier.jd b/src/devices/tech/config/carrier.jd
new file mode 100644
index 0000000..51261ff
--- /dev/null
+++ b/src/devices/tech/config/carrier.jd
@@ -0,0 +1,236 @@
+page.title=Carrier Configuration
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>The Android 6.0 Marshmallow release introduces a capability for privileged
+applications to provide carrier-specific configuration to the platform. This
+functionality, based on the <a href="uicc.html">UICC carrier privilege
+functionality</a> introduced in Android 5.1 (Lollipop MR1), will allow carrier
+configuration to be moved away from the static configuration overlays and give
+carriers and OEMs the ability to dynamically provide carrier configuration to
+the platform through a defined interface.</p>
+
+<p>A properly signed carrier app can either be preloaded in the system image,
+installed automatically, or manually installed through an app store. The app
+will be queried by the platform to provide configuration for settings
+including:</p>
+
+<ul>
+ <li>Roaming/Non-roaming networks
+ <li>Visual Voicemail
+ <li>SMS/MMS network settings
+ <li>VoLTE/IMS configurations
+</ul>
+
+<p class="note"><strong>Note</strong>: This app must be signed with the
+certificate that has a matching signature to one on the SIM. See the <a
+href="#how_privilege_is_granted_to_a_carrier_app">How is privilege granted to a
+Carrier App</a> section for details.</p>
+
+<p>The determination of what values to return is entirely up to the Carrier App
+and can be dynamic based on detailed information passed to the app via the
+platform. </p>
+
+<p>The key benefits of this approach are:</p>
+
+<ul>
+ <li><strong>Dynamic configuration</strong> - Support for concepts like
+non-MCCMNC derived configuration, for example
+mobile virtual network operators (MVNOs) or customer opt in to extra services
+ <li><strong>Support for devices sold through any channel</strong> - e.g. an
+open market phone can be automatically configured with the right
+settings by downloading an app from an app store.
+ <li><strong>Security</strong> - Privilege to provide this configuration is
+given only to applications signed by the carrier
+ <li><strong>Defined API</strong> - Previously this configuration was stored
+mostly in internal XML overlays within the framework and not through a public
+API. The carrier config API in Android 6.0 is public and well defined.
+</ul>
+
+<h2 id=how_it_works>How it works</h2>
+
+<h3 id=loading_the_config>Loading the config</h3>
+
+<p>The carrier configuration supplied by this feature is a set of key-value pairs
+that change various telephony-related behaviors in the platform.</p>
+
+<p>The set of values for a particular device is determined by querying the
+following components in order:</p>
+
+<ol>
+ <li>The Carrier App (although this is technically optional, it is the recommended
+location for additional configuration beyond what exists in the Android Open
+Source Project - AOSP)
+ <li>The Platform Config App bundled with the system image
+ <li>Default values, hardcoded into the framework (equivalent to the behavior prior
+to M)
+</ol>
+
+<p class="caution"><strong>Important</strong>: If a value for a particular key
+is returned at any stage, the first value found takes precedence over the
+further stages.</p>
+
+<h4 id=the_platform_config_app>The Platform Config App</h4>
+
+<p>A generic Platform Config App is bundled with the system image that can supply
+values for any variables the regular Carrier App does not. The platform config
+app can be found (in M) in: <code>packages/apps/CarrierConfig</code></p>
+
+<p>This app’s purpose is to provide some per-network configuration when a Carrier
+App is not installed, and carriers/OEMs should make only minimal changes to it
+in their own images. Instead carriers should provide the separate Carrier App
+for carrier customization, allowing updates to be distributed via avenues such
+as app stores.</p>
+
+<h4 id=how_privilege_is_granted_to_a_carrier_app>How privilege is granted to a Carrier App</h4>
+
+<p>The Carrier App in question must be signed with the same certificate found on
+the SIM card, as documented in <a href="uicc.html">UICC Carrier Privileges</a>.</p>
+
+<h4 id=what_information_is_passed_to_the_carrier_app>What information is passed to the Carrier App</h4>
+
+<p>The Carrier App is supplied with the following values, enabling it to make a
+dynamic decision as to what values to return:</p>
+
+<ul>
+ <li>MCC
+ <li>MNC
+ <li>SPN
+ <li>IMSI
+ <li>GID1
+ <li>GID2
+</ul>
+
+<h4 id=when_loading_the_carrier_config_occurs>When loading the carrier config occurs</h4>
+
+<p>The building of the list of key value pairs occurs:</p>
+
+<ul>
+ <li>When the SIM is loaded (boot, or SIM hot swap)
+ <li>When the Carrier app manually triggers a reload
+ <li>When the Carrier app gets updated
+</ul>
+
+<p>See the <a
+href="http://developer.android.com/reference/android/service/carrier/CarrierService.html#onLoadConfig(android.service.carrier.CarrierIdentifier)">android.service.carrier.CarrierService#onLoadConfig()</a>
+reference for more details.</p>
+
+<p class="note"><strong>Note</strong>: The platform caches carrier
+configuration bundles and loads from the cache for SIM state changes. This is
+to speed up boot and SIM hot swap. It is assumed that without a package update
+or an explicit <code>notifyConfigChangedForSubId</code>, the config bundle has
+not been modified.</p>
+
+<h3 id=using_the_config>Using the config</h3>
+
+<p>Once the configuration has been built, the values contained within it are used
+to set various values of system configuration, including:</p>
+
+<ul>
+ <li>Internal framework telephony settings
+ <li>SDK-returned configuration values, e.g. in SmsManager
+ <li>App settings like VVM connection values in the Dialer
+</ul>
+
+<h3 id=configuration_keys>Configuration keys</h3>
+
+<p>The list of keys is defined as part of the public SDK in <code><a
+href="http://developer.android.com/reference/android/telephony/CarrierConfigManager.html">android.telephony.CarrierConfigManager</a></code>
+and cannot change within the same API level. See the table below for a summary of keys.</p>
+
+<h2 id=how_to_build_your_application>How to build your application</h2>
+
+<h3 id=create_your_application>Create your application</h3>
+
+<p>Your application must target the Android 6.0 API level (23).</p>
+
+<h3 id=declare_a_class_that_overrides_android_service_carrier_carrierservice>Declare a class that overrides android.service.carrier.CarrierService</h3>
+
+<ol>
+ <li>Override <code>onLoadConfig</code> to return the values you wish to
+supply based on the <code>service.carrier.CarrierIdentifier</code> object
+passed.
+ <li>Add logic to call <code>notifyConfigChangedForSubId</code> in scenarios
+where carrier configuration may change over time (e.g. when the
+user adds extra services to their account)
+</ol>
+
+<p>An example is below:</p>
+
+<pre>
+public class SampleCarrierConfigService extends CarrierService {
+
+ private static final String TAG = "SampleCarrierConfigService";
+
+ public SampleCarrierConfigService() {
+ Log.d(TAG, "Service created");
+ }
+
+ @Override
+ public PersistableBundle onLoadConfig(CarrierIdentifier id) {
+ Log.d(TAG, "Config being fetched");
+ PersistableBundle config = new PersistableBundle();
+ config.putBoolean(
+ CarrierConfigManager.KEY_CARRIER_VOLTE_AVAILABLE_BOOL, true);
+ config.putBoolean(
+ CarrierConfigManager.KEY_CARRIER_VOLTE_TTY_SUPPORTED_BOOL, false);
+ config.putInt(CarrierConfigManager.KEY_VOLTE_REPLACEMENT_RAT_INT, 6);
+ // Check CarrierIdentifier and add more config if needed…
+ return config;
+ }
+}
+</pre>
+
+
+<p>Please see the <a
+href="https://developer.android.com/reference/android/service/carrier/CarrierService.html">android.service.carrier.CarrierService</a> reference on developer.android.com for more details.</p>
+
+<h3 id=name_the_class_in_your_manifest>Name the class in your manifest</h3>
+
+<p>An example is below:</p>
+
+<pre>
+<service android:name=".SampleCarrierConfigService"
+android:label="@string/service_name"
+android:permission="android.permission.BIND_CARRIER_SERVICES">
+ <intent-filter>
+ <action android:name="android.service.carrier.ConfigService"/></intent-filter>
+</service>
+</pre>
+
+<h3 id=sign_app_with_same_certificate_on_sim>Sign app with same certificate on SIM</h3>
+
+<p>See <a href="uicc.html">UICC Carrier Privileges</a> for the requirements.</p>
+
+<h2 id=testing_your_application>Testing your application</h2>
+
+<p>Once you have built your configuration application, you can test your code
+with:</p>
+
+<ul>
+ <li>A SIM containing a valid certificate signature
+ <li>A device running Android 6.0 and later, for example a Nexus device
+</ul>
diff --git a/src/devices/tech/filesystem-config.jd b/src/devices/tech/config/filesystem.jd
similarity index 100%
rename from src/devices/tech/filesystem-config.jd
rename to src/devices/tech/config/filesystem.jd
diff --git a/src/devices/tech/resources.jd b/src/devices/tech/config/index.jd
similarity index 89%
rename from src/devices/tech/resources.jd
rename to src/devices/tech/config/index.jd
index dade1a7..ef58cb9 100644
--- a/src/devices/tech/resources.jd
+++ b/src/devices/tech/config/index.jd
@@ -1,4 +1,4 @@
-page.title=System Resources
+page.title=Configuration
@jd:body
<!--
@@ -17,4 +17,4 @@
limitations under the License.
-->
-<p> The following sections contain information, documentation, tips and tricks about Android system resources.</p>
+<p> The following sections contain information, documentation, tips and tricks for configuring Android components.</p>
diff --git a/src/devices/tech/kernel.jd b/src/devices/tech/config/kernel.jd
similarity index 99%
rename from src/devices/tech/kernel.jd
rename to src/devices/tech/config/kernel.jd
index 637c5c4..8d5cf43 100644
--- a/src/devices/tech/kernel.jd
+++ b/src/devices/tech/config/kernel.jd
@@ -1,4 +1,4 @@
-page.title=Android Kernel Configuration
+page.title=Kernel Configuration
@jd:body
<!--
diff --git a/src/devices/tech/ram/low-ram.jd b/src/devices/tech/config/low-ram.jd
similarity index 99%
rename from src/devices/tech/ram/low-ram.jd
rename to src/devices/tech/config/low-ram.jd
index f0892a7..d08692a 100644
--- a/src/devices/tech/ram/low-ram.jd
+++ b/src/devices/tech/config/low-ram.jd
@@ -1,4 +1,4 @@
-page.title=Low RAM
+page.title=Low RAM Configuration
@jd:body
<!--
diff --git a/src/devices/tech/debug/tuning.jd b/src/devices/tech/config/renderer.jd
similarity index 98%
rename from src/devices/tech/debug/tuning.jd
rename to src/devices/tech/config/renderer.jd
index 96cac22..f19b185 100644
--- a/src/devices/tech/debug/tuning.jd
+++ b/src/devices/tech/config/renderer.jd
@@ -1,4 +1,4 @@
-page.title=Performance tuning
+page.title=OpenGLRenderer Configuration
@jd:body
<!--
diff --git a/src/devices/tech/config/runtime_perms.jd b/src/devices/tech/config/runtime_perms.jd
new file mode 100644
index 0000000..ef54b78
--- /dev/null
+++ b/src/devices/tech/config/runtime_perms.jd
@@ -0,0 +1,107 @@
+page.title=Runtime Permissions
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>The Android 6.0 release presents a new application permission model aimed at making permissions more understandable, useful, and secure for users. The model moves Android applications that require dangerous permissions (see <a href="#affected-permissions">Affected permissions</a>) from an <i>install</i> time permission model to <i>runtime</i> permission model:</p>
+
+<ul>
+<li><strong>Install Time Permissions</strong> (<i>Android 5.1 and earlier</i>). Users grant dangerous permissions to an app when installing or updating the app. OEMs/carriers can pre-install apps with pre-granted permissions without notifying the user. </li>
+<li><strong>Runtime Permissions</strong> (Android <i>6.0 and later</i>). Users grant dangerous permissions to an app when the app is running. Applications decide when to request permissions (such as when the app launches or the user accesses a specific feature), but must allow the user to grant/deny application access to specific permission groups. OEMs/carriers can pre-install apps but cannot pre-grant permissions (see <a href="#creating-exceptions">Creating exceptions</a>). </li>
+</ul>
+
+<p>The move to runtime permissions provides users additional context and visibility into the permissions that applications are seeking or have been granted. The new model also encourages developers to help users understand why applications require the requested permissions and to provide greater transparency about the benefits and hazards of granting or denying permissions. Users can revoke application permissions using the Apps menu in Settings.</p>
+
+<h2 id="affected-permissions">Affected permissions</h2>
+
+<p>The Android 6.0 release requires only dangerous permissions to use a runtime permissions model. Dangerous permissions are higher-risk permissions (such as <code>READ_CALENDAR</code>) that grant requesting applications access to private user data or control over the device that can negatively impact the user. To view a list of dangerous permissions, run the command: <code>adb shell pm list permissions -g -d</code> .</p>
+
+<p>This release does not change the behavior of normal permissions (all non-dangerous permissions including normal, system, and signature permissions). Normal permissions are lower-risk permissions (such as <code>SET_WALLPAPER</code>) that grant requesting applications access to isolated application-level features with minimal risk to other applications, the system, or the user. As in Android 5.1 and earlier releases, the system automatically grants normal permissions to a requesting application at installation and does not prompt the user for approval. For details on permissions, refer to <a href="http://developer.android.com/guide/topics/manifest/permission-element.html"><permission> element documentation</a>.</p>
+
+<h2 id="requirements">Requirements</h2>
+
+<p>The runtime permission model applies to all applications, including pre-installed apps and apps delivered to the device as part of the setup process. Application software requirements include: </p>
+<ul>
+<li>Runtime permission model must be consistent across all devices running Android 6.0. Enforced by Android Compatibility Test Suite (CTS) tests.</li>
+<li>Apps must prompt users to grant application permissions at runtime. For details, see Updating Applications.Limited exceptions may be granted to default applications and handlers that provide basic device functionality determined to be fundamental to the expected operation of the device (i.e. the device's default Dialer app for handling ACTION_CALL may have Phone permission access). For details, see <a href="#creating-exceptions">Creating exceptions</a>.</li>
+<li>Pre-loaded apps with "dangerous permission" MUST target API level 23 and the AOSP permission model of Android 6.0 should be maintained (i.e. the UI flow during an app installation should not deviate from the AOSP implementation of PackageInstaller, users can even revoke the dangerous permissions of pre-installed apps etc.).</li>
+<li>Headless applications must use an activity to request permissions or share a UID with another application that has the necessary permissions. For details, see <a href="#headless-apps">Headless applications</a>.</li>
+</ul>
+
+<h2 id="permissions-migration">Permissions migration</h2>
+
+<p>Permissions granted to applications on Android 5.x remain granted after updating to Android 6.0, but users can revoke those permissions at any time.</p>
+
+<h2 id="integration">Integration</h2>
+
+<p>When integrating the Android 6.0 application runtime permissions model, you must update pre-installed applications to work with the new model. You can also define exceptions for apps that are the default handlers/providers for core functionality, define custom permissions, and customize the theme used in the PackageInstaller.</p>
+
+<h3 id="updating-apps">Updating applications</h3>
+
+<p>Applications on the system image and pre-installed applications are not automatically pre-granted permissions. We encourage you to work with pre-installed app developers (OEM, Carrier, and third party) to make the required app modifications using the <a href="https://developer.android.com/preview/features/runtime-permissions.html">guidelines</a> posted on the developer portal. Specifically, you must ensure that pre-installed applications are modified to avoid crashes and other issues when users revoke permissions.</p>
+
+<h4 id="preloaded-apps">Pre-loaded applications</h4>
+<p>Pre-loaded apps that use dangerous permissions MUST target API level 23 and maintain the Android 6.0 AOSP permission model (i.e. the UI flow during an app installation should not deviate from the AOSP implementation of PackageInstaller, users can even revoke the dangerous permissions of pre-installed apps etc.).</p>
+
+<h4 id="headless-apps">Headless applications</h4>
+<p>Only activities can request permissions; services cannot directly request permissions. </p>
+<ul>
+<li>In Android 5.1 and earlier releases, headless applications can request permissions when installed or pre-installed without the use of an activity.</li>
+<li>In Android 6.0, headless applications must use one of the following methods to request permissions:<ul>
+<li>Add an activity to request permissions (preferred method).</li>
+<li>Share a UID with another application that has the necessary permissions. Use this method only when you need the platform to handle multiple APKs as a single application.</li>
+</ul></li>
+</ul>
+<p>The goal is to avoid confusing users with permission requests that appear out of context.</p>
+
+<h3 id="customizing-package-install">Customizing PackageInstaller</h3>
+<p>If desired, you can customize the Permissions UI <b>theme</b> by updating the default device themes (<code>Theme.DeviceDefault.Settings</code> and <code>Theme.DeviceDefault.Light.Dialog.NoActionBar</code>) used by PackageInstaller. However, because consistency is critical for app developers, you cannot customize the placement, position, and rules of when the Permissions UI appears.</p>
+<p>To include <b>strings</b> for additional languages, contribute the strings to AOSP.</p>
+
+<h3 id="creating-exceptions">Creating exceptions</h3>
+<p>You can pre-grant permissions to applications that are default handlers or providers for core OS functionality using the <code>DefaultPermissionGrantPolicy.java</code> in PackageManager. Examples:</p>
+
+<code>
+<p>ACTION_CALL (Dialer) Default</p>
+<ul>
+<li>Phone, Contacts, SMS, Microphone</li>
+</ul>
+<p>SMS_DELIVER_ACTION (SMS/MMS) Default</p>
+<ul>
+<li>Phone, Contacts, SMS</li>
+</ul>
+</code>
+
+<h3 id="defining-custom-perms">Defining custom permissions</h3>
+<p>You can define custom permissions and groups as <i>normal</i> or <i>dangerous</i> and add OEM/Carrier-specific permissions to existing permissions groups, just as you could in Android 5.x and earlier releases.</p>
+
+<p>In the Android 6.0 release, if you add a new dangerous permission, it must be handled in the same way as other dangerous permissions (requested during app runtime and revocable by users). Specifically: </p>
+
+<ul>
+<li>You can add new permissions to a current group, but you cannot modify the AOSP mapping of dangerous permissions and dangerous permissions group (e.g. you cannot remove a permission from a group and assign to other group).</li>
+<li>You can add new permission groups in applications installed on the device, but you cannot add new permissions groups in the platform manifest.</li>
+</ul>
+
+<h2 id="testing-perms">Testing permissions</h2>
+<p>The Android 6.0 release includes new Compatibility Test Suite (CTS) tests that verify individual permissions are mapped to the correct Groups. Passing these tests is a requirement for Android 6.0 CTS compatibility.</p>
\ No newline at end of file
diff --git a/src/devices/tech/config/uicc.jd b/src/devices/tech/config/uicc.jd
new file mode 100644
index 0000000..762e25d
--- /dev/null
+++ b/src/devices/tech/config/uicc.jd
@@ -0,0 +1,310 @@
+page.title=UICC Carrier Privileges
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>Android 5.1 introduced a new mechanism to grant special privileges for APIs relevant
+to the Universal Integrated Circuit Card (UICC) owner’s apps. The Android platform will load
+certificates stored on a UICC and grant
+permission to apps signed by these certificates to make calls to a handful of
+special APIs. Since carriers have full control of the UICC, this mechanism
+provides a secure and flexible way to manage apps from the Mobile Network
+Operator (MNO) hosted on generic application distribution channels such as
+Google Play but still have special privileges on devices without the need for
+the apps to be signed by the per-device platform certificate or be
+pre-installed as a system app.</p>
+
+<h2 id=rules_on_uicc>Rules on UICC</h2>
+
+<p>Storage on the UICC is compatible with the <a
+href="http://www.globalplatform.org/specificationsdevice.asp">GlobalPlatform
+Secure Element Access Control specification</a>. The application identifier
+(AID) on card is A00000015141434C00, and the standard GET DATA command is used
+to fetch rules stored on the card. You may update these rules via card
+over-the-air (OTA) update. Data hierarchy is as follows (noting the
+two-character letter and number combination in parentheses is the object tag).
+(An extension to spec is under review.)</p>
+
+<p>Each rule is a REF-AR-DO (E2) and consists of a concatenation of a REF-DO and
+an AR-DO:</p>
+
+<ul>
+ <li>REF-DO (E1) contains a DeviceAppID-REF-DO or a concatenation of a
+DeviceAppID-REF-DO and a PKG-REF-DO.
+ <ul>
+ <li>DeviceAppID-REF-DO (C1) stores the SHA1 (20 bytes) or SHA256 (32 bytes)
+signature of the certificate.
+ <li>PKG-REF-DO (CA) is the full package name string defined in manifest, ASCII
+encoded, max length 127 bytes.
+ </ul>
+ <li>AR-DO (E3) is extended to include PERM-AR-DO (DB), which is an 8-byte bit mask
+representing 64 separate permissions.
+</ul>
+
+<p>If PKG-REF-DO is not present, any app signed by the certificate will be granted
+access; otherwise both certificate and package name need to match.</p>
+
+<h3 id=example>Example</h3>
+
+<p>App name: com.google.android.apps.myapp<br>
+Sha1 of certificate in hex string:</p>
+<pre>
+AB:CD:92:CB:B1:56:B2:80:FA:4E:14:29:A6:EC:EE:B6:E5:C1:BF:E4</pre>
+
+<p>Rule on UICC in hex string:</p>
+<pre>
+E243 <= 43 is value length in hex
+ E135
+ C114 ABCD92CBB156B280FA4E1429A6ECEEB6E5C1BFE4
+ CA1D 636F6D2E676F6F676C652E616E64726F69642E617070732E6D79617070
+ E30A
+ DB08 0000000000000001
+</pre>
+
+<h2 id=enabled_apis>Enabled APIs</h2>
+
+<p>Currently we support the following APIs, listed below (refer to
+developer.android.com for more details).</p>
+
+<h3 id=telephonymanager>TelephonyManager</h3>
+
+<p>API to check whether calling application has been granted carrier privileges:</p>
+
+<pre>
+<a
+href="http://developer.android.com/reference/android/telephony/TelephonyManager.html#hasCarrierPrivileges()">hasCarrierPrivileges</a>
+</pre>
+
+<p>APIs for brand and number override:</p>
+
+<pre>
+setOperatorBrandOverride
+setLine1NumberForDisplay
+setVoiceMailNumber
+</pre>
+
+<p>APIs for direct UICC communication:</p>
+
+<pre>
+iccOpenLogicalChannel
+iccCloseLogicalChannel
+iccExchangeSimIO
+iccTransmitApduLogicalChannel
+iccTransmitApduBasicChannel
+sendEnvelopeWithStatus
+</pre>
+
+<p>API to set device mode to global:</p>
+
+<pre>
+setPreferredNetworkTypeToGlobal
+</pre>
+
+<h3 id=smsmanager>SmsManager</h3>
+
+<p>API allows caller to create new incoming SMS messages:</p>
+
+<pre>
+injectSmsPdu
+</pre>
+
+<h4 id=carriermessagingservice>CarrierMessagingService</h4>
+
+<p>A service that receives calls from the system when new SMS and MMS are
+sent or
+received. To extend this class, you must declare the service in your manifest
+file with the android.Manifest.permission#BIND_CARRIER_MESSAGING_SERVICE
+permission and include an intent filter with the #SERVICE_INTERFACE action.</p>
+
+<pre>
+onFilterSms
+onSendTextSms
+onSendDataSms
+onSendMultipartTextSms
+onSendMms
+onDownloadMms
+</pre>
+
+<h4 id=telephonyprovider>TelephonyProvider</h4>
+
+<p>Content provider APIs that allow modification to the telephony database, value
+fields are defined at Telephony.Carriers:</p>
+
+<pre>
+insert, delete, update, query
+</pre>
+
+<p>See the <a
+href="https://developer.android.com/reference/android/provider/Telephony.html">Telephony
+reference on developer.android.com</a> for additional information.</p>
+
+<h2 id=android_platform>Android platform</h2>
+
+<p>On a detected UICC, the platform will construct internal UICC objects that
+include carrier privilege rules as part of the UICC. <a
+href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/master/src/java/com/android/internal/telephony/uicc/UiccCarrierPrivilegeRules.java">UiccCarrierPrivilegeRules.java</a>
+will load rules, parse them from the UICC card, and cache them in memory. When
+a privilege check is needed, UiccCarrierPrivilegeRules will compare the caller
+certificate with its own rules one by one. If the UICC is removed, rules will
+be destroyed along with the UICC object.</p>
+
+<h2 id=faq>FAQ</h2>
+
+<p><strong>How can certificates be updated on the UICC?
+</strong></p>
+
+<p><em>A: Use existing card OTA update mechanism.
+</em></p>
+
+<p><strong>Can it co-exist with other rules?
+</strong></p>
+
+<p><em>A: It’s fine to have other security rules on the UICC under same AID; the
+platform will filter them out automatically.
+</em></p>
+
+<p><strong>What happens when the UICC is removed for an app that relies on the
+certificates on it?
+</strong></p>
+
+<p><em>A: The app will lose its privileges because the rules associated with the UICC
+are destroyed on UICC removal.
+</em></p>
+
+<p><strong>Is there a limit on the number of certificates on the UICC?
+</strong></p>
+
+<p><em>A: The platform doesn’t limit the number of certificates; but because the check
+is linear, too many rules may incur a latency for check.
+</em></p>
+
+<p><strong>Is there a limit to number of APIs we can support via this method?
+</strong></p>
+
+<p><em>A: No, but we limit the scope of APIs to carrier related.
+</em></p>
+
+<p><strong>Are there some APIs prohibited from using this method? If so, how do you
+enforce them? (ie. Will you have tests to validate which APIs are supported via
+this method?)
+</strong></p>
+
+<p><em>A: Please refer to the "API Behavioral Compatibility" section of the <a
+href="{@docRoot}compatibility/android-cdd.pdf">Android Compatibility Definition
+Document CDD)</a>. We have some CTS tests to make sure the permission model of
+the APIs is not changed.
+</em></p>
+
+<p><strong>How does this work with the multi-SIM feature?
+</strong></p>
+
+<p><em>A: The default SIM that gets set by the user will be used.</em></p>
+
+<p><strong>Does this in any way interact or overlap with other SE access technologies e.g.
+SEEK?
+<em>A: As an example, SEEK uses the same AID as on the UICC. So the rules co-exist
+and are filtered by either SEEK or UiccCarrierPrivileges.</em>
+</strong></p>
+
+<p><strong>When is it a good time to check carrier privileges?
+<em>A: After the SIM state loaded broadcast.</em>
+</strong></p>
+
+<p><strong>Can OEMs disable part of carrier APIs?
+</strong></p>
+
+<p><em>A: No. We believe current APIs are the minimal set, and we plan to use the bit
+mask for finer granularity control in the future.
+</em></p>
+
+<p><strong>Does setOperatorBrandOverride override ALL other forms of operator name
+strings? For example, SE13, UICC SPN, network based NITZ, etc.?
+</strong></p>
+
+<p><em>A: See the SPN entry within TelephonyManager:
+<a
+href="http://developer.android.com/reference/android/telephony/TelephonyManager.html">http://developer.android.com/reference/android/telephony/TelephonyManager.html</a>
+</em></p>
+
+<p><strong>What does the injectSmsPdu method call do?
+</strong></p>
+
+<p><em>A: This facilitates SMS backup/restore in the cloud. The injectSmsPdu call
+enables the restore function.
+</em></p>
+
+<p><strong>For SMS filtering, is the onFilterSms call based on SMS UDH port filtering? Or
+would carrier apps have access to ALL incoming SMS?
+</strong></p>
+
+<p><em>A: Carriers have access to all SMS data.</em></p>
+
+<p><strong>Since the extension of DeviceAppID-REF-DO to support 32 bytes appears
+incompatible with the current GP spec (which allows 0 or 20 bytes only) why are
+you introducing this change? Do you not consider SHA-1 to be good enough to
+avoid collisions? Have you proposed this change to GP already, as this could
+be backwards incompatible with existing ARA-M / ARF?
+</strong></p>
+
+<p><em>A: For providing future proof security this extension introduces SHA-256 for
+DeviceAppID-REF-DO in addition to SHA-1 which is currently the only option in
+the GP SEAC standard. It is highly recommended to use SHA-256.</em></p>
+
+<p><strong>If DeviceAppID is 0 (empty), would you really apply the rule to all device
+applications not covered by a specific rule?
+</strong></p>
+
+<p><em>A: Carrier apis require deviceappid-ref-do be non-empty. Being empty is
+intended for test purpose and is not recommended for operational deployments.</em></p>
+
+<p><strong>According to your spec, PKG-REF-DO used just by itself, without
+DeviceAppID-REF-DO, should not be accepted. But it is still described in Table
+6-4 as extending the definition of REF-DO. Is this on purpose? What will be the
+behavior of the code when only a PKG-REF-DO is used in a REF-DO?
+</strong></p>
+
+<p><em>A: The option of having PKG-REF-DO as a single value item in REF-DO was removed
+in the latest version. PKG-REF-DO should only occur in combination with
+DeviceAppID-REF-DO.
+</em></p>
+
+<p><strong>We assume we can grant access to all carrier-based permissions or have a
+finer-grained control. What will define the mapping between the bit mask and
+the actual permissions then? One permission per class? One permission per
+method specifically? Will 64 separate permissions be enough in the long run?
+</strong></p>
+
+<p><em>A: This is reserved for the future, and we welcome suggestions.</em></p>
+
+<p><strong>Can you further define the DeviceAppID for Android specifically? Since this is
+the SHA-1 (20 bytes) hash value of the Publisher certificate used to signed the
+given app, shouldn't the name reflect that purpose? (The name could be
+confusing to many readers as the rule will be applicable then to all apps
+signed with that same Publisher certificate.)
+</strong></p>
+
+<p><em>A: See the <a
+href="#rules_on_uicc">Rules on UICC</a> section for details. The deviceAppID storing
+certificates is already supported by the existing spec. We tried to minimize
+spec changes to lower barrier for adoption. </em></p>
diff --git a/src/devices/tech/config/voicemail.jd b/src/devices/tech/config/voicemail.jd
new file mode 100644
index 0000000..2d88828
--- /dev/null
+++ b/src/devices/tech/config/voicemail.jd
@@ -0,0 +1,185 @@
+page.title=Visual Voicemail
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>Android 6.0 (Marshmallow) brings an implementation of Visual Voicemail (VVM)
+support integrated into the Dialer, allowing compatible Carrier VVM services to
+hook into the Dialer with minimal configuration. Visual voicemail lets users
+easily check voicemail without making any phone calls. Users can view a list of
+messages in an inbox-like interface, listen to them in any order, and can
+delete them as desired.</p>
+
+<p>This article gives an overview of what is provided, how carriers can integrate
+with it, and some details of the implementation.</p>
+
+<h2 id=visual_voicemail_vvm_client>Visual Voicemail (VVM) client</h2>
+
+<p>Android 6.0 includes a OMTP VVM client, which (when provided with the correct
+configuration) will connect to Carrier VVM servers and populate Visual
+Voicemail messages within the AOSP Dialer. The VVM client:</p>
+
+<ul>
+ <li>Handles the SMS messages used to activate/deactivate/query status of the
+service and the SMS messages used to notify the device of events in the
+subscriber’s mailbox
+ <li>Syncs the mailbox with the IMAP server
+ <li>Downloads the voicemails when the user chooses to listen to them
+ <li>Integrates into the Dialer for user functionality such as calling back, viewing
+unread messages, deleting messages, etc.
+</ul>
+
+<h2 id=integrate_with_the_vvm_client>Integrate with the VVM client</h2>
+
+<h3 id=implementation>Implementation</h3>
+
+<p>The Carrier must provide a Visual Voicemail server implementing the <a href="http://www.gsma.com/newsroom/wp-content/uploads/2012/07/OMTP_VVM_Specification_1_3.pdf">OMTP VVM specifications</a>. The current implementation of the Google VVM client supports the core
+features (read/delete voicemails, download/sync/listen) but the additional TUI
+features (password change, voicemail greeting, languages) are not implemented.
+At this time, we only support OMTP version 1.1 and do not use encryption for
+IMAP authentication. </p>
+
+<p><strong>Note</strong> that server-originated SMS messages to the device (e.g. STATUS or SYNC) must
+not be class 0 messages.</p>
+
+<h3 id=configuration>Configuration</h3>
+
+<p>In order for a carrier to integrate with the VVM service, the carrier must
+provide configuration details to the platform that the OMTP client can use.
+These parameters are:</p>
+
+<ul>
+ <li>Destination number and port number for SMS
+ <li>Authentication security type for IMAP (SSL, TLS, none, etc.)
+ <li>The package name of the carrier-provided Visual Voicemail app (if one is
+provided), so that the platform implementation can be disabled if that package
+is installed
+</ul>
+
+<p>These values are provided through the <a href="https://developer.android.com/reference/android/telephony/CarrierConfigManager.html">Carrier Config API</a>. This functionality, launched in Android 6.0, allows an application to
+dynamically provide telephony-related configuration to the various platform
+components that need it. In particular the following keys must have values
+defined:</p>
+
+<ul>
+ <li><code>KEY_VVM_DESTINATION_NUMBER_STRING</code>
+ <li><code>KEY_VVM_PORT_NUMBER_INT</code>
+ <li><code>KEY_VVM_TYPE_STRING</code>
+ <li><code>KEY_CARRIER_VVM_PACKAGE_NAME_STRING</code>
+</ul>
+
+<p>Please see the <a href="{@docRoot}devices/tech/config/carrier.html">Carrier Configuration</a> article for more detail.</p>
+
+<h2 id=implementation>Implementation</h2>
+
+<p>The OMTP VVM client is implemented within <code>packages/services/Telephony</code>, in particular within <code>src/com/android/phone/vvm/</code></p>
+
+<h3 id=setup>Setup</h3>
+
+<ol>
+ <li>The VVM client listens for <code>TelephonyIntents#ACTION_SIM_STATE_CHANGED</code> or <code>CarrierConfigManager#ACTION_CARRIER_CONFIG_CHANGED</code>.
+ <li>When a SIM is added that has the right Carrier Config values (<code>KEY_VVM_TYPE_STRING</code> set to <code>TelephonyManager.VVM_TYPE_OMTP</code> or <code>TelephonyManager.VVM_TYPE_CVVM</code>), the VVM client sends an ACTIVATE SMS to the value specified in <code>KEY_VVM_DESTINATION_NUMBER_STRING</code>.
+ <li>The server activates the visual voicemail service and sends the OMTP
+credentials via STATUS sms. When the VVM client receives the STATUS sms, it
+registers the voicemail source and displays the voicemail tab on the device.
+ <li>The OMTP credentials are saved locally and the device begins a full sync, as
+described below.
+</ol>
+
+<h3 id=syncing>Syncing</h3>
+
+<p>There are a variety of ways that the VVM client can sync with the carrier
+server and vice versa.</p>
+
+<ul>
+ <li><strong>Full syncs</strong> occur upon initial download. The VVM client only fetches voicemail metadata
+like date and time, origin number, duration, etc. Full syncs can be triggered
+by a:
+ <ul>
+ <li>new SIM
+ <li>device reboot
+ <li>device coming back in service
+ </ul>
+ <li><strong>Upload sync</strong> happens when a user interacts with a voicemail to read or delete it. Upload
+syncs result in the server changing its data to match the data on the device.
+For example, if the user reads a voicemail, it's marked as read on the server;
+if a user deletes a voicemail, it's deleted on the server.
+ <li><strong>Download sync</strong> occurs when the VVM client receives a "MBU" (mailbox update) SYNC sms from the
+carrier. A SYNC message contains the metadata for a new message so that it can
+be stored in the voicemail content provider.
