Docs: Fix broken links to NSA site
Bug: 30195435
Change-Id: I4147629e7b1e9978e7ebfd96a1169afcefa3b88b
diff --git a/src/security/selinux/index.jd b/src/security/selinux/index.jd
index 8745f8e..f331a35 100644
--- a/src/security/selinux/index.jd
+++ b/src/security/selinux/index.jd
@@ -33,20 +33,27 @@
Security-Enhanced Linux (SELinux) is used to further define the boundaries of
the Android application sandbox.</p>
-<p>As part of the Android <a href="{@docRoot}devices/tech/security/index.html">security model</a>, Android uses SELinux to enforce mandatory access control (MAC) over all
-processes, even processes running with root/superuser privileges (a.k.a. Linux
-capabilities). SELinux enhances Android security by confining privileged
-processes and automating security policy creation.</p>
+<p>As part of the Android <a href="{@docRoot}security/index.html">
+security model</a>, Android uses SELinux to enforce mandatory access control
+(MAC) over all processes, even processes running with root/superuser privileges
+(a.k.a. Linux capabilities). SELinux enhances Android security by confining
+privileged processes and automating security policy creation.</p>
-<p>Contributions to it have been made by a number of companies and organizations;
-all Android code and contributors are publicly available for review on <a href="https://android.googlesource.com/">android.googlesource.com</a>. With SELinux, Android can better protect and confine system services, control
+<p>Contributions to it have been made by a number
+of companies and organizations; all Android code
+and contributors are publicly available for review on <a
+href="https://android.googlesource.com/">android.googlesource.com</a>. With
+SELinux, Android can better protect and confine system services, control
access to application data and system logs, reduce the effects of malicious
software, and protect users from potential flaws in code on mobile devices.</p>
-<p>Android includes SELinux in enforcing mode and a corresponding security policy
-that works by default across the <a href="https://android.googlesource.com/">Android Open Source Project</a>. In enforcing mode, illegitimate actions are prevented and all attempted
-violations are logged by the kernel to <code>dmesg</code> and <code>logcat</code>. Android device manufacturers should gather information about errors so they
-may refine their software and SELinux policies before enforcing them.</p>
+<p>Android includes SELinux in enforcing mode and a
+corresponding security policy that works by default across the <a
+href="https://android.googlesource.com/">Android Open Source Project</a>. In
+enforcing mode, illegitimate actions are prevented and all attempted violations
+are logged by the kernel to <code>dmesg</code> and <code>logcat</code>. Android
+device manufacturers should gather information about errors so they may
+refine their software and SELinux policies before enforcing them.</p>
<h2 id=background>Background</h2>
@@ -63,38 +70,56 @@
Per-domain permissive mode also enables policy development for new services
while keeping the rest of the system enforcing.</p>
-<p>In the Android 5.0 (L) release, Android moves to full enforcement of SELinux. This builds
-upon the permissive release of 4.3 and the partial enforcement of 4.4. In
-short, Android is shifting from enforcement on a limited set of crucial domains
-(<code>installd</code>, <code>netd</code>, <code>vold</code> and <code>zygote</code>) to everything (more than 60 domains). This means manufacturers will have to
-better understand and scale their SELinux implementations to provide compatible
-devices. Understand that:</p>
+<p>In the Android 5.0 (L) release, Android moves to full enforcement of
+SELinux. This builds upon the permissive release of 4.3 and the partial
+enforcement of 4.4. In short, Android is shifting from enforcement on a
+limited set of crucial domains (<code>installd</code>, <code>netd</code>,
+<code>vold</code> and <code>zygote</code>) to everything (more than 60
+domains). This means manufacturers will have to better understand and scale
+their SELinux implementations to provide compatible devices. Understand
+that:</p>
+
<ul>
- <li> Everything is in enforcing mode in the 5.0 release
- <li> No processes other than <code>init</code> should run in the <code>init</code> domain
- <li> Any generic denial (for a block_device, socket_device, default_service, etc.)
-indicates that device needs a special domain
+<li>Everything is in enforcing mode in the 5.0 release</li>
+<li> No processes other than <code>init</code> should run in the
+<code>init</code> domain</li>
+<li> Any generic denial (for a block_device, socket_device, default_service,
+etc.) indicates that device needs a special domain</li>
</ul>
<h2 id=supporting_documentation>Supporting documentation</h2>
<p>See the documentation below for details on constructing useful policies:</p>
-<p><a href="http://seandroid.bitbucket.org/PapersandPresentations.html">http://seandroid.bitbucