resolve merge conflicts of 4d044d6bbf8225eef3fe10e440b78b55cc09682d to nougat-mr1-dev
Test: I solemnly swear I tested this conflict resolution.
Change-Id: Ic97f35757d2129f4b0e4ff09e1b22faca3f5698c
diff --git a/11_updatable-software/11_0_intro.md b/11_updatable-software/11_0_intro.md
index b529194..229c3cb 100644
--- a/11_updatable-software/11_0_intro.md
+++ b/11_updatable-software/11_0_intro.md
@@ -21,12 +21,15 @@
shared data. Note that the upstream Android software includes an update
mechanism that satisfies this requirement.
-For device implementations that are launching with Android ANDROID_VERSION and
+For device implementations that are launching with Android 6.0 and
later, the update mechanism SHOULD support verifying that the system image is
binary identical to expected result following an OTA. The block-based OTA
implementation in the upstream Android Open Source Project, added since Android
5.1, satisfies this requirement.
+Also, device implementations SHOULD support [A/B system updates](https://source.android.com/devices/tech/ota/ab_updates.html).
+The AOSP implements this feature using the boot control HAL.
+
If an error is found in a device implementation after it has been released but
within its reasonable product lifetime that is determined in consultation with
the Android Compatibility Team to affect the compatibility of third-party
diff --git a/3_software/3_2_soft-api-compatibility.md b/3_software/3_2_soft-api-compatibility.md
index e8c195e..41b7645 100644
--- a/3_software/3_2_soft-api-compatibility.md
+++ b/3_software/3_2_soft-api-compatibility.md
@@ -344,3 +344,6 @@
* MUST honor the [android.telecom.action.CHANGE_DEFAULT_DIALER](https://developer.android.com/reference/android/telecom/TelecomManager.html#ACTION_CHANGE_DEFAULT_DIALER)
intent to show a dialog to allow the user to change the default Phone application, if the
device implementation reports `android.hardware.telephony`.
+* MUST honor the [android.settings.ACTION_VOICE_INPUT_SETTINGS](https://developer.android.com/reference/android/provider/Settings.html#ACTION_VOICE_INPUT_SETTINGS)
+ intent when the device supports the VoiceInteractionService and show a
+ default app settings menu for voice input and assist.
\ No newline at end of file
diff --git a/3_software/3_8_user-interface-compatibility.md b/3_software/3_8_user-interface-compatibility.md
index 1055a0f..c74e432 100644
--- a/3_software/3_8_user-interface-compatibility.md
+++ b/3_software/3_8_user-interface-compatibility.md
@@ -84,6 +84,20 @@
notifications in their entirety to all such installed and user-enabled listener
services, including any and all metadata attached to the Notification object.
+Handheld device implementations MUST support the behaviors of updating,
+removing, replying to, and bundling notifications as described in this
+[section](https://developer.android.com/guide/topics/ui/notifiers/notifications.html#Managing).
+
+Also, handheld device implementations MUST provide:
+
+* The ability to control notifications directly in the notification shade.
+* The visual affordance to trigger the control panel in the notification shade.
+* The ability to BLOCK, MUTE and RESET notification preference from a
+ package, both in the inline control panel as well as in the settings app.
+
+All 6 direct subclasses of the `Notification.Style class` MUST be supported as
+described in the [SDK documents](https://developer.android.com/reference/android/app/Notification.Style.html).
+
Device implementations that support the DND (Do not Disturb) feature MUST meet
the following requirements:
@@ -135,6 +149,20 @@
clear visibility to the end user, the indication MUST meet or exceed the
duration and brightness of the Android Open Source Project implementation.
+This indication MAY be disabled by default for preinstalled apps using the Assist and
+VoiceInteractionService API, if all following requirements are met:
+
+* The preinstalled app MUST request the context to be shared only when the
+ user invoked the app by one of the following means, and the app is running in the
+ foreground:
+ * hotword invocation
+ * input of the ASSIST navigation key/button/gesture
+
+* The device implementation MUST provide an affordance to enable the
+ indication, less than two navigations away from
+ (the default voice input and assistant app settings menu)
+ [section 3.2.3.5](#3_2_3_5_default_app_settings).
+
### 3.8.5\. Toasts
Applications can use the [“Toast” API](http://developer.android.com/reference/android/widget/Toast.html) to
@@ -224,7 +252,7 @@
[section 7.2.3](#7_2_3_navigation_keys) MAY alter the interface but MUST meet the
following requirements:
-* MUST support at least up to 6 displayed activities.
+* MUST support at least up to 20 displayed activities.
* SHOULD at least display the title of 4 activities at a time.