+</ul>
+
+<h3 id=voicemail_download>Voicemail Download</h3>
+
+<p>When a user presses play to listen to a voicemail, the corresponding audio file
+is downloaded. If the user chooses to listen to the Voicemail, the Dialer can
+broadcast <code>VoicemailContract.ACTION_FETCH_VOICEMAIL</code>, which the voicemail client will receive, initiate the download of the
+content, and update the record in the platform Voicemail content provider.</p>
+
+<h3 id=disabling_vvm>Disabling VVM</h3>
+
+<p>The VVM service can be disabled or deactivated by user interaction, removal of
+a valid SIM, or replacement by a carrier VVM app. <em>Disabled</em> means that the local device no longer displays visual voicemail. <em>Deactivated</em> means that the service is turned off for the subscriber. User interaction can
+deactivate the service, SIM removal temporarily disables the service because
+it's no longer present, and carrier VVM replacement disables the Google
+component of visual voicemail.</p>
+
+<h4 id=user_interaction>User interaction</h4>
+
+<p>The user may manually enable or disable visual voicemail. If a user disables
+visual voicemail, they are also deactivating their service. When they disable
+visual voicemail, a DEACTIVATE sms is sent, the voicemail source is
+unregistered locally, and voicemail tab disappears. If they re-enable visual
+voicemail, their service is reactivated as well.</p>
+
+<h4 id=sim_removal>SIM removal</h4>
+
+<p>If there are changes to the device’s SIM state (<code>ACTION_SIM_STATE_CHANGED</code>) or Carrier Config values (<code>ACTION_CARRIER_CONFIG_CHANGED</code>), and a valid configuration for the given SIM no longer exists, then the
+voicemail source is unregistered locally and the voicemail tab disappears. If
+the SIM is replaced, VVM will be re-enabled.</p>
+
+<h4 id=replaced_by_carrier_vvm>Replaced by carrier VVM</h4>
+
+<p>If the device or the user installs a corresponding carrier visual voicemail app
+and the carrier has opted to disable Google visual voicemail if the carrier
+equivalent is installed, then the Google visual voicemail client will be
+automatically disabled. This is achieved by checking if a package with a name
+matching the <code>KEY_CARRIER_VVM_PACKAGE_NAME_STRING</code> parameter is installed.</p>
+
+<p>The VVM client can still be enabled through user interaction.</p>
+
+<h2 id=testing>Testing</h2>
+
+<p>There is an existing (since Android 4.0) set of CTS tests for the
+VoicemailProvider APIs that allow an app to insert/query/delete voicemails into
+the platform. These are the same APIs that VVM uses to add/delete voicemails so
+that any Dialer app can display them in the UI.</p>
+
+<p>To test your configuration application is passing the OMTP configuration
+correctly you can test your code with:</p>
+
+<ul>
+ <li>A SIM containing a valid certificate signature
+ <li>A device running Android 6.0 with an unmodified version of the AOSP phone framework
+</ul>
diff --git a/src/devices/tech/dalvik/gc-debug.jd b/src/devices/tech/dalvik/gc-debug.jd
new file mode 100644
index 0000000..676d38b
--- /dev/null
+++ b/src/devices/tech/dalvik/gc-debug.jd
@@ -0,0 +1,449 @@
+page.title=Debugging ART Garbage Collection
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+
+<div id="qv-wrapper">
+<div id="qv">
+ <h2 id="Contents">In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+</div>
+</div>
+
+<p>This document describes how to debug Android Runtime (ART) Garbage Collection
+(GC) correctness and performance issues. It explains how to use GC verification
+options, identify solutions for GC verification failures, and measure and
+address GC performance problems.</p>
+
+<p>See <a href="index.html">ART and Dalvik</a>, the <a
+href="dex-format.html">Dalvik Executable format</a>, and the remaining pages
+within this <a href="index.html">ART and Dalvik</a> section to work with
+ART. See <a
+href="http://developer.android.com/guide/practices/verifying-apps-art.html">Verifying
+App Behavior on the Android Runtime (ART)</a> for additional help verifying app
+behavior.</p>
+
+<h2 id=art_gc_overview>ART GC overview</h2>
+
+<p>ART, introduced as a developer option in Android 4.4, is the default Android
+runtime for Android 5.0 and beyond. The Dalvik runtime is no longer maintained
+or available and its byte-code format is now used by ART. Please note this
+section merely summarizes ART’s GC. For additional information, see the <a
+href="https://www.google.com/events/io/io14videos/b750c8da-aebe-e311-b297-00155d5066d7">Android
+runtime</a> presentation conducted at Google I/O 2014. </p>
+
+<p>ART has a few different GC plans that consist of running different garbage
+collectors. The default plan is the CMS (concurrent mark sweep) plan, which
+uses mostly sticky CMS and partial CMS. Sticky CMS is ART’s non-moving
+generational garbage collector. It scans only the portion of the heap that was
+modified since the last GC and can reclaim only the objects allocated since the
+last GC. In addition to the CMS plan, ART performs heap compaction when an app
+changes process state to a jank-imperceptible process state (e.g. background or
+cached).</p>
+
+<p>Aside from the new garbage collectors, ART also introduces a new bitmap-based
+memory allocator called RosAlloc (runs of slots allocator). This new allocator
+has sharded locking and outperforms DlMalloc by adding thread local buffers for
+small allocation sizes.</p>
+
+<p>Compared to Dalvik, the ART CMS garbage collection plan has a number of
+improvements:</p>
+
+<ul>
+ <li>The number of pauses is reduced from two to one compared to Dalvik.
+Dalvik’s first pause, which did mostly root marking, is done concurrently in
+ART by getting the threads to mark their own roots, then resume running right away.
+ <li>Similarly to Dalvik, the ART GC also has a pause before the sweeping process.
+The key difference in this area is that some of the Dalvik phases during this
+pause are done concurrently in ART. These phases include
+<code>java.lang.ref.Reference</code> processing, system weak sweeping (e.g. jni
+weak globals, etc.), re-marking non-thread roots, and card pre-cleaning. The
+phases that are still done paused in ART are scanning the dirty cards and
+re-marking the thread roots, which helps reduce the pause time.
+ <li>The last area where the ART GC improves over Dalvik is with increased GC
+throughput enabled by the sticky CMS collector. Unlike normal generational GC,
+sticky CMS is non-moving. Instead of having a dedicated region for young
+objects, young objects are kept in an allocation stack, which is basically an
+array of <code>java.lang.Object</code>. This avoids moving objects required to
+maintain low pauses but has the disadvantage of having longer collections for
+heaps with complex object graphs.
+</ul>
+
+<p>The other main other area where the ART GC is different than Dalvik is the
+introduction of moving garbage collectors. The goal of moving GCs is to
+reduce memory usage of backgrounded apps through heap compaction. Currently,
+the event that triggers heap compaction is ActivityManager process-state
+changes. When an app goes to background, it notifies ART the process state is
+no longer jank “perceptible.” This enables ART do things that cause long
+application thread pauses, such as compaction and monitor deflation. The two
+current moving GCs that are in use are homogeneous space compaction and
+semi-space compaction.</p>
+
+<ul>
+ <li>Semi-space compaction moves objects between two tightly packed bump pointer
+spaces. This moving GC occurs on low-memory devices since it saves slightly
+more memory than homogeneous space compaction. The additional savings come
+mostly from having tightly packed objects, which avoid RosAlloc / DlMalloc
+allocator accounting overhead. Since CMS is still used in the foreground and it
+can’t collect from a bump pointer space, semi space requires another transition
+when the app is foregrounded. This is not ideal since it can cause a noticeable pause.
+ <li>Homogenous space compaction works by copying from one RosAlloc space to another
+RosAlloc space. This helps reduce memory usage by reducing heap fragmentation.
+This is currently the default compaction mode for non-low-memory devices. The
+main advantage that homogeneous space compaction has over semi-space compaction
+is not needing a heap transition when the app goes back to foreground.
+</ul>
+
+<h2 id=gc_verification_and_performance_options>GC verification and performance options</h2>
+
+<p>It is possible to change the GC type if you are an OEM. The process for doing
+this involves modifying system properties through adb. Keep in mind that these
+are only modifiable on non-user or rooted builds.</p>
+
+<h3 id=changing_the_gc_type>Changing the GC type</h3>
+
+<p>There are ways to change the GC plans that ART uses. The main way to change the
+foreground GC plan is by changing the <code>dalvik.vm.gctype</code> property or
+passing in an <code>-Xgc:</code> option. It is possible to pass in multiple GC
+options separated by commas.</p>
+
+<p>In order to derive the entire list of available <code>-Xgc</code> settings,
+it is possible to type <code>adb shell dalvikvm -help</code> to print the
+various runtime command-line options.</p>
+
+<p>Here is one example that changes the GC to semi space and turns on pre-GC heap
+verification:
+<code>adb shell setprop dalvik.vm.gctype SS,preverify</code></p>
+
+<ul>
+ <li><code>CMS</code>, which is also the default value, specifies the
+concurrent mark sweep GC plan. This plan consists of running sticky
+generational CMS, partial CMS, and full CMS. The allocator for this plan is
+RosAlloc for movable objects and DlMalloc for non-movable objects.
+ <li><code>SS</code> specifies the semi space GC plan. This plan has two semi
+spaces for movable objects and a DlMalloc space for non-movable objects. The
+movable object allocator defaults to a shared bump pointer allocator which uses
+atomic operations. However, if the <code>-XX:UseTLAB</code> flag is also passed
+in, the allocator uses thread local bump pointer allocation.
+ <li><code>GSS</code> specifies the generational semi space plan. This plan is
+very similar to the semi-space plan with the exception that older-lived objects
+are promoted into a large RosAlloc space. This has the advantage of needing to
+copy significantly fewer objects for typical use cases.
+</ul>
+
+<h3 id=verifying_the_heap>Verifying the heap</h3>
+
+<p>Heap verification is probably the most useful GC option for debugging
+GC-related errors or heap corruption. Enabling heap verification causes the GC
+to check the correctness of the heap at a few points during the garbage
+collection process. Heap verification shares the same options as the ones that
+change the GC type. If enabled, heap verification verifies the roots and
+ensures that reachable objects reference only other reachable objects. GC
+verification is enabled by passing in the following -<code>Xgc</code> values:</p>
+
+<ul>
+ <li>If enabled, <code>[no]preverify</code> performs heap verification before starting the GC.
+ <li>If enabled, <code>[no]presweepingverify</code> performs heap verification
+before starting the garbage collector sweeping
+process.
+ <li>If enabled, <code>[no]postverify</code> performs heap verification after
+the GC has finished sweeping.
+ <li><code>[no]preverify_rosalloc</code>,
+<code>[no]postsweepingverify_rosalloc</code>,
+<code>[no]postverify_rosalloc</code> are also additional GC options that verify
+only the state of RosAlloc’s internal accounting. The main things verified are
+that magic values match expected constants, and free blocks of memory are all
+registered in the <code>free_page_runs_</code> map.
+</ul>
+
+<h3 id=using_the_tlab_allocator_option>Using the TLAB allocator option</h3>
+
+<p>Currently, the only option that changes the allocator used without affecting
+the active GC type is the TLAB option. This option is not available through
+system properties but can be enabled by passing in -<code>XX:UseTLAB</code> to
+<code>dalvikvm</code>. This option enables faster allocation by having a
+shorter allocation code path. Since this option requires using either the SS or
+GSS GC types, which have rather long pauses, it is not enabled by default.</p>
+
+<h2 id=performance>Performance</h2>
+
+<p>There are two main tools that can be used to measure GC performance. GC timing
+dumps and systrace. The most visual way to measure GC performance problems
+would be to use systrace to determine which GCs are causing long pauses or
+preempting application threads. Although the ART GC is relatively efficient,
+there are still a few ways to get performance problems through excessive
+allocations or bad mutator behavior.</p>
+
+<h3 id=ergonomics>Ergonomics</h3>
+
+<p>Compared to Dalvik, ART has a few key differences regarding GC ergonomics. One
+of the major improvements compared to Dalvik is no longer having GC for alloc
+in cases where we start the concurrent GC later than needed. However, there is
+one downside to this, not blocking on the GC can cause the heap to grow more
+than Dalvik in some circumstances. Fortunately, ART has heap compaction, which
+mitigates this issue by defragmenting the heap when the process changes to a
+background process state.</p>
+
+<p>The CMS GC ergonomics have two types of GCs that are regularly run. Ideally,
+the GC ergonomics will run the generational sticky CMS more often than the
+partial CMS. The GC does sticky CMS until the throughput (calculated by bytes
+freed / second of GC duration) of the last GC is less than the mean throughput
+of partial CMS. When this occurs, the ergonomics plan the next concurrent GC to
+be a partial CMS instead of sticky CMS. After the partial CMS completes, the
+ergonomics changes the next GC back to sticky CMS. One key factor that makes
+the ergonomics work is that sticky CMS doesn’t adjust the heap footprint limit
+after it completes. This causes sticky CMS to happen more and more often until
+the throughput is lower than partial CMS, which ends up growing the heap.</p>
+
+<h3 id=using_sigquit_to_obtain_gc_performance_info>Using SIGQUIT to obtain GC performance info</h3>
+
+<p>It is possible to get GC performance timings for apps by sending SIGQUIT to
+already running apps or passing in -<code>XX:DumpGCPerformanceOnShutdown</code>
+to <code>dalvikvm</code> when starting a command line program. When an app gets
+the ANR request signal (SIGQUIT) it dumps information related to its locks,
+thread stacks, and GC performance.</p>
+
+<p>The way to get GC timing dumps is to use:<br>
+<code>$ adb shell kill -S QUIT <pid></code></p>
+
+<p>This creates a <code>traces.txt</code> file in <code>/data/anr/</code>. This
+file contains some ANR dumps as well as GC timings. You can locate the
+GC timings by searching for: “Dumping cumulative Gc timings” These timings will
+show a few things that may be of interest. It will show the histogram info for
+each GC type’s phases and pauses. The pauses are usually more important to look
+at. For example:</p>
+
+<pre>
+sticky concurrent mark sweep paused: Sum: 5.491ms 99% C.I. 1.464ms-2.133ms Avg: 1.830ms Max: 2.133ms
+</pre>
+
+<p><code>This</code> shows that the average pause was 1.83ms. This should be low enough to not
+cause missed frames in most applications and shouldn’t be a concern.</p>
+
+<p>Another area of interest is time to suspend. What time to suspend measures is
+how long it takes a thread to reach a suspend point after the GC requests that
+it suspends. This time is included in the GC pauses, so it is useful to
+determine if long pauses are caused by the GC being slow or the thread
+suspending slowly. Here is an example of what a normal time to suspend
+resembles on a Nexus 5:</p>
+
+<pre>
+suspend all histogram: Sum: 1.513ms 99% C.I. 3us-546.560us Avg: 47.281us Max: 601us
+</pre>
+
+<p>There are also a few other areas of interest, such as total time spent, GC
+throughput, etc. Examples:</p>
+
+<pre>
+Total time spent in GC: 502.251ms
+Mean GC size throughput: 92MB/s
+Mean GC object throughput: 1.54702e+06 objects/s
+</pre>
+
+<p>Here is an example of how to dump the GC timings of an already running app:
+
+<pre>
+$ adb shell kill -s QUIT <pid>
+$ adb pull /data/anr/traces.txt
+</pre>
+
+<p>At this point the GC timings are inside of traces.txt. Here is example output
+from Google maps:</p>
+
+<pre>
+Start Dumping histograms for 34 iterations for sticky concurrent mark sweep
+ScanGrayAllocSpaceObjects: Sum: 196.174ms 99% C.I. 0.011ms-11.615ms Avg: 1.442ms Max: 14.091ms
+FreeList: Sum: 140.457ms 99% C.I. 6us-1676.749us Avg: 128.505us Max: 9886us
+MarkRootsCheckpoint: Sum: 110.687ms 99% C.I. 0.056ms-9.515ms Avg: 1.627ms Max: 10.280ms
+SweepArray: Sum: 78.727ms 99% C.I. 0.121ms-11.780ms Avg: 2.315ms Max: 12.744ms
+ProcessMarkStack: Sum: 77.825ms 99% C.I. 1.323us-9120us Avg: 576.481us Max: 10185us
+(Paused)ScanGrayObjects: Sum: 32.538ms 99% C.I. 286us-3235.500us Avg: 986us Max: 3434us
+AllocSpaceClearCards: Sum: 30.592ms 99% C.I. 10us-2249.999us Avg: 224.941us Max: 4765us
+MarkConcurrentRoots: Sum: 30.245ms 99% C.I. 3us-3017.999us Avg: 444.779us Max: 3774us
+ReMarkRoots: Sum: 13.144ms 99% C.I. 66us-712us Avg: 386.588us Max: 712us
+ScanGrayImageSpaceObjects: Sum: 13.075ms 99% C.I. 29us-2538.999us Avg: 192.279us Max: 3080us
+MarkingPhase: Sum: 9.743ms 99% C.I. 170us-518us Avg: 286.558us Max: 518us
+SweepSystemWeaks: Sum: 8.046ms 99% C.I. 28us-479us Avg: 236.647us Max: 479us
+MarkNonThreadRoots: Sum: 5.215ms 99% C.I. 31us-698.999us Avg: 76.691us Max: 703us
+ImageModUnionClearCards: Sum: 2.708ms 99% C.I. 26us-92us Avg: 39.823us Max: 92us
+ScanGrayZygoteSpaceObjects: Sum: 2.488ms 99% C.I. 19us-250.499us Avg: 37.696us Max: 295us
+ResetStack: Sum: 2.226ms 99% C.I. 24us-449us Avg: 65.470us Max: 452us
+ZygoteModUnionClearCards: Sum: 2.124ms 99% C.I. 18us-233.999us Avg: 32.181us Max: 291us
+FinishPhase: Sum: 1.881ms 99% C.I. 31us-431.999us Avg: 55.323us Max: 466us
+RevokeAllThreadLocalAllocationStacks: Sum: 1.749ms 99% C.I. 8us-349us Avg: 51.441us Max: 377us
+EnqueueFinalizerReferences: Sum: 1.513ms 99% C.I. 3us-201us Avg: 44.500us Max: 201us
+ProcessReferences: Sum: 438us 99% C.I. 3us-212us Avg: 12.882us Max: 212us
+ProcessCards: Sum: 381us 99% C.I. 4us-17us Avg: 5.602us Max: 17us
+PreCleanCards: Sum: 363us 99% C.I. 8us-17us Avg: 10.676us Max: 17us
+ReclaimPhase: Sum: 357us 99% C.I. 7us-91.500us Avg: 10.500us Max: 93us
+(Paused)PausePhase: Sum: 312us 99% C.I. 7us-15us Avg: 9.176us Max: 15us
+SwapBitmaps: Sum: 166us 99% C.I. 4us-8us Avg: 4.882us Max: 8us
+(Paused)ScanGrayAllocSpaceObjects: Sum: 126us 99% C.I. 14us-112us Avg: 63us Max: 112us
+MarkRoots: Sum: 121us 99% C.I. 2us-7us Avg: 3.558us Max: 7us
+(Paused)ScanGrayImageSpaceObjects: Sum: 68us 99% C.I. 68us-68us Avg: 68us Max: 68us
+BindBitmaps: Sum: 50us 99% C.I. 1us-3us Avg: 1.470us Max: 3us
+UnBindBitmaps: Sum: 49us 99% C.I. 1us-3us Avg: 1.441us Max: 3us
+SwapStacks: Sum: 47us 99% C.I. 1us-3us Avg: 1.382us Max: 3us
+RecordFree: Sum: 42us 99% C.I. 1us-3us Avg: 1.235us Max: 3us
+ForwardSoftReferences: Sum: 37us 99% C.I. 1us-2us Avg: 1.121us Max: 2us
+InitializePhase: Sum: 36us 99% C.I. 1us-2us Avg: 1.058us Max: 2us
+FindDefaultSpaceBitmap: Sum: 32us 99% C.I. 250ns-1000ns Avg: 941ns Max: 1000ns
+(Paused)ProcessMarkStack: Sum: 5us 99% C.I. 250ns-3000ns Avg: 147ns Max: 3000ns
+PreSweepingGcVerification: Sum: 0 99% C.I. 0ns-0ns Avg: 0ns Max: 0ns
+Done Dumping histograms
+sticky concurrent mark sweep paused: Sum: 63.268ms 99% C.I. 0.308ms-8.405ms
+Avg: 1.860ms Max: 8.883ms
+sticky concurrent mark sweep total time: 763.787ms mean time: 22.464ms
+sticky concurrent mark sweep freed: 1072342 objects with total size 75MB
+sticky concurrent mark sweep throughput: 1.40543e+06/s / 98MB/s
+Total time spent in GC: 4.805s
+Mean GC size throughput: 18MB/s
+Mean GC object throughput: 330899 objects/s
+Total number of allocations 2015049
+Total bytes allocated 177MB
+Free memory 4MB
+Free memory until GC 4MB
+Free memory until OOME 425MB
+Total memory 90MB
+Max memory 512MB
+Zygote space size 4MB
+Total mutator paused time: 229.566ms
+Total time waiting for GC to complete: 187.655us
+</pre>
+
+<h2 id=tools_for_analyzing_gc_correctness_problems>Tools for analyzing GC correctness problems</h2>
+
+<p>There are various things that can cause crashes inside of ART. Crashes that
+occur reading or writing to object fields may indicate heap corruption. If the
+GC crashes when it is running, it could also point to heap corruption. There
+are various things that can cause heap corruption, the most common cause is
+probably incorrect app code. Fortunately, there are tools to debug GC and
+heap-related crashes. These include the heap verification options specified
+above, valgrind, and CheckJNI.</p>
+
+<h3 id=checkjni>CheckJNI</h3>
+
+<p>Another way to verify app behavior is to use CheckJNI. CheckJNI is a mode that
+adds additional JNI checks; these aren’t enabled by default due to performance
+reasons. The checks will catch a few errors that could cause heap corruption
+such as using invalid/stale local and global references. Here is how to enable
+CheckJNI:</p>
+
+<pre>
+$ adb shell setprop dalvik.vm.checkjni true
+</pre>
+
+<p>Forcecopy mode is another part of CheckJNI that is very useful for detecting
+writes past the end of array regions. When enabled, forcecopy causes the array
+access JNI functions to always return copies with red zones. A <em>red
+zone</em> is a region at the end/start of the returned pointer that has a
+special value, which is verified when the array is released. If the values in
+the red zone don’t match what is expected, this usually means a buffer overrun
+or underrun occurred. This would cause CheckJNI to abort. Here is how to enable
+forcecopy mode:</p>
+
+<pre>
+$ adb shell setprop dalvik.vm.jniopts forcecopy
+</pre>
+
+<p>One example of an error that CheckJNI should catch is writing past the end of
+an array obtained from <code>GetPrimitiveArrayCritical</code>. This operation
+would very likely corrupt the Java heap. If the write is
+within the CheckJNI red zone area, then CheckJNI would catch the issue when the
+corresponding <code>ReleasePrimitiveArrayCritical</code> is called. Otherwise,
+the write will end up corrupting some random object in
+the Java heap and possibly causing a future GC crash. If the corrupted memory
+is a reference field, then the GC may catch the error and print a “<em>Tried to
+mark <ptr> not contained by any spaces</em>” error.</p>
+
+<p>This error occurs when the GC attempts to mark an object for which it can’t
+find a space. After this check fails, the GC traverses the roots and tries to
+see if the invalid object is a root. From here, there are two options: The
+object is a root or a non-root object.</p>
+
+<h3 id=valgrind>Valgrind</h3>
+
+<p>The ART heap supports optional valgrind instrumentation, which provides a
+way to detect reads and writes to and from an invalid heap address. ART detects
+when the app is running under valgrind and inserts red zones before and after
+each object allocation. If there are any reads or writes to these red zones,
+valgrind prints an error. One example of when this could happen is if you read
+or write past the end of an array’s elements while using direct array access
+through JNI. Since the AOT compilers use implicit null checks, it is
+recommended to use eng builds for running valgrind. Another thing to note is
+that valgrind is orders of magnitude slower than normal execution.</p>
+
+<p>Here is an example use:</p>
+
+<pre>
+# build and install
+$ mmm external/valgrind
+$ adb remount && adb sync
+# disable selinux
+$ adb shell setenforce 0
+$ adb shell setprop wrap.com.android.calculator2
+"TMPDIR=/data/data/com.android.calculator2 logwrapper valgrind"
+# push symbols
+$ adb shell mkdir /data/local/symbols
+$ adb push $OUT/symbols /data/local/symbols
+$ adb logcat
+</pre>
+
+
+<h3 id=invalid_root_example>Invalid root example</h3>
+
+<p>In the case where the object is actually an invalid root, it will print some
+useful information:
+<code>art E 5955 5955 art/runtime/gc/collector/mark_sweep.cc:383] Tried to mark 0x2
+not contained by any spaces</code></p>
+
+<pre>
+art E 5955 5955 art/runtime/gc/collector/mark_sweep.cc:384] Attempting see if
+it's a bad root
+art E 5955 5955 art/runtime/gc/collector/mark_sweep.cc:485] Found invalid
+root: 0x2
+art E 5955 5955 art/runtime/gc/collector/mark_sweep.cc:486]
+Type=RootJavaFrame thread_id=1 location=Visiting method 'java.lang.Object
+com.google.gwt.corp.collections.JavaReadableJsArray.get(int)' at dex PC 0x0002
+(native PC 0xf19609d9) vreg=1
+</pre>
+
+<p>In this case, <code>vreg 1</code> inside of
+<code>com.google.gwt.corp.collections.JavaReadableJsArray.get</code> is
+supposed to contain a heap reference but actually contains an invalid pointer
+of address <code>0x2</code>. This is clearly an invalid root. The next step to
+debug this issue would be to use <code>oatdump</code> on the oat file and look
+at the method that has the invalid root. In this case, the error turned out to
+be a compiler bug in the x86 backend. Here is the changelist that fixed it: <a
+href="https://android-review.googlesource.com/#/c/133932/">https://android-review.googlesource.com/#/c/133932/</a></p>
+
+<h3 id=corrupted_object_example>Corrupted object example</h3>
+
+<p>In the case where the object isn’t a root, output similar to the following
+prints:</p>
+
+<pre>
+01-15 12:38:00.196 1217 1238 E art : Attempting see if it's a bad root
+01-15 12:38:00.196 1217 1238 F art :
+art/runtime/gc/collector/mark_sweep.cc:381] Can't mark invalid object
+</pre>
+
+<p>When heap corruption isn’t an invalid root, it is unfortunately hard to debug.
+This error message indicates that there was at least one object in the heap
+that was pointing to the invalid object.</p>
diff --git a/src/devices/tech/netstats.jd b/src/devices/tech/debug/netstats.jd
similarity index 100%
rename from src/devices/tech/netstats.jd
rename to src/devices/tech/debug/netstats.jd
diff --git a/src/devices/tech/ram/procstats.jd b/src/devices/tech/debug/procstats.jd
similarity index 100%
rename from src/devices/tech/ram/procstats.jd
rename to src/devices/tech/debug/procstats.jd
diff --git a/src/devices/tech/power/batterystats.jd b/src/devices/tech/power/batterystats.jd
index 92aeb04..d42bc33 100644
--- a/src/devices/tech/power/batterystats.jd
+++ b/src/devices/tech/power/batterystats.jd
@@ -1,4 +1,4 @@
-page.title=Viewing Battery Usage Data
+page.title=Viewing Battery Use Data
@jd:body
<!--
@@ -42,41 +42,67 @@
<li>App UID aggregated statistics</li>
</ul>
- <p class="note">You can use the <a href=
- "https://github.com/google/battery-historian">Battery Historian</a> tool on
- the output of the dumpsys command to generate an HTML visualization of
- power-related events from the logs. This information makes it easier for
- you to understand and diagnose any battery-related issues.</p>
+ <p>Use the <a href="https://github.com/google/battery-historian">Battery
+ Historian</a> tool on the output of the dumpsys command to generate an HTML
+ visualization of power-related events from the logs. This information makes it
+ easier to understand and diagnose battery-related issues.</p>
- <h2 id="command-line_options">Command line options</h2>
-
- <p>Use the <code>--help</code> option to learn about the various options
- for tailoring the output.</p>
-
- <p>Use the <code>--checkin</code> option to get the results in
- machine-readable csv format.</p>
-
- <p>To print battery usage statistics for a given app package since the
- device was last charged, run this command:</p>
+ <h2 id="command-line_options">Command input</h2>
+ <p>The basic <code>batterystats</code> command is:</p>
<pre class="prettyprint">
-$ adb shell dumpsys batterystats --charged <package-name>
- </pre>
-
- <h2 id="sample_input">Input</h2>
-
- <p>To print battery usage statistics for all apps since the device was last
- charged, in machine-readable format, run this command:</p>
+$ adb shell dumpsys batterystats</pre>
+ <p>Supported options:</p>
+ <ul>
+ <li><code>--help</code> displays additional options for tailoring the output.
+ </li>
+ <li><code>--checkin</code> exports results in machine-readable csv format.
+ </li>
+ </ul>
+ <p>For example, to print battery usage statistics in csv format for all apps
+ since the device was last charged, run the command:</p>
<pre class="prettyprint">
-$ adb shell dumpsys batterystats --charged --checkin
- </pre>
+$ adb shell dumpsys batterystats --charged --checkin</pre>
+ <p>You can also specify a package name to get statistics for a single app. For
+ example, to print battery usage statistics for a given app package
+ since the device was last charged, run the command:</p>
+ <pre class="prettyprint">
+$ adb shell dumpsys batterystats --charged <package-name></pre>
- <h2 id="output">Output</h2>
+ <h2 id="output">Command output</h2>
- <p>The output looks like this:</p>
+ <p>The <code>batterystats</code> command generates aggregated observations
+ about battery use on the device since it was last charged. Observations may be
+ per-UID or system-level; data is selected for inclusion based on its
+ usefulness in analyzing battery performance. Output includes one (1) entry
+ per observation, and each entry consists of a comma-separated list of values
+ in the format:
+ <em>int</em>,<em>uid</em>,<em>mode</em>,<em>section</em>,<em>fields</em>
+ (one or more).</p>
- <p>$ adb shell dumpsys batterystats --charged --checkin</p>
+ <p>The first four values correspond to the following:</p>
- <pre class="no-pretty=print">
+ <ul>
+ <li>Dummy integer</li>
+
+ <li>UID</li>
+
+ <li>Aggregation mode
+
+ <ul>
+ <li>"i" for information not tied to charged/uncharged status.</li>
+ <li>"l" for --charged (usage since last charge).</li>
+ <li>"u" for --unplugged (usage since last unplugged). Deprecated in
+ Android 5.1.1.</li>
+ </ul>
+ </li>
+
+ <li><a href="#interpreting_the_output">Section identifier</a>, which
+ determines how to interpret subsequent values in the line.</li>
+ </ul>
+
+<p>Sample output:</p>
+
+ <pre class="no-pretty-print">
9,0,i,vers,11,116,K,L 9,0,i,uid,1000,android
9,0,i,uid,1000,com.android.providers.settings
9,0,i,uid,1000,com.android.inputdevices
@@ -177,6 +203,8 @@
9,0,l,pwi,idle,8.73 9,0,l,pwi,uid,5.46 9,1000,l,pwi,uid,5.11
9,0,l,pwi,wifi,3.28 9,10019,l,pwi,uid,0.847 9,10069,l,pwi,uid,0.408
9,0,l,pwi,scrn,0.385 9,10034,l,pwi,uid,0.322 9,10025,l,pwi,uid,0.185
+ 9,0,l,pwi,blue,0.0273
+ 9,0,l,pwi,cell,14.0
9,10002,l,pwi,uid,0.180 9,10023,l,pwi,uid,0.168 9,1001,l,pwi,uid,0.0297
9,10068,l,pwi,uid,0.0296 9,10057,l,pwi,uid,0.0234 9,1027,l,pwi,uid,0.0157
9,10079,l,pwi,uid,0.00905 9,10054,l,pwi,uid,0.00527
@@ -227,811 +255,320 @@
9,10068,l,nt,0,0,11929,8383,0,0,50,47,0,0
9,10069,l,nt,0,0,41553,22886,0,0,85,91,0,0</pre>
- <h2 id="interpreting_the_output">Interpreting the output</h2>
+ <h2 id="interpreting_the_output">Section identifiers</h2>
- <p>The sample output is in CSV format. Each line in the output contains
- statistics related to battery usage.</p>
+ <p>Command output for <code>batterystats</code> supports the following
+ sections:</p>
- <p>The first four values in each line correspond to the following:</p>
+ <table id="batterystats-section-ids">
- <ul>
- <li>Dummy integer</li>
-
- <li>UID</li>
-
- <li>Aggregation mode
-
- <ul>
- <li>"l" for --charged, means usage since last charge.</li>
- <li>"u" for --unplugged, which means usage since last unplugged.</li>
- <li>"i" for information that is not
- tied to charged/uncharged status.</li>
- </ul>
- </li>
-
- <li>Section identifier, which determines how to interpret the fifth
- value and the following ones in the line.</li>
- </ul>
-
- <p>Currently, there are 41 sections and the interpretation for each section
- is shown in the following table:</p>
-
- <table>
<tr>
- <td>
- <p><strong>Order</strong></p>
- </td>
-
- <td class="tab0">
- <p><strong>Section Identifier</strong></p>
- </td>
-
- <td class="tab0">
- <p><strong>Description</strong></p>
- </td>
-
- <td class="tab0">
- <p><strong>Remaining Fields</strong></p>
- </td>
+ <th width="10%">Section Identifier</th>
+ <th width="20%">Description</th>
+ <th width="70%">Remaining Fields</th>
</tr>
<tr>
- <td>
- <p>1</p>
- </td>
-
- <td class="tab0">
- <p>vers</p>
- </td>
-
- <td class="tab0">
- <p>Version</p>
- </td>
-
- <td class="tab0">
- <p>checkin version, parcel version, start platform version, end
- platform version</p>
- </td>
+ <td><p>vers</p></td>
+ <td><p>Version</p></td>
+ <td><p>checkin version, parcel version, start platform version, end
+ platform version</p></td>
</tr>
<tr>
- <td>
- <p>2</p>
- </td>
-
- <td class="tab0">
- <p>uid</p>
- </td>
-
- <td class="tab0">
- <p>UID</p>
- </td>
-
- <td class="tab0">
- <p>uid, package name</p>
- </td>
+ <td><p>uid</p></td>
+ <td><p>UID</p></td>
+ <td><p>uid, package name</p></td>
</tr>
<tr>
- <td>
- <p>3</p>
- </td>
-
- <td class="tab0">
- <p>apk</p>
- </td>
-
- <td class="tab0">
- <p>APK</p>
- </td>
-
- <td class="tab0">
- <p>wakeups, APK, service, start time, starts, launches</p>
- </td>
+ <td><p>apk</p></td>
+ <td><p>APK</p></td>
+ <td><p>wakeups, APK, service, start time, starts, launches</p></td>
</tr>
<tr>
- <td>
- <p>4</p>
- </td>
-
- <td class="tab0">
- <p>pr</p>
- </td>
-
- <td class="tab0">
- <p>Process</p>
- </td>
-
- <td class="tab0">
- <p>process, user, system, foreground, starts</p>
- </td>
+ <td><p>pr</p></td>
+ <td><p>Process</p></td>
+ <td><p>process, user, system, foreground, starts</p></td>
</tr>
<tr>
- <td>
- <p>5</p>
- </td>
-
- <td class="tab0">
- <p>sr</p>
- </td>
-
- <td class="tab0">
- <p>Sensor</p>
- </td>
-
- <td class="tab0">
- <p>sensor number, time, count</p>
- </td>
+ <td><p>sr</p></td>
+ <td><p>Sensor</p></td>
+ <td><p>sensor number, time, count</p></td>
</tr>
<tr>
- <td>
- <p>6</p>
- </td>
-
- <td class="tab0">
- <p>vib</p>
- </td>
-
- <td class="tab0">
- <p>Vibrator</p>
- </td>
-
- <td class="tab0">
- <p>time, count</p>
- </td>
+ <td><p>vib</p></td>
+ <td><p>Vibrator</p></td>
+ <td><p>time, count</p></td>
</tr>
<tr>
- <td>
- <p>7</p>
- </td>
-
- <td class="tab0">
- <p>fg</p>
- </td>
-
- <td class="tab0">
- <p>Foreground</p>
- </td>
-
- <td class="tab0">
- <p>time, count</p>
- </td>
+ <td><p>fg</p></td>
+ <td><p>Foreground</p></td>
+ <td><p>time, count</p></td>
</tr>
<tr>
- <td>
- <p>8</p>
- </td>
-
- <td class="tab0">
- <p>st</p>
- </td>
-
- <td class="tab0">
- <p>State Time</p>
- </td>
-
- <td class="tab0">
- <p>foreground, active, running</p>
- </td>
+ <td><p>st</p></td>
+ <td><p>State Time</p></td>
+ <td><p>foreground, active, running</p></td>
</tr>
<tr>
- <td>
- <p>9</p>
- </td>
-
- <td class="tab0">
- <p>wl</p>
- </td>
-
- <td class="tab0">
- <p>Wake lock</p>
- </td>
-
- <td class="tab0">
- <p>wake lock, full time, 'f', full count, partial time, 'p', partial
- count, window time, 'w', window count</p>
- </td>
+ <td><p>wl</p></td>
+ <td><p>Wake lock</p></td>
+ <td><p>wake lock, full time, 'f', full count, partial time, 'p', partial
+ count, window time, 'w', window count</p></td>
</tr>
<tr>
- <td>
- <p>10</p>
- </td>
-
- <td class="tab0">
- <p>sy</p>
- </td>
-
- <td class="tab0">
- <p>Sync</p>
- </td>
-
- <td class="tab0">
- <p>sync, time, count</p>
- </td>
+ <td><p>sy</p></td>
+ <td><p>Sync</p></td>
+ <td><p>sync, time, count</p></td>
</tr>
<tr>
- <td>
- <p>11</p>
- </td>
-
- <td class="tab0">
- <p>jb</p>
- </td>
-
- <td class="tab0">
- <p>Job</p>
- </td>
-
- <td class="tab0">
- <p>job, time, count</p>
- </td>
+ <td><p>jb</p></td>
+ <td><p>Job</p></td>
+ <td><p>job, time, count</p></td>
</tr>
<tr>
- <td>
- <p>12</p>
- </td>
-
- <td class="tab0">
- <p>kwl</p>
- </td>
-
- <td class="tab0">
- <p>Kernel Wake Lock</p>
- </td>
-
- <td class="tab0">
- <p>kernel wake lock, time, count</p>
- </td>
+ <td><p>kwl</p></td>
+ <td><p>Kernel Wake Lock</p></td>
+ <td><p>kernel wake lock, time, count</p></td>
</tr>
<tr>
- <td>
- <p>13</p>
- </td>
-
- <td class="tab0">
- <p>wr</p>
- </td>
-
- <td class="tab0">
- <p>Wakeup Reason</p>
- </td>
-
- <td class="tab0">
- <p>wakeup reason, time, count</p>
- </td>
+ <td><p>wr</p></td>
+ <td><p>Wakeup Reason</p></td>
+ <td><p>wakeup reason, time, count</p></td>
</tr>
<tr>
- <td>
- <p>14</p>
- </td>
-
- <td class="tab0">
- <p>nt</p>
- </td>
-
- <td class="tab0">
- <p>Network</p>
- </td>
-
- <td class="tab0">
- <p>mobile bytes RX, mobile bytes TX, Wi-Fi bytes RX, Wi-Fi bytes TX,
+ <td><p>nt</p></td>
+ <td><p>Network</p></td>
+ <td><p>mobile bytes RX, mobile bytes TX, Wi-Fi bytes RX, Wi-Fi bytes TX,
mobile packets RX, mobile packets TX, Wi-Fi packets RX, Wi-Fi packets
- TX, mobile active time, mobile active count</p>
- </td>
+ TX, mobile active time, mobile active count</p></td>
</tr>
<tr>
- <td>
- <p>15</p>
- </td>
-
- <td class="tab0">
- <p>ua</p>
- </td>
-
- <td class="tab0">
- <p>User Activity</p>
- </td>
-
- <td class="tab0">
- <p>other, button, touch</p>
- </td>
+ <td><p>ua</p></td>
+ <td><p>User Activity</p></td>
+ <td><p>other, button, touch</p></td>
</tr>
<tr>
- <td>
- <p>16</p>
- </td>
-
- <td class="tab0">
- <p>bt</p>
- </td>
-
- <td class="tab0">
- <p>Battery</p>
- </td>
-
- <td class="tab0">
- <p>start count, battery realtime, battery uptime, total realtime,
+ <td><p>bt</p></td>
+ <td><p>Battery</p></td>
+ <td><p>start count, battery realtime, battery uptime, total realtime,
total uptime, start clock time, battery screen off realtime, battery
- screen off uptime</p>
+ screen off uptime</p></td>
+ </tr>
+
+ <tr>
+ <td><p>dc</p></td>
+ <td><p>Battery Discharge</p></td>
+ <td><p>low, high, screen on, screen off</p></td>
+ </tr>
+
+ <tr>
+ <td><p>lv</p></td>
+ <td><p>Battery Level</p></td>
+ <td><p>start level, current level</p></td>
+ </tr>
+
+ <tr>
+ <td><p>wfl</p></td>
+ <td><p>Wi-Fi</p></td>
+ <td><p>full Wi-Fi lock on time, Wi-Fi scan time, Wi-Fi running time, Wi-Fi
+ scan count, Wi-Fi idle time, Wi-Fi receive time, Wi-Fi transmit time</p>
</td>
</tr>
<tr>
- <td>
- <p>17</p>
- </td>
+ <td><p>gwfl</p></td>
+ <td><p>Global Wi-Fi</p></td>
+ <td><p>Wi-Fi on time, Wi-Fi running time, Wi-Fi idle time, Wi-Fi receive
+ time, Wi-Fi transmit time, Wi-Fi power (mAh)</p></td>
+ </tr>
- <td class="tab0">
- <p>dc</p>
- </td>
-
- <td class="tab0">
- <p>Battery Discharge</p>
- </td>
-
- <td class="tab0">
- <p>low, high, screen on, screen off</p>
+ <tr>
+ <td><p>gble</p></td>
+ <td><p>Global Bluetooth</p></td>
+ <td><p>BT idle time, BT receive time, BT transmit time, BT power (mAh)</p>
</td>
</tr>
<tr>
- <td>
- <p>18</p>
- </td>
-
- <td class="tab0">
- <p>lv</p>
- </td>
-
- <td class="tab0">
- <p>Battery Level</p>
- </td>
-
- <td class="tab0">
- <p>start level, current level</p>
- </td>
+ <td><p>m</p></td>
+ <td><p>Misc</p></td>
+ <td><p>screen on time, phone on time, full wakelock time total, partial
+ wakelock time total, mobile radio active time, mobile radio active
+ adjusted time, interactive time, power save mode enabled time,
+ connectivity changes, device idle mode enabled time, device idle mode
+ enabled count, device idling time, device idling count, mobile radio
+ active count, mobile radio active unknown time</p></td>
</tr>
<tr>
- <td>
- <p>19</p>
- </td>
-
- <td class="tab0">
- <p>wfl</p>
- </td>
-
- <td class="tab0">
- <p>Wi-Fi</p>
- </td>
-
- <td class="tab0">
- <p>full Wi-Fi lock on time, Wi-Fi scan time, Wi-Fi running time</p>
- </td>
- </tr>
-
- <tr>
- <td>
- <p>20</p>
- </td>
-
- <td class="tab0">
- <p>m</p>
- </td>
-
- <td class="tab0">
- <p>Misc</p>
- </td>
-
- <td class="tab0">
- <p>screen on time, phone on time, Wi-Fi on time, Wi-Fi running time,
- Bluetooth on time, mobile RX total bytes, mobile TX total bytes,
- Wi-Fi RX total bytes, Wi-Fi TX total bytes, full wake lock time
- total, partial wake lock time total, legacy input event count, mobile
- radio active time, mobile radio active adjusted time, interactive
- time, low-power mode enabled time</p>
- </td>
- </tr>
-
- <tr>
- <td>
- <p>21</p>
- </td>
-
- <td class="tab0">
- <p>gn</p>
- </td>
-
- <td class="tab0">
- <p>Global Network</p>
- </td>
-
- <td class="tab0">
- <p>mobile RX total bytes, mobile TX total bytes, Wi-Fi RX total
+ <td><p>gn</p></td>
+ <td><p>Global Network</p></td>
+ <td><p>mobile RX total bytes, mobile TX total bytes, Wi-Fi RX total
bytes, Wi-Fi TX total bytes, mobile RX total packets, mobile TX total
- packets, Wi-Fi RX total packets, Wi-Fi TX total packets</p>
- </td>
+ packets, Wi-Fi RX total packets, Wi-Fi TX total packets</p></td>
</tr>
<tr>
- <td>
- <p>22</p>
- </td>
-
- <td class="tab0">
- <p>br</p>
- </td>
-
- <td class="tab0">
- <p>Screen Brightness</p>
- </td>
-
- <td class="tab0">
- <p>dark, dim, medium, light, bright</p>
- </td>
+ <td><p>br</p></td>
+ <td><p>Screen Brightness</p></td>
+ <td><p>dark, dim, medium, light, bright</p></td>
</tr>
<tr>
- <td>
- <p>23</p>
- </td>
-
- <td class="tab0">
- <p>sst</p>
- </td>
-
- <td class="tab0">
- <p>Signal Scanning Time</p>
- </td>
-
- <td class="tab0">
- <p>signal scanning time</p>
- </td>
+ <td><p>sst</p></td>
+ <td><p>Signal Scanning Time</p></td>
+ <td><p>signal scanning time</p></td>
</tr>
<tr>
- <td>
- <p>24</p>
- </td>
-
- <td class="tab0">
- <p>sgt</p>
- </td>
-
- <td class="tab0">
- <p>Signal Strength Time</p>
- </td>
-
- <td class="tab0">
- <p>none, poor, moderate, good, great</p>
- </td>
+ <td><p>sgt</p></td>
+ <td><p>Signal Strength Time</p></td>
+ <td><p>none, poor, moderate, good, great</p></td>
</tr>
<tr>
- <td>
- <p>25</p>
- </td>
-
- <td class="tab0">
- <p>sgc</p>
- </td>
-
- <td class="tab0">
- <p>Signal Strength Count</p>
- </td>
-
- <td class="tab0">
- <p>none, poor, moderate, good, great</p>
- </td>
+ <td><p>sgc</p></td>
+ <td><p>Signal Strength Count</p></td>
+ <td><p>none, poor, moderate, good, great</p></td>
</tr>
<tr>
- <td>
- <p>26</p>
- </td>
-
- <td class="tab0">
- <p>dct</p>
- </td>
-
- <td class="tab0">
- <p>Data Connection Time</p>
- </td>
-
- <td class="tab0">
- <p>none, GPRS, EDGE, UMTS, CDMA, EVDO_0, EVDO_A, 1xRTT, HSDPA, HSUPA,
- HSPA, IDEN, EVDO_B, LTE, EHRPD, HSPAP, other</p>
- </td>
+ <td><p>dct</p></td>
+ <td><p>Data Connection Time</p></td>
+ <td><p>none, GPRS, EDGE, UMTS, CDMA, EVDO_0, EVDO_A, 1xRTT, HSDPA, HSUPA,
+ HSPA, IDEN, EVDO_B, LTE, EHRPD, HSPAP, other</p></td>
</tr>
<tr>
- <td>
- <p>27</p>
- </td>
-
- <td class="tab0">
- <p>dcc</p>
- </td>
-
- <td class="tab0">
- <p>Data Connection Count</p>
- </td>
-
- <td class="tab0">
- <p>none, GPRS, EDGE, UMTS, CDMA, EVDO_0, EVDO_A, 1xRTT, HSDPA, HSUPA,
- HSPA, IDEN, EVDO_B, LTE, EHRPD, HSPAP, other</p>
- </td>
+ <td><p>dcc</p></td>
+ <td><p>Data Connection Count</p></td>
+ <td><p>none, GPRS, EDGE, UMTS, CDMA, EVDO_0, EVDO_A, 1xRTT, HSDPA, HSUPA,
+ HSPA, IDEN, EVDO_B, LTE, EHRPD, HSPAP, other</p></td>
</tr>
<tr>
- <td>
- <p>28</p>
- </td>
-
- <td class="tab0">
- <p>wst</p>
- </td>
-
- <td class="tab0">
- <p>Wi-Fi State Time</p>
- </td>
-
- <td class="tab0">
- <p>off, off scanning, on no networks, on disconnected, on connected
- STA, on connected P2P, on connected STA P2P, soft AP</p>
- </td>
+ <td><p>wst</p></td>
+ <td><p>Wi-Fi State Time</p></td>
+ <td><p>off, off scanning, on no networks, on disconnected, on connected
+ STA, on connected P2P, on connected STA P2P, soft AP</p></td>
</tr>
<tr>
- <td>
- <p>29</p>
- </td>
-
- <td class="tab0">
- <p>wsc</p>
- </td>
-
- <td class="tab0">
- <p>Wi-Fi State Count</p>
- </td>
-
- <td class="tab0">
- <p>off, off scanning, on no networks, on disconnected, on connected
- STA, on connected P2P, on connected STA P2P, soft AP</p>
- </td>
+ <td><p>wsc</p></td>
+ <td><p>Wi-Fi State Count</p></td>
+ <td><p>off, off scanning, on no networks, on disconnected, on connected
+ STA, on connected P2P, on connected STA P2P, soft AP</p></td>
</tr>
<tr>
- <td>
- <p>30</p>
- </td>
-
- <td class="tab0">
- <p>wsst</p>
- </td>
-
- <td class="tab0">
- <p>Wi-Fi Supplicant State Time</p>
- </td>
-
- <td class="tab0">
- <p>invalid, disconnected, interface disabled, inactive, scanning,
+ <td><p>wsst</p></td>
+ <td><p>Wi-Fi Supplicant State Time</p></td>
+ <td><p>invalid, disconnected, interface disabled, inactive, scanning,
authenticating, associating, associated, four-way handshake, group
- handshake, completed, dormant, uninitialized</p>
- </td>
+ handshake, completed, dormant, uninitialized</p></td>
</tr>
<tr>
- <td>
- <p>31</p>
- </td>
-
- <td class="tab0">
- <p>wssc</p>
- </td>
-
- <td class="tab0">
- <p>Wi-Fi Supplicant State Count</p>
- </td>
-
- <td class="tab0">
- <p>invalid, disconnected, interface disabled, inactive, scanning,
+ <td><p>wssc</p></td>
+ <td><p>Wi-Fi Supplicant State Count</p></td>
+ <td><p>invalid, disconnected, interface disabled, inactive, scanning,
authenticating, associating, associated, four-way handshake, group
- handshake, completed, dormant, uninitialized</p>
- </td>
+ handshake, completed, dormant, uninitialized</p></td>
</tr>
<tr>
- <td>
- <p>32</p>
- </td>
-
- <td class="tab0">
- <p>wsgt</p>
- </td>
-
- <td class="tab0">
- <p>Wi-Fi Signal Strength Time</p>
- </td>
-
- <td class="tab0">
- <p>none, poor, moderate, good, great</p>
- </td>
+ <td><p>wsgt</p></td>
+ <td><p>Wi-Fi Signal Strength Time</p></td>
+ <td><p>none, poor, moderate, good, great</p></td>
</tr>
<tr>
- <td>
- <p>33</p>
- </td>
-
- <td class="tab0">
- <p>wsgc</p>
- </td>
-
- <td class="tab0">
- <p>Wi-Fi Signal Strength Count</p>
- </td>
-
- <td class="tab0">
- <p>none, poor, moderate, good, great</p>
- </td>
+ <td><p>wsgc</p></td>
+ <td><p>Wi-Fi Signal Strength Count</p></td>
+ <td><p>none, poor, moderate, good, great</p></td>
</tr>
<tr>
- <td>
- <p>34</p>
- </td>
+ <td><p>bst</p></td>
+ <td><p>Bluetooth State Time</p></td>
+ <td><p>inactive, low, med, high</p></td>
+ </tr>
- <td class="tab0">
- <p>bst</p>
- </td>
-
- <td class="tab0">
- <p>Bluetooth State Time</p>
- </td>
-
- <td class="tab0">
- <p>inactive, low, med, high</p>
- </td>
+ <tr>
+ <td><p>bsc</p></td>
+ <td><p>Bluetooth State Count</p></td>
+ <td><p>inactive, low, med, high</p></td>
</tr>
<tr>
- <td>
- <p>35</p>
- </td>
-
- <td class="tab0">
- <p>bsc</p>
- </td>
-
- <td class="tab0">
- <p>Bluetooth State Count</p>
- </td>
-
- <td class="tab0">
- <p>inactive, low, med, high</p>
- </td>
+ <td><p>pws</p></td>
+ <td><p>Power Use Summary</p></td>
+ <td><p>battery capacity, computed power, minimum drained power, maximum
+ drained power</p></td>
</tr>
<tr>
- <td>
- <p>36</p>
- </td>
-
- <td class="tab0">
- <p>pws</p>
- </td>
-
- <td class="tab0">
- <p>Power Use Summary</p>
- </td>
-
- <td class="tab0">
- <p>battery capacity, computed power, minimum drained power, maximum
- drained power</p>
- </td>
+ <td><p>pwi</p></td>
+ <td><p>Power Use Item</p></td>
+ <td><p>label, mAh</p></td>
</tr>
<tr>
- <td>
- <p>37</p>
- </td>
-
- <td class="tab0">
- <p>pwi</p>
- </td>
-
- <td class="tab0">
- <p>Power Use Item</p>
- </td>
-
- <td class="tab0">
- <p>label, mAh</p>
- </td>
+ <td><p>dsd</p></td>
+ <td><p>Discharge Step</p></td>
+ <td><p>duration, level, screen, power-save</p></td>
</tr>
<tr>
- <td>
- <p>38</p>
- </td>
-
- <td class="tab0">
- <p>dsd</p>
- </td>
-
- <td class="tab0">
- <p>Discharge Step</p>
- </td>
-
- <td class="tab0">
- <p>duration, level, screen, power-save</p>
- </td>
+ <td><p>csd</p></td>
+ <td><p>Charge Step</p></td>
+ <td><p>duration, level, screen, power-save</p></td>
</tr>
<tr>
- <td>
- <p>39</p>
- </td>
-
- <td class="tab0">
- <p>csd</p>
- </td>
-
- <td class="tab0">
- <p>Charge Step</p>
- </td>
-
- <td class="tab0">
- <p>duration, level, screen, power-save</p>
- </td>
+ <td><p>dtr</p></td>
+ <td><p>Discharge Time Remaining</p></td>
+ <td><p>battery time remaining</p></td>
</tr>
<tr>
- <td>
- <p>40</p>
- </td>
-
- <td class="tab0">
- <p>dtr</p>
- </td>
-
- <td class="tab0">
- <p>Discharge Time Remaining</p>
- </td>
-
- <td class="tab0">
- <p>battery time remaining</p>
- </td>
+ <td><p>ctr</p></td>
+ <td><p>Charge Time Remaining</p></td>
+ <td><p>charge time remaining</p></td>
</tr>
- <tr>
- <td>
- <p>41</p>
- </td>
-
- <td class="tab0">
- <p>ctr</p>
- </td>
-
- <td class="tab0">
- <p>Charge Time Remaining</p>
- </td>
-
- <td class="tab0">
- <p>charge time remaining</p>
- </td>
- </tr>
</table>
+
+<h2 id="wifi-reqs">Wi-Fi, Bluetooth, and cellular usage</h2>
+
+<p>Support for battery usage data on Wi-Fi, Bluetooth, and cellular data
+requires that the device Wi-Fi, Bluetooth, and cellular chipsets implement radio
+support and the chipset firmware passes usage data to the framework. OEMs must
+work with their chipset providers to facilitate in-field firmware updates on
+existing chipsets and compatible firmware on new chipsets.</p>
+
+<p>Additionally, OEMs must continue to configure and submit the power profile
+for their devices. However, when the platform detects that Wi-Fi and Bluetooth
+radio power data is available from the chipset, it uses chipset data instead of
+power profile data (cell radio power data is not yet used).</p>
+
+<p class="note"><strong>Note</strong>: Prior to Android 6.0, power use for Wi-Fi
+radio, Bluetooth radio, and cellular radio was tracked in the <em>m</em> (Misc)
+section category. In Android 6.0 and higher, power use for these components is
+tracked in the <em>pwi</em> (Power Use Item) section with individual labels
+(<em>wifi</em>, <em>blue</em>, <em>cell</em>) for each component.</p>
\ No newline at end of file
diff --git a/src/devices/tech/power/component.jd b/src/devices/tech/power/component.jd
new file mode 100644
index 0000000..cb38615
--- /dev/null
+++ b/src/devices/tech/power/component.jd
@@ -0,0 +1,259 @@
+page.title=Measuring Component Power
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc"></ol>
+ </div>
+</div>
+
+
+<p>You can determine individual component power consumption by comparing the current drawn by the
+device when the component is in the desired state (on, active, scanning, etc.) and when the
+component is off. Measure the average instantaneous current drawn on the device at a
+nominal voltage using an external power monitor, such as a bench power supply or specialized
+battery-monitoring tools (such as Monsoon Solution Inc. Power Monitor and Power Tool software).</p>
+
+<p>Manufacturers often supply information about the current consumed by an individual component.
+Use this information if it accurately represents the current drawn from the device battery in
+practice. However, validate manufacturer-provided values before using those values in your device
+power profile.</p>
+
+<h2 id="control-consumption">Controlling power consumption</h2>
+
+<p>When measuring, ensure the device does not have a connection to an external charge source, such
+as a USB connection to a development host used when running Android Debug Bridge (adb). The device
+under test might draw current from the host, thus lowering measurements at the battery. Avoid USB
+On-The-Go (OTG) connections, as the OTG device might draw current from the device under test.</p>
+
+<p>Excluding the component being measured, the system should run at a constant level of power
+consumption to avoid inaccurate measurements caused by changes in other components. System
+activities that can introduce unwanted changes to power measurements include:</p>
+
+<ul>
+<li><strong>Cellular, Wi-Fi, and Bluetooth receive, transmit, or scanning activity</strong>. When
+not measuring cell radio power, set the device to airplane mode and enable Wi-Fi or Bluetooth as
+appropriate.</li>
+<li><strong>Screen on/off</strong>. Colors displayed while the screen is on can affect power draw
+on some screen technologies. Turn the screen off when measuring values for non-screen components.</li>
+<li><strong>System suspend/resume</strong>. A screen off state can trigger a system suspension,
+placing parts of the device in a low-power or off state. This can affect power consumption of the
+component being measured and introduce large variances in power readings as the system periodically
+resumes to send alarms, etc. For details, see <a href="#control-suspend">Controlling system
+suspend</a>.</li>
+<li><strong>CPUs changing speed and entering/exiting low-power scheduler idle state</strong>.
+During normal operation, the system makes frequent adjustments to CPU speeds, the number of online
+CPU cores, and other system core states such as memory bus speed and voltages of power rails
+associated with CPUs and memory. During testing, these adjustments affect power measurements:
+<ul>
+<li>CPU speed scaling operations can reduce the amount of clock and voltage scaling of memory buses
+and other system core components.</li>
+<li>Scheduling activity can affect the percentage of the time CPUs spend in low-power idle states.
+For details on preventing these adjustments from occurring during testing, see
+<a href="#control-cpu">Controlling CPU speeds</a>.</li>
+</ul>
+
+</li>
+</ul>
+
+<p>For example, Joe Droid wants to compute the <code>screen.on</code> value for a device. He
+enables airplane mode on the device, runs the device at a stable current state, holds the CPU
+speed constant, and uses a partial wakelock to prevent system suspend. Joe then turns the device
+screen off and takes a measurement (200mA). Next, Joe turns the device screen on at minimum
+brightness and takes another measurement (300mA). The <code>screen.on</code> value is 100mA (300 -
+200).</p>
+
+<p class="note">
+<strong>Note</strong>: For components that don’t have a flat waveform of current consumption when
+active (such as cellular radio or Wi-Fi), measure the average current over time using a power
+monitoring tool.</p>
+
+<p>When using an external power source in place of the device battery, the system might experience
+problems due to an unconnected battery thermistor or integrated fuel gauge pins (i.e. an invalid
+reading for battery temperature or remaining battery capacity could shut down the kernel or Android
+system). Fake batteries can provide signals on thermistor or fuel gauge pins that mimic temperature
+and state of charge readings for a normal system, and may also provide convenient leads for
+connecting to external power supplies. Alternatively, you can modify the system to ignore the
+invalid data from the missing battery.</p>
+
+<h2 id="control-suspend">Controlling system suspend</h2>
+
+<p>This section describes how to avoid system suspend state when you don’t want it to interfere
+with other measurements, and how to measure the power draw of system suspend state when you do
+want to measure it.</p>
+
+<h3 id="prevent-suspend">Preventing system suspend</h3>
+
+<p>System suspend can introduce unwanted variance in power measurements and place system components
+in low-power states inappropriate for measuring active power use. To prevent the system from
+suspending while the screen is off, use a temporary partial wakelock. Using a USB cable, connect
+the device to a development host, then issue the following command:</p>
+
+<pre>
+$ adb shell "echo temporary > /sys/power/wake_lock"
+</pre>
+
+<p>While in <code>wake_lock</code>, the screen off state does not trigger a system suspend.
+(Remember to disconnect the USB cable from the device before measuring power consumption.)</p>
+
+<p>To remove the wakelock:</p>
+
+<pre>
+$ adb shell "echo temporary > /sys/power/wake_unlock"
+</pre>
+
+<h3 id="measure-suspend">Measuring system suspend</h3>
+
+<p>To measure the power draw during the system suspend state, measure the value of
+<code>cpu.idle</code> in the power profile. Before measuring:
+
+<ul>
+<li>Remove existing wakelocks (as described above).</li>
+<li>Place the device in airplane mode to avoid concurrent activity by the cellular radio, which
+might run on a processor separate from the SoC portions controlled by the system suspend.</li>
+<li>Ensure the system is in suspend state by:
+<ul>
+<li>Confirming current readings settle to a steady value. Readings should be within the expected
+range for the power consumption of the SoC suspend state plus the power consumption of system
+components that remain powered (such as the USB PHY).</li>
+<li>Checking the system console output.</li>
+<li>Watching for external indications of system status (such as an LED turning off when not in
+suspend).</li>
+</ul>
+</li>
+</ul>
+
+<h2 id="control-cpu">Controlling CPU speeds</h2>
+
+<p>Active CPUs can be brought online or put offline, have their clock speeds and associated
+voltages changed (possibly also affecting memory bus speeds and other system core power states),
+and can enter lower power idle states while in the kernel idle loop. When measuring different CPU
+power states for the power profile, avoid the power draw variance when measuring other parameters.
+The power profile assumes all CPUs have the same available speeds and power characteristics.</p>
+
+<p>While measuring CPU power, or while holding CPU power constant to make other measurements, keep
+the number of CPUs brought online constant (such as having one CPU online and the rest
+offline/hotplugged out). Keeping all CPUs except one in scheduling idle may product acceptable
+results. Stopping the Android framework with <code>adb shell stop</code> can reduce system
+scheduling activity.</p>
+
+<p>You must specify the available CPU speeds for your device in the power profile <code>cpu.speeds</code> entry. To get a list of available CPU speeds, run:</p>
+
+<pre>
+adb shell cat /sys/devices/system/cpu/cpu0/cpufreq/stats/time_in_state
+</pre>
+
+<p>These speeds match the corresponding power measurements in value <code>cpu.active</code>.</p>
+
+<p>For platforms where number of cores brought online significantly affects power consumption, you
+might need to modify the cpufreq driver or governor for the platform. Most platforms support
+controlling CPU speed using the userspace cpufreq governor and using sysfs interfaces to set the
+speed. For example, to set speed for 200MHz on a system with only 1 CPU or all CPUs sharing a
+common cpufreq policy, use the system console or adb shell to run the following commands:</p>
+
+<pre>
+echo userspace > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
+echo 200000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
+echo 200000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
+echo 200000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
+cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
+</pre>
+
+<p class="note">
+<strong>Note</strong>: The exact commands differ depending on the platform cpufreq implementation.
+</p>
+
+<p>These commands ensure the new speed is not outside the allowed bounds, set the new speed, then
+print the speed at which the CPU is actually running (for verification). If the current
+minimum speed prior to execution is higher than 200000, you might need to reverse the order
+of the first two lines, or execute the first line again to drop the minimum speed prior to
+setting the maximum speed.</p>
+
+<p>To measure current consumed by a CPU running at various speeds, use the system console to place
+the CPU in a CPU-bound loop using the command:</p>
+<pre>
+# while true; do true; done
+</pre>
+
+<p>Take the measurement while the loop executes.</p>
+
+<p>Some devices can limit maximum CPU speed while performing thermal throttling due to a high
+temperature measurement (i.e. after running CPUs at high speeds for sustained periods). Watch for
+such limiting, either using the system console output when taking measurements or by checking the
+kernel log after measuring.</p>
+
+<p>For the <code>cpu.awake</code> value, measure the power consumed when the system is not in
+suspend and not executing tasks. The CPU should be in a low-power scheduler <em>idle loop
+</em>, possibly executing an ARM Wait For Event instruction or in an SoC-specific low-power state
+with a fast-exit latency suitable for idle use.</p>
+
+<p>For the <code>cpu.active</code> value, measure power when the system is not in suspend mode and not executing tasks. One CPU (usually the primary CPU) should run the task while all other CPUs
+should be in an idle state.</p>
+
+<h2 id="screen-power">Measuring screen power</h2>
+
+<p>When measuring screen on power, ensure that other devices normally turned on when the screen is
+enabled are also on. For example, if the touchscreen and display backlight would normally be on
+when the screen is on, ensure these devices are on when you measure to get a realistic example of
+screen on power usage.</p>
+
+<p>Some display technologies vary in power consumption according to the colors displayed, causing
+power measurements to vary considerably depending on what is displayed on the screen at the time of
+measurement. When measuring, ensure the screen is displaying something that has power
+characteristics of a realistic screen. Aim between the extremes of an all-black screen (which
+consumes the lowest power for some technologies) and an all-white screen. A common choice is a view
+of a schedule in the calendar app, which has a mix of white background and non-white elements.</p>
+
+<p>Measure screen on power at <em>minimum</em> and <em>maximum</em> display/backlight brightness.
+To set minimum brightness:</p>
+
+<ul>
+<li><strong>Use the Android UI</strong> (not recommended). Set the Settings > Display Brightness
+slider to the minimum display brightness. However, the Android UI allows setting brightness only to
+a minimum of 10-20% of the possible panel/backlight brightness, and does not allow setting
+brightness so low that the screen might not be visible without great effort.</li>
+<li><strong>Use a sysfs file</strong> (recommended). If available, use a sysfs file to control
+panel brightness all the way down to the minimum brightness supported by the hardware.</li>
+</ul>
+
+<p>Additionally, if the platform sysfs file enables turning the LCD panel, backlight, and
+touchscreen on and off, use the file to take measurements with the screen on and off. Otherwise,
+set a partial wakelock so the system does not suspend, then turn on and off the
+screen with the power button.</p>
+
+<h2 id="wifi-power">Measuring Wi-Fi power</h2>
+
+<p>Perform Wi-Fi measurements on a relatively quiet network. Avoid introducing additional work
+processing high volumes of broadcast traffic that is unrelated to the activity being measured.</p>
+
+<p>The <code>wifi.on</code> value measures the power consumed when Wi-Fi is enabled but not
+actively transmitting or receiving. This is often measured as the delta between the current draw in
+system suspend (sleep) state with Wi-Fi enabled vs. disabled.</p>
+
+<p>The <code>wifi.scan</code> value measures the power consumed during a Wi-Fi scan for access
+points. Applications can trigger Wi-Fi scans using the WifiManager class
+<a href ="http://developer.android.com/reference/android/net/wifi/WifiManager.html">
+<code>startScan()</code>API</a>. You can also open Settings > Wi-Fi, which performs access point
+scans every few seconds with an apparent jump in power consumption, but you must subtract screen
+power from these measurements.</p>
+
+<p class="note">
+<strong>Note</strong>: Use a controlled setup (such as
+<a href="http://en.wikipedia.org/wiki/Iperf">iperf</a>) to generate network receive and transmit
+traffic.</p>
\ No newline at end of file
diff --git a/src/devices/tech/power/device.jd b/src/devices/tech/power/device.jd
new file mode 100644
index 0000000..985b9c0
--- /dev/null
+++ b/src/devices/tech/power/device.jd
@@ -0,0 +1,250 @@
+page.title=Measuring Device Power
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc"></ol>
+ </div>
+</div>
+
+<p>You can determine device power consumption for Android devices that include a battery fuel gauge
+such as a Summit SMB347 or Maxim MAX17050 (available on many Nexus devices). Use the in-system
+gauge when external measurement equipment is not available or is inconvenient to
+connect to a device (such as in mobile usage).</p>
+
+<p>Measurements can include instantaneous current, remaining charge, battery capacity at test start
+and end, and more depending on the supported properties of the device (see below). For best
+results, perform device power measurements during long-running A/B tests that use the same device
+type with the same fuel gauge and same current sense resistor. Ensure the starting battery charge
+is the same for each device to avoid differing fuel gauge behavior at different points in the
+battery discharge curve.</p>
+
+<p>Even with identical test environments, measurements are not guaranteed to be of high absolute
+accuracy. However, most inaccuracies specific to the fuel gauge and sense resistor are consistent
+between test runs, making comparisons between identical devices useful. We recommend running
+multiple tests in different configurations to identify significant differences and relative power
+consumption between configurations.</p>
+
+<h2 id="power-consumption">Reading power consumption</h2>
+
+<p>To read power consumption data, insert calls to the API in your testing code.</p>
+
+<pre>
+import android.os.BatteryManager;
+import android.os.ServiceManager;
+import android.content.Context;
+BatteryManager mBatteryManager =
+(BatteryManager)Context.getSystemService(Context.BATTERY_SERVICE);
+Long energy =
+mBatteryManager.getLongProperty(BatteryManager.BATTERY_PROPERTY_ENERGY_COUNTER);
+Slog.i(TAG, "Remaining energy = " + energy + "nWh");
+</pre>
+
+<h2 id="avail-props">Available properties</h2>
+
+<p>Android supports the following battery fuel gauge properties:</p>
+
+<pre>
+BATTERY_PROPERTY_CHARGE_COUNTER Remaining battery capacity in microampere-hours
+BATTERY_PROPERTY_CURRENT_NOW Instantaneous battery current in microamperes
+BATTERY_PROPERTY_CURRENT_AVERAGE Average battery current in microamperes
+BATTERY_PROPERTY_CAPACITY Remaining battery capacity as an integer percentage
+BATTERY_PROPERTY_ENERGY_COUNTER Remaining energy in nanowatt-hours
+</pre>
+
+<p>Most properties are read from kernel power_supply subsystem attributes of similar names.
+However, the exact properties, resolution of property values, and update frequency
+available for a specific device depend on:</p>
+
+<ul>
+<li>Fuel gauge hardware, such as a Summit SMB347 or Maxim MAX17050.</li>
+<li>Fuel gauge-to-system connection, such as the value of external current sense resistors.</li>
+<li>Fuel gauge chip software configuration, such as values chosen for average current computation
+intervals in the kernel driver.</li>
+</ul>
+
+<p>For details, see the properties available for <a href="#nexus-devices">Nexus devices</a>.</p>
+
+<h2 id="maxim-fuel">Maxim fuel gauge</h2>
+
+<p>When determining battery state-of-charge over a long period of time, the Maxim fuel gauge
+(MAX17050, BC15) corrects for coulomb-counter offset measurements. For measurements made over a
+short period of time (such as power consumption metering tests), the fuel gauge does not make
+corrections, making the offset the primary source of error when current measurements are too small
+(although no amount of time can eliminate the offset error completely).</p>
+
+<p>For a typical 10mOhm sense resistor design, the offset current should be better than 1.5mA,
+meaning any measurement is +/-1.5mA (PCBoard layout can also affect this variation). For example,
+when measuring a large current (200mA) you can expect the following:</p>
+
+<ul>
+<li>2mA (1% gain error of 200mA due to fuel gauge gain error)</li>
+<li>+2mA (1% gain error of 200mA due to sense resistor error)</li>
+<li>+1.5mA (current sense offset error from fuel gauge)</li>
+</ul>
+
+<p>The total error is 5.5mA (2.75%). Compare this to a medium current (50mA) where the same error
+percentages give a total error of 7% or to a small current (15mA) where +/-1.5mA gives a total
+error of 10%.</p>
+
+<p>For best results, we recommend measuring greater than 20mA. Gain measurement errors are
+systematic and repeatable, enabling you to test a device in multiple modes and get clean relative
+measurements (with exceptions for the 1.5mA offset).</p>
+
+<p>For +/-100uA relative measurements, required measurement time depends on:</p>
+
+<ul>
+<li><b>ADC sampling noise</b>. The MAX17050 with its normal factory configuration produces +/-1.5mA
+sample-to-sample variation due to noise, with each sample delivered at 175.8ms. You can expect a
+rough +/-100uA for a 1 minute test window and a clean 3-sigma noise less than 100uA (or 1-sigma
+noise at 33uA) for a 6 minute test window.</li>
+<li><b>Sample Aliasing because of load variation</b>. Variation exaggerates errors, so for samples
+with variation inherent in the loading, consider using a longer test window.</li>
+</ul>
+
+<h2 id="nexus-devices">Supported Nexus devices</h2>
+
+<h5 id="nexus-5">Nexus 5</h5>
+
+<table>
+<tbody>
+<tr>
+<th>Model</th>
+<td>Nexus 5</td>
+</tr>
+<tr>
+<th>Fuel Gauge</th>
+<td>Maxim MAX17048 fuel gauge (ModelGauge™, no coulomb counter)</td>
+</tr>
+<tr>
+<th>Properties</th>
+<td>BATTERY_PROPERTY_CAPACITY</td>
+</tr>
+<tr>
+<th>Measurements</th>
+<td>The fuel gauge does not support any measurements other than battery State Of Charge to a
+resolution of %/256 (1/256th of a percent of full battery capacity).</td>
+</tr>
+</tbody>
+</table>
+
+
+<h5 id="nexus-6">Nexus 6</h5>
+
+<table>
+<tbody>
+<tr>
+<th>Model</th>
+<td>Nexus 6</td>
+</tr>
+<tr>
+<th>Fuel Gauge</th>
+<td>Maxim MAX17050 fuel gauge (a coulomb counter with Maxim ModelGauge™ adjustments), and a 10mohm
+current sense resistor.</td>
+</tr>
+<tr>
+<th>Properties</th>
+<td>BATTERY_PROPERTY_CAPACITY<br>
+BATTERY_PROPERTY_CURRENT_NOW<br>
+BATTERY_PROPERTY_CURRENT_AVERAGE<br>
+BATTERY_PROPERTY_CHARGE_COUNTER<br>
+BATTERY_PROPERTY_ENERGY_COUNTER</td>
+</tr>
+<tr>
+<th>Measurements</th>
+<td>CURRENT_NOW resolution 156.25uA, update period is 175.8ms.<br>
+CURRENT_AVERAGE resolution 156.25uA, update period configurable 0.7s - 6.4h, default 11.25 secs.<br>
+CHARGE_COUNTER (accumulated current, non-extended precision) resolution is 500uAh (raw coulomb
+counter read, not adjusted by fuel gauge for coulomb counter offset, plus inputs from the ModelGauge
+m3 algorithm including empty compensation).<br>
+CHARGE_COUNTER_EXT (extended precision in kernel) resolution 8nAh.<br>
+ENERGY_COUNTER is CHARGE_COUNTER_EXT at nominal voltage of 3.7V.</td>
+</tr>
+</tbody>
+</table>
+
+
+<h5 id="nexus-9">Nexus 9</h5>
+
+<table>
+<tbody>
+<tr>
+<th>Model</th>
+<td>Nexus 9</td>
+</tr>
+<tr>
+<th>Fuel Gauge</th>
+<td>Maxim MAX17050 fuel gauge (a coulomb counter with Maxim ModelGauge™ adjustments), and a 10mohm
+current sense resistor.</td>
+</tr>
+<tr>
+<th>Properties</th>
+<td>BATTERY_PROPERTY_CAPACITY<br>
+BATTERY_PROPERTY_CURRENT_NOW<br>
+BATTERY_PROPERTY_CURRENT_AVERAGE<br>
+BATTERY_PROPERTY_CHARGE_COUNTER<br>
+BATTERY_PROPERTY_ENERGY_COUNTER</td>
+</tr>
+<tr>
+<th>Measurements</th>
+<td>CURRENT_NOW resolution 156.25uA, update period is 175.8ms.<br>
+CURRENT_AVERAGE resolution 156.25uA, update period configurable 0.7s - 6.4h, default 11.25 secs.<br>
+CHARGE_COUNTER (accumulated current, non-extended precision) resolution is 500uAh.<br>
+CHARGE_COUNTER_EXT (extended precision in kernel) resolution 8nAh.<br>
+ENERGY_COUNTER is CHARGE_COUNTER_EXT at nominal voltage of 3.7V.<br>
+Accumulated current update period 175.8ms.<br>
+ADC sampled at 175ms quantization with a 4ms sample period. Can adjust duty cycle.</td>
+</tr>
+</tbody>
+</table>
+
+
+<h5 id="nexus-10">Nexus 10</h5>
+
+<table>
+<tbody>
+<tr>
+<th>Model</th>
+<td>Nexus 10</td>
+</tr>
+<tr>
+<th>Fuel Gauge</th>
+<td>Dallas Semiconductor DS2784 fuel gauge (a coulomb counter), with a 10mohm current sense
+resistor.</td>
+</tr>
+<tr>
+<th>Properties</th>
+<td>BATTERY_PROPERTY_CAPACITY<br>
+BATTERY_PROPERTY_CURRENT_NOW<br>
+BATTERY_PROPERTY_CURRENT_AVERAGE<br>
+BATTERY_PROPERTY_CHARGE_COUNTER<br>
+BATTERY_PROPERTY_ENERGY_COUNTER</td>
+</tr>
+<tr>
+<th>Measurements</th>
+<td>Current measurement (instantaneous and average) resolution is 156.3uA.<br>
+CURRENT_NOW instantaneous current update period is 3.5 seconds.<br>
+CURRENT_AVERAGE update period is 28 seconds (not configurable).<br>
+CHARGE_COUNTER (accumulated current, non-extended precision) resolution is 625uAh.<br>
+CHARGE_COUNTER_EXT (extended precision in kernel) resolution is 144nAh.<br>
+ENERGY_COUNTER is CHARGE_COUNTER_EXT at nominal voltage of 3.7V.<br>
+Update period for all is 3.5 seconds.</td>
+</tr>
+</tbody>
+</table>
\ No newline at end of file
diff --git a/src/devices/tech/power/index.jd b/src/devices/tech/power/index.jd
index c3a6a9a..0876ae7 100644
--- a/src/devices/tech/power/index.jd
+++ b/src/devices/tech/power/index.jd
@@ -23,15 +23,15 @@
</div>
</div>
-<p>Battery usage information is derived from battery usage statistics and power profile values.</p>
+<p>Battery use information is derived from battery use statistics and power profile values.</p>
-<h2 id="usage-statistics">Battery Usage Statistics</h2>
+<h2 id="usage-statistics">Battery use statistics</h2>
-<p>The framework automatically determines battery usage statistics by tracking how long device
+<p>The framework automatically determines battery use statistics by tracking how long device
components spend in different states. As components (Wi-Fi chipset, cellular radio, Bluetooth, GPS,
display, CPU) change states (OFF/ON, idle/full power, low/high brightness, etc.), the controlling
-service reports to the framework BatteryStats service. BatteryStats collects information over time and
-stores it for use across reboots. The service doesn’t track battery current draw directly,
+service reports to the framework BatteryStats service. BatteryStats collects information over time
+and stores it for use across reboots. The service doesn’t track battery current draw directly,
but instead collects timing information that can be used to approximate battery
consumption by different components.</p>
@@ -40,9 +40,9 @@
<ul>
<li><strong>Push</strong>. Services aware of component changes push state changes to the
BatteryStats service.</li>
-<li><strong>Pull</strong>. For components such as the CPU usage by apps, the framework automatically
-pulls the data at transition points (such as starting or stopping an activity) to take a
-snapshot.</li>
+<li><strong>Pull</strong>. For components such as the CPU use by apps, the framework
+automatically pulls the data at transition points (such as starting or stopping an activity) to
+take a snapshot.</li>
</ul>
<p>Resource consumption is associated with the application using the resource. When multiple
@@ -50,27 +50,25 @@
suspending), the framework spreads consumption across those applications, although not necessarily
equally.</p>
-<p>To avoid losing usage statistics for a shutdown event, which may indicate battery power
-consumption problems (i.e. shutdown occurs because the battery reached zero remaining capacity), the
-framework flashes statistics approximately every 30 minutes.</p>
+<p>To avoid losing use statistics for a shutdown event, which may indicate battery power
+consumption problems (i.e. shutdown occurs because the battery reached zero remaining capacity),
+the framework flashes statistics approximately every 30 minutes.</p>
-<p>Battery usage statistics are handled entirely by the framework and do not require OEM
+<p>Battery use statistics are handled entirely by the framework and do not require OEM
modifications.</p>
-<h2 id="profile-values">Power Profile Values</h2>
+<h2 id="profile-values">Power profile values</h2>
-<p class="caution"><strong>Caution:</strong> Device manufacturers must
-provide a component power profile that defines the current consumption value
-for the component and the approximate battery drain caused by the component
-over time. This profile is defined in <a
-href="https://android.googlesource.com/platform/frameworks/base/+/master/core/res/res/xml/power_profile.xml">platform/frameworks/base/core/res/res/xml/power_profile.xml</a>.