* MUST implement the [screen pinning behavior](http://developer.android.com/about/versions/android-5.0.html#ScreenPinning)
and provide the user with a settings menu to toggle the feature.
diff --git a/4_application-packaging/4_0_intro.md b/4_application-packaging/4_0_intro.md
index 6ffb952..2fe2d2f 100644
--- a/4_application-packaging/4_0_intro.md
+++ b/4_application-packaging/4_0_intro.md
@@ -15,3 +15,11 @@
[Dalvik bytecode](https://android.googlesource.com/platform/dalvik/), or
RenderScript bytecode formats in such a way that would prevent those files from
installing and running correctly on other compatible devices.
+
+Device implementations MUST NOT allow apps other than the current
+"installer of record" for the package to silently uninstall the app without any
+prompt, as documented in the SDK for the [`DELETE_PACKAGE`](https://developer.android.com/reference/android/Manifest.permission.html#DELETE_PACKAGES)
+permission. The only exceptions are the system package verifier app handling
+[PACKAGE_NEEDS_VERIFICATION](https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_NEEDS_VERIFICATION)
+intent and the storage manager app handling [ACTION_MANAGE_STORAGE](https://developer.android.com/reference/android/os/storage/StorageManager.html#ACTION_MANAGE_STORAGE)
+intent.
diff --git a/7_hardware-compatibility/7_1_display-and-graphics.md b/7_hardware-compatibility/7_1_display-and-graphics.md
index 69fce6d..9af890b 100644
--- a/7_hardware-compatibility/7_1_display-and-graphics.md
+++ b/7_hardware-compatibility/7_1_display-and-graphics.md
@@ -100,8 +100,11 @@
* 160 dpi (mdpi)
* 213 dpi (tvdpi)
* 240 dpi (hdpi)
+* 260 dpi (260dpi)
* 280 dpi (280dpi)
+* 300 dpi (300dpi)
* 320 dpi (xhdpi)
+* 340 dpi (340dpi)
* 360 dpi (360dpi)
* 400 dpi (400dpi)
* 420 dpi (420dpi)
diff --git a/9_security-model/9_9_full-disk-encryption.md b/9_security-model/9_9_full-disk-encryption.md
index 7f623fa..b20c427 100644
--- a/9_security-model/9_9_full-disk-encryption.md
+++ b/9_security-model/9_9_full-disk-encryption.md
@@ -77,14 +77,14 @@
(FDE). MUST use AES with a key of 128-bits
(or greater) and a mode designed for storage (for example, AES-XTS,
AES-CBC-ESSIV). The encryption key MUST NOT be written to storage at any time
- without being encrypted. Other than when in active use, the encryption key
- SHOULD be AES encrypted with the lock screen credentials stretched using a slow
- stretching algorithm (e.g. PBKDF2 or scrypt). If the user has not specified
- a lock screen credentials or has disabled use of the passcode for encryption, the
- system SHOULD use a default passcode to wrap the encryption key. If the
- device provides a hardware-backed keystore, the password stretching algorithm
- MUST be cryptographically bound to that keystore. The encryption key MUST NOT
- be sent off the device (even when wrapped with the user passcode and/or
- hardware bound key). The upstream Android Open Source project provides a
- preferred implementation of this feature based on the Linux kernel feature
- dm-crypt.
+ without being encrypted. The user MUST be provided with the possibility to AES
+ encrypt the encryption key, except when it is in active use, with the lock
+ screen credentials stretched using a slow stretching algorithm
+ (e.g. PBKDF2 or scrypt). If the user has not specified a lock screen
+ credentials or has disabled use of the passcode for encryption, the system
+ SHOULD use a default passcode to wrap the encryption key. If the device
+ provides a hardware-backed keystore, the password stretching algorithm MUST
+ be cryptographically bound to that keystore. The encryption key MUST NOT be
+ sent off the device (even when wrapped with the user passcode and/or hardware
+ bound key). The upstream Android Open Source project provides a preferred
+ implementation of this feature based on the Linux kernel feature dm-crypt.
\ No newline at end of file
diff --git a/source/android-cdd-cover.html b/source/android-cdd-cover.html
index 12c0db0..56a2e98 100644
--- a/source/android-cdd-cover.html
+++ b/source/android-cdd-cover.html
@@ -24,8 +24,8 @@
<tr>
<td>
-<p class="subtitle">Android 7.0</p>
-<p class="cover-text">Last updated: July 8th, 2016</p>
+<p class="subtitle">Android 7.1</p>
+<p class="cover-text">Last updated: December 20th, 2016</p>
<p class="cover-text">Copyright © 2016, Google Inc. All rights reserved.</p>
<p class="cover-text"><a href="mailto:compatibility@android.com">compatibility@android.com</a></p>
</td>