-See the <a href="#power-values">Power Values</a> table for guidance on these
-settings.</p>
+<p class="caution"><strong>Caution:</strong> Device manufacturers must provide a component power
+profile that defines the current consumption value for the component and the approximate battery
+drain caused by the component over time. This profile is defined in
+<a href="https://android.googlesource.com/platform/frameworks/base/+/master/core/res/res/xml/power_profile.xml">platform/frameworks/base/core/res/res/xml/power_profile.xml</a>.
+For guidance on these settings, see <a href="{@docRoot}devices/tech/power/values.html">Power Values</a>.</p>
-<p>Within a power profile, power consumption is specified in milliamps (mA) of
-current draw at a nominal voltage and can be a fractional value specified in microamps (uA). The
-value should be the mA consumed at the battery and not a value applicable to a power rail that does
-not correspond to current consumed from the battery.</p>
+<p>Within a power profile, power consumption is specified in milliamps (mA) of current draw at a
+nominal voltage and can be a fractional value specified in microamps (uA). The value should be the
+mA consumed at the battery and not a value applicable to a power rail that does not correspond to
+current consumed from the battery.</p>
<p>For example, a display power profile specifies the mA of current required to keep the display on
at minimum brightness and at maximum brightness. To determine the power cost (i.e the battery
@@ -78,689 +76,7 @@
each brightness level, then multiplies those time intervals by an interpolated display brightness
cost.</p>
-<p>The framework also multiplies the CPU time for each application by the mA required to run the CPU
-at a specific speed. This calculation establishes a comparative ranking of how much battery an
+<p>The framework also multiplies the CPU time for each application by the mA required to run the
+CPU at a specific speed. This calculation establishes a comparative ranking of how much battery an
application consumes by executing CPU code (time as the foreground app and total time including
background activity are reported separately).</p>
-
-<h2 id="component-power">Measuring Component Power</h2>
-
-<p>You can determine individual component power consumption by comparing the current drawn by the
-device when the component is in the desired state (on, active, scanning, etc.) and when the
-component is off. Measure the average instantaneous current drawn on the device at a
-nominal voltage using an external power monitor, such as a bench power supply or specialized
-battery-monitoring tools (such as Monsoon Solution Inc. Power Monitor and Power Tool software).</p>
-
-<p class="note">
-<strong>Note:</strong> Manufacturers often supply information about the current consumed by an
-individual component. Use this information if it accurately represents the current drawn from the
-device battery in practice. However, validate manufacturer-provided values before
-using those values in your device power profile.</p>
-
-<p>When measuring, ensure the device does not have a connection to an external charge source, such
-as a USB connection to a development host used when running Android Debug Bridge (adb). The device
-under test might draw current from the host, thus lowering measurements at the battery. Avoid USB
-On-The-Go (OTG) connections, as the OTG device might draw current from the device under test.</p>
-
-<p>Excluding the component being measured, the system should run at a constant level of power
-consumption to avoid inaccurate measurements caused by changes in other components. System
-activities that can introduce unwanted changes to power measurements include:</p>
-
-<ul>
-<li><strong>Cellular, Wi-Fi, and Bluetooth receive, transmit, or scanning activity</strong>. When
-not measuring cell radio power, set the device to airplane mode and enable Wi-Fi or Bluetooth as
-appropriate.</li>
-<li><strong>Screen on/off</strong>. Colors displayed while the screen is on can affect power draw on
-some screen technologies. Turn the screen off when measuring values for non-screen components.</li>
-<li><strong>System suspend/resume</strong>. A screen off state can trigger a system suspension,
-placing parts of the device in a low-power or off state. This can affect power consumption of the
-component being measured and introduce large variances in power readings as the system periodically
-resumes to send alarms, etc. For details, see <a href="#control-suspend">Controlling System
-Suspend</a>.</li>
-<li><strong>CPUs changing speed and entering/exiting low-power scheduler idle state</strong>. During
-normal operation, the system makes frequent adjustments to CPU speeds, the number of online CPU
-cores, and other system core states such as memory bus speed and voltages of power rails associated
-with CPUs and memory. During testing, these adjustments affect power measurements:
-
-<ul>
-<li>CPU speed scaling operations can reduce the amount of clock and voltage scaling of memory buses
-and other system core components.</li>
-<li>Scheduling activity can affect the percentage of the time CPUs spend in low-power idle states.
-For details on preventing these adjustments from occurring during testing, see
-<a href="#control-cpu">Controlling CPU Speeds</a>.</li>
-</ul>
-
-</li>
-</ul>
-
-<p>For example, Joe Droid wants to compute the <code>screen.on</code> value for a device. He enables
-airplane mode on the device, runs the device at a stable current state, holds the CPU speed constant
-, and uses a partial wakelock to prevent system suspend. Joe then turns the device screen off and
-takes a measurement (200mA). Next, Joe turns the device screen on at minimum brightness and takes
-another measurement (300mA). The <code>screen.on</code> value is 100mA (300 - 200).</p>
-
-<p>For components that don’t have a flat waveform of current consumption when active (such as
-cellular radio or Wi-Fi), measure the average current over time using a power monitoring tool.</p>
-
-<p>When using an external power source in place of the device battery, the system might experience
-problems due to an unconnected battery thermistor or integrated fuel gauge pins (i.e. an invalid
-reading for battery temperature or remaining battery capacity could shut down the kernel or Android
-system). Fake batteries can provide signals on thermistor or fuel gauge pins that mimic temperature
-and state of charge readings for a normal system, and may also provide convenient leads for
-connecting to external power supplies. Alternatively, you can modify the system to ignore the
-invalid data from the missing battery.</p>
-
-<h3 id="control-suspend">Controlling System Suspend</h3>
-
-<p>This section describes how to avoid system suspend state when you don’t want it to interfere with
-other measurements, and how to measure the power draw of system suspend state when you do want to
-measure it.</p>
-
-<h4>Preventing System Suspend</h4>
-
-<p>System suspend can introduce unwanted variance in power measurements and place system components
-in low-power states inappropriate for measuring active power use. To prevent the system from
-suspending while the screen is off, use a temporary partial wakelock. Using a USB cable, connect the
-device to a development host, then issue the following command:</p>
-
-<pre>
-$ adb shell "echo temporary > /sys/power/wake_lock"
-</pre>
-
-<p>While in wake_lock, the screen off state does not trigger a system suspend. (Remember to
-disconnect the USB cable from the device before measuring power consumption.)</p>
-
-<p>To remove the wakelock:</p>
-
-<pre>
-$ adb shell "echo temporary > /sys/power/wake_unlock"
-</pre>
-
-<h4>Measuring System Suspend</h4>
-
-<p>To measure the power draw during the system suspend state, measure the value of cpu.idle in the
-power profile. Before measuring:
-
-<ul>
-<li>Remove existing wakelocks (as described above).</li>
-<li>Place the device in airplane mode to avoid concurrent activity by the cellular radio, which
-might run on a processor separate from the SoC portions controlled by the system suspend.</li>
-<li>Ensure the system is in suspend state by:
-<ul>
-<li>Confirming current readings settle to a steady value. Readings should be within the expected
-range for the power consumption of the SoC suspend state plus the power consumption of system
-components that remain powered (such as the USB PHY).</li>
-<li>Checking the system console output.</li>
-<li>Watching for external indications of system status (such as an LED turning off when not in
-suspend).</li>
-</ul>
-</li>
-</ul>
-
-<h3 id="control-cpu">Controlling CPU Speeds</h3>
-
-<p>Active CPUs can be brought online or put offline, have their clock speeds and associated voltages
-changed (possibly also affecting memory bus speeds and other system core power states), and
-can enter lower power idle states while in the kernel idle loop. When measuring different CPU power
-states for the power profile, avoid the power draw variance when measuring other parameters. The
-power profile assumes all CPUs have the same available speeds and power characteristics.</p>
-
-<p>While measuring CPU power, or while holding CPU power constant to make other measurements, keep
-the number of CPUs brought online constant (such as having one CPU online and the rest
-offline/hotplugged out). Keeping all CPUs except one in scheduling idle may product acceptable
-results. Stopping the Android framework with <code>adb shell stop</code> can reduce system
-scheduling activity.</p>
-
-<p>You must specify the available CPU speeds for your device in the power profile cpu.speeds
-entry. To get a list of available CPU speeds, run:</p>
-
-<pre>
-adb shell cat /sys/devices/system/cpu/cpu0/cpufreq/stats/time_in_state
-</pre>
-
-<p>These speeds match the corresponding power measurements in value <code>cpu.active</code>.</p>
-
-<p>For platforms where number of cores brought online significantly affects power consumption, you
-might need to modify the cpufreq driver or governor for the platform. Most platforms support
-controlling CPU speed using the “userspace” cpufreq governor and using sysfs interfaces to
-set the speed. For example, to set speed for 200MHz on a system with only 1 CPU or all CPUs sharing
-a common cpufreq policy, use the system console or adb shell to run the following commands:</p>
-
-<pre>
-echo userspace > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
-echo 200000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
-echo 200000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
-echo 200000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
-cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
-</pre>
-
-<p class="note">
-<strong>Note</strong>: The exact commands differ depending on the platform cpufreq implementation.
-</p>
-
-<p>These commands ensure the new speed is not outside the allowed bounds, set the new speed, then
-print the speed at which the CPU is actually running (for verification). If the current
-minimum speed prior to execution is higher than 200000, you might need to reverse the order
-of the first two lines, or execute the first line again to drop the minimum speed prior to
-setting the maximum speed.</p>
-
-<p>To measure current consumed by a CPU running at various speeds, use the system console place the
-CPU in a CPU-bound loop using the command:</p>
-<pre>
-# while true; do true; done
-</pre>
-
-<p>Take the measurement while the loop executes.</p>
-
-<p>Some devices can limit maximum CPU speed while performing thermal throttling due to a high
-temperature measurement (i.e. after running CPUs at high speeds for sustained periods). Watch for
-such limiting, either using the system console output when taking measurements or by checking the
-kernel log after measuring.</p>
-
-<p>For the <code>cpu.awake</code> value, measure the power consumed when the system is not in
-suspend and not executing tasks. The CPU should be in a low-power scheduler <em>idle loop
-</em>, possibly executing an ARM Wait For Event instruction or in an SoC-specific low-power state
-with a fast-exit latency suitable for idle use.</p>
-
-<p>For the <code>cpu.active</code> value, power needs to be measured when the
-system is not in suspend mode and not executing tasks. One of the CPU (usually
-the primary CPU) should be running the task, and all the other CPUs should be in
-an idle state.</p>
-
-<h3 id="screen-power">Measuring Screen Power</h3>
-
-<p>When measuring screen on power, ensure that other devices normally turned on when the screen is
-enabled are also on. For example, if the touchscreen and display backlight would normally be on when
-the screen is on, ensure these devices are on when you measure to get a realistic example of screen
-on power usage.</p>
-
-<p>Some display technologies vary in power consumption according to the colors displayed, causing
-power measurements to vary considerably depending on what is displayed on the screen at the time of
-measurement. When measuring, ensure the screen is displaying something that has power
-characteristics of a realistic screen. Aim between the extremes of an all-black screen (which
-consumes the lowest power for some technologies) and an all-white screen. A common choice is a view
-of a schedule in the calendar app, which has a mix of white background and non-white elements.</p>
-
-<p>Measure screen on power at <em>minimum</em> and <em>maximum</em> display/backlight brightness.
-To set minimum brightness:</p>
-
-<ul>
-<li><strong>Use the Android UI</strong> (not recommended). Set the Settings > Display Brightness
-slider to the minimum display brightness. However, the Android UI allows setting brightness only to
-a minimum of 10-20% of the possible panel/backlight brightness, and does not allow setting
-brightness so low that the screen might not be visible without great effort.</li>
-<li><strong>Use a sysfs file</strong> (recommended). If available, use a sysfs file to control panel
-brightness all the way down to the minimum brightness supported by the hardware.</li>
-</ul>
-
-<p>Additionally, if the platform sysfs file enables turning the LCD panel, backlight, and
-touchscreen on and off, use the file to take measurements with the screen on and off. Otherwise,
-set a partial wakelock so the system does not suspend, then turn on and off the
-screen with the power button.</p>
-
-<h3 id="wifi-power">Measuring Wi-Fi Power</h3>
-
-<p>Perform Wi-Fi measurements on a relatively quiet network. Avoid introducing additional work
-processing high volumes of broadcast traffic that is unrelated to the activity being measured.</p>
-
-<p>The <code>wifi.on</code> value measures the power consumed when Wi-Fi is enabled but not actively
-transmitting or receiving. This is often measured as the delta between the current draw in
-system suspend (sleep) state with Wi-Fi enabled vs. disabled.</p>
-
-<p>The <code>wifi.scan</code> value measures the power consumed during a Wi-Fi scan for access
-points. Applications can trigger Wi-Fi scans using the WifiManager class
-<a href ="http://developer.android.com/reference/android/net/wifi/WifiManager.html">
-<code>startScan()</code>API</a>. You can also open Settings > Wi-Fi, which performs access point
-scans every few seconds with an apparent jump in power consumption, but you must subtract screen
-power from these measurements.</p>
-
-<p class="note">
-<strong>Note</strong>: Use a controlled setup (such as
-<a href="http://en.wikipedia.org/wiki/Iperf">iperf</a>) to generate network receive and transmit
-traffic.</p>
-
-<h2 id="device-power">Measuring Device Power</h2>
-
-<p>You can determine device power consumption for Android devices that include a battery fuel gauge
-such as a Summit SMB347 or Maxim MAX17050 (available on many Nexus devices). Use the in-system
-battery fuel gauge when external measurement equipment is not available or is inconvenient to
-connect to a device (such as in mobile usage).</p>
-
-<p>Measurements can include instantaneous current, remaining charge, battery capacity at test start
-and end, and more depending on the supported properties of the device (see below). For best results,
-perform device power measurements during long-running A/B tests that use the same device type with
-the same fuel gauge and same current sense resistor. Ensure the starting battery charge is the same
-for each device to avoid differing fuel gauge behavior at different points in the battery discharge
-curve.</p>
-
-<p>Even with identical test environments, measurements are not guaranteed to be of high absolute
-accuracy. However, most inaccuracies specific to the fuel gauge and sense resistor are consistent
-between test runs, making comparisons between identical devices useful. We recommend running
-multiple tests in different configurations to identify significant differences and relative power
-consumption between configurations.</p>
-
-<h3 id="power-consumption">Reading Power Consumption</h3>
-
-<p>To read power consumption data, insert calls to the API in your testing code.</p>
-
-<pre>
-import android.os.BatteryManager;
-import android.os.ServiceManager;
-import android.content.Context;
-BatteryManager mBatteryManager =
-(BatteryManager)Context.getSystemService(Context.BATTERY_SERVICE);
-Long energy =
-mBatteryManager.getLongProperty(BatteryManager.BATTERY_PROPERTY_ENERGY_COUNTER);
-Slog.i(TAG, "Remaining energy = " + energy + "nWh");
-</pre>
-
-<h3 id="avail-props">Available Properties</h3>
-
-<p>Android supports the following battery fuel gauge properties:</p>
-
-<pre>
-BATTERY_PROPERTY_CHARGE_COUNTER Remaining battery capacity in microampere-hours
-BATTERY_PROPERTY_CURRENT_NOW Instantaneous battery current in microamperes
-BATTERY_PROPERTY_CURRENT_AVERAGE Average battery current in microamperes
-BATTERY_PROPERTY_CAPACITY Remaining battery capacity as an integer percentage
-BATTERY_PROPERTY_ENERGY_COUNTER Remaining energy in nanowatt-hours
-</pre>
-
-<p>Most properties are read from kernel power_supply subsystem attributes of similar names.
-However, the exact properties, resolution of property values, and update frequency
-available for a specific device depend on:</p>
-
-<ul>
-<li>Fuel gauge hardware, such as a Summit SMB347 or Maxim MAX17050.</li>
-<li>Fuel gauge-to-system connection, such as the value of external current sense resistors.</li>
-<li>Fuel gauge chip software configuration, such as values chosen for average current computation
-intervals in the kernel driver.</li>
-</ul>
-
-<p>For details, see the properties available for <a href="#nexus-devices">Nexus devices</a>.</p>
-
-<h3 id="maxim-fuel">Maxim Fuel Gauge</h3>
-
-<p>When determining battery state-of-charge over a long period of time, the Maxim fuel gauge
-(MAX17050, BC15) corrects for coulomb-counter offset measurements. For measurements made over a
-short period of time (such as power consumption metering tests), the fuel gauge does not make
-corrections, making the offset the primary source of error when current measurements are too small
-(although no amount of time can eliminate the offset error completely).</p>
-
-<p>For a typical 10mOhm sense resistor design, the offset current should be better than 1.5mA,
-meaning any measurement is +/-1.5mA (PCBoard layout can also affect this variation). For example,
-when measuring a large current (200mA) you can expect the following:</p>
-
-<ul>
-<li>2mA (1% gain error of 200mA due to fuel gauge gain error)</li>
-<li>+2mA (1% gain error of 200mA due to sense resistor error)</li>
-<li>+1.5mA (current sense offset error from fuel gauge)</li>
-</ul>
-
-<p>The total error is 5.5mA (2.75%). Compare this to a medium current (50mA) where the same error
-percentages give a total error of 7% or to a small current (15mA) where +/-1.5mA gives a total error
-of 10%.</p>
-
-<p>For best results, we recommend measuring greater than 20mA. Gain measurement errors are
-systematic and repeatable, enabling you to test a device in multiple modes and get clean relative
-measurements (with exceptions for the 1.5mA offset).</p>
-
-<p>For +/-100uA relative measurements, required measurement time depends on:</p>
-
-<ul>
-<li><b>ADC sampling noise</b>. The MAX17050 with its normal factory configuration produces +/-1.5mA
-sample-to-sample variation due to noise, with each sample delivered at 175.8ms. You can expect a
-rough +/-100uA for a 1 minute test window and a clean 3-sigma noise less than 100uA (or 1-sigma
-noise at 33uA) for a 6 minute test window.</li>
-<li><b>Sample Aliasing because of load variation</b>. Variation exaggerates errors, so for samples
-with variation inherent in the loading, consider using a longer test window.</li>
-</ul>
-
-<h3 id="nexus-devices">Supported Nexus Devices</h3>
-
-<h5 id="nexus-5">Nexus 5</h5>
-
-<table>
-<tbody>
-<tr>
-<th>Model</th>
-<td>Nexus 5</td>
-</tr>
-<tr>
-<th>Fuel Gauge</th>
-<td>Maxim MAX17048 fuel gauge (ModelGauge™, no coulomb counter)</td>
-</tr>
-<tr>
-<th>Properties</th>
-<td>BATTERY_PROPERTY_CAPACITY</td>
-</tr>
-<tr>
-<th>Measurements</th>
-<td>The fuel gauge does not support any measurements other than battery State Of Charge to a
-resolution of %/256 (1/256th of a percent of full battery capacity).</td>
-</tr>
-</tbody>
-</table>
-
-
-<h5 id="nexus-6">Nexus 6</h5>
-
-<table>
-<tbody>
-<tr>
-<th>Model</th>
-<td>Nexus 6</td>
-</tr>
-<tr>
-<th>Fuel Gauge</th>
-<td>Maxim MAX17050 fuel gauge (a coulomb counter with Maxim ModelGauge™ adjustments), and a 10mohm
-current sense resistor.</td>
-</tr>
-<tr>
-<th>Properties</th>
-<td>BATTERY_PROPERTY_CAPACITY<br>
-BATTERY_PROPERTY_CURRENT_NOW<br>
-BATTERY_PROPERTY_CURRENT_AVERAGE<br>
-BATTERY_PROPERTY_CHARGE_COUNTER<br>
-BATTERY_PROPERTY_ENERGY_COUNTER</td>
-</tr>
-<tr>
-<th>Measurements</th>
-<td>CURRENT_NOW resolution 156.25uA, update period is 175.8ms.<br>
-CURRENT_AVERAGE resolution 156.25uA, update period configurable 0.7s - 6.4h, default 11.25 secs.<br>
-CHARGE_COUNTER (accumulated current, non-extended precision) resolution is 500uAh (raw coulomb
-counter read, not adjusted by fuel gauge for coulomb counter offset, plus inputs from the ModelGauge
-m3 algorithm including empty compensation).<br>
-CHARGE_COUNTER_EXT (extended precision in kernel) resolution 8nAh.<br>
-ENERGY_COUNTER is CHARGE_COUNTER_EXT at nominal voltage of 3.7V.</td>
-</tr>
-</tbody>
-</table>
-
-
-<h5 id="nexus-9">Nexus 9</h5>
-
-<table>
-<tbody>
-<tr>
-<th>Model</th>
-<td>Nexus 9</td>
-</tr>
-<tr>
-<th>Fuel Gauge</th>
-<td>Maxim MAX17050 fuel gauge (a coulomb counter with Maxim ModelGauge™ adjustments), and a 10mohm
-current sense resistor.</td>
-</tr>
-<tr>
-<th>Properties</th>
-<td>BATTERY_PROPERTY_CAPACITY<br>
-BATTERY_PROPERTY_CURRENT_NOW<br>
-BATTERY_PROPERTY_CURRENT_AVERAGE<br>
-BATTERY_PROPERTY_CHARGE_COUNTER<br>
-BATTERY_PROPERTY_ENERGY_COUNTER</td>
-</tr>
-<tr>
-<th>Measurements</th>
-<td>CURRENT_NOW resolution 156.25uA, update period is 175.8ms.<br>
-CURRENT_AVERAGE resolution 156.25uA, update period configurable 0.7s - 6.4h, default 11.25 secs.<br>
-CHARGE_COUNTER (accumulated current, non-extended precision) resolution is 500uAh.<br>
-CHARGE_COUNTER_EXT (extended precision in kernel) resolution 8nAh.<br>
-ENERGY_COUNTER is CHARGE_COUNTER_EXT at nominal voltage of 3.7V.<br>
-Accumulated current update period 175.8ms.<br>
-ADC sampled at 175ms quantization with a 4ms sample period. Can adjust duty cycle.</td>
-</tr>
-</tbody>
-</table>
-
-
-<h5 id="nexus-10">Nexus 10</h5>
-
-<table>
-<tbody>
-<tr>
-<th>Model</th>
-<td>Nexus 10</td>
-</tr>
-<tr>
-<th>Fuel Gauge</th>
-<td>Dallas Semiconductor DS2784 fuel gauge (a coulomb counter), with a 10mohm current sense
-resistor.</td>
-</tr>
-<tr>
-<th>Properties</th>
-<td>BATTERY_PROPERTY_CAPACITY<br>
-BATTERY_PROPERTY_CURRENT_NOW<br>
-BATTERY_PROPERTY_CURRENT_AVERAGE<br>
-BATTERY_PROPERTY_CHARGE_COUNTER<br>
-BATTERY_PROPERTY_ENERGY_COUNTER</td>
-</tr>
-<tr>
-<th>Measurements</th>
-<td>Current measurement (instantaneous and average) resolution is 156.3uA.<br>
-CURRENT_NOW instantaneous current update period is 3.5 seconds.<br>
-CURRENT_AVERAGE update period is 28 seconds (not configurable).<br>
-CHARGE_COUNTER (accumulated current, non-extended precision) resolution is 625uAh.<br>
-CHARGE_COUNTER_EXT (extended precision in kernel) resolution is 144nAh.<br>
-ENERGY_COUNTER is CHARGE_COUNTER_EXT at nominal voltage of 3.7V.<br>
-Update period for all is 3.5 seconds.</td>
-</tr>
-</tbody>
-</table>
-
-
-<h2 id="viewing-usage">Viewing Battery Usage Data</h2>
-
-See <a href="{@docRoot}devices/tech/power/batterystats.html">Viewing Battery Usage Data</a>.
-
-<h2 id="power-values">Power Values</h2>
-
-<p>Device manufacturers must provide a component power profile defined in
-<em><device></em>/frameworks/base/core/res/res/xml/power_profile.xml. To
-determine these values, use hardware that measures the power being used by
-the device and perform the various operations for which information is needed.
-Measure the power use during those operations and compute the values (deriving
-differences from other base-line power uses as appropriate).</p>
-
-<table>
-<tr>
- <th>Name</th>
- <th>Description</th>
- <th>Example Value</th>
- <th>Notes</th>
-</tr>
-<tr>
- <td>none</td>
- <td>Nothing</td>
- <td>0</td>
- <td></td>
-</tr>
-
-<tr>
- <td>screen.on</td>
- <td>Additional power used when screen is turned on at minimum brightness.</td>
- <td>200mA</td>
- <td>Includes touch controller and display backlight. At 0 brightness, not the Android minimum which tends to be 10 or 20%.</td>
-</tr>
-
-<tr>
- <td>screen.full</td>
- <td>Additional power used when screen is at maximum brightness, compared to screen at minimum brightness.</td>
- <td>100mA-300mA</td>
- <td>A fraction of this value (based on screen brightness) is added to the screen.on value to compute the power usage of the screen.</td>
-</tr>
-
-<tr>
- <td>bluetooth.active</td>
- <td>Additional power used when playing audio through bluetooth A2DP.</td>
- <td>14mA</td>
- <td></td>
-</tr>
-
-<tr>
- <td>bluetooth.on</td>
- <td>Additional power used when bluetooth is turned on but idle.</td>
- <td>1.4mA</td>
- <td></td>
-</tr>
-
-<tr>
- <td>wifi.on</td>
- <td>Additional power used when Wi-Fi is turned on but not receiving, transmitting, or scanning.</td>
- <td>2mA</td>
- <td></td>
-</tr>
-
-<tr>
- <td>wifi.active</td>
- <td>Additional power used when transmitting or receiving over Wi-Fi.</td>
- <td>31mA</td>
- <td></td>
-</tr>
-
-<tr>
- <td>wifi.scan</td>
- <td>Additional power used when Wi-Fi is scanning for access points.</td>
- <td>100mA</td>
- <td></td>
-</tr>
-
-<tr>
- <td>dsp.audio</td>
- <td>Additional power used when audio decoding/encoding via DSP.</td>
- <td>14.1mA</td>
- <td>Reserved for future use.</td>
-</tr>
-
-
-<tr>
- <td>dsp.video</td>
- <td>Additional power used when video decoding via DSP.</td>
- <td>54mA</td>
- <td>Reserved for future use.</td>
-</tr>
-
-<tr>
- <td>gps.on</td>
- <td>Additional power used when GPS is acquiring a signal.</td>
- <td>50mA</td>
- <td></td>
-</tr>
-
-<tr>
- <td>radio.active</td>
- <td>Additional power used when cellular radio is transmitting/receiving.</td>
- <td>100mA-300mA</td>
- <td></td>
-</tr>
-
-<tr>
- <td>radio.scanning</td>
- <td>Additional power used when cellular radio is paging the tower.</td>
- <td>1.2mA</td>
- <td></td>
-</tr>
-
-<tr>
- <td>radio.on</td>
- <td>Additional power used when the cellular radio is on. Multi-value entry, one per signal strength (no signal, weak, moderate, strong).</td>
- <td>1.2mA</td>
- <td>Some radios boost power when they search for a cell tower and do not detect a signal. These
- numbers could all be the same or decreasing with increasing signal strength. If you provide only
- one value, the same value will be used for all strengths. If you provide 2 values, the first will
- be for no-signal and the second for all other strengths, and so on.</td>
-</tr>
-
-<tr>
- <td>cpu.speeds</td>
- <td>Multi-value entry that lists each possible CPU speed in KHz.</td>
- <td>125000KHz, 250000KHz, 500000KHz, 1000000KHz, 1500000KHz</td>
- <td>The number and order of entries must correspond to the mA entries in cpu.active.</td>
-</tr>
-
-<tr>
- <td>cpu.idle</td>
- <td>Total power drawn by the system when CPUs (and the SoC) are in system suspend state.</td>
- <td>3mA</td>
- <td></td>
-</tr>
-
-<tr>
- <td>cpu.awake</td>
- <td>Additional power used when CPUs are in scheduling idle state (kernel idle loop); system is not
- in system suspend state.</td>
- <td>50mA</td>
- <td>Your platform might have more than one idle state in use with differing
-levels of power consumption; choose a representative idle state for longer
-periods of scheduler idle (several milliseconds). Examine the power graph on
-your measurement equipment and choose samples where the CPU is at its lowest
-consumption, discarding higher samples where the CPU exited idle.</td>
-</tr>
-
-<tr>
- <td>cpu.active</td>
- <td>Additional power used by CPUs when running at different speeds.</td>
- <td>100mA, 120mA, 140mA, 160mA, 200mA</td>
- <td>Set the max speed in the kernel to each of the allowed speeds and peg the CPU at that
-speed. The number of entries here correspond to the number of entries in cpu.speeds, in the
-same order.</td>
-</tr>
-
-<tr>
- <td>battery.capacity</td>
- <td>The total battery capacity in mAh.</td>
- <td>3000mAh</td>
- <td></td>
-</tr>
-
-</table>
-
-<h3 id="sample">Sample file</h3>
-
-<pre>
-<!-- Most values are the incremental current used by a feature, in mA (measured at
-nominal voltage). OEMs must measure and provide actual values before shipping a device.
-Example real-world values are given, but are dependent on the platform
-and can vary significantly, so should be measured on the shipping platform with a power meter.
--->
-0
-200
-160
-10
-<!-- Bluetooth stereo audio playback 10.0 mA -->
-1.3
-0.5
-30
-100
-12
-50
-50
-75
-1.1
-<!-- Strength 0 to BINS-1 (4) -->
-1.1
-
-<!-- Different CPU speeds as reported in
-/sys/devices/system/cpu/cpu0/cpufreq/stats/time_in_state -->
-
-250000 <!-- 250 MHz -->
-500000 <!-- 500 MHz -->
-750000 <!-- 750 MHz -->
-1000000 <!-- 1 GHz -->
-1200000 <!-- 1.2 GHz -->
-
-<!-- Power consumption when CPU is idle -->
-3.0
-50.1
-<!-- Power consumption at different speeds -->
-
-100 <!-- 250 MHz -->
-120 <!-- 500 MHz -->
-140 <!-- 750 MHz -->
-155 <!-- 1 GHz -->
-175 <!-- 1.2 GHz -->
-
-<!-- This is the battery capacity in mAh -->
-3000
-<!-- Battery capacity is 3000 mAH (at 3.6 Volts) -->
-
-</pre>
diff --git a/src/devices/tech/power/mgmt.jd b/src/devices/tech/power/mgmt.jd
new file mode 100644
index 0000000..51c87e7
--- /dev/null
+++ b/src/devices/tech/power/mgmt.jd
@@ -0,0 +1,261 @@
+page.title=Power Management
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc"></ol>
+ </div>
+</div>
+
+<p>Battery life is a perennial user concern. To extend battery life, Android
+continually adds new features and optimizations to help the platform optimize
+the off-charger behavior of applications and devices.</p>
+<p>The Android 6.0 release includes the following improvements to battery life:
+</p>
+
+<ul>
+<li><b><a href="#app-standby">App Standby</b></a>. The platform can now place
+unused applications in App Standby mode, temporarily restricting network access
+and deferring syncs and jobs for those applications.</li>
+<li><b><a href="#doze">Doze</b></a>. The platform now enters a state of deep
+sleep (periodically resuming normal operations) if users have not actively used
+their device (screen off and stationary) for extended periods of time. As this
+feature requires the platform to detect the stationary state, it is available
+only on devices that implement the significant motion detection APIs in the
+Sensor HAL. Doze dramatically improves battery life.</li>
+<li><b><a href="#exempt-apps">Exemptions</b></a>. System apps and cloud
+messaging services preloaded on a device are typically exempted by default. App
+developers can intent their applications into this setting. Users can also
+exempt applications from App Standby and Doze via Settings > Battery >
+Battery optimization > All apps and then selecting the app to turn off (or back
+on) optimization.</li>
+</ul>
+<p>The following sections describe these improvements.</p>
+
+<h2 id="app-standby">App Standby</h2>
+<p>App Standby extends battery life by deferring background network activity
+and jobs for applications the user is not actively using.</p>
+
+<h3 id="app-standby-life">App Standby lifecycle</h3>
+<p>The platform detects inactive applications and places them in App Standby
+until the user begins actively engaging with the application.</p>
+
+<table>
+<tbody>
+<tr>
+<th width=33%>Detection</th>
+<th width=33%>During App Standby</th>
+<th width=33%>Exit</th>
+</tr>
+
+<tr>
+<td><p>The platform detects an application is inactive when the device is not
+charging <strong>and</strong> the user has not launched the application directly
+or indirectly for a specific amount of clock time as well as a specific amount
+of screen-on time. (Indirect launches occur when a foreground app accesses a
+service in a second app.)</p></td>
+<td><p>The platform prevents applications from accessing the network more than
+once a day, deferring application syncs and other jobs.</p></td>
+<td><p>The platform exits the app from App Standby when:</p>
+<ul>
+<li>Application becomes active.</li>
+<li>Device is plugged in and charging.</li>
+</ul>
+</td>
+</tr>
+</tbody>
+</table>
+
+<p>Active applications are unaffected by App Standby. An application is active
+when it has:</p>
+<ul>
+<li>A process currently in the foreground (either as an activity or foreground
+service, or in use by another activity or foreground service), such as
+notification listener, accessibility services, live wallpaper, etc.</li>
+<li>A notification viewed by the user, such as in the lock screen or
+notification tray.</li>
+<li>Explicitly been launched by the user.</li>
+</ul>
+<p>An application is inactive if none of the above activities has occurred for
+a period of time.
+</p>
+
+<h3>Testing App Standby</h3>
+<p>You can manually test App Standby using the following ADB commands:</p>
+
+<pre>
+$ adb shell dumpsys battery unplug
+$ adb shell am set-idle packageName true
+$ adb shell am set-idle packageName false
+$ adb shell am get-idle packageName
+</pre>
+
+<h2 id="doze">Doze</h2>
+
+<p>Doze extends battery life by deferring application background CPU and
+network activity when a device is unused for long periods.</p>
+
+<p>Idle devices in Doze periodically enter a maintenance window, during which
+apps can complete pending activities (syncs, jobs, etc.). Doze then resumes sleep
+for a longer period of time, followed by another maintenance window. The
+platform continues the Doze sleep/maintenance sequence, increasing the length of
+idle each time, until a maximum of a few hours of sleep time is reached. At all
+times, a device in Doze remains aware of motion and immediately leaves Doze
+if motion is detected.</p>
+
+<p>System services (such as telephony) and other preloaded services/apps are
+exempted from Doze by default. Users can also exempt specific applications from
+Doze in the Settings menu. By default, Doze is <b>disabled</b> in the Android
+Open Source Project (AOSP). For details on enabling Doze, see
+<a href="#integrate-doze">Integrating Doze</a>.</p>
+
+<h3 id="doze-reqs">Doze requirements</h3>
+
+<p>Doze support requires the following:</p>
+<ul>
+<li>Device implements the
+<a href="http://source.android.com/devices/sensors/sensor-types.html#significant_motion">significant
+motion detector (SMD) APIs</a> in the Sensor HAL. Devices that do not implement
+these APIs cannot support Doze.</li>
+<li>Device has a cloud messaging service, such as
+<a href="https://developers.google.com/cloud-messaging/">Google Cloud Messaging
+(GCM).</a> This enables the device to know when to wake from Doze.</li>
+</ul>
+
+<h3 id="doze-life">Doze lifecycle</h3>
+
+<p>The Doze lifecycle begins when the platform detects the device is idle and
+ends when the device exits Doze mode.</p>
+
+<table>
+<tbody>
+<tr>
+<th width=33%>Detection</td>
+<th width=33%>During Doze</th>
+<th width=33%>Exit</th>
+</tr>
+<tr>
+<td><p>The platform detects a device is idle when:</p>
+<ul>
+<li>Device is stationary (using significant motion detector).</li>
+<li>Device screen is off for some amount of time.</li>
+</ul>
+<p>Doze mode does not engage when the device is plugged into a power charger.
+</p>
+</td>
+<td><p>The platform attempts to keep the system in a sleep state, periodically
+resuming normal operations during a maintenance window then returning the device
+to sleep for longer repeating periods. During the sleep state, the following
+restrictions are active:</p>
+<ul>
+<li>Apps not allowed network access.</li>
+<li>App wakelocks ignored.</li>
+<li>Alarms deferred. Excludes alarm clock alarms and alarms set using
+<code>setAndAllowWhileIdle()</code>. This exemption is intended for apps (such
+as Calendar) that must show event reminder notifications.</li>
+<li>Wi-Fi scans not performed.</li>
+<li>SyncAdapter syncs and JobScheduler jobs deferred until the next maintenance
+window.</li>
+<li>Apps receiving SMS and MMS messages are put on a temporary whitelist so
+they can complete their processing.</li>
+</ul>
+</td>
+<td><p>The platform exits the device from Doze when it detects:</p>
+<ul>
+<li>User interaction with device.</li>
+<li>Device movement.</li>
+<li>Device screen turns on.</li>
+<li>Imminent AlarmClock alarm.</li>
+</ul>
+<p>Notifications do not cause the device to exit from Doze.</p>
+</td>
+</tr>
+</tbody>
+</table>
+
+<h3 id="doze-interactions">Interaction with App Standby</h3>
+<ul>
+<li>Time spent in Doze does not count towards App Standby.</li>
+<li>While the device is in Doze, idle applications are allowed to perform normal
+operations at least once a day.</li>
+</ul>
+
+<h3 id="integrate-doze">Integrating Doze</h3>
+<p>To enable Doze for a device, perform the following tasks:</p>
+
+<ol>
+<li>Confirm the device supports
+<a href="http://source.android.com/devices/sensors/sensor-types.html#significant_motion">SENSOR_TYPE_SIGNIFICANT_MOTION
+</a>. If the device does not support this sensor, it cannot support Doze.</li>
+<li>Confirm the device has a cloud messaging service installed.</li>
+<li>In the device overlay config file
+<code>overlay/frameworks/base/core/res/res/values/config.xml</code>, set
+<code>config_enableAutoPowerModes</code> to <b>true</b>:
+<pre>
+bool name="config_enableAutoPowerModes">true</bool>
+</pre>
+<br>In AOSP, this parameter is set to false (Doze disabled) by default.<br>
+</li>
+<li>Confirm that preloaded apps and services:
+<ul>
+<li>Use the new
+<a href="https://developer.android.com/preview/behavior-changes.html#behavior-power">power-saving
+optimization guidelines</a>. For details, see <a href="#test-apps">Testing and
+optimizing applications</a>.
+<p><b>OR</b></p>
+<li>Are exempted from Doze and App Standby. For details, see
+<a href="#exempt-apps">Exempting applications</a>.</li>
+</ul>
+</li>
+<li>Confirm the necessary services are exempted from Doze.</a>
+</li>
+</ol>
+
+<h4 id="test-apps">Testing and optimizing applications</h4>
+<p>Test all applications (especially preloaded applications) in Doze mode. For
+details, refer to
+<a href="https://developer.android.com/preview/testing/guide.html#doze-standby">Testing
+Doze and App Standby</a>.</p>
+
+<p class="note"><b>Note</b>: MMS/SMS/Telephony services function independently
+of Doze and will always wake client apps even while the device remains in Doze
+mode.</p>
+
+<h2 id="exempt-apps">Exempting applications</h2>
+<p>You can exempt applications from being subject to Doze or App Standby.</p>
+
+<p class="warning"><b>Warning</b>: Do not exempt apps to avoid testing and
+optimizing. Unnecessary exemptions undermine the benefits of Doze and App
+Standby and can compromise the user experience, so we strongly suggest
+minimizing such exemptions as they allow applications to defeat beneficial
+controls the platform has over power use. If users become unhappy about the
+power consumption of these apps, it can lead to frustration, bad experiences
+(and negative user reviews for the app), and customer support questions. For
+these reasons, we strongly recommend that you do not exempt third-party
+applications and instead exempt only cloud messaging services or apps with
+similar functions.</p>
+
+<p>Apps exempted by default are listed in a single view within the Settings >
+Battery menu. This list is used for exempting the app from both Doze and App
+Standby modes. To provide transparency to the user, the Settings menu
+<b>MUST</b> show all exempted applications.</p>
+
+<p>Users can manually exempt apps using the Settings menu. However, users cannot
+unexempt any application or service that is exempted by default in the system
+image.</p>
\ No newline at end of file
diff --git a/src/devices/tech/power/values.jd b/src/devices/tech/power/values.jd
new file mode 100644
index 0000000..8c6d4ac
--- /dev/null
+++ b/src/devices/tech/power/values.jd
@@ -0,0 +1,263 @@
+page.title=Measuring Power Values
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc"></ol>
+ </div>
+</div>
+
+
+<p>Device manufacturers must provide a component power profile in
+<code>/frameworks/base/core/res/res/xml/power_profile.xml</code>.</p>
+
+<p>To determine values for power profiles, use hardware that measures the power
+being used by the device and perform the various operations for which
+information is needed. Measure the power use during those operations and compute
+the values (deriving differences from other baseline power uses as appropriate).
+</p>
+
+<h2 id="multiple-cpus">Devices with heterogeneous CPUs</h2>
+
+<p>The power profile for devices with CPU cores of heterogeneous architecture
+must include the following additional fields:
+<ul>
+<li>Number of total CPUs for each cluster.</li>
+<li>CPU speeds supported by each cluster.</li>
+</ul>
+
+<p>To differentiate between active CPUs and supported CPU speeds for each
+cluster, append the cluster number to the name of the array. Example:</p>
+
+<pre>
+<array name="cpu.active.cluster0">
+<value>200</value>
+<value>300</value>
+<value>400</value>
+</array>
+<array name="cpu.speeds.cluster0">
+<value>600000</value>
+<value>800000</value>
+<value>1200000</value>
+</array>
+
+<array name="cpu.active.cluster1">
+<value>400</value>
+<value>500</value>
+<value>600</value>
+</array>
+<array name="cpu.speeds.cluster1">
+<value>800000</value>
+<value>1200000</value>
+<value>1400000</value>
+</array>
+</pre>
+
+<h2 id="values">Power values</h2>
+<p>The following table describes available power value settings. To view the
+sample file in AOSP, see
+<a href="https://android.googlesource.com/platform/frameworks/base/+/master/core/res/res/xml/power_profile.xml">power_profile.xml</a>.</p>
+
+<table>
+<tr>
+ <th>Name</th>
+ <th>Description</th>
+ <th>Example Value</th>
+ <th>Notes</th>
+</tr>
+<tr>
+ <td>none</td>
+ <td>Nothing</td>
+ <td>0</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>screen.on</td>
+ <td>Additional power used when screen is turned on at minimum brightness.</td>
+ <td>200mA</td>
+ <td>Includes touch controller and display backlight. At 0 brightness, not the
+ Android minimum which tends to be 10 or 20%.</td>
+</tr>
+
+<tr>
+ <td>screen.full</td>
+ <td>Additional power used when screen is at maximum brightness, compared to
+ screen at minimum brightness.</td>
+ <td>100mA-300mA</td>
+ <td>A fraction of this value (based on screen brightness) is added to the
+ screen.on value to compute the power usage of the screen.</td>
+</tr>
+
+<tr>
+ <td>bluetooth.active</td>
+ <td>Additional power used when playing audio through Bluetooth A2DP.</td>
+ <td>14mA</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>bluetooth.on</td>
+ <td>Additional power used when Bluetooth is turned on but idle.</td>
+ <td>1.4mA</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>wifi.on</td>
+ <td>Additional power used when Wi-Fi is turned on but not receiving,
+ transmitting, or scanning.</td>
+ <td>2mA</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>wifi.active</td>
+ <td>Additional power used when transmitting or receiving over Wi-Fi.</td>
+ <td>31mA</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>wifi.scan</td>
+ <td>Additional power used when Wi-Fi is scanning for access points.</td>
+ <td>100mA</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>dsp.audio</td>
+ <td>Additional power used when audio decoding/encoding via DSP.</td>
+ <td>14.1mA</td>
+ <td>Reserved for future use.</td>
+</tr>
+
+
+<tr>
+ <td>dsp.video</td>
+ <td>Additional power used when video decoding via DSP.</td>
+ <td>54mA</td>
+ <td>Reserved for future use.</td>
+</tr>
+
+<tr>
+ <td>camera.avg</td>
+ <td>Average power use by the camera subsystem for a typical camera
+ application.</td>
+ <td>600mA</td>
+ <td>Intended as a rough estimate for an application running a preview
+ and capturing approximately 10 full-resolution pictures per minute.</td>
+</tr>
+
+<tr>
+ <td>camera.flashlight</td>
+ <td>Average power used by the camera flash module when on.</td>
+ <td>200mA</td>
+ <td></td>
+</tr>
+
+
+<tr>
+ <td>gps.on</td>
+ <td>Additional power used when GPS is acquiring a signal.</td>
+ <td>50mA</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>radio.active</td>
+ <td>Additional power used when cellular radio is transmitting/receiving.</td>
+ <td>100mA-300mA</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>radio.scanning</td>
+ <td>Additional power used when cellular radio is paging the tower.</td>
+ <td>1.2mA</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>radio.on</td>
+ <td>Additional power used when the cellular radio is on. Multi-value entry,
+ one per signal strength (no signal, weak, moderate, strong).</td>
+ <td>1.2mA</td>
+ <td>Some radios boost power when they search for a cell tower and do not
+ detect a signal. Values can be the same or decrease with increasing signal
+ strength. If you provide only one value, the same value is used for all
+ strengths. If you provide two values, the first is used for no-signal, the
+ second value is used for all other strengths, and so on.</td>
+</tr>
+
+<tr>
+ <td>cpu.speeds</td>
+ <td>Multi-value entry that lists each possible CPU speed in KHz.</td>
+ <td>125000KHz, 250000KHz, 500000KHz, 1000000KHz, 1500000KHz</td>
+ <td>The number and order of entries must correspond to the mA entries in
+ cpu.active.</td>
+</tr>
+
+<tr>
+ <td>cpu.idle</td>
+ <td>Total power drawn by the system when CPUs (and the SoC) are in system
+ suspend state.</td>
+ <td>3mA</td>
+ <td></td>
+</tr>
+
+<tr>
+ <td>cpu.awake</td>
+ <td>Additional power used when CPUs are in scheduling idle state
+ (kernel idle loop); system is not in system suspend state.</td>
+ <td>50mA</td>
+ <td>Your platform might have more than one idle state in use with differing
+ levels of power consumption; choose a representative idle state for longer
+ periods of scheduler idle (several milliseconds). Examine the power graph on
+ your measurement equipment and choose samples where the CPU is at its lowest
+ consumption, discarding higher samples where the CPU exited idle.</td>
+</tr>
+
+<tr>
+ <td>cpu.active</td>
+ <td>Additional power used by CPUs when running at different speeds.</td>
+ <td>100mA, 120mA, 140mA, 160mA, 200mA</td>
+ <td>Set the max speed in the kernel to each of the allowed speeds and peg the
+ CPU at that speed. The number of entries here correspond to the number of
+ entries in cpu.speeds, in the same order.</td>
+</tr>
+
+<tr>
+ <td>cpu.clusters.cores</td>
+ <td>Number of cores each CPU cluster contains.</td>
+ <td>4, 2</td>
+ <td>Required only for devices with <a href="#multiple-cpus">heterogeneous CPU
+ architectures</a>. Number of entries and order should match the number of
+ cluster entries for the cpu.active and cpu.speeds. The first entry represents
+ the number of CPU cores in cluster0, the second entry represents the number of
+ CPU cores in cluster1, and so on.</td>
+</tr>
+
+<tr>
+ <td>battery.capacity</td>
+ <td>Total battery capacity in mAh.</td>
+ <td>3000mAh</td>
+ <td></td>
+</tr>
+</table>
\ No newline at end of file
diff --git a/src/devices/tech/ram/index.jd b/src/devices/tech/ram/index.jd
deleted file mode 100644
index 2bb2717..0000000
--- a/src/devices/tech/ram/index.jd
+++ /dev/null
@@ -1,21 +0,0 @@
-page.title=RAM
-@jd:body
-
-<!--
- Copyright 2015 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<p> The following sections contain information, documentation, tips and tricks about Android memory managment and RAM diagnostics.</p>
-
diff --git a/src/devices/tech/security/authentication/fingerprint-hal.jd b/src/devices/tech/security/authentication/fingerprint-hal.jd
new file mode 100644
index 0000000..e5af5e4
--- /dev/null
+++ b/src/devices/tech/security/authentication/fingerprint-hal.jd
@@ -0,0 +1,174 @@
+page.title=Fingerprint HAL
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<h2 id=overview>Overview</h2>
+
+<p>If a device has a fingerprint sensor, a user can enroll one or more
+fingerprints and then use their fingerprints to unlock the device and perform
+other tasks.</p>
+
+<p>Android uses the Fingerprint Hardware Abstraction Layer (HAL) to connect to a
+vendor-specific library and fingerprint hardware, e.g. a fingerprint sensor.</p>
+
+<p>To implement the Fingerprint HAL, you must implement
+<a href="#major_functions_in_the_fingerprint_hal">functions</a>
+in <code>fingerprint.h</code> (<code>/hardware/libhardware/include/hardware/fingerprint.h</code>)
+in a vendor-specific library; please see the comments in
+the <a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/fingerprint.h"><code>fingerprint.h</code></a> file.</p>
+
+<h3 id=fingerprint_matching_flow>Fingerprint matching flow</h3>
+
+<p>The following is a high-level flow for fingerprint matching. This flow assumes
+that a fingerprint already has been enrolled on the device, i.e. the
+vendor-specific library already has enrolled a template for the fingerprint.
+Also see <a href="index.html">Authentication</a>.</p>
+
+<p>The fingerprint sensor of a device generally is idle. But in response to a call
+to the <code>authenticate</code> or <code>enroll</code> function, the fingerprint
+sensor listens for a touch (and perhaps the screen
+wakes up when a user touches the fingerprint sensor).</p>
+
+<ol>
+ <li>The user places a finger on the fingerprint sensor, and the vendor-specific
+library determines if there is a match based on the current set of enrolled
+templates.
+ <li>The result of step 1 is passed to the Fingerprint HAL, which notifies
+<code>fingerprintd</code> (the Fingerprint daemon) of a fingerprint authentication.
+</ol>
+
+<p>Note that as more templates are stored on a single device, the time needed for
+matching is increased.</p>
+
+<h2 id=architecture>Architecture</h2>
+
+<p>The <strong>Fingerprint HAL</strong> interacts with the following components:</p>
+
+<ul>
+ <li><strong>FingerprintManager API</strong>. Interacts directly with an app in an app process.
+ <ul>
+ <li>Each app has an instance of FingerprintManager.
+ <li>FingerprintManager is a wrapper that communicates with FingerprintService.
+ </ul>
+ <li><strong>FingerprintService</strong>. A singleton service that operates in the system
+ process, which handles
+communication with <code>fingerprintd</code>.
+ <li><strong>fingerprintd (Fingerprint daemon)</strong>. A C/C++ implementation of the
+ binder interface from FingerprintService. The
+<code>fingerprintd</code> daemon operates in its own process and wraps the Fingerprint HAL
+vendor-specific library.
+ <li><strong>Fingerprint HAL vendor-specific library</strong>. A hardware vendor's
+ implementation of the Fingerprint HAL. The
+vendor-specific library communicates with the device-specific hardware.
+ <li><strong>Keystore API and Keymaster</strong>. These components provide hardware-backed cryptography
+ for secure key storage
+ in a Trusted Execution Environment (TEE).
+</ul>
+
+<p>As shown in the following diagram, a vendor-specific HAL implementation needs
+to use the communication protocol required by a TEE.</p>
+
+<img src="../images/fingerprint-data-flow.png" alt="Data flow for fingerprint authentication" id="figure1" />
+
+<p class="img-caption"><strong>Figure 1.</strong> High-level data flow for fingerprint authentication</p>
+
+<p>Thus, raw images and processed fingerprint features must not be passed in
+untrusted memory. All such biometric data needs to be secured within sensor
+hardware or trusted memory. (Memory inside the TEE is considered as trusted
+memory; memory outside the TEE is considered untrusted.)</p>
+
+<p>Rooting must not compromise biometric data.</p>
+
+<p>As shown in the following diagram, <code>fingerprintd</code> makes calls through the
+Fingerprint HAL to the vendor-specific library to enroll fingerprints and
+perform other operations.</p>
+
+<img src="../images/fingerprint-daemon.png" alt="Interaction with fingerprintd" id="figure2" />
+<p class="img-caption"><strong>Figure 2.</strong> Interaction of the
+fingerprint daemon (<code>fingerprintd</code>) with the fingerprint vendor-specific library</p>
+
+<h2 id=fingerprint_implementation_guidelines>Fingerprint implementation guidelines</h2>
+
+<p>The guidelines in this section are intended to ensure the following:</p>
+
+<ul>
+ <li>Fingerprint data is not leaked
+ <li>Fingerprint data is removed when a user account is removed from a device
+</ul>
+
+<p>Here are the guidelines:</p>
+
+<ol>
+ <li>Raw fingerprint data or derivatives (e.g. templates) must never be accessible
+from outside the sensor driver or Trusted Execution Environment (TEE). Hardware
+access must be limited to the TEE, if the hardware supports it, and must be protected by
+an SELinux policy. That is, the Serial Peripheral Interface (SPI) channel must
+be accessible only to the TEE, and there must be an explicit SELinux policy on
+all device files.
+ <li>Fingerprint acquisition, enrollment and recognition must occur inside the TEE.
+ <li>Only the encrypted form of the fingerprint data can be stored on the file
+system, even if the file system itself is encrypted.
+ <li>Fingerprint templates must be signed with a private, device-specific key, for
+example with AES, with at least the absolute file-system path, group and finger
+ID such that template files are inoperable on another device or for anyone
+other than the user that enrolled them on the same device. For example, copying
+the fingerprint data from a different user on the same device, or from another
+device, must not work.
+ <li>Implementations must either use the file system path provided by the
+ <code>set_active_group()</code> function or provide a way to erase all user template data when the user
+account is removed. It is strongly recommended that fingerprint template files
+be stored as encrypted in the path provided. If this is infeasible due to TEE
+storage requirements, then the implementer must add hooks to ensure removal of
+the data when the user's account is removed.
+</ol>
+
+<h2 id=major_functions_in_the_fingerprint_hal>Major functions in the Fingerprint HAL</h2>
+
+<p>Below are the major functions in the <code>/hardware/libhardware/include/hardware/fingerprint.h</code> file; see the detailed descriptions in that
+file.</p>
+
+<ul>
+ <li><strong>enroll.</strong> Switches the HAL state machine to start the collection and storage of a
+fingerprint template. As soon as enrollment is complete, or after a timeout,
+the HAL state machine is returned to the idle state.
+ <li><strong>pre_enroll.</strong> Generates a unique token to indicate the start of a fingerprint enrollment.
+Provides a token to the <code>enroll</code> function to ensure there was prior authentication, e.g. using a password. The
+token is wrapped and, for example, HMAC'd, once the device credential is
+confirmed, to prevent tampering. The token must be checked during enrollment to
+verify that the token is still valid.
+ <li><strong>get_authenticator_id.</strong> Returns a token associated with the current fingerprint set.
+ <li><strong>cancel.</strong> Cancels any pending enroll or authenticate operations. The HAL state machine
+is returned to the idle state.
+ <li><strong>enumerate.</strong> Synchronous call for enumerating all known fingerprint templates.
+ <li><strong>remove.</strong> Deletes a fingerprint template.
+ <li><strong>set_active_group.</strong> Restricts a HAL operation to a set of fingerprints that belong to a specified
+group (identified by a group identifier, or GID).
+ <li><strong>authenticate.</strong> Authenticates a fingerprint-related operation (identified by an operation ID).
+ <li><strong>set_notify.</strong> Registers a user function that will get notifications from the HAL. If the HAL
+state machine is in a busy state, the function is blocked until the HAL leaves
+the busy state.
+</ul>
+
diff --git a/src/devices/tech/security/authentication/gatekeeper.jd b/src/devices/tech/security/authentication/gatekeeper.jd
new file mode 100644
index 0000000..9d760bc
--- /dev/null
+++ b/src/devices/tech/security/authentication/gatekeeper.jd
@@ -0,0 +1,192 @@
+page.title=Gatekeeper
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<h2 id=overview>Overview</h2>
+
+<p>The Gatekeeper subsystem performs device pattern/password authentication in a
+Trusted Execution Environment (TEE). Gatekeeper enrolls and verifies passwords
+via an HMAC with a hardware-backed secret key. Additionally, Gatekeeper
+throttles consecutive failed verification attempts and must refuse to service
+requests based on a given timeout and a given number of consecutive failed
+attempts.</p>
+
+<p>When users verify their passwords, Gatekeeper uses the TEE-derived shared
+secret to sign an authentication attestation to
+send to <a href="keymaster.html">Keymaster</a>. That is, a
+Gatekeeper attestation notifies Keymaster that authentication-bound keys (for
+example, keys that apps have created) can be released for use by apps.</p>
+
+<h2 id=architecture>Architecture</h2>
+
+<p>Gatekeeper involves three main components:</p>
+
+<ul>
+ <li><strong>gatekeeperd (Gatekeeper daemon)</strong>.
+ A C++ binder service containing platform-independent logic and corresponding
+to the <code>GateKeeperService</code> Java interface.
+ <li><strong>Gatekeeper Hardware Abstraction Layer (HAL)</strong>.
+ The HAL interface in <code>hardware/libhardware/include/hardware/gatekeeper.h</code>,
+ and the implementing module.
+ <li><strong>Gatekeeper (TEE)</strong>.
+ The TEE counterpart of <code>gatekeeperd</code>. A TEE-based implementation of Gatekeeper.
+</ul>
+
+<p>To implement Gatekeeper:</p>
+
+<ul>
+ <li>Implement the Gatekeeper HAL, specifically the functions in <code>gatekeeper.h</code>
+ (<code>hardware/libhardware/include/hardware/gatekeeper.h</code>). See <a href="#hal_implementation">HAL Implementation</a>.
+ <li>Implement the TEE-specific Gatekeeper component, in part based on the following
+header file: <code>system/gatekeeper/include/gatekeeper/gatekeeper.h</code>. This
+header file includes pure virtual functions for creating and accessing
+keys, as well as for computing signatures.
+See <a href="#trusty_and_other_implementations">Trusty and other implementations</a>.
+</ul>
+
+<p>As shown in the following diagram, the <code>LockSettingsService</code> makes a request (via
+Binder) that reaches the <code>gatekeeperd</code> daemon in the Android OS. The <code>gatekeeperd</code>
+daemon makes a request that reaches its counterpart (Gatekeeper) in the TEE.</p>
+
+<img src="../images/gatekeeper-flow.png" alt="Gatekeeper flow" id="figure1" />
+<p class="img-caption"><strong>Figure 1.</strong> High-level data flow for authentication by GateKeeper</p>
+
+<p>The <code>gatekeeperd</code> daemon gives the Android framework APIs access to the HAL, and
+participates in reporting device <a href="index.html">authentications</a> to Keymaster.
+The <code>gatekeeperd</code> daemon runs in its own process, separate from the system
+server.</p>
+
+<h2 id=hal_implementation>HAL Implementation</h2>
+
+<p>The <code>gatekeeperd</code> daemon uses the HAL to interact
+with the <code>gatekeeperd</code> daemon's TEE
+counterpart for password authentication. The HAL implementation must be able to
+sign (enroll) and verify blobs. All implementations are expected to adhere to
+the standard format for the authentication token (AuthToken) generated on each
+successful password verification. The contents and semantics of the AuthToken
+are described in <a href="index.html">Authentication</a>.</p>
+
+<p>Specifically, an implementation of the <code>gatekeeper.h</code> header file (in the
+<code>hardware/libhardware/include/hardware</code> folder) needs to implement the
+<code>enroll</code> and <code>verify</code> functions.</p>
+
+<p>The <code>enroll</code> function takes a password blob, signs it, and returns the signature
+as a handle. The returned blob (from a call to <code>enroll</code>) must have the structure
+shown in <code>system/gatekeeper/include/gatekeeper/password_handle.h</code>.</p>
+
+<p>The <code>verify</code> function needs to compare the signature produced by the provided password and
+ensure that it matches the enrolled password handle.</p>
+
+<p>The key used to enroll and verify must never change, and should be re-derivable
+at every device boot.</p>
+
+<h2 id=trusty_and_other_implementations>Trusty and other implementations</h2>
+
+<p>The Trusty operating system is Google's open source trusted OS for TEE
+environments. It contains an approved implementation of GateKeeper. However,
+<strong>any TEE OS</strong> can be used for the implementation of Gatekeeper.
+The TEE <strong>must</strong> have access to a hardware-backed key as well as a secure,
+monotonic clock <strong>that ticks in suspend</strong>.</p>
+
+<p>Trusty uses an internal IPC system to communicate a shared secret directly
+between Keymaster and the Trusty implementation of Gatekeeper ("Trusty
+Gatekeeper"). This shared secret is used for signing AuthTokens that will be
+sent to Keymaster, providing attestations of password verification. Trusty
+Gatekeeper requests the key from Keymaster for each use and does not persist
+or cache the value. Implementations are free to share this secret in any way
+that does not compromise security.</p>
+
+<p>The HMAC key, used to enroll and verify passwords, is derived and kept solely
+in GateKeeper.</p>
+
+<p>The Android tree provides a generic C++ implementation of GateKeeper, requiring
+only the addition of device-specific routines to be complete. To implement a
+TEE Gatekeeper with device-specific code for your TEE, please refer to the
+functions and comments in the following file:</p>
+<pre>
+system/gatekeeper/include/gatekeeper/gatekeeper.h
+</pre>
+
+<p>For the TEE GateKeeper, the primary responsibilities of a compliant
+implementation are:</p>
+
+<ul>
+ <li>Adherence to the Gatekeeper HAL
+ <li>Returned AuthTokens must be formatted according to the AuthToken specification
+(described in <a href="index.html">Authentication</a>)
+ <li>The TEE Gatekeeper must be able to share an HMAC key with Keymaster, either by
+requesting the key through a TEE IPC on demand or maintaining a valid cache of
+the value at all times
+</ul>
+
+<h2 id=user_sids>User SIDs</h2>
+
+<p>A User Secure ID (User SID) is the TEE representation of a user.
+The User SID has no strong connection to an Android user ID.</p>
+
+<p>A User SID is generated with a cryptographic
+PRNG whenever a user enrolls a new password without providing a previous one.
+This is known as an "untrusted" re-enroll.
+A "trusted" re-enroll occurs when a user provides a valid, previous password.
+In this case, the User SID is migrated to the new password handle,
+conserving the keys that were bound to it.
+The Android framework does not allow for an "untrusted" re-enroll under regular circumstances.</p>
+
+<p>The User SID is HMAC'ed along with the password in the password handle when the
+password is enrolled.</p>
+
+<p>User SIDs are written into the AuthToken returned by the <code>verify</code>
+function and associated to all authentication-bound Keymaster keys. For
+information about the AuthToken format and Keymaster, see
+<a href="index.html">Authentication</a>.
+Since an untrusted call to the <code>enroll</code> function
+will change the User SID, the call will render the keys bound to that password useless.</p>
+
+<p>Attackers can change the password for the device if they control the Android
+OS, but they will destroy root-protected, sensitive keys in the process.</p>
+
+<h2 id=request_throttling>Request throttling</h2>
+
+<p>GateKeeper must be able to securely throttle brute-force attempts on a user
+credential. As shown in the <code>gatekeeper.h</code>
+file (in <code>hardware/libhardware/include/hardware</code>),
+the HAL provides for returning a timeout in milliseconds. The timeout
+informs the client not to call GateKeeper again until after the timeout has
+elapsed. GateKeeper should not service requests if there is a pending timeout.</p>
+
+<p>GateKeeper must write a failure counter before verifying a user password. If
+the password verification succeeds, the failure counter should be cleared. This
+prevents attacks that prevent throttling by disabling the embedded MMC (eMMC)
+after issuing a <code>verify</code> call. The <code>enroll</code> function also verifies
+the user password (if provided) and so must be throttled in the same way.</p>
+
+<p>If supported by the device, it is highly recommended that the failure counter
+be written to secure storage. If the device does not support
+file-based encryption, or if secure storage is too slow, implementations may
+use RPMB directly.</p>
+
+
+
+
diff --git a/src/devices/tech/security/authentication/index.jd b/src/devices/tech/security/authentication/index.jd
new file mode 100644
index 0000000..86564eb
--- /dev/null
+++ b/src/devices/tech/security/authentication/index.jd
@@ -0,0 +1,250 @@
+page.title=Authentication
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<h2 id=overview>Overview</h2>
+
+<p>Android 6.0 introduces the concept of user-authentication-gated cryptographic
+keys. To achieve this, two key components need to work together.
+First is the cryptographic key storage and service provider, which stores
+cryptographic keys and provides standard crypto routines on top of them. Second
+is any number of user authenticators that may attest to the user's presence
+and/or successful authentication.</p>
+
+<p>The cryptographic key storage in Android is provided by the keystore service and Keymaster.
+(Also see information about
+the <a href="https://developer.android.com/training/articles/keystore.html">Android Keystore system</a>,
+at the framework level, which is backed by the keystore service.) For Android 6.0,
+the two supported authentication components are Gatekeeper (for
+PIN/pattern/password authentication) and Fingerprint (for fingerprint
+authentication). These components communicate their authentication
+state with the keystore service via an authenticated channel.</p>
+
+<ul>
+ <li><strong>The keystore service and <a href="keymaster.html">Keymaster</a>.</strong> Cryptographic services,
+ including hardware-backed cryptography for key storage,
+ which might include a Trusted Execution Environment (TEE).</li>
+ <li><strong><a href="gatekeeper.html">Gatekeeper</a>.</strong> Components for PIN, pattern, and password authentication.</li>
+ <li><strong><a href="fingerprint-hal.html">Fingerprint</a>.</strong> Components for fingerprint authentication.</li>
+</ul>
+
+<h2 id=architecture>Architecture</h2>
+
+<p>The Gatekeeper and Fingerprint components work with Keymaster and other
+components to support the use of hardware-backed <a href="#authentication_token_format">authentication tokens</a> (referred to below as "AuthTokens").</p>
+
+<h3 id=enrollment>Enrollment</h3>
+
+<p>Upon first boot of the device after a factory reset, all authenticators are prepared to receive
+credential enrollments from the user.</p>
+
+<p>The user must initially enroll a PIN/pattern/password with Gatekeeper. This
+initial enrollment creates a randomly generated, 64-bit User SID (user secure
+identifier, described further below) that serves as an identifier for the user
+and as a binding token for the user's cryptographic material.
+This User SID is cryptographically bound to the user's password.
+As detailed below, successful authentications to Gatekeeper result in AuthTokens that contain the User SID
+for that password.</p>
+
+<p>When a user wants to change their credential, they must present their existing
+credential. If the existing credential is verified successfully, the User SID
+associated with the existing credential is transferred to the new credential.
+This allows the user to keep accessing their keys after changing their
+credential. If a user does not present their existing credential, the new one
+is enrolled with a fully random User SID. The user can access the device but
+keys created under the old User SID are permanently lost. This is known as an
+"untrusted enroll."</p>
+
+<p>Note that an untrusted enroll will not be allowed under normal circumstances by
+the Android framework, so most users won't ever see this functionality.
+However, forcible password resets either by a device administrator or an
+attacker may cause this to occur.</p>
+
+<h3 id=authentication>Authentication</h3>
+
+<p>Now that the user has set up a credential and received a User SID, they may
+proceed to start authentication.</p>
+
+<p>In the diagram below, authentication starts when a user provides a PIN,
+pattern, password, or fingerprint. All TEE components share a secret key which
+they use to authenticate each other's messages.</p>
+
+<img src="../images/authentication-flow.png" alt="Authentication flow" id="figure1" />
+<p class="img-caption"><strong>Figure 1.</strong> Authentication flow</p>
+
+<p>The numbers in the following steps correspond to the numbers in the diagram
+above, and include reference to both the Android OS and the TEE OS: </p>
+
+<ol>
+ <li>A user provides a PIN, pattern, password, or fingerprint. The
+<code>LockSettingsService</code> or <code>FingerprintService</code> make a request via Binder to the
+Gatekeeperd or fingerprintd daemon in the Android OS. Note that fingerprint
+authentication occurs asynchronously after the fingerprint request is sent.
+ <li>This step involves <strong>either</strong> Gatekeeperd (option 1 below)
+ <strong>or</strong> fingerprintd (option 2 below),
+ depending on whether a pin/pattern/password, or fingerprint, is provided.
+ <ul>
+ <li>The Gatekeeperd daemon sends a pin, pattern, or password hash (received in step
+1) to its counterpart (Gatekeeper) in the TEE. If authentication in the TEE is
+successful, Gatekeeper in the TEE sends an AuthToken containing the
+corresponding User SID, signed with the AuthToken HMAC key, to its
+counterpart in the Android OS.
+ <li>Alternatively, the fingerprintd daemon, which listens for fingerprint events,
+sends the data (received in step 1) to its counterpart (Fingerprint) in the
+TEE. If authentication in the TEE is successful, Fingerprint in the TEE sends
+an AuthToken, signed with the AuthToken HMAC key, to its counterpart in the Android OS.
+ </ul>
+ <li>The Gatekeeperd or fingerprintd daemon receives a signed AuthToken and passes
+the AuthToken to the keystore service via an extension to
+the keystore service's Binder interface. Additionally, Gatekeeperd notifies the keystore service when
+the device is re-locked and when the device password changes.
+ <li>The keystore service passes to Keymaster the AuthTokens received from Gatekeeperd and
+fingerprintd, verifying the AuthTokens with the key shared with the Gatekeeper
+and Fingerprint trustlets. Keymaster trusts the timestamp in the token as the
+last authentication time and bases a key release decision (to allow an app to
+use the key) on the timestamp.
+</ol>
+
+<p class="note"><strong>Note:</strong> AuthTokens are invalidated whenever a device reboots.</p>
+
+<h2 id=authentication_token_format>Authentication token format</h2>
+
+<p>The AuthToken format described in the
+<a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/hw_auth_token.h"><code>hw_auth_token.h</code></a> file is
+necessary for token sharing and compatibility across languages and
+components. See the following file:</p>
+<pre>
+hardware/libhardware/include/hardware/hw_auth_token.h
+</pre>
+
+<p>A simple serialization protocol with the required fields is defined in the
+table below. The fields are fixed size.</p>
+
+<p>Field descriptions are below the table.</p>
+<table>
+ <tr>
+ <th><strong>Field</strong></th>
+ <th><strong>Type</strong></th>
+ <th><strong>Required or Optional</strong></th>
+ </tr>
+ <tr>
+ <td>AuthToken Version</td>
+ <td>1 byte</td>
+ <td>Required</td>
+ </tr>
+ <tr>
+ <td>Challenge</td>
+ <td>64-bit unsigned integer</td>
+ <td>Optional</td>
+ </tr>
+ <tr>
+ <td>User SID</td>
+ <td>64-bit unsigned integer</td>
+ <td>Required</td>
+ </tr>
+ <tr>
+ <td>Authenticator ID</td>
+ <td>64-bit unsigned integer in network order</td>
+ <td>Optional</td>
+ </tr>
+ <tr>
+ <td>Authenticator type</td>
+ <td>32-bit unsigned integer in network order</td>
+ <td>Required</td>
+ </tr>
+ <tr>
+ <td>Timestamp</td>
+ <td>64-bit unsigned integer in network order</td>
+ <td>Required</td>
+ </tr>
+ <tr>
+ <td>AuthToken HMAC key (SHA-256)</td>
+ <td>256-bit blob</td>
+ <td>Required</td>
+ </tr>
+</table>
+
+<h3 id=field_descriptions>Field descriptions </h3>
+
+<p>This section describes the fields of the AuthToken table above.</p>
+
+<p><strong>AuthToken Version:</strong> Group tag for all fields below.</p>
+
+<p><strong>Challenge:</strong> A random integer to prevent replay attacks. Usually the ID of a requested
+crypto operation. Currently used by transactional fingerprint authorizations.
+If present, the AuthToken is valid only for crypto operations containing the
+same challenge.</p>
+
+<p><strong>User SID</strong>: Non-repeating user identifier tied cryptographically to all keys associated
+with device authentication. For more information, see the Gatekeeper page.</p>
+
+<p><strong>Authenticator ID (ASID)</strong>: Identifier used to bind to a specific authenticator policy. All
+authenticators have their own value of ASID that they can change according to
+their own requirements.</p>
+
+<p><strong>Authenticator Type</strong>: Either Gatekeeper or Fingerprint, as follows:</p>
+<table>
+ <tr>
+ <th><strong>Authenticator Type</strong></th>
+ <th><strong>Authenticator Name</strong></th>
+ </tr>
+ <tr>
+ <td>0x00</td>
+ <td>Gatekeeper</td>
+ </tr>
+ <tr>
+ <td>0x01</td>
+ <td>Fingerprint</td>
+ </tr>
+</table>
+
+<p><strong>Timestamp</strong>: Time (in milliseconds) since the most recent system boot.</p>
+
+<p><strong>AuthToken HMAC key</strong>: Keyed SHA-256 MAC of all fields except the HMAC field.</p>
+
+<h2 id=device_boot_flow>Device boot flow</h2>
+
+<p>On every boot of a device, the AuthToken HMAC key must be generated and shared
+with all TEE components (Gatekeeper, Fingerprint, and Keymaster). Thus, the HMAC key
+must be randomly generated every time the device reboots, for added protection against replay attacks.</p>
+
+<p>The protocol for sharing this HMAC key with all components is a
+platform-dependent implementation feature. The key must <strong>never</strong>
+be made available outside the TEE. Thus, if a TEE OS lacks an
+internal inter-process communication (IPC) mechanism,
+and the TEE needs to transfer the data through the untrusted OS, the transfer
+must be done via a secure key exchange protocol.</p>
+
+<p>The Trusty operating system, which runs next to Android, is an example of a
+TEE, but other TEEs can be used instead. Trusty uses an internal IPC system to
+communicate directly between Keymaster and Fingerprint or Gatekeeper. The HMAC
+key is kept solely in Keymaster. Fingerprint and Gatekeeper request the key
+from Keymaster for each use, and do not persist or cache the value.</p>
+
+<p>Note that no communication happens between applets in the TEE because some TEEs
+are lacking in IPC infrastructure. This also
+permits the keystore service to quickly deny requests that are bound to fail as it has
+knowledge of the authentication table in the system, saving a potentially
+costly IPC into the TEE.</p>
diff --git a/src/devices/tech/security/authentication/keymaster.jd b/src/devices/tech/security/authentication/keymaster.jd
new file mode 100644
index 0000000..8febf76
--- /dev/null
+++ b/src/devices/tech/security/authentication/keymaster.jd
@@ -0,0 +1,100 @@
+page.title=Keymaster
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>The availability of a trusted execution environment in a system on a chip (SoC)
+offers an opportunity for Android devices to provide hardware-backed, strong
+security services to the Android OS, to platform services, and even to
+third-party apps.</p>
+
+<p>Keymaster has been <a href="km-features.html">significantly enhanced</a>
+in Android 6.0 with the addition of symmetric cryptographic primitives,
+AES and HMAC, and the addition of an access control
+system for hardware-backed keys. Access controls are specified during key
+generation and enforced for the lifetime of the key. Keys can be restricted to
+be usable only after the user has authenticated, only at a specific usage
+velocity, and only for specified purposes or with specified cryptographic
+parameters. For more information, please see
+the <a href="km-implementer-ref.html">Implementer's Reference</a>.</p>
+
+<p>Before Keymaster 1.0, Android already had a simple, hardware-backed crypto
+services API: Keymaster versions 0.2 and 0.3, which provided only digital
+signing and verification operations, plus generation of
+asymmetric signing key pairs. This is already
+implemented on many devices, but there are many security goals that cannot
+easily be achieved with only a signature API. The intent of Keymaster 1.0 is to
+extend the Keymaster API to provide a broader range of capabilities.</p>
+
+<h2 id=goals>Goals</h2>
+
+<p>The goal of the Keymaster API is to provide a basic but adequate set of
+cryptographic primitives to allow the implementation of protocols using
+access-controlled, hardware-backed keys.</p>
+
+<p>In addition to expanding the range of cryptographic primitives, Keymaster v1.0
+adds the following:</p>
+
+<ul>
+ <li>A usage control scheme to allow key usage to be limited, to mitigate the risk
+of security compromise due to misuse of keys
+ <li>An access control scheme to enable restriction of keys to specified users,
+clients, and a defined time range
+</ul>
+
+<h2 id=architecture>Architecture</h2>
+
+<p>The Keymaster API is a Hardware Abstraction Layer module, which is a
+dynamically-loaded library. Implementations must not
+perform any sensitive operations in user space, or even in kernel space.
+Sensitive operations are delegated to a secure processor reached through some
+kernel interface. The resulting architecture looks something like the
+following:</p>
+
+<img src="../images/access-to-keymaster.png" alt="Access to Keymaster" id="figure1" />
+<p class="img-caption"><strong>Figure 1.</strong> Access to Keymaster</p>
+
+<p>Within an Android device, the "client" actually consists of multiple layers
+(e.g. app, framework, keystore daemon), but that can be ignored for the
+purposes of this document. This means that the described API is low-level, used
+by platform-internal components, and not exposed to app developers. The
+higher-level API, for API level 23, is described on
+the <a href="http://developer.android.com/reference/java/security/KeyStore.html">Android Developer site</a>.</p>
+
+<p>The purpose of the <code>libkeymaster</code> library is not to implement the
+security-sensitive algorithms but only to
+marshal and unmarshal requests to the secure world. The wire format is
+implementation-defined.</p>
+
+<h2 id=compatibility_with_previous_versions>Compatibility with previous versions</h2>
+
+<p>The Keymaster v1.0 API is completely incompatible with the previously-released
+APIs, e.g. Keymaster v0.2 and v0.3.
+To facilitate interoperability on pre-Marshmallow devices that launched
+with the older Keymaster APIs, Keystore provides an adapter that provides
+the 1.0 API implemented with calls to the existing hardware library. The result
+cannot provide the full range of functionality in the
+1.0 API. In particular, it will only support RSA and ECDSA algorithms, and all
+of the key authorization enforcement will be performed by the adapter, in the
+non-secure world.</p>
diff --git a/src/devices/tech/security/authentication/km-features.jd b/src/devices/tech/security/authentication/km-features.jd
new file mode 100644
index 0000000..2b469c9
--- /dev/null
+++ b/src/devices/tech/security/authentication/km-features.jd
@@ -0,0 +1,412 @@
+page.title=Features
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>This page contains information about the features of <a href="keymaster.html">Keymaster</a> 1.0.</p>
+
+<h2 id=cryptographic_primitives>Cryptographic primitives</h2>
+
+<p>The <code>libkeymaster</code> library and Keymaster provide the following categories of operations:</p>
+
+<ul>
+ <li>Key generation
+ <li>Import and export of asymmetric keys (no key wrapping)
+ <li>Import of raw symmetric keys (again, no wrapping)
+ <li>Asymmetric encryption and decryption with appropriate padding modes
+ <li>Asymmetric signing and verification with digesting and appropriate padding
+modes
+ <li>Symmetric encryption and decryption in appropriate modes, including an AEAD
+mode
+ <li>Generation and verification of symmetric message authentication codes
+</ul>
+
+<p>Within each category, <code>libkeymaster</code> provides a mechanism for
+discovering the available options (algorithms,
+modes, etc.). But we also specify at least one required option, to ensure that
+client software can depend on the presence of the required primitives.</p>
+
+<p>Protocol elements, such as purpose, mode and padding, as well
+as <a href="#key_access_control">access control constraints</a>,
+must be specified when keys are generated or imported and are permanently
+bound to the key, ensuring the key cannot be used in any other way.</p>
+
+<p>In addition to the list above, there is one more service that Keymaster
+implementations must provide but which is not exposed as an API: Random number
+generation. This is used internally for generation of keys, Initialization
+Vectors (IVs), random padding and other elements of secure protocols that
+require randomness.</p>
+
+<h2 id=required_primitives>Required primitives</h2>
+
+<p>All implementations must provide:</p>
+
+<ul>
+ <li><a href="http://en.wikipedia.org/wiki/RSA_(cryptosystem)">RSA</a>
+ <ul>
+ <li>2048, 3072 and 4096-bit key support are required
+ <li>Support for public exponent F4 (2^16+1)
+ <li>Required padding modes for RSA signing are:
+ <ul>
+ <li>No padding (deprecated, will be removed in the future)
+ <li>RSASSA-PSS (<code>KM_PAD_RSA_PSS</code>)
+ <li>RSASSA-PKCS1-v1_5 (<code>KM_PAD_RSA_PKCS1_1_5_SIGN</code>)
+ </ul>
+ <li>Required digest modes for RSA signing are:
+ <ul>
+ <li>No digest (deprecated, will be removed in the future)
+ <li>SHA-256
+ </ul>
+ <li>Required padding modes for RSA encryption/decryption are:
+ <ul>
+ <li>RSAES-OAEP (<code>KM_PAD_RSA_OAEP</code>)
+ <li>RSAES-PKCS1-v1_5 (<code>KM_PAD_RSA_PKCS1_1_5_ENCRYPT</code>)
+ </ul>
+ <li>Unpadded RSA encryption must not be supported
+ </ul>
+ <li><a href="http://en.wikipedia.org/wiki/Elliptic_Curve_DSA">ECDSA</a>
+ <ul>
+ <li>224, 256, 384 and 521-bit key support are required, using the NIST P-224,
+P-256, P-384 and P-521 curves, respectively
+ <li>Required digest modes for ECDSA are:
+ <ul>
+ <li>No digest (deprecated, will be removed in the future)
+ <li>SHA-256
+ </ul>
+ </ul>
+ <li><a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">AES</a>
+ <ul>
+ <li>128 and 256-bit keys are required
+ <li><a href="http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_chaining_.28CBC.29">CBC</a>,
+ CTR, ECB and and GCM. The GCM implementation must not allow the use of tags
+smaller than 96 bits or nonce lengths other than 96 bits.
+ <li>Padding modes <code>KM_PAD_NONE</code> and <code>KM_PAD_PKCS7</code> must
+ be supported for CBC and ECB modes. With no padding, CBC or ECB mode
+encryption must fail if the input isn't a multiple of the block size.
+ </ul>
+ <li><a href="http://en.wikipedia.org/wiki/Hash-based_message_authentication_code">HMAC</a>
+ <a href="http://en.wikipedia.org/wiki/SHA-2">SHA-256</a>, with any key size up to at least 32 bytes.
+</ul>
+</ul>
+
+<p>SHA1 and the other members of the SHA2 family (SHA-224, SHA384 and SHA512) are
+strongly recommended, but not required. Keystore will provide them in software
+if the hardware Keymaster implementation doesn't provide them.</p>
+
+<p>Some primitives are also recommended for interoperability with other systems:</p>
+
+<ul>
+ <li>Smaller key sizes for RSA
+ <li>Arbitrary public exponents for RSA
+</ul>
+
+<h2 id=key_access_control>Key access control</h2>
+
+<p>Hardware-based keys that can never be extracted from the device don't provide
+much security if an attacker can use them at will (though they're more secure
+than keys which <em>can</em> be exfiltrated). Thus, it's crucial that Keymaster enforce access controls.</p>
+
+<p>Access controls are defined as an "authorization list" of tag/value pairs.
+Authorization tags are 32-bit integers and the values are a variety of types.
+Some tags may be repeated to specify multiple values. Whether a tag may be
+repeated is specified in the documentation for the tag. When a key is created,
+the caller specifies an authorization list. The Keymaster implementation will
+modify the list to specify some additional information, such as whether the key
+has rollback protection, and return a "final" authorization list, encoded into
+the returned key blob. Any attempt to use the key for any cryptographic
+operation must fail if the final authorization list is modified.</p>
+
+<p>The set of possible tags is defined in the enumeration <code>keymaster_authorization_tag_t</code> and
+the set must be permanently fixed (though it can be extended).
+Names are prefixed with <code>KM_TAG_</code>. The top
+four bits of tag IDs are used to indicate the type.</p>
+
+<p>Possible types include:</p>
+
+<p><strong><code>KM_ENUM</code>:</strong> Many tags' values are defined in enumerations. For example, the possible
+values of <code>KM_TAG_PURPOSE</code> are defined in enum <code>keymaster_purpose_t</code>.</p>
+
+<p><strong><code>KM_ENUM_REP</code></strong>: Same as <code>KM_ENUM</code>, except that the tag may
+be repeated in an authorization list. Repetition
+indicates multiple authorized values. For example, an encryption key will
+likely have <code>KM_PURPOSE_ENCRYPT</code> and <code>KM_PURPOSE_DECRYPT</code>.</p>
+
+<p><strong><code>KM_UINT</code>:</strong> 32-bit unsigned integers. Example: <code>KM_TAG_KEY_SIZE</code></p>
+
+<p><strong><code>KM_UINT_REP</code></strong>: Same as <code>KM_UINT</code>, except that the tag may be
+repeated in an authorization list. Repetition indicates multiple authorized values.</p>
+
+<p><strong><code>KM_ULONG</code></strong>: 64-bit unsigned integers. Example: <code>KM_TAG_RSA_PUBLIC_EXPONENT</code></p>
+
+<p><strong><code>KM_ULONG_REP</code></strong>: Same as <code>KM_ULONG</code>, except that the tag may be
+repeated in an authorization list. Repetition
+indicates multiple authorized values.</p>
+
+<p><strong><code>KM_DATE</code></strong>: Date/time values, expressed as milliseconds since January 1, 1970.
+Example: <code>KM_TAG_PRIVKEY_EXPIRE_DATETIME</code></p>
+
+<p><strong><code>KM_BOOL</code></strong>: True or false. A tag of type <code>KM_BOOL</code> is assumed
+to be "false" if the tag is not present and "true" if present. Example: <code>KM_TAG_ROLLBACK_RESISTANT</code></p>
+
+<p><strong><code>KM_BIGNUM</code></strong>: Arbitrary-length integers, expressed as a byte array
+in big-endian order. Example: <code>KM_TAG_RSA_PUBLIC_EXPONENT</code></p>
+
+<p><strong><code>KM_BYTES</code></strong>: A sequence of bytes. Example: <code>KM_TAG_ROOT_OF_TRUST</code></p>
+
+<h3 id=hardware_vs_software_enforcement>Hardware vs. software enforcement</h3>
+
+<p>Not all Keymaster implementations will implement the same features. To support
+a variety of approaches, Keymaster 1.0 distinguishes between secure and
+non-secure world access control enforcement, which we call hardware and
+software enforcement, respectively.</p>
+
+<p>Implementations are required to:</p>
+
+<ul>
+ <li>Enforce exact matching (not enforcement) of all authorizations. Authorization
+lists in key blobs must exactly match the authorizations returned during key
+generation, including ordering. Any mismatch must cause an error diagnostic.
+ <li>Declare the authorizations whose semantic values are enforced.
+</ul>
+
+<p>The API mechanism for declaring hardware-enforced authorizations is in
+the <code>keymaster_key_characteristics_t</code> structure. It divides the authorization
+list into two sub-lists, <code>hw_enforced</code> and <code>sw_enforced</code>. The
+Keymaster implementation is responsible for placing the appropriate
+values in each, based on what it can enforce.</p>
+
+<p>In addition, the keystore daemon will implement software-based enforcement of <em>all</em> authorizations,
+whether they're enforced in hardware or not.</p>
+
+<p>For example, consider a TrustZone-based implementation that does not support
+key expiration. A key with an expiration date may still be created. That key's
+authorization list will include the tag <code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code> with
+the expiration date. A request to Keymaster for the key characteristics
+will find this tag in the <code>sw_enforced</code> list and the Keymaster implementation will
+not enforce the expiration
+requirement. However, attempts to use the key after expiration will be rejected
+by the keystore daemon.</p>
+
+<p>If the device is then upgraded with a Keymaster implementation that does
+support expiration, then a request for key characteristics will
+find <code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code> in
+the <code>hw_enforced</code> list, and attempts to use the key after expiration will fail even if the
+keystore is somehow subverted or bypassed.</p>
+
+<h3 id=cryptographic_message_construction_authorizations>Cryptographic message construction authorizations</h3>
+
+<p>The following tags are used to define the cryptographic characteristics of
+operations using the associated key: <code>KM_TAG_ALGORITHM</code>, <code>KM_TAG_KEY_SIZE</code>,
+<code>KM_TAG_BLOCK_MODE</code>, <code>KM_TAG_PADDING</code>, <code>KM_TAG_CALLER_NONCE</code>, and <code>KM_TAG_DIGEST</code></p>
+
+<p><code>KM_TAG_PADDING</code>, <code>KM_TAG_DIGEST</code>, and <code>KM_PAD_BLOCK_MODE</code>
+are repeatable, meaning that multiple values may be associated with a single
+key, and the value to be used will be specified at operation time.</p>
+
+<h3 id=purpose>Purpose</h3>
+
+<p>Keys have an associated set of purposes, expressed as one or more authorization
+entries with tag <code>KM_TAG_PURPOSE</code>, which defines how they can be used. The purposes are:</p>
+
+<ul>
+ <li><code>KM_PURPOSE_ENCRYPT</code>
+ <li><code>KM_PURPOSE_DECRYPT</code>
+ <li><code>KM_PURPOSE_SIGN</code>
+ <li><code>KM_PURPOSE_VERIFY</code>
+</ul>
+
+<p>Any key can have any subset of these purposes. Note that some combinations
+create security problems. For example, an RSA key that can be used to both
+encrypt and to sign allows an attacker who can convince the system to decrypt
+arbitrary data to generate signatures.</p>
+
+<p>Other purposes for keys that may be added in the future include:</p>
+
+<ul>
+ <li>"Derive Key" purpose, for key derivation keys
+ <li>"Attest" purpose, for keys that can generate attestations of the Keymaster
+implementation and/or its environment
+ <li>"Wrap Key" purpose, for keys used to wrap keys for secure import or export
+</ul>
+
+<h3 id=import_and_export>Import and export</h3>
+
+<p>Keymaster supports export of public keys only, in X.509 format, and import of:</p>
+
+<ul>
+ <li>Public and private key pairs in DER-encoded PKCS#8 format, without
+password-based encryption, and
+ <li>Symmetric keys as raw bytes
+</ul>
+
+<p>Future versions will likely expand the import/export options.</p>
+
+<p>To ensure that imported keys can be distinguished from securely-generated
+keys, <code>KM_TAG_ORIGIN</code> is included in the appropriate key
+authorization list. For example, if a key
+was generated in secure hardware, <code>KM_TAG_ORIGIN</code> with
+value <code>KM_ORIGIN_GENERATED</code> will be found in
+the <code>hw_enforced</code> list of the key characteristics, while a key
+that was imported into secure
+hardware will have the value <code>KM_ORIGIN_IMPORTED</code>.</p>
+
+<h3 id=user_authentication>User authentication</h3>
+
+<p>Keymaster does not implement user authentication, but depends on other trusted
+apps which do. For the interface that must be implemented by these apps, see
+the Gatekeeper page.</p>
+
+<p>User authentication requirements are specified via two sets of tags. The first
+set indicate which user can use the key:</p>
+
+<ul>
+ <li><code>KM_TAG_ALL_USERS</code> indicates the key is usable by all users. If
+ present, <code>KM_TAG_USER_ID</code> and <code>KM_TAG_SECURE_USER_ID</code> must not be present.
+ <li><code>KM_TAG_USER_ID</code> has a numeric value specifying the ID of the authorized user.
+ Note that this
+is the Android user ID (for multi-user), not the application UID, and it is
+enforced by non-secure software only. If present, <code>KM_TAG_ALL_USERS</code> must not be present.
+ <li><code>KM_TAG_SECURE_USER_ID</code> has a 64-bit numeric value specifying the secure user ID
+ that must be provided
+in a secure authentication token to unlock use of the key. If repeated, the key
+may be used if any of the values is provided in a secure authentication token.
+</ul>
+
+<p>The second set indicate whether and when the user must be authenticated. If
+neither of these tags is present, but <code>KM_TAG_SECURE_USER_ID</code> is, authentication is
+required for every use of the key.</p>
+
+<ul>
+ <li><code>KM_NO_AUTHENTICATION_REQUIRED</code> indicates no user authentication is required, though
+ the key still may only be
+used by apps running as the user(s) specified by <code>KM_TAG_USER_ID</code>.
+ <li><code>KM_TAG_AUTH_TIMEOUT</code> is a numeric value specifying, in seconds, how fresh the user
+ authentication
+must be to authorize key usage. This applies only to private/secret key
+operations. Public key operations don't require authentication. Timeouts do not
+cross reboots; after a reboot, all keys are "never authenticated." The timeout
+may be set to a large value to indicate that authentication is required once
+per boot (2^32 seconds is ~136 years; presumably Android devices are rebooted
+more often than that).
+</ul>
+
+<h3 id=client_binding>Client binding</h3>
+
+<p>Client binding, the association of a key with a particular client application,
+is done via an optional client ID and some optional client data (<code>KM_TAG_APPLICATION_ID</code>
+and <code>KM_TAG_APPLICATION_DATA</code>, respectively). Keymaster treats these values as opaque blobs,
+only ensuring
+that the same blobs presented during key generation/import are presented for
+every use and are byte-for-byte identical. The client binding data is not
+returned by Keymaster. The caller must know it in order to use the key.</p>
+
+<h3 id=expiration>Expiration</h3>
+
+<p>Keymaster supports restricting key usage by date. Key start of validity and key
+expirations can be associated with a key and Keymaster will refuse to perform
+key operations if the current date/time is outside of the valid range. The key
+validity range is specified with the tags <code>KM_TAG_ACTIVE_DATETIME</code>,
+<code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code>, and <code>KM_TAG_USAGE_EXPIRE_DATETIME</code>.
+The distinction between "origination" and "usage" is based on whether the key
+is being used to "originate" a new ciphertext/signature/etc., or to "use" an
+existing ciphertext/signature/etc.</p>
+
+<p>The <code>KM_TAG_ACTIVE_DATETIME</code>, <code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code>,
+and <code>KM_TAG_USAGE_EXPIRE_DATETIME</code> tags are optional. If the tags are absent, it is
+assumed that the key in
+question can always be used to decrypt/verify messages.</p>
+
+<p>Because wall-clock time is provided by the non-secure world, it's unlikely that
+the expiration-related tags will be in the hardware-enforced list. Hardware
+enforcement of expiry would require that the secure world somehow obtain
+trusted time and data, for example via a challenge response protocol with a
+trusted remote timeserver.</p>
+
+<h3 id=root_of_trust_binding>Root of trust binding</h3>
+
+<p>Keymaster allows keys to be bound to a root of trust, which is a bitstring
+provided to Keymaster during startup, preferably by the bootloader. If
+provided, this bitstring must be cryptographically bound to every key managed
+by Keymaster.</p>
+
+<p>The intent is for the bootloader to pass in the public key, used to verify the
+signature on the boot image, along with the verified boot state (locked or
+unlocked). If the public key is changed to allow a different system image to be
+used or if the verified boot state is changed, then none of the
+Keymaster-protected keys created by the previous system will be usable, unless
+the previous root of trust is restored and a system that is signed by that key
+is booted. The goal is to increase the value of the software-enforced key
+access controls by making it imposSTEM</code>sible for an attacker-installed operating
+system to use Keymaster keys.</p>
+
+<h3 id=standalone_keys>Standalone keys</h3>
+
+<p>Some Keymaster implementations may choose to store key material internally and
+return handles rather than encrypted key material. Or there may be other cases
+in which keys cannot be used until some other non-secure or secure world system
+component is available. The Keymaster 1.0 API allows the caller to request that
+a key be "standalone," via the <code>KM_TAG_STANDALONE</code> tag,
+meaning that no resources other than the blob and the running Keymaster
+system are required. The tags associated with a key may be inspected to see
+whether a key is standalone. At present, only two values are defined:</p>
+
+<ul>
+ <li><code>KM_BLOB_STANDALONE</code>
+ <li><code>KM_BLOB_REQUIRES_FILE_SYSTEM</code>
+</ul>
+
+<h3 id=velocity>Velocity</h3>
+
+<p>When it's created, the maximum usage velocity can be specified
+with <code>KM_TAG_MIN_SECONDS_BETWEEN_OPS</code>.
+TrustZone implementations will refuse to perform cryptographic operations
+with that key if an operation was performed less
+than <code>KM_TAG_MIN_SECONDS_BETWEEN_OPS</code> seconds earlier.</p>
+
+<p>The simple approach to implementing velocity limits is a table of key IDs and
+last-use timestamps. This table will likely be of limited size, but must
+accommodate at least 16 entries. In the event that the table is full and no
+entries may be updated or discarded, Keymaster implementations must "fail
+safe," preferring to refuse all velocity-limited key operations until one of
+the entries expires. It is acceptable for all entries to expire upon reboot.</p>
+
+<p>Keys can also be limited to <em>n</em> uses per boot with <code>KM_TAG_USES_PER_BOOT</code>.
+This also requires a tracking table, which must accommodate at least four
+keys, and must also fail safe. Note that applications will be unable to create
+per-boot limited keys. This feature will not be exposed through keystore and
+will be reserved for system operations.</p>
+
+<h3 id=random_number_generator_re-seeding>Random number generator re-seeding</h3>
+
+<p>Because Keymaster must generate random numbers for key material and
+Initialization Vectors (IVs), and because hardware random number generators may
+not always be fully trustworthy, Keymaster provides an interface to allow the
+client to provide additional entropy which will be mixed into the random
+numbers generated.</p>
+
+<p>A hardware random-number generator should be used as the primary seed source,
+if available, and the seed data provided through the external API must not be
+the sole source of randomness used for number generation. Further, the mixing
+operation used must ensure that the random output is unpredictable if any one
+of the seed sources is unpredictable.</p>
diff --git a/src/devices/tech/security/authentication/km-implementer-ref.jd b/src/devices/tech/security/authentication/km-implementer-ref.jd
new file mode 100644
index 0000000..9c8c619
--- /dev/null
+++ b/src/devices/tech/security/authentication/km-implementer-ref.jd
@@ -0,0 +1,1229 @@
+page.title=Implementer's Reference
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<p>This page provides details to assist implementers of <a href="keymaster.html">Keymaster</a> HALs. It
+covers each tag and each function in the API.</p>
+
+<h2 id=authorization_tags>Authorization tags</h2>
+
+<p>Except as noted in the tag descriptions, all of the tags below are used during
+key generation to specify key characteristics.</p>
+
+<h3 id=km_tag_purpose>KM_TAG_PURPOSE</h3>
+
+<p>Specifies the set of purposes for which the key may be used.</p>
+
+<p>Possible values are defined by the following enumeration:</p>
+
+<pre>
+typedef enum {
+ KM_PURPOSE_ENCRYPT = 0,
+ KM_PURPOSE_DECRYPT = 1,
+ KM_PURPOSE_SIGN = 2,
+ KM_PURPOSE_VERIFY = 3,
+} keymaster_purpose_t;
+</pre>
+
+<p>This tag is repeatable; keys may be generated with multiple values, although an
+operation has a single purpose. When the <a href="#begin">begin</a> function is called to
+start an operation, the purpose of the operation is
+specified. If the purpose specified to the operation is not authorized by the
+key, the operation must fail with <code>KM_ERROR_INCOMPATIBLE_PURPOSE</code>.</p>
+
+<h3 id=km_tag_algorithm>KM_TAG_ALGORITHM</h3>
+
+<p>Specifies the cryptographic algorithm with which the key is used.</p>
+
+<p>Possible values are defined by the following enumeration:</p>
+
+<pre>
+typedef enum {
+ KM_ALGORITHM_RSA = 1,
+ KM_ALGORITHM_EC = 3,
+ KM_ALGORITHM_AES = 32,
+ KM_ALGORITHM_HMAC = 128,
+} keymaster_algorithm_t;
+</pre>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_key_size>KM_TAG_KEY_SIZE</h3>
+
+<p>Specifies the size, in bits, of the key, measuring in the normal way for the
+key's algorithm. For example, for RSA keys, <code>KM_TAG_KEY_SIZE</code> specifies
+the size of the public modulus. For AES keys it specifies the length
+of the secret key material.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_block_mode>KM_TAG_BLOCK_MODE</h3>
+
+<p>Specifies the block cipher mode(s) with which the key may be used. This tag is
+only relevant to AES keys.</p>
+
+<p>Possible values are defined by the following enumeration:</p>
+
+<pre>
+typedef enum {
+ KM_MODE_ECB = 1,
+ KM_MODE_CBC = 2,
+ KM_MODE_CTR = 3,
+ KM_MODE_GCM = 32,
+} keymaster_block_mode_t;
+</pre>
+
+<p>This tag is repeatable, and for AES key operations a mode must be specified in
+the <code>additional_params</code> argument of <a href="#begin">begin</a>. If the specified
+mode is not in the modes associated with the key, the
+operation must fail with <code>KM_ERROR_INCOMPATIBLE_BLOCK_MODE</code>.</p>
+
+<h3 id=km_tag_digest>KM_TAG_DIGEST</h3>
+
+<p>Specifies the digest algorithms which may be used with the key to perform
+signing and verification operations. This tag is relevant to RSA, ECDSA and
+HMAC keys.</p>
+
+<p>Possible values are defined by the following enumeration:</p>
+
+<pre>
+typedef enum {
+ KM_DIGEST_NONE = 0,
+ KM_DIGEST_MD5 = 1,
+ KM_DIGEST_SHA1 = 2,
+ KM_DIGEST_SHA_2_224 = 3,
+ KM_DIGEST_SHA_2_256 = 4,
+ KM_DIGEST_SHA_2_384 = 5,
+ KM_DIGEST_SHA_2_512 = 6,
+}
+keymaster_digest_t;
+</pre>
+
+<p>This tag is repeatable. For signing and verification operations a digest must
+be specified in the <code>additional_params</code> argument of <a href="#begin">begin</a>.
+If the specified digest is not in the digests associated with the key, the
+operation must fail with <code>KM_ERROR_INCOMPATIBLE_DIGEST</code>.</p>
+
+<h3 id=km_tag_padding>KM_TAG_PADDING</h3>
+
+<p>Specifies the padding modes which may be used with the key. This tag is
+relevant to RSA and AES keys.</p>
+
+<p>Possible values are defined by the following enumeration:</p>
+
+<pre>
+typedef enum {
+ KM_PAD_NONE = 1,
+ KM_PAD_RSA_OAEP = 2,
+ KM_PAD_RSA_PSS = 3,
+ KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4,
+ KM_PAD_RSA_PKCS1_1_5_SIGN = 5,
+ KM_PAD_PKCS7 = 64,
+} keymaster_padding_t;
+</pre>
+
+<p><code>KM_PAD_RSA_OAEP</code> and <code>KM_PAD_RSA_PKCS1_1_5_ENCRYPT</code> are used
+only for RSA encryption/decryption keys and specify RSA PKCS#1v2 OAEP
+padding and RSA PKCS#1 v1.5 randomized padding, respectively. <code>KM_PAD_RSA_PSS</code> and
+<code>KM_PAD_RSA_PKCS1_1_5_SIGN</code> are used only for RSA signing/verification keys and
+specify RSA PKCS#1v2 PSS
+padding and RSA PKCS#1 v1.5 deterministic padding, respectively. Note also that
+the RSA PSS padding mode is incompatible with <a href="#km_tag_digest">KM_DIGEST_NONE</a>.</p>
+
+<p><code>KM_PAD_NONE</code> may be used with either RSA or AES keys. For AES keys,
+if <code>KM_PAD_NONE</code> is used with block mode ECB or CBC and the data to be encrypted
+or decrypted
+is not a multiple of the AES block size in length, the call to finish must fail
+with <code>KM_ERROR_INVALID_INPUT_LENGTH</code>.</p>
+
+<p><code>KM_PAD_PKCS7</code> may only be used with AES keys, and only with ECB and CBC modes.</p>
+
+<p>This tag is repeatable. A padding mode must be specified in the call to
+<a href="#begin">begin</a>. If the specified mode is not authorized for the key,
+the operation must fail
+with <code>KM_ERROR_INCOMPATIBLE_BLOCK_MODE</code>.</p>
+
+<h3 id=km_tag_caller_nonce>KM_TAG_CALLER_NONCE</h3>
+
+<p>Specifies that the caller is allowed to provide a nonce for nonce-requiring
+operations.</p>
+
+<p>This tag is boolean, so the possible values are true (if the tag is present)
+and false (if the tag is not present).</p>
+
+<p>This tag is used only for AES keys, and is only relevant for CBC, CTR and GCM
+block modes. If the tag is not present, implementations should reject any
+operation which provides <a href="#km_tag_nonce">KM_TAG_NONCE</a> to <a href="#begin">begin</a>
+with <code>KM_ERROR_CALLER_NONCE_PROHIBITED</code>.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_min_mac_length>KM_TAG_MIN_MAC_LENGTH</h3>
+
+<p>Required for HMAC keys and AES keys that support GCM mode, this tag specifies
+the minimum length of MAC that can be requested or verified with this key.</p>
+
+<p>This value is the minimum MAC length, in bits. It must be a multiple of 8. For
+HMAC keys, the value must be at least 64. For GCM keys it must be at least 96
+and must not exceed 128.</p>
+
+<h3 id=km_tag_rsa_public_exponent>KM_TAG_RSA_PUBLIC_EXPONENT</h3>
+
+<p>Specifies the value of the public exponent for an RSA key pair. This tag is
+relevant only to RSA keys, and required for all RSA keys.</p>
+
+<p>The value is a 64-bit unsigned integer that must satisfy the requirements of an
+RSA public exponent. Because it is specified by the caller and therefore cannot
+be chosen by the implementation, it must be a prime number. Trustlets are
+required to support the value 2^16+1. It is recommended that other reasonable
+values be supported, in particular the value 3. If no exponent is specified or
+if the specified exponent is not supported, key generation must fail
+with <code>KM_ERROR_INVALID_ARGUMENT</code>.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_blob_usage_requirements>KM_TAG_BLOB_USAGE_REQUIREMENTS</h3>
+
+<p>Specifies the system environment conditions which must hold for the generated
+key to be used.</p>
+
+<p>Possible values are defined by the following enumeration:</p>
+
+<pre>
+typedef enum {
+ KM_BLOB_STANDALONE = 0,
+ KM_BLOB_REQUIRES_FILE_SYSTEM = 1,
+} keymaster_key_blob_usage_requirements_t;
+</pre>
+
+<p>This tag may be specified during key generation to require that the key be
+usable in the specified condition, and must be returned with the key
+characteristics (from <a href="#generate_key">generate_key</a> and
+<a href="#get_key_characteristics">get_key_characteristics</a>). If
+the caller specifies <code>KM_TAG_BLOB_USAGE_REQUIREMENTS</code> with
+value <code>KM_BLOB_STANDALONE</code> the trustlet must return a key blob
+which can be used without file system
+support. This is critical for devices with encrypted disks, where the file
+system may not be available until after a Keymaster key is used to decrypt the
+disk.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_bootloader_only>KM_TAG_BOOTLOADER_ONLY</h3>
+
+<p>Specifies that the key may only be used by the bootloader.</p>
+
+<p>This tag is boolean, so the possible values are true (if the tag is present)
+and false (if the tag is not present).</p>
+
+<p>Any attempt to use a key with <code>KM_TAG_BOOTLOADER_ONLY</code> from the
+Android system must fail with <code>KM_ERROR_INVALID_KEY_BLOB</code>.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_active_datetime>KM_TAG_ACTIVE_DATETIME</h3>
+
+<p>Specifies the date and time at which the key becomes active. Prior to this
+time, any attempt to use the key must fail with <code>KM_ERROR_KEY_NOT_YET_VALID</code>.</p>
+
+<p>The value is a 64-bit integer representing milliseconds since January 1, 1970.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_origination_expire_datetime>KM_TAG_ORIGINATION_EXPIRE_DATETIME</h3>
+
+<p>Specifies the date and time at which the key expires for signing and encryption
+purposes. After this time, any attempt to use a key
+with <a href="#km_tag_purpose">KM_PURPOSE_SIGN</a> or
+<a href="#km_tag_purpose">KM_PURPOSE_ENCRYPT</a> provided
+to <a href="#begin">begin</a> must fail with <code>KM_ERROR_KEY_EXPIRED</code>.</p>
+
+<p>The value is a 64-bit integer representing milliseconds since January 1, 1970.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_usage_expire_datetime>KM_TAG_USAGE_EXPIRE_DATETIME</h3>
+
+<p>Specifies the date and time at which the key expires for verification and
+decryption purposes. After this time, any attempt to use a key with
+<a href="#km_tag_purpose">KM_PURPOSE_VERIFY</a> or <a href="#km_tag_purpose">KM_PURPOSE DECRYPT</a>
+provided to <a href="#begin">begin</a> must fail with <code>KM_ERROR_KEY_EXPIRED</code>.</p>
+
+<p>The value is a 64-bit integer representing milliseconds since January 1, 1970.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_min_seconds_between_ops>KM_TAG_MIN_SECONDS_BETWEEN_OPS</h3>
+
+<p>Specifies the minimum amount of time that must elapse between allowed
+operations using a key. This can be used to rate-limit uses of keys in contexts
+where unlimited use may enable brute force attacks.</p>
+
+<p>The value is a 32-bit integer representing seconds between allowed operations.</p>
+
+<p>When a key with this tag is used in an operation, a timer should be started
+during the <a href="#finish">finish</a> or <a href="#abort">abort</a> call. Any
+call to <a href="#begin">begin</a> that is received before the timer indicates
+that the interval specified by <code>KM_TAG_MIN_SECONDS_BETWEEN_OPS</code> has
+elapsed must fail with <code>KM_ERROR_KEY_RATE_LIMIT_EXCEEDED</code>. This
+requirement implies that a trustlet must keep a table of timers for keys
+with this tag. Because Keymaster memory is often limited, it is acceptable for
+this table to have a fixed maximum size and for Keymaster to fail operations
+which attempt to use keys with this tag when the table is full. At least 32
+in-use keys must be accommodated, and table slots must be aggressively reused
+when key minimum-usage intervals expire. If an operation fails because the
+table is full, Keymaster should return <code>KM_ERROR_TOO_MANY_OPERATIONS</code>.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_max_uses_per_boot>KM_TAG_MAX_USES_PER_BOOT</h3>
+
+<p>Specifies the maximum number of times that a key may be used between system
+reboots. This is another mechanism to rate-limit key use.</p>
+
+<p>The value is a 32-bit integer representing uses per boot.</p>
+
+<p>When a key with this tag is used in an operation, a key-associated counter
+should be incremented during the <a href="#begin">begin</a> call. After the key counter
+has exceeded this value, all subsequent attempts
+to use the key must fail with <code>KM_ERROR_MAX_OPS_EXCEEDED</code>, until the device is
+restarted. This requirement implies that a trustlet must
+keep a table of use counters for keys with this tag. Because Keymaster memory
+is often limited, it is acceptable for this table to have a fixed maximum size
+and for Keymaster to fail operations that attempt to use keys with this tag
+when the table is full. At least 16 keys must be accommodated. If an operation
+fails because the table is full, Keymaster should return <code>KM_ERROR_TOO_MANY_OPERATIONS</code>.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_user_secure_id>KM_TAG_USER_SECURE_ID</h3>
+
+<p>Specifies that a key may only be used under a particular secure user
+authentication state. This tag is mutually exclusive
+with <a href="#km_tag_no_auth_required">KM_TAG_NO_AUTH_REQUIRED</a>.</p>
+
+<p>The value is a 64-bit integer specifying the authentication policy state value
+which must be present in an authentication token (provided to <a href="#begin">begin</a> with
+the <a href="#km_tag_auth_token">KM_TAG_AUTH_TOKEN</a>) to authorize use of the key. Any
+call to <a href="#begin">begin</a> with a key with this tag that does not provide an
+authentication token, or provides an
+authentication token without a matching policy state value, must fail.</p>
+
+<p>This tag is repeatable. If any of the provided values matches any policy state
+value in the authentication token, the key is authorized for use. Otherwise the operation
+must fail with <code>KM_ERROR_KEY_USER_NOT_AUTHENTICATED</code>.</p>
+
+<h3 id=km_tag_no_auth_required>KM_TAG_NO_AUTH_REQUIRED</h3>
+
+<p>Specifies that no authentication is required to use this key. This tag is
+mutually exclusive with <a href="#km_tag_user_secure_id">KM_TAG_USER_SECURE_ID</a>.</p>
+
+<p>This tag is boolean, so the possible values are true (if the tag is present)
+and false (if the tag is not present).</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_user_auth_type>KM_TAG_USER_AUTH_TYPE</h3>
+
+<p>Specifies the types of user authenticators that may be used to authorize this
+key.</p>
+
+<p>The value is a 32-bit integer bitmask of values from the enumeration:</p>
+
+<pre>
+typedef enum {
+ HW_AUTH_NONE = 0,
+ HW_AUTH_PASSWORD = 1 << 0,
+ HW_AUTH_FINGERPRINT = 1 << 1,
+ // Additional entries should be powers of 2.
+ HW_AUTH_ANY = UINT32_MAX,
+} hw_authenticator_type_t;
+</pre>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_auth_timeout>KM_TAG_AUTH_TIMEOUT</h3>
+
+<p>Specifies the time in seconds for which the key is authorized for use, after
+authentication. If <a href="#km_tag_user_secure_id">KM_TAG_USER_SECURE_ID</a> is present and this tag
+is not, then the key requires authentication for every
+usage (see <a href="#begin">begin</a> for the details of the authentication-per-operation flow).</p>
+
+<p>The value is a 32-bit integer specifying the time in seconds after a successful
+authentication of the user specified by <a href="#km_tag_user_secure_id">KM_TAG_USER_SECURE_ID</a> with
+the authentication method specified
+by <a href="#km_tag_mac_length">KM_TAG_USER_AUTH_TYPE</a> that the key can be used.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_all_applications>KM_TAG_ALL_APPLICATIONS</h3>
+
+<p>Reserved for future use.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_application_id>KM_TAG_APPLICATION_ID</h3>
+
+<p>When provided to <a href="#generate_key">generate_key</a> or <a href="#import_key">import_key</a>,
+this tag specifies data that must be provided during all uses of the key. In
+particular, calls to <a href="#export_key">export_key</a> and
+<a href="#get_key_characteristics">get_key_characteristics</a> must
+provide the same value in the <code>client_id</code> parameter, and
+calls to <a href="#begin">begin</a> must provide this tag and the
+same associated data as part of the <code>in_params</code> set. If the correct
+data is not provided the function must return <code>KM_ERROR_INVALID_KEY_BLOB</code>.</p>
+
+<p>The value is a blob, an arbitrary-length array of bytes.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_application_data>KM_TAG_APPLICATION_DATA</h3>
+
+<p>When provided to <a href="#generate_key">generate_key</a> or <a href="#import_key">import_key</a>,
+this tag specifies data that must be provided during all uses of the key. In
+particular, calls to <a href="#export_key">export_key</a> and
+<a href="#get_key_characteristics">get_key_characteristics</a> must
+provide the same value to the <code>client_id</code> parameter, and calls
+to <a href="#begin">begin</a> must provide this tag and the same associated
+data as part of the <code>in_params</code> set. If the correct data is not
+provided, the function must return <code>KM_ERROR_INVALID_KEY_BLOB</code>.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_creation_datetime>KM_TAG_CREATION_DATETIME</h3>
+
+<p>Specifies the date and time the key was created, in milliseconds since January
+1, 1970. This tag is optional and informational only.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_origin>KM_TAG_ORIGIN</h3>
+
+<p>Specifies where the key was created, if known. This tag may not be specified
+during key generation or import, and must be added to the key characteristics
+by the trustlet.</p>
+
+<p>The possible values are defined in <code>keymaster_origin_t</code>:</p>
+
+<pre>
+typedef enum {
+ KM_ORIGIN_GENERATED = 0,
+ KM_ORIGIN_IMPORTED = 2,
+ KM_ORIGIN_UNKNOWN = 3,
+} keymaster_key_origin_t
+</pre>
+
+<p>The full meaning of the value depends not only on the value but on whether it's
+found in the hardware-enforced or software-enforced characteristics list.</p>
+
+<p><code>KM_ORIGIN_GENERATED</code> indicates that Keymaster generated the key.
+If in the hardware-enforced list,
+the key was generated in secure hardware and is permanently hardware-bound. If
+in the software-enforced list, the key was generated in SoftKeymaster and is
+not hardware-bound.</p>
+
+<p><code>KM_ORIGIN_IMPORTED</code> indicates that the key was generated outside
+of Keymaster and imported into
+Keymaster. If in the hardware-enforced list, it is permanently hardware-bound,
+although copies outside of secure hardware may exist. If in the
+software-enforces list, the key was imported into SoftKeymaster and is not
+hardware-bound.</p>
+
+<p><code>KM_ORIGIN_UNKNOWN</code> should only appear in the hardware-enforced list.
+It indicates that the key is
+hardware-bound, but it is not known whether the key was originally generated in
+secure hardware or was imported. This only occurs when keymaster0 hardware is
+being used to emulate keymaster1 services.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_rollback_resistant>KM_TAG_ROLLBACK_RESISTANT</h3>
+
+<p>Indicates that the key is rollback-resistant, meaning that when deleted
+by <a href="#delete_key">delete_key</a> or <a href="#delete_all_keys">delete_all_keys</a>,
+the key is guaranteed to be permanently deleted and unusable. It's possible
+that keys without this tag could be deleted and then restored from backup.</p>
+
+<p>This tag is boolean, so the possible values are true (if the tag is present)
+and false (if the tag is not present).</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_root_of_trust>KM_TAG_ROOT_OF_TRUST</h3>
+
+<p>Specifies the "root of trust," the key used by verified boot to validate the
+operating system booted (if any). This tag is never provided to or returned
+from Keymaster in the key characteristics.</p>
+
+<h3 id=km_tag_associated_data>KM_TAG_ASSOCIATED_DATA</h3>
+
+<p>Provides "associated data" for AES-GCM encryption or decryption. This tag is
+provided to <a href="#update">update</a> and specifies data that is not
+encrypted/decrypted but is used in computing
+the GCM tag.</p>
+
+<p>The value is a blob, an arbitrary-length array of bytes.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_nonce>KM_TAG_NONCE</h3>
+
+<p>Provides or returns a nonce or Initialization Vector (IV) for AES GCM, CBC or
+CTR encryption or decryption. This tag is provided to <a href="#begin">begin</a>
+during encryption and decryption operations. It may only be provided to <a href="#begin">begin</a>
+if the key has <a href="#km_tag_caller_nonce">KM_TAG_CALLER_NONCE</a>. If not provided,
+an appropriate nonce or IV will be randomly generated by
+Keymaster and returned from begin.</p>
+
+<p>The value is a blob, an arbitrary-length array of bytes. Allowed lengths depend
+on the mode: GCM nonces are 12 bytes in length; CBC and CTR IVs are 16 bytes in
+length.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_auth_token>KM_TAG_AUTH_TOKEN</h3>
+
+<p>Provides an authentication token (see the Authentication page) to
+<a href="#begin">begin</a>, <a href="#update">update</a> or <a href="#finish">finish</a>,
+to prove user authentication for a key operation that requires
+it (key has <a href="#km_tag_user_secure_id">KM_TAG_USER_SECURE_ID</a>).</p>
+
+<p>The value is a blob which contains a <code>hw_auth_token_t</code> structure.</p>
+
+<p>This tag is not repeatable.</p>
+
+<h3 id=km_tag_mac_length>KM_TAG_MAC_LENGTH</h3>
+
+<p>Provides the requested length of a MAC or GCM authentication tag, in bits.</p>
+
+<p>The value is the MAC length in bits. It must be a multiple of 8 and must be at
+least as large as the value of <a href="#km_tag_min_mac_length">KM_TAG_MIN_MAC_LENGTH</a>
+associated with the key.</p>
+
+<h2 id=functions>Functions</h2>
+
+<h3 id=deprecated_functions>Deprecated functions</h3>
+
+<p>The following functions are in the <code>keymaster1_device_t</code> definition but
+should not be implemented. The function pointers should be set
+to <code>NULL</code>:</p>
+
+<ul>
+ <li><code>generate_keypair</code>
+ <li><code>import_keypair</code>
+ <li><code>get_keypair_public</code>
+ <li><code>delete_keypair</code>
+ <li><code>delete_all</code>
+ <li><code>sign_data</code>
+ <li><code>verify_data</code>
+</ul>
+
+<h3 id=general_implementation_guidelines>General implementation guidelines</h3>
+
+<p>The following guidelines apply to all functions in the API.</p>
+
+<h4 id=input_pointer_parameters>Input pointer parameters</h4>
+
+<p>Input pointer parameters that are not used for a given call may be <code>NULL</code>.
+The caller is not required to provide placeholders. For example, some key
+types and modes may not use any values from the <code>in_params</code> argument
+to <a href="#begin">begin</a>, so the caller may set <code>in_params</code>
+to <code>NULL</code> or provide an empty parameter set. It is also acceptable for the caller to
+provide unused parameters, and Keymaster methods should not issue errors.</p>
+
+<p>If a required input parameter is NULL, Keymaster methods should return
+<code>KM_ERROR_UNEXPECTED_NULL_POINTER</code>.</p>
+
+<h4 id=output_pointer_parameters>Output pointer parameters</h4>
+
+<p>Similar to input pointer parameters, unused output pointer parameters
+may be <code>NULL</code>. If a method needs to return data in an output
+parameter found to be <code>NULL</code>, it should return <code>KM_ERROR_OUTPUT_PARAMETER_NULL</code>.</p>
+
+<h4 id=api_misuse>API misuse</h4>
+
+<p>There are many ways that callers can make requests that don't make sense or are
+foolish but not technically wrong. Keymaster1 implementations are not required
+to fail in such cases or issue a diagnostic. Use of too-small keys,
+specification of irrelevant input parameters, reuse of IVs or nonces,
+generation of keys with no purposes (hence useless) and the like should not be
+diagnosed by implementations. Omission of required parameters, specification of
+invalid required parameters, and similar errors must be diagnosed.</p>
+
+<p>It is the responsibility of apps, the framework, and Android keystore to ensure
+that the calls to Keymaster modules are sensible and useful.</p>
+
+<h3 id=get_supported_algorithms>get_supported_algorithms</h3>
+
+<p>Returns the list of algorithms supported by the Keymaster hardware
+implementation. A software implementation must return an empty list; a hybrid
+implementation must return a list containing only the algorithms that are
+supported by hardware.</p>
+
+<p>Keymaster1 implementations must support RSA, EC, AES and HMAC.</p>
+
+<h3 id=get_supported_block_modes>get_supported_block_modes</h3>
+
+<p>Returns the list of AES block modes supported by the Keymaster hardware
+implementation for a specified algorithm and purpose.</p>
+
+<p>For RSA, EC and HMAC, which are not block ciphers, the method must return an
+empty list for all valid purposes. Invalid purposes should cause the method to
+return <code>KM_ERROR_INVALID_PURPOSE</code>.</p>
+
+<p>Keymaster1 implementations must support ECB, CBC, CTR and GCM for AES
+encryption and decryption.</p>
+
+<h3 id=get_supported_padding_modes>get_supported_padding_modes</h3>
+
+<p>Returns the list of padding modes supported by the Keymaster hardware
+implementation for a specified algorithm and purpose.</p>
+
+<p>HMAC and EC have no notion of padding so the method must return an empty list
+for all valid purposes. Invalid purposes should cause the method to return <code>KM_ERROR_INVALID_PURPOSE</code>.</p>
+
+<p>For RSA, keymaster1 implementations must support:</p>
+
+<ul>
+ <li>Unpadded encryption, decryption, signing and verification. For unpadded
+encryption and signing, if the message is shorter than the public modulus,
+implementations must left-pad it with zeros. For unpadded decryption and
+verification, the input length must match the public modulus size.
+ <li>PKCS#1 v1.5 encryption and signing padding modes
+ <li>PSS with a minimum salt length of 20
+ <li>OAEP
+</ul>
+
+<p>For AES in ECB and CBC modes, keymaster1 implementations must support no
+padding and PKCS#7-padding. CTR and GCM modes must support only no padding.</p>
+
+<h3 id=get_supported_digests>get_supported_digests</h3>
+
+<p>Returns the list of digest modes supported by the Keymaster hardware
+implementation for a specified algorithm and purpose.</p>
+
+<p>No AES modes support or require digesting, so the method must return an empty
+list for valid purposes.</p>
+
+<p>Keymaster1 implementations are allowed to implement a subset of the defined
+digests, but must provide SHA-256. It is strongly recommended that keymaster1
+implementations provide MD5, SHA1, SHA-224, SHA-256, SHA384 and SHA512 (the
+full set of defined digests).</p>
+
+<h3 id=get_supported_import_formats>get_supported_import_formats</h3>
+
+<p>Returns the list of import formats supported by the Keymaster hardware
+implementation of a specified algorithm.</p>
+
+<p>Keymaster1 implementations must support the PKCS#8 format (without password
+protection) for importing RSA and EC key pairs, and must support RAW import of
+AES and HMAC key material.</p>
+
+<h3 id=get_supported_export_formats>get_supported_export_formats</h3>
+
+<p>Returns the list of export formats supported by the Keymaster hardware
+implementation of a specified algorithm.</p>
+
+<p>Keymaster1 implementations must support the X.509 format for exporting RSA and
+EC public keys. Export of private keys or asymmetric keys must not be
+supported.</p>
+
+<h3 id=add_rng_entropy>add_rng_entropy</h3>
+
+<p>Adds caller-provided entropy to the pool used by the Keymaster1 implementation
+for generating random numbers, for keys, IVs, etc.</p>
+
+<p>Keymaster1 implementations must <strong>securely</strong> mix the provided
+entropy into their pool, which must also contain
+internally-generated entropy from a hardware random number generator. Mixing
+must have the property that an attacker with complete control of either
+the <code>add_rng_entropy</code>-provided bits or the hardware-generated bits, but not both, cannot predict
+bits generated from the entropy pool with probability greater than ½.</p>
+
+<p>Keymaster1 implementations that attempt to estimate the entropy in their
+internal pool must assume that data provided by <code>add_rng_entropy</code> contains no entropy.</p>
+
+<h3 id=generate_key>generate_key</h3>
+
+<p>Generates a new cryptographic key, specifying associated authorizations, which
+will be permanently bound to the key. Keymaster1 implementations must make it
+impossible to use a key in any way inconsistent with the authorizations
+specified at generation time. With respect to authorizations that the secure
+hardware cannot enforce, the secure hardware's obligation is limited to
+ensuring that the unenforceable authorizations associated with the key cannot
+be modified, so that every call to <a href="#get_key_characteristics">get_key_characteristics</a>
+will return the original value. In addition, the characteristics returned by <code>generate_key</code>
+must allocate authorizations correctly between the hardware-enforced and
+software-enforced lists. See <a href="#get_key_characteristics">get_key_characteristics</a>
+for more details.</p>
+
+<p>The parameters that must be provided to <code>generate_key</code> depend on the type of key
+being generated. This section will summarize the
+required and allowed tags for each type of key. <a href="#km_tag_algorithm">KM_TAG_ALGORITHM</a>
+is always required, to specify the type.</p>
+
+<h4 id=rsa_keys>RSA keys</h4>
+
+<p>The following parameters are required when generating an RSA key.</p>
+
+<ul>
+ <li><a href="#km_tag_key_size">KM_TAG_KEY_SIZE</a> specifies the size of the public
+ modulus, in bits. If omitted, the method must
+return <code>KM_ERROR_UNSUPPORTED_KEY_SIZE</code>. Values that must be supported are
+1024, 2048, 3072 and 4096. It is
+recommended to support all key sizes that are a multiple of 8.
+ <li><a href="#km_tag_rsa_public_exponent">KM_TAG_RSA_PUBLIC_EXPONENT</a> specifies
+ the RSA public exponent value. If omitted, the method must
+ return <code>KM_ERROR_INVALID_ARGUMENT</code>.
+ Implementations must support the values 3 and 65537. It is recommended to
+support all prime values up to 2^64.
+</ul>
+
+<p>The following parameters are not required to generate an RSA key, but creating
+an RSA key without them will produce a key that is unusable.
+The <code>generate_key</code> function should not return an error if these parameters are omitted.</p>
+
+<ul>
+ <li><a href="#km_tag_purpose">KM_TAG_PURPOSE</a> specifies allowed purposes.
+ All purposes must be supported for RSA keys, in
+any combination.
+ <li><a href="#km_tag_digest">KM_TAG_DIGEST</a> specifies digest algorithms that
+ may be used with the new key. Implementations
+that do not support all digest algorithms must accept key generation requests
+that include unsupported digests. The unsupported digests should be placed in
+the "software-enforced" list in the returned key characteristics. This is
+because the key will be usable with those other digests, but digesting will be
+performed in software. Then hardware will be called to perform the operation
+with <code>KM_DIGEST_NONE</code>.
+ <li><a href="#km_tag_padding">KM_TAG_PADDING</a> specifies the padding modes
+ that may be used with the new key. Implementations
+that do not support all digest algorithms must place <code>KM_PAD_RSA_PSS</code>
+and <code>KM_PAD_RSA_OAEP</code> in the software-enforced list of the key
+characteristics if any unsupported
+digest algorithms are specified.
+</ul>
+
+<h4 id=ecdsa_keys>ECDSA keys</h4>
+
+<p>Only <a href="#km_tag_key_size">KM_TAG_KEY_SIZE</a> is required to generate an
+ECDSA key. It is used to select the EC group.
+Implementations must support values 224, 256, 384 and 521, which indicate the
+NIST p-224, p-256, p-384 and p521 curves, respectively.</p>
+
+<p><a href="#km_tag_digest">KM_TAG_DIGEST</a> is also needed for a useful ECDSA key,
+but is not required for generation.</p>
+
+<h4 id=aes_keys>AES keys</h4>
+
+<p>Only <a href="#km_tag_key_size">KM_TAG_KEY_SIZE</a> is required when
+generating an AES key. If omitted, the method must return <code>KM_ERROR_UNSUPPORTED_KEY_SIZE</code>.
+Values that must be supported are 128 and 256. It is recommended to support
+192-bit AES keys.</p>
+
+<p>The following parameters are particularly relevant for AES keys, but not
+required to generate one:</p>
+
+<ul>
+ <li><code>KM_TAG_BLOCK_MODE</code> specifies the block modes with which the new key may be used.
+ <li><code>KM_TAG_PADDING</code> specifies the padding modes that may be used. This is only relevant for ECB
+and CBC modes.
+</ul>
+
+<p>If the GCM block mode is specified, then <a href="#km_tag_min_mac_length">KM_TAG_MIN_MAC_LENGTH</a>
+must be provided. If omitted, the method must return
+<code>KM_ERROR_MISSING_MIN_MAC_LENGTH</code>. The value of the tag must be a multiple of 8 and must
+be at least 96 and no more than 128.</p>
+
+<h4 id=hmac_keys>HMAC keys</h4>
+
+<p>The following parameters are required for HMAC key generation:</p>
+
+<ul>
+ <li><a href="#km_tag_key_size">KM_TAG_KEY_SIZE</a> specifies the key size in bits. Values
+ smaller than 64 and values that are not
+multiples of 8 must not be supported. All multiples of 8, from 64 to 512, must
+be supported. Larger values may be supported.
+ <li><a href="#km_tag_min_mac_length">KM_TAG_MIN_MAC_LENGTH</a> specifies the minimum length of
+ MACs that can be generated or verified with
+this key. The value must be a multiple of 8 and must be at least 64.
+ <li><a href="#km_tag_digest">KM_TAG_DIGEST</a> specifies the digest algorithm for the key. Exactly
+ one digest must be
+specified, otherwise return <code>KM_ERROR_UNSUPPORTED_DIGEST</code>. If the digest is not supported
+by the trustlet, return <code>KM_ERROR_UNSUPPORTED_DIGEST</code>.
+</ul>
+
+<h4 id=key_characteristics>Key characteristics</h4>
+
+<p>If the characteristics argument is non-NULL, <code>generate_key</code> must return the newly-generated
+key's characteristics divided appropriately
+into hardware-enforced and software-enforced lists. See <a href="#get_key_characteristics">get_key_characteristics</a>
+for a description of which characteristics go in which list. The returned
+characteristics must include all of the parameters specified to key generation,
+except <a href="#km_tag_application_id">KM_TAG_APPLICATION_ID</a> and
+<a href="#km_tag_application_data">KM_TAG_APPLICATION_DATA</a>.
+If these tags were included in the key parameters, they must be removed from
+the returned characteristics; it must not be possible to find their values by
+examining the returned key blob. However, they must be cryptographically bound
+to the key blob, so that if the correct values are not provided when the key is
+used, usage will fail. Similarly, <a href="#km_tag_root_of_trust">KM_TAG_ROOT_OF_TRUST</a> must
+be cryptographically bound to the key, but it may not be specified during
+key creation or import and must never be returned.</p>
+
+<p>In addition to the provided tags, the trustlet must also
+add <a href="#km_tag_origin">KM_TAG_ORIGIN</a>, with the value <code>KM_ORIGIN_GENERATED</code>,
+and if the key is rollback resistant, <a href="#km_tag_rollback_resistant">KM_TAG_ROLLBACK_RESISTANT</a>.</p>
+
+<h4 id=rollback_resistance>Rollback resistance </h4>
+
+<p>Rollback resistance means that once a key is deleted with
+<a href="#delete_key">delete_key</a> or <a href="#delete_all_keys">delete_all_keys</a>,
+it is guaranteed by secure hardware never to be usable again. Implementations
+without rollback resistance will typically return generated or imported key
+material to the caller as a key blob, an encrypted and authenticated form. When
+keystore deletes the key blob, the key is gone, but an attacker who has
+previously managed to retrieve the key material can potentially restore it to
+the device.</p>
+
+<p>A key is rollback resistant if the secure hardware guarantees that deleted keys
+cannot be restored later. This is generally done by storing additional key
+metadata in a trusted location that cannot be manipulated by an attacker. On
+mobile devices, the mechanism used for this is usually Replay Protected Memory
+Blocks (RPMB). Because the number of keys that may be created is essentially
+unbounded and the trusted storage used for rollback resistance may be limited
+in size, it is required that this method succeed even if rollback resistance
+cannot be provided for the new key. In that case,
+<a href="#km_tag_rollback_resistant">KM_TAG_ROLLBACK_RESISTANT</a> should not be
+added to the key characteristics.</p>
+
+<h3 id=get_key_characteristics>get_key_characteristics</h3>
+
+<p>Returns parameters and authorizations associated with the provided key, divided
+into two sets: hardware-enforced and software-enforced. The description here
+applies equally to the key characteristics lists returned
+by <a href="#generate_key">generate_key</a> and <a href="#import_key">import_key</a>.</p>
+
+<p>If <code>KM_TAG_APPLICATION_ID</code> was provided during key generation
+or import, the same value must provided to
+this method in the <code>client_id</code> argument. Otherwise, the
+method must return <code>KM_ERROR_INVALID_KEY_BLOB</code>. Similarly,
+if <code>KM_TAG_APPLICATION_DATA </code>was provided during generation
+or import, the same value must be provided to
+this method in the <code>app_data</code> argument.</p>
+
+<p>The characteristics returned by this method completely describe the type and
+usage of the specified key.</p>
+
+<p>The general rule for deciding whether a given tag belongs in the
+hardware-enforced or software-enforced list is that if the meaning of the tag
+is fully assured by secure hardware, it is hardware-enforced. Otherwise, it's
+software enforced. Below is a list of specific tags whose correct allocation
+may be unclear:</p>
+
+<ul>
+ <li><a href="#km_tag_algorithm">KM_TAG_ALGORITHM</a>, <a href="#km_tag_key_size">KM_TAG_KEY_SIZE</a>,
+ and <a href="#km_tag_rsa_public_exponent">KM_TAG_RSA_PUBLIC_EXPONENT</a> are
+ intrinsic properties of the key. For any key that is secured by hardware,
+these will be in the hardware-enforced list, because the statement that, for
+example, "This RSA key material is only used as an RSA key" is enforced by
+hardware because the hardware will use it in no other way and software has no
+access to the key material and cannot use it at all.
+ <li><a href="#km_tag_digest">KM_TAG_DIGEST</a> values that are supported by the
+ secure hardware are to be placed in the
+hardware-supported list. Unsupported digests go in the software-supported list.
+ <li><a href="#km_tag_padding">KM_TAG_PADDING</a> values generally go in the
+ hardware-supported list, but if there is a
+possibility that a specific padding mode may have to be performed by software,
+they go in the software-enforced list. Such a possibility arises for RSA keys
+that permit PSS or OAEP padding with digest algorithms that are not supported
+by the secure hardware.
+ <li><a href="#km_tag_user_secure_id">KM_TAG_USER_SECURE_ID</a> and
+ <a href="#km_tag_mac_length">KM_TAG_USER_AUTH_TYPE</a> are hardware-enforced
+ only if user authentication is hardware enforced. For
+that to be true, the Keymaster trustlet and the relevant authentication
+trustlet must both be secure and must share a secret HMAC key used to sign and
+validate authentication tokens. See the Authentication page for details.
+ <li><a href="#km_tag_active_datetime">KM_TAG_ACTIVE_DATETIME</a>,
+ <a href="#km_tag_origination_expire_datetime">KM_TAG_ORIGINATION_EXPIRE_DATETIME</a>,
+ and <a href="#km_tag_usage_expire_datetime">KM_TAG_USAGE_EXPIRE_DATETIME</a> tags
+ require access to a verifiably correct wall clock. Most secure hardware
+will only have access to time information provided by the non-secure OS, which
+means the tags are software-enforced.
+ <li><a href="#km_tag_origin">KM_TAG_ORIGIN</a> is always in the hardware list for
+ hardware-bound keys. Its presence in that
+list is the way higher layers determine that a key is hardware-backed.
+</ul>
+
+<h3 id=import_key>import_key</h3>
+
+<p>Imports key material into Keymaster hardware. Key definition parameters and
+output characteristics are handled the same as for <code>generate_key</code>,
+with the following exceptions:</p>
+
+<ul>
+ <li><a href="#km_tag_key_size">KM_TAG_KEY_SIZE</a> and
+ <a href="#km_tag_rsa_public_exponent">KM_TAG_RSA_PUBLIC_EXPONENT</a> (for RSA keys only)
+ are not required in the input parameters. If not provided,
+the trustlet must deduce the values from the provided key material and add
+appropriate tags and values to the key characteristics. If the parameters are
+provided, the trustlet must validate them against the key material. In the
+event of a mismatch, the method must return <code>KM_ERROR_IMPORT_PARAMETER_MISMATCH</code>.
+ <li>The returned <a href="#km_tag_origin">KM_TAG_ORIGIN</a> must have the
+ value <code>KM_ORIGIN_IMPORTED</code>.
+</ul>
+
+<h3 id=export_key>export_key</h3>
+
+<p>Exports a public key from a Keymaster RSA or EC key pair.</p>
+
+<p>If <code>KM_TAG_APPLICATION_ID</code> was provided during key generation or import,
+the same value must provided to
+this method in the <code>client_id</code> argument. Otherwise, the method must return
+<code>KM_ERROR_INVALID_KEY_BLOB</code>. Similarly, if <code>KM_TAG_APPLICATION_DATA</code>
+was provided during generation or import, the same value must be provided to
+this method in the <code>app_data</code> argument.</p>
+
+<h3 id=delete_key>delete_key</h3>
+
+<p>Deletes the provided key. This method is optional, and will likely be
+implemented only by Keymaster modules that provide rollback resistance.</p>
+
+<h3 id=delete_all_keys>delete_all_keys</h3>
+
+<p>Deletes all keys. This method is optional, and will likely be implemented only
+by Keymaster modules that provide rollback resistance.</p>
+
+<h3 id=begin>begin</h3>
+
+<p>Begins a cryptographic operation, using the specified key, for the specified
+purpose, with the specified parameters (as appropriate), and returns an
+operation handle which is used with <a href="#update">update</a> and <a href="#finish">finish</a> to complete the operation.</p>
+
+<p>If <a href="#km_tag_application_id">KM_TAG_APPLICATION_ID</a> or <a href="#km_tag_application_data">KM_TAG_APPLICATION_DATA</a>
+were specified during key generation or import, calls to begin must include
+those tags with the originally-specified values in the <code>in_params</code> argument to this method.</p>
+
+<h4 id=authorization_enforcement>Authorization enforcement</h4>
+
+<p>During this method, the following key authorizations must be enforced by the
+trustlet if the implementation placed them in the "hardware-enforced"
+characteristics and if the operation is not a public key operation. Public key
+operations, meaning <code>KM_PURPOSE_ENCRYPT</code> and <code>KM_PURPOSE_VERIFY</code>,
+with RSA or EC keys, must be allowed to succeed even if authorization
+requirements are not met.</p>
+
+<ul>
+ <li><a href="#km_tag_purpose">KM_TAG_PURPOSE</a> requires that the purpose specified
+ for this method match one of the purposes
+in the key authorizations, unless the requested operation is a public key
+operation, meaning that the key is RSA or EC and the purpose is <code>KM_PURPOSE_ENCRYPT</code>
+or <code>KM_PURPOSE_VERIFY</code>. Note that <code>KM_PURPOSE_ENCRYPT</code> is not valid for EC keys.
+Begin should return <code>KM_ERROR_UNSUPPORTED_PURPOSE</code> in that case.
+ <li><a href="#km_tag_active_datetime">KM_TAG_ACTIVE_DATETIME</a> requires comparison with a trusted
+ UTC time source. If the current date and
+time is prior to the tag value, the method must return <code>KM_ERROR_KEY_NOT_YET_VALID</code>.
+ <li><a href="#km_tag_origination_expire_datetime">KM_TAG_ORIGINATION_EXPIRE_DATETIME</a> requires
+ comparison with a trusted UTC time source. If the current date and
+time is later than the tag value and the purpose is <code>KM_PURPOSE_ENCRYPT</code> or <code>KM_PURPOSE_SIGN</code>,
+the method must return <code>KM_ERROR_KEY_EXPIRED</code>.
+ <li><a href="#km_tag_usage_expire_datetime">KM_TAG_USAGE_EXPIRE_DATETIME</a> requires comparison with a
+ trusted UTC time source. If the current date and
+time is later than the tag value and the purpose is <code>KM_PURPOSE_DECRYPT</code> or <code>KM_PURPOSE_VERIFY</code>,
+the method must return <code>KM_ERROR_KEY_EXPIRED</code>.
+ <li><a href="#km_tag_min_seconds_between_ops">KM_TAG_MIN_SECONDS_BETWEEN_OPS</a> requires comparison with a
+ trusted relative timer indicating the last use of
+the key. If the last use time plus the tag value is less than the current time,
+the method must return <code>KM_ERROR_KEY_RATE_LIMIT_EXCEEDED</code>. See the tag description for
+important implementation requirements.
+ <li><a href="#km_tag_max_uses_per_boot">KM_TAG_MAX_USES_PER_BOOT</a> requires comparison against a
+ secure counter that tracks the uses of the key
+since boot time. If the count of previous uses exceeds the tag value, the
+method must return <code>KM_ERROR_KEY_MAX_OPS_EXCEEDED</code>.
+ <li><a href="#km_tag_user_secure_id">KM_TAG_USER_SECURE_ID</a> is enforced by this method only
+ if the key also has <a href="#km_tag_auth_timeout">KM_TAG_AUTH_TIMEOUT</a>. If the key has both,
+ then this method must have received a <a href="#km_tag_auth_token">KM_TAG_AUTH_TOKEN</a> in
+ <code>in_params</code> and that token must be valid, meaning that the HMAC field validates correctly.
+In addition, at least one of the <a href="#km_tag_user_secure_id">KM_TAG_USER_SECURE_ID</a>
+values from the key must match at least one of the secure ID values in the
+token. Finally, the key must also have a <a href="#km_tag_mac_length">KM_TAG_USER_AUTH_TYPE</a> and
+it must match the auth type in the token. If any of these requirements is
+not met, the method must return <code>KM_ERROR_KEY_USER_NOT_AUTHENTICATED</code>.
+ <li><a href="#km_tag_caller_nonce">KM_TAG_CALLER_NONCE</a> allows the caller to specify a nonce
+ or initialization vector (IV). If the key
+does not have this tag but the caller provided <a href="#km_tag_nonce">KM_TAG_NONCE</a> to this method,
+<code>KM_ERROR_CALLER_NONCE_PROHIBITED</code> must be returned.
+ <li><a href="#km_tag_bootloader_only">KM_TAG_BOOTLOADER_ONLY</a> specifies that the key may only be
+ used by the bootloader. If this method is
+called with a bootloader-only key after the bootloader has finished executing,
+it must return <code>KM_ERROR_INVALID_KEY_BLOB</code>.
+</ul>
+
+<h4 id=rsa_keys>RSA keys</h4>
+
+<p>All RSA key operations must specify exactly one padding mode in <code>in_params</code>. If
+unspecified or specified more than once, the method must return <code>KM_ERROR_UNSUPPORTED_PADDING_MODE</code>.</p>
+
+<p>RSA signing and verification operations require a digest, as do RSA encryption
+and decryption operations with OAEP padding mode. For those cases, the caller
+must specify exactly one digest in <code>in_params</code>. If unspecified or specified more than once,
+the method must return <code>KM_ERROR_UNSUPPORTED_DIGEST</code>.</p>
+
+<p>Private key operations (<code>KM_PURPOSE_DECYPT</code> and <code>KM_PURPOSE_SIGN</code>) require
+authorization of digest and padding, which means that the specified
+values must be in the key authorizations. If not, the method must return <code>KM_ERROR_INCOMPATIBLE_DIGEST</code>
+or <code>KM_ERROR_INCOMPATIBLE_PADDING</code>, as appropriate. Public key operations
+(<code>KM_PURPOSE_ENCRYPT</code> and <code>KM_PURPOSE_VERIFY</code>) are permitted with
+unauthorized digest or padding.</p>
+
+<p>With the exception of <code>KM_PAD_NONE</code>, all RSA padding modes are applicable only to
+certain purposes. Specifically, <code>KM_PAD_RSA_PKCS1_1_5_SIGN</code> and <code>KM_PAD_RSA_PSS</code>
+only support signing and verification, while <code>KM_PAD_RSA_PKCS1_1_1_5_ENCRYPT</code> and
+<code>KM_PAD_RSA_OAEP</code> only support encryption and decryption. The method must return
+<code>KM_ERROR_UNSUPPORTED_PADDING_MODE</code> if the specified mode does not support the specified purpose.</p>
+
+<p>There are some important interactions between padding modes and digests:</p>
+
+<ul>
+ <li><code>KM_PAD_NONE</code> indicates that a "raw" RSA operation will be performed. If signing or
+verifying, <code>KM_DIGEST_NONE </code>must be specified for the digest. No digest is required for unpadded encryption
+or decryption.
+ <li><code>KM_PAD_RSA_PKCS1_1_5_SIGN</code> padding requires a digest, which may be <code>KM_DIGEST_NONE.</code>
+ <li><code>KM_PAD_RSA_PKCS1_1_1_5_ENCRYPT</code> padding does not require a digest.
+ <li><code>KM_PAD_RSA_PSS</code> padding requires a digest, which may not be <code>KM_DIGEST_NONE</code>.
+ If <code>KM_DIGEST_NONE</code> is specified, the method must return
+ <code>KM_ERROR_INCOMPATIBLE_PADDING_MODE</code>. In addition, the
+ size of the RSA key must be at least 22 bytes larger than
+the output size of the digest. Otherwise, the method must return <code>KM_ERROR_INCOMPATIBLE_DIGEST</code>.
+ <li><code>KM_PAD_RSA_OAEP</code> padding requires a digest, which may not be <code>KM_DIGEST_NONE</code>.
+ If <code>KM_DIGEST_NONE</code> is specified, the method must return <code>KM_ERROR_INCOMPATIBLE_DIGEST</code>.
+</ul>
+
+<h4 id=ec_keys>EC keys</h4>
+
+<p>EC key operations must specify exactly one padding mode in <code>in_params</code>.
+If unspecified or specified more than once,
+return <code>KM_ERROR_UNSUPPORTED_PADDING_MODE</code>.</p>
+
+<p>Private key operations (<code>KM_PURPOSE_SIGN</code>) require authorization of the
+digest, which means that the specified value must be in the key authorizations.
+If not, return <code>KM_ERROR_INCOMPATIBLE_DIGEST</code>.
+Public key operations (<code>KM_PURPOSE_VERIFY</code>) are permitted with unauthorized digest or padding.</p>
+
+<h4 id=aes_keys>AES keys</h4>
+
+<p>AES key operations must specify exactly one block mode and one padding mode in <code>in_params</code>.
+If either value is unspecified or specified more than once, return <code>KM_ERROR_UNSUPPORTED_BLOCK_MODE</code> or
+<code>KM_ERROR_UNSUPPORTED_PADDING_MODE</code>. The specified modes must be authorized by the key.
+Otherwise, the method must
+return <code>KM_ERROR_INCOMPATIBLE_BLOCK_MODE</code> or <code>KM_ERROR_INCOMPATIBLE_PADDING_MODE</code>.</p>
+
+<p>If the block mode is <code>KM_MODE_GCM</code>, <code>in_params</code> must specify <code>KM_TAG_MAC_LENGTH</code>, and the
+specified value must be a multiple of 8 and must not be greater than
+128, or less than the value of <code>KM_TAG_MIN_MAC_LENGTH</code> in the key authorizations. For MAC lengths greater than 128 or non-multiples of
+8, return <code>KM_ERROR_UNSUPPORTED_MAC_LENGTH</code>. For values less than the key's minimum length, return <code>KM_ERROR_INVALID_MAC_LENGTH</code>.</p>
+
+<p>If the block mode is <code>KM_MODE_GCM</code> or <code>KM_MODE_CTR</code>, the specified padding mode must
+be <code>KM_PAD_NONE</code>. For <code>KM_MODE_ECB</code> or <code>KM_MODE_CBC</code>, the mode may
+be <code>KM_PAD_NONE</code> or <code>KM_PAD_PKCS7</code>. If the padding mode doesn't meet these
+requirements, return <code>KM_ERROR_INCOMPATIBLE_PADDING_MODE</code>.</p>
+
+<p>If the block mode is <code>KM_MODE_CBC</code>, <code>KM_MODE_CTR</code>, or <code>KM_MODE_GCM</code>, an initialization vector or nonce is needed.
+In most cases, callers should not
+provide an IV or nonce and the Keymaster implementation must generate a random
+IV or nonce and return it via <a href="#km_tag_nonce">KM_TAG_NONCE</a> in <code>out_params</code>. CBC
+and CTR IVs are 16 bytes. GCM nonces are 12 bytes. If the key
+authorizations contain <a href="#km_tag_caller_nonce">KM_TAG_CALLER_NONCE</a>, then the caller may
+provide an IV/nonce with <a href="#km_tag_nonce">KM_TAG_NONCE</a> in <code>in_params</code>. If a
+nonce is provided when <a href="#km_tag_caller_nonce">KM_TAG_CALLER_NONCE</a> is not authorized,
+return <code>KM_ERROR_CALLER_NONCE_PROHIBITED</code>. If a nonce is not provided when
+<a href="#km_tag_caller_nonce">KM_TAG_CALLER_NONCE</a> is authorized, generate a random IV/nonce.</p>
+
+<h4 id=hmac_keys>HMAC keys</h4>
+
+<p>HMAC key operations must specify <code>KM_TAG_MAC_LENGTH</code> in <code>in_params</code>.
+The specified value must be a multiple of 8 and must not be greater than the
+digest length, or less than the value of <code>KM_TAG_MIN_MAC_LENGTH</code> in the key authorizations.
+For MAC lengths greater than the digest length or
+non-multiples of 8, return <code>KM_ERROR_UNSUPPORTED_MAC_LENGTH</code>. For values less than
+the key's minimum length, return <code>KM_ERROR_INVALID_MAC_LENGTH</code>.</p>
+
+<h3 id=update>update</h3>
+
+<p>Provides data to process in an ongoing operation started with <a href="#begin">begin</a>.
+The operation is specified by the <code>operation_handle</code> parameter.</p>
+
+<p>To provide more flexibility for buffer handling, implementations of this method
+have the option of consuming less data than was provided. The caller is
+responsible for looping to feed the rest of the data in subsequent calls. The
+amount of input consumed must be returned in the <code>input_consumed</code> parameter.
+Implementations must always consume at least one byte, unless the
+operation cannot accept any more; if more than zero bytes are provided and zero
+bytes are consumed, callers will consider this an error and abort the
+operation.</p>
+
+<p>Implementations may also choose how much data to return, as a result of the
+update. This is only relevant for encryption and decryption operations, since
+signing and verification return no data until <a href="#finish">finish</a>. It is recommended
+to return data as early as possible, rather than buffer it.</p>
+
+<h4 id=error_handling>Error handling</h4>
+
+<p>If this method returns an error code other than <code>KM_ERROR_OK</code>, the operation is
+aborted and the operation handle must be invalidated. Any
+future use of the handle, with this method or <a href="#finish">finish</a> or <a href="#abort">abort</a>,
+must return <code>KM_ERROR_INVALID_OPERATION_HANDLE</code>.</p>
+
+<h4 id=authorization_enforcement>Authorization enforcement</h4>
+
+<p>Key authorization enforcement is performed primarily in <a href="#begin">begin</a>. The one exception
+is the case where the key has:</p>
+
+<ul>
+ <li>One or more <a href="#km_tag_user_secure_id">KM_TAG_USER_SECURE_IDs</a>, and
+ <li>Does not have a <a href="#km_tag_auth_timeout">KM_TAG_AUTH_TIMEOUT</a>
+</ul>
+
+<p>In this case, the key requires an authorization per operation, and the update
+method must receive a <a href="#km_tag_auth_token">KM_TAG_AUTH_TOKEN</a> in the <code>in_params</code> argument.
+The token must be valid (HMAC must verify) and it must contain a
+matching secure user ID, must match the key's <a href="#km_tag_mac_length">KM_TAG_USER_AUTH_TYPE</a>, and must
+contain the operation handle of the current operation in the
+challenge field. If these requirements aren't met, return <code>KM_ERROR_KEY_USER_NOT_AUTHENTICATED</code>.</p>
+
+<p>The caller must provide the authentication token to every call to <a href="#update">update</a> and
+<a href="#finish">finish</a>. The implementation need only validate the token once if it prefers.</p>
+
+<h4 id=rsa_keys>RSA keys</h4>
+
+<p>For signing and verification operations with <code>KM_DIGEST_NONE</code>, this method must accept
+the entire block to be signed or verified in a single
+update. It may not consume only a portion of the block. It still must accept
+the data in multiple updates if the caller chooses to provide it that way,
+however. If the caller provides more data to sign than can be used (length of
+data exceeds RSA key size), return <code>KM_ERROR_INVALID_INPUT_LENGTH</code>.</p>
+
+<h4 id=ecdsa_keys>ECDSA keys</h4>
+
+<p>For signing and verification operations with <code>KM_DIGEST_NONE</code>, this method must accept the
+entire block to be signed or verified in a single
+update. This method may not consume only a portion of the block.</p>
+
+<p>However, this method still must accept the data in multiple updates if the
+caller chooses to provide it that way. If the caller provides more data to sign
+than can be used, the data should be silently truncated. (This differs from the
+handling of excess data provided in similar RSA operations. The reason for this
+is compatibility with legacy clients.)</p>
+
+<h4 id=aes_keys>AES keys</h4>
+
+<p>AES GCM mode supports "associated authentication data," provided via the
+<a href="#km_tag_associated_data">KM_TAG_ASSOCIATED_DATA</a> tag in the <code>in_params</code> argument.
+The associated data may be provided in repeated calls (important if
+the data is too large to send in a single block) but must always precede data
+to be encrypted or decrypted. An update call may receive both associated data
+and data to encrypt/decrypt, but subsequent updates may not include associated
+data. If the caller provides associated data to an update call after a call
+that includes data to encrypt/decrypt, return <code>KM_ERROR_INVALID_TAG</code>.</p>
+
+<p>For GCM encryption, the tag is appended to the ciphertext by <a href="#finish">finish</a>.
+During decryption, the last <code>KM_TAG_MAC_LENGTH</code> bytes of the data provided to the last
+update call is the tag. Since a given
+invocation of <a href="#update">update</a> cannot know if it's the last invocation, it must process all but the tag
+length and buffer the possible tag data for processing during <a href="#finish">finish</a>.</p>
+
+<h3 id=finish>finish</h3>
+
+<p>Finished an ongoing operation started with <a href="#begin">begin</a>, processing all of the
+as-yet-unprocessed data provided by <a href="#update">update</a>(s).</p>
+
+<p>This method is the last one called in an operation, so all processed data must
+be returned.</p>
+
+<p>Whether it completes successfully or returns an error, this method finalizes
+the operation and therefore invalidates the provided operation handle. Any
+future use of the handle, with this method or <a href="#update">update</a> or
+<a href="#abort">abort</a>, must return <code>KM_ERROR_INVALID_OPERATION_HANDLE</code>.</p>
+
+<p>Signing operations return the signature as the output. Verification operations
+accept the signature in the <code>signature</code> parameter, and return no output.</p>
+
+<h4 id=authorization_enforcement>Authorization enforcement</h4>
+
+<p>Key authorization enforcement is performed primarily in <a href="#begin">begin</a>. The one exception is the case where the key has:</p>
+
+<ul>
+ <li>One or more <a href="#km_tag_user_secure_id">KM_TAG_USER_SECURE_IDs</a>, and
+ <li>Does not have a <a href="#km_tag_auth_timeout">KM_TAG_AUTH_TIMEOUT</a>
+</ul>
+
+<p>In this case, the key requires an authorization per operation, and the update
+method must receive a <a href="#km_tag_auth_token">KM_TAG_AUTH_TOKEN</a> in the <code>in_params</code> argument.
+The token must be valid (HMAC must verify) and it must contain a
+matching secure user ID, must match the key's <a href="#km_tag_mac_length">KM_TAG_USER_AUTH_TYPE</a>, and must
+contain the operation handle of the current operation in the
+challenge field. If these requirements aren't met, return <code>KM_ERROR_KEY_USER_NOT_AUTHENTICATED</code>.</p>
+
+<p>The caller must provide the authentication token to every call to <a href="#update">update</a> and <a href="#finish">finish</a>.
+The implementation need only validate the token once if it prefers.</p>
+
+<h4 id=rsa_keys>RSA keys</h4>
+
+<p>Some additional requirements, depending on the padding mode:</p>
+
+<ul>
+ <li><strong>KM_PAD_NONE</strong>. For unpadded signing and encryption operations, if the provided data is
+shorter than the key, the data must be zero-padded on the left before
+signing/encryption. If the data is the same length as the key but numerically
+larger, return <code>KM_ERROR_INVALID_ARGUMENT</code>. For verification and decryption operations, the data must be exactly as long
+as the key. Otherwise, return <code>KM_ERROR_INVALID_INPUT_LENGTH.</code>
+ <li><strong>KM_PAD_RSA_PSS</strong>. For PSS-padded signature operations, the PSS salt must be at least 20 bytes
+in length and randomly-generated. The salt may be longer; the reference
+implementation uses maximally-sized salt. The digest specified with <a href="#km_tag_digest">KM_TAG_DIGEST</a> in
+<code>input_params</code> on <a href="#begin">begin</a> is used as the PSS digest algorithm, and SHA1 is used as the MGF1 digest
+algorithm.
+ <li><strong>KM_PAD_RSA_OAEP</strong>. The digest specified with <a href="#km_tag_digest">KM_TAG_DIGEST</a> in
+ <code>input_params</code> on <a href="#begin">begin</a> is used as the OAEP digest algorithm, and SHA1 is used as the MGF1 digest
+algorithm.
+</ul>
+
+<h4 id=ecdsa_keys>ECDSA keys</h4>
+
+<p>If the data provided for unpadded signing or verification is too long, truncate
+it.</p>
+
+<h4 id=aes_keys>AES keys</h4>
+
+<p>Some additional requirements, depending on block mode:</p>
+
+<ul>
+ <li><strong>KM_MODE_ECB</strong> or <strong>KM_MODE_CBC</strong>. If padding is <code>KM_PAD_NONE</code> and the
+ data length is not a multiple of the AES block size, return <code>KM_ERROR_INVALID_INPUT_LENGTH</code>. If
+ padding is <code>KM_PAD_PKCS7</code>, pad the data per the PKCS#7 specification. Note that PKCS#7 requires that if
+the data is a multiple of the block length, an additional padding block must be
+added.
+ <li><strong>KM_MODE_GCM</strong>. During encryption, after processing all plaintext, compute the
+ tag (<a href="#km_tag_mac_length">KM_TAG_MAC_LENGTH</a> bytes) and append it to the returned ciphertext.
+ During decryption, process
+the last <a href="#km_tag_mac_length">KM_TAG_MAC_LENGTH</a> bytes as the tag. If tag verification fails,
+return <code>KM_ERROR_VERIFICATION_FAILED</code>.
+</ul>
+
+<h3 id=abort>abort</h3>
+
+<p>Aborts the in-progress operation. After the call to abort, return <code>KM_ERROR_INVALID_OPERATION_HANDLE</code> for
+any subsequent use of the provided operation handle with <a href="#update">update</a>,
+<a href="#finish">finish</a>, or <a href="#abort">abort</a>.</p>
diff --git a/src/devices/tech/security/images/access-to-keymaster.png b/src/devices/tech/security/images/access-to-keymaster.png
new file mode 100644
index 0000000..611f8e3
--- /dev/null
+++ b/src/devices/tech/security/images/access-to-keymaster.png
Binary files differ
diff --git a/src/devices/tech/security/images/authentication-flow.png b/src/devices/tech/security/images/authentication-flow.png
new file mode 100644
index 0000000..1c136e4
--- /dev/null
+++ b/src/devices/tech/security/images/authentication-flow.png
Binary files differ
diff --git a/src/devices/tech/security/images/fingerprint-daemon.png b/src/devices/tech/security/images/fingerprint-daemon.png
new file mode 100644
index 0000000..a57a7a4
--- /dev/null
+++ b/src/devices/tech/security/images/fingerprint-daemon.png
Binary files differ
diff --git a/src/devices/tech/security/images/fingerprint-data-flow.png b/src/devices/tech/security/images/fingerprint-data-flow.png
new file mode 100644
index 0000000..bc3ff36
--- /dev/null
+++ b/src/devices/tech/security/images/fingerprint-data-flow.png
Binary files differ
diff --git a/src/devices/tech/security/images/gatekeeper-flow.png b/src/devices/tech/security/images/gatekeeper-flow.png
new file mode 100644
index 0000000..693ebec
--- /dev/null
+++ b/src/devices/tech/security/images/gatekeeper-flow.png
Binary files differ
diff --git a/src/images/jack-library-file.png b/src/images/jack-library-file.png
new file mode 100644
index 0000000..b25dd85
--- /dev/null
+++ b/src/images/jack-library-file.png
Binary files differ
diff --git a/src/images/jack-overview.png b/src/images/jack-overview.png
new file mode 100644
index 0000000..74d396f
--- /dev/null
+++ b/src/images/jack-overview.png
Binary files differ
diff --git a/src/images/jill.png b/src/images/jill.png
new file mode 100644
index 0000000..0d9ba14
--- /dev/null
+++ b/src/images/jill.png
Binary files differ
diff --git a/src/images/pre-dex.png b/src/images/pre-dex.png
new file mode 100644
index 0000000..4d39700
--- /dev/null
+++ b/src/images/pre-dex.png
Binary files differ
diff --git a/src/index.jd b/src/index.jd
index 0aa6826..ba60884 100644
--- a/src/index.jd
+++ b/src/index.jd
@@ -32,6 +32,7 @@
and ensure your devices are compatible with the Android compatibility definition.
</p>
+<h2 align="center">Android 6.0 Updates Available — see details below</h2>
</div>
</div>
@@ -41,60 +42,73 @@
<div class="landing-docs">
<div class="col-8">
<h3>What's New</h3>
-<a href="{@docRoot}devices/tech/debug/dumpsys.html">
- <h4>Example Dumpsys Diagnostic Output</h4></a>
- <p>In addition to the aforementioned <strong><a
- href="{@docRoot}devices/input/diagnostics.html">Input
- Diagnostics</a></strong>, you can now find Dumpsys examples of usage
- data for <strong><a href="{@docRoot}devices/tech/ram/procstats.html">RAM
- (procstats)</a></strong>, <strong><a
- href="{@docRoot}devices/tech/netstats.html">network (netstats)</a></strong>,
- and <strong><a
- href="{@docRoot}devices/tech/power/batterystats.html">battery (batterystats)</a></strong>.</p>
-
-<a href="{@docRoot}devices/audio/latency_measurements.html">
- <h4>Audio Latency Measurements</h4></a>
- <p>The Android audio team has published <strong><a
- href="{@docRoot}devices/audio/latency_measurements.html">round-trip audio latency
- measurements</a></strong> for select Nexus devices to help partners compare their
- own devices and reduce latency further.</p>
-
<a href="{@docRoot}devices/tech/power/index.html">
- <h4>Power Profile Details</h4></a>
- <p><strong><a
- href="{@docRoot}devices/tech/power/index.html">Power</a></strong>
- information has been moved and expanded to include details on
- <code>cpu.awake</code> and <code>cpu.active</code>. The need to create a
- <code>power_profile.xml</code> file is also emphasized throughout.</p>
+ <h4>Doze and App Standby</h4></a>
+ <p>New battery-saving features <em>Doze</em> and <em>App Standby</em>
+ are described in <strong><a href="{@docRoot}devices/tech/power/mgmt.html">Power
+ Management</a></strong> while the remaining <strong><a
+ href="{@docRoot}devices/tech/power/index.html">Power</a></strong> section has
+ been revised.</p>
-<a href="{@docRoot}source/initializing.html">
- <h4>Initializing Improvements</h4></a>
- <p>Build environment <strong><a
- href="{@docRoot}source/initializing.html#setting-up-a-mac-os-x-build-environment">Initializing</a></strong>
- instructions now explain how to resize and unmount Mac OS sparse
- images. And the ccache section has been moved to an optional <strong><a
- href="{@docRoot}source/initializing.html#optimizing-a-build-environment">Optimizing
- a build environment</a></strong> section.</p>
-
-<a href="{@docRoot}devices/tech/security/selinux/index.html">
- <h4>SELinux Permissive Declarations</h4></a>
- <p>SELinux <strong><a
- href="{@docRoot}devices/tech/security/selinux/customize.html">Customizing</a></strong>
+<a href="{@docRoot}devices/tech/security/authentication/index.html">
+ <h4>Authentication</h4></a>
+ <p>An entirely new <strong><a
+ href="{@docRoot}devices/tech/security/authentication/index.html">Authentication</a></strong>
+ section describes the <strong><a
+ href="{@docRoot}devices/tech/security/authentication/fingerprint-hal.html">Fingerprint</a></strong>,
+ <strong><a
+ href="{@docRoot}devices/tech/security/authentication/gatekeeper.html">Gatekeeper</a></strong>,
and <strong><a
- href="{@docRoot}devices/tech/security/selinux/implement.html">Implementing</a></strong>
- instructions have been updated to recommend using permissive declarations
- directly as <code>permissive_or_unconfined()</code> has been deprecated.
- Similarly, <code>BOARD_SEPOLICY_UNION</code> has been removed, so
- <code>BOARD_SEPOLICY_*</code> variables are suggested insead.</p>
+ href="{@docRoot}devices/tech/security/authentication/keymaster.html">Keymaster</a></strong>
+ interfaces in detail, including a list of <strong><a
+ href="{@docRoot}devices/tech/security/authentication/km-features.html">Keymaster
+ features</a></strong> and an <strong><a
+ href="{@docRoot}devices/tech/security/authentication/km-implementer-ref.html">implementer’s
+ reference</a></strong>.</p>
-<a href="{@docRoot}devices/bluetooth.html">
- <h4>Android 5.0 Bluetooth HCI Requirements</h4></a>
- <p><strong><a
- href="{@docRoot}devices/Android-5.0-Bluetooth-HCI-Reqs.pdf">Bluetooth
- Host Controller Interface (HCI) requirements</a></strong> to leverage
- the Bluetooth Low Energy APIs in Android 5.0 have
- been published and linked from the <strong><a
- href="{@docRoot}devices/bluetooth.html">Bluetooth</a></strong> introduction.</p>
+<a href="{@docRoot}devices/storage/index.html">
+ <h4>Adoptable Storage</h4></a>
+ <p>The <strong><a
+ href="{@docRoot}devices/storage/index.html">Storage</a></strong>
+ section has been revised to introduce <strong><a
+ href="{@docRoot}devices/storage/adoptable.html">adoptable
+ storage</a></strong> that can hold app data and distinguish between it and <strong><a
+ href="{@docRoot}devices/storage/traditional.html">traditional
+ storage</a></strong>.</p>
+
+<a href="{@docRoot}devices/tech/config/index.html">
+ <h4>Configuration</h4></a>
+ <p>Instructions now exist for configuring <strong><a
+ href="{@docRoot}devices/tech/config/runtime_perms.html">runtime permissions</a></strong>,
+ <strong><a href="{@docRoot}devices/tech/config/voicemail.html">visual
+ voicemail</a></strong>, and Android’s new <strong><a
+ href="{@docRoot}devices/tech/config/filesystem.html">file
+ system</a></strong>. And carriers get <strong><a
+ href="{@docRoot}devices/tech/config/carrier.html">custom
+ configuration</a></strong>.</p>
+
+<a href="{@docRoot}devices/tech/debug/index.html">
+ <h4>Tooling</h4></a>
+ <p>Information on the <strong><a href="{@docRoot}source/jack.html">Jack
+ (Java Android Compiler Kit)</a></strong> default toolchain in Android 6.0 is
+ available, as well as instructions for <strong><a
+ href="{@docRoot}devices/tech/dalvik/gc-debug.html">debugging garbage collection
+ in ART</a></strong>.</p>
+
+<a href="{@docRoot}devices/media/index.html">
+ <h4>Media</h4></a>
+ <p>The <strong><a
+ href="{@docRoot}devices/media/index.html">Media</a></strong> section now
+ contains descriptions of media resource manager dependencies for <strong><a
+ href="{@docRoot}devices/media/oem.html">OEMs</a></strong> and <strong><a
+ href="{@docRoot}devices/media/soc.html">SoC vendors</a></strong>.</p>
+
+<a href="{@docRoot}accessories/stylus.html">
+ <h4>Bluetooth Stylus</h4></a>
+ <p>The <strong><a
+ href="{@docRoot}accessories/index.html">Accessories</a></strong>
+ section now explains how to implement a <strong><a
+ href="{@docRoot}accessories/stylus.html">Bluetooth Stylus</a></strong>.</p>
</div>
<div class="col-8">
diff --git a/src/source/jack.jd b/src/source/jack.jd
new file mode 100644
index 0000000..7abead7
--- /dev/null
+++ b/src/source/jack.jd
@@ -0,0 +1,357 @@
+page.title=Jack (Java Android Compiler Kit)
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<h2 id=the_jack_toolchain>The Jack toolchain</h2>
+
+<p>Jack (Java Android Compiler Kit) is a new Android toolchain that compiles Java
+source into Android dex bytecode. It replaces the previous Android toolchain,
+which consists of multiple tools, such as javac, ProGuard, jarjar, and dx.</p>
+
+<p>The Jack toolchain provides the following advantages:</p>
+
+<ul>
+ <li> <strong>Completely open source</strong><br>
+Available in AOSP; partners are welcome to contribute.
+ <li> <strong>Speeds compilation time</strong><br>
+
+Jack has specific supports to reduce compilation time: pre-dexing, incremental
+compilation and a Jack compilation server.
+ <li> <strong>Handles shrinking, obfuscation, repackaging and multidex</strong><br>
+Using a separate package such as ProGuard is no longer necessary.
+</ul>
+
+<img src="{@docRoot}images/jack-overview.png" height="75%" width="75%" alt="Jack overview" />
+<p class="img-caption"><strong>Figure 1. </strong>Jack (Java Android Compiler Kit)</p>
+
+<h2 id=the_jack_library_format>The .jack library format</h2>
+
+<p>Jack has its own .jack file format, which contains the pre-compiled dex code
+for the library, allowing for faster compilation (pre-dex).</p>
+
+<img src="{@docRoot}images/jack-library-file.png" height="75%" width="75%" alt="Jack library file contents" />
+<p class="img-caption"><strong>Figure 2. </strong>Jack library file contents</p>
+
+<h2 id=jack_intermediate_library_linker_jill>Jack Intermediate Library Linker (Jill)</h2>
+
+<p>The Jill tool translates the existing .jar libraries into the new library
+format, as shown below.</p>
+
+<img src="{@docRoot}images/jill.png" alt="Importing existing .jar libraries using Jill" />
+<p class="img-caption"><strong>Figure 3. </strong>Workflow to import an existing .jar library</p>
+
+<h2 id=using_jack_in_your_android_build>Using Jack in your Android build</h2>
+
+<p>You don’t have to do anything differently to use Jack — just use your standard
+makefile commands to compile the tree or your project. Jack is the default
+Android build toolchain for M.</p>
+
+<p>The first time Jack is used, it launches a local Jack compilation server on
+your computer:</p>
+
+<ul>
+ <li> This server brings an intrinsic speedup, because it avoids launching a new host
+JRE JVM, loading Jack code, initializing Jack and warming up the JIT at each
+compilation. It also provides very good compilation times during small
+compilations (e.g. in incremental mode).
+ <li> The server is also a short-term solution to control the number of parallel Jack
+compilations, and so to avoid overloading your computer (memory or disk issue),
+because it limits the number of parallel compilations.
+</ul>
+
+<p>The Jack server shuts itself down after an idle time without any compilation.
+It uses two TCP ports on the localhost interface, and so is not available
+externally. All these parameters (number of parallel compilations, timeout,
+ports number, etc) can be modified by editing the<code> $HOME/.jack</code> file.</p>
+
+<h3 id=$home_jack_file>$HOME/.jack file</h3>
+
+<p>The <code>$HOME/.jack</code> file contains settings for Jack server variables, in a full bash syntax. </p>
+
+<p>Here are the available settings, with their definitions and default values:</p>
+
+<ul>
+ <li> <strong><code>SERVER=true</strong> </code>Enable the server feature of Jack.
+ <li> <strong><code>SERVER_PORT_SERVICE=8072</code>
+</strong>Set the TCP port number of the server for compilation purposes.
+ <li> <strong><code>SERVER_PORT_ADMIN=8073</code></strong>
+Set the TCP port number of the server for admin purposes.
+ <li> <strong><code>SERVER_COUNT=1</code></strong>
+Unused at present.
+ <li> <strong><code>SERVER_NB_COMPILE=4</code></strong>
+Maximum number of parallel compilations allowed.
+ <li> <strong><code>SERVER_TIMEOUT=60</code></strong>
+Number of idle seconds the server has to wait without any compilation before
+shutting itself down.
+ <li> <strong><code>SERVER_LOG=${SERVER_LOG:=$SERVER_DIR/jack-$SERVER_PORT_SERVICE.log}</code></strong>
+File where server logs are written. By default, this variable can be
+overloaded by an environment variable.
+ <li> <strong><code>JACK_VM_COMMAND=${JACK_VM_COMMAND:=java}</code></strong>
+The default command used to launch a JVM on the host. By default, this
+variable can be overloaded by environment variable.
+</ul>
+
+<h3 id=jack_troubleshooting>Jack troubleshooting</h3>
+
+<p><strong>If your computer becomes unresponsive during compilation or if you experience
+Jack compilations failing on “Out of memory error”</strong></p>
+
+<p>You can improve the situation by reducing the number of Jack simultaneous
+compilations by editing your<code> $HOME/.jack</code> and changing<code> SERVER_NB_COMPILE</code> to a lower value.</p>
+
+<p><strong>If your compilations are failing on “Cannot launch background server”</strong></p>
+
+<p>The most likely cause is TCP ports are already used on your computer. Try to
+change it by editing your <code>$HOME/.jack </code>(<code>SERVER_PORT_SERVICE</code> and <code>SERVER_PORT_ADMIN</code> variables).</p>
+
+<p>If it doesn’t solve the problem, please report and attach your compilation log
+and the Jack server log (see ‘Finding the Jack log’ below to know where to find
+the server log file). To unblock the situation, disable jack compilation server
+by editing your <code>$HOME/.jack</code> and changing <code>SERVER</code> to false. Unfortunately this will significantly slow down your compilation and
+may force you to launch <code>make -j</code> with load control (option "<code>-l</code>" of <code>make</code>). </p>
+
+<p><strong>If your compilation gets stuck without any progress</strong></p>
+
+<p>Please report this and give us the following additional information (where
+possible):</p>
+
+<ul>
+ <li> The command line at which you are stuck.
+ <li> The output of this command line.
+ <li> The result of executing <code>jack-admin server-stat</code>.
+ <li> The <code>$HOME/.jack</code> file.
+ <li> The content of the server log with the server state dumped. To get this —
+ <ul>
+ <li> Find the Jack background server process by running <code>jack-admin list-server</code>.
+ <li> Send a <code>kill -3</code> command to this server to dump its state into the log file.
+ <li> To locate the server log file, see ‘Finding the Jack log’ below.
+ </ul>
+ <li> The result of executing <code>ls -lR $TMPDIR/jack-$USER.</code>
+ <li> The result of running <code>ps j -U $USER.</code>
+</ul>
+
+<p>You should be able to unblock yourself by killing the Jack background server
+(use <code>jack-admin kill-server</code>), and then by removing its temporary directories contained in <code>jack-$USER</code> of your temporary directory (<code>/tmp</code> or <code>$TMPDIR</code>).</p>
+
+<p><strong>If you have any other issues </strong></p>
+
+<p>To report bugs or request features, please use our public issue tracker,
+available at <a href="http://b.android.com">http://b.android.com</a>, with the <a href="https://code.google.com/p/android/issues/entry?template=Jack%20bug%20report">Jack tool bug report</a> or <a href="https://code.google.com/p/android/issues/entry?template=Jack%20feature%20request">Jack tool feature request</a> templates. Please attach the Jack log to the bug report. </p>
+<table>
+ <tr>
+ <td><strong>Finding the Jack log</strong>
+<ul>
+ <li> If you ran a make command with a dist target, the Jack log is located at <code>$ANDROID_BUILD_TOP/out/dist/logs/jack-server.log</code>
+ <li> Otherwise you can find it in by running <code>jack-admin server-log</code>
+</ul>
+</td>
+ </tr>
+</table>
+
+<p>In case of reproducible Jack failures, you can get a more detailed log by
+setting one variable, as follows:</p>
+
+<pre class=prettyprint>
+$ export ANDROID_JACK_EXTRA_ARGS= "--verbose debug --sanity-checks on -D
+sched.runner=single-threaded"
+</pre>
+
+<p>Then use your standard makefile commands to compile the tree or your project
+and attach its standard output and error.</p>
+
+<p>To remove detailed build logs use:</p>
+
+<pre class=prettyprint>
+$ unset ANDROID_JACK_EXTRA_ARGS
+</pre>
+
+<h3 id=jack_limitations>Jack limitations</h3>
+
+<ul>
+ <li> The Jack server is mono-user by default, so can be only used by one user on a
+computer. If it is not the case, please, choose different port numbers for each
+user and adjust SERVER_NB_COMPILE accordingly. You can also disable the Jack
+server by setting SERVER=false in your $HOME/.jack.
+ <li> CTS compilation is slow due to current vm-tests-tf integration.
+ <li> Bytecode manipulation tools, like JaCoCo, are not supported.
+</ul>
+
+<h2 id=using_jack_features>Using Jack features</h2>
+
+<p>Jack supports Java programming language 1.7 and integrates additional features
+described below.</p>
+
+<h3 id=predexing>Predexing </h3>
+
+<p>When generating a JACK library file, the .dex of the library is generated and
+stored inside the .jack library file as a pre-dex. When compiling, JACK reuses
+the pre-dex from each library.</p>
+
+<p>All libraries are pre-dexed.</p>
+
+<img src="{@docRoot}images/pre-dex.png" height="75%" width="75%" alt="Jack libraries with pre-dex" />
+<p class="img-caption"><strong>Figure 4. </strong>Jack libraries with pre-dex</p>
+
+<h4 id=limitations>Limitations</h4>
+
+
+<p>Currently, JACK does not reuse the library pre-dex if
+shrinking/obfuscation/repackaging is used in the compilation.</p>
+
+<h3 id=incremental_compilation>Incremental compilation</h3>
+
+
+<p>Incremental compilation means that only components that were touched since the
+last compilation, and their dependencies, are recompiled. Incremental
+compilation can be significantly faster than a full compilation when changes
+are limited to only a limited set of components.</p>
+
+<h4 id=limitations>Limitations</h4>
+
+
+<p>Incremental compilation is deactivated when shrinking, obfuscation, repackaging
+or multi-dex legacy is enabled.</p>
+
+<h4 id=enabling_incremental_builds>Enabling incremental builds</h4>
+
+
+<p>Currently incremental compilation is not enabled by default. To enable
+incremental builds, add the following line to the Android.mk file of the
+project that you want to build incrementally:</p>
+
+<pre class=prettyprint>
+LOCAL_JACK_ENABLED := incremental
+</pre>
+
+<p class="note"><strong>Note:</strong> The first time that you build your project with Jack if some dependencies
+are not built, use <code>mma</code> to build them, and after that you can use the standard build command.</p>
+
+<h3 id=shrinking_and_obfuscation>Shrinking and Obfuscation</h3>
+
+<p>JACK has shrinking and obfuscation support and uses proguard configuration
+files to enable shrinking and obfuscation features. Here are the supported and
+ignored options:</p>
+
+<h4 id=supported_common_options>Supported common options</h4>
+
+
+<p>Common options include the following:</p>
+
+<ul>
+ <li> <code>@</code>
+ <li> <code>-include</code>
+ <li> <code>-basedirectory</code>
+ <li> <code>-injars</code>
+ <li> <code>-outjars // only 1 output jar supported</code>
+ <li> <code>-libraryjars</code>
+ <li> <code>-keep</code>
+ <li> <code>-keepclassmembers</code>
+ <li> <code>-keepclasseswithmembers</code>
+ <li> <code>-keepnames</code>
+ <li> <code>-keepclassmembernames</code>
+ <li> <code>-keepclasseswithmembernames</code>
+ <li> <code>-printseeds</code>
+</ul>
+
+<h4 id=supported_shrinking_options>Supported shrinking options</h4>
+
+
+<p>Shrinking options include the following:</p>
+
+<ul>
+ <li> <code>-dontshrink</code>
+</ul>
+
+<h4 id=supported_obfuscation_options>Supported obfuscation options</h4>
+
+
+<p>Obfuscation options include the following:</p>
+
+<ul>
+ <li> <code>-dontobfuscate</code>
+ <li> <code>-printmapping</code>
+ <li> <code>-applymapping</code>
+ <li> <code>-obfuscationdictionary</code>
+ <li> <code>-classobfuscationdictionary</code>
+ <li> <code>-packageobfuscationdictionary</code>
+ <li> <code>-useuniqueclassmembernames</code>
+ <li> <code>-dontusemixedcaseclassnames</code>
+ <li> <code>-keeppackagenames</code>
+ <li> <code>-flattenpackagehierarchy</code>
+ <li> <code>-repackageclasses</code>
+ <li> <code>-keepattributes</code>
+ <li> <code>-adaptclassstrings</code>
+</ul>
+
+<h4 id=ignored_options>Ignored options</h4>
+
+
+<p>Ignored options include the following:</p>
+
+<ul>
+ <li> <code>-dontoptimize // Jack does not optimize</code>
+ <li> <code>-dontpreverify // Jack does not preverify</code>
+ <li> <code>-skipnonpubliclibraryclasses</code>
+ <li> <code>-dontskipnonpubliclibraryclasses</code>
+ <li> <code>-dontskipnonpubliclibraryclassmembers</code>
+ <li> <code>-keepdirectories</code>
+ <li> <code>-target</code>
+ <li> <code>-forceprocessing</code>
+ <li> <code>-printusage</code>
+ <li> <code>-whyareyoukeeping</code>
+ <li> <code>-optimizations</code>
+ <li> <code>-optimizationpasses</code>
+ <li> <code>-assumenosideeffects</code>
+ <li> <code>-allowaccessmodification</code>
+ <li> <code>-mergeinterfacesaggressively</code>
+ <li> <code>-overloadaggressively</code>
+ <li> <code>-microedition</code>
+ <li> <code>-verbose</code>
+ <li> <code>-dontnote</code>
+ <li> <code>-dontwarn</code>
+ <li> <code>-ignorewarnings</code>
+ <li> <code>-printconfiguration</code>
+ <li> <code>-dump</code>
+</ul>
+
+<p class="note"><strong>Note:</strong> Other options will generate an error.</p>
+
+<h3 id=repackaging>Repackaging</h3>
+
+<p>JACK uses jarjar configuration files to do the repackaging.</p>
+
+<p class="note"><strong>Note:</strong> JACK is compatible with "rule" rule types, but is not compatible with "zap" or
+"keep" rule types. If you need "zap" or "keep" rule types please file a feature
+request with a description of how you use the feature in your app.</p>
+
+<h3 id=multidex_support>Multidex support</h3>
+
+
+<p>Since dex files are limited to 65K methods, apps with over 65K methods must be
+split into multiple dex files. (See <a href="http://developer.android.com/tools/building/multidex.html">‘Building Apps with Over 65K Methods’</a> for more information about multidex.)</p>
+
+<p>Jack offers native and legacy multidex support. </p>
+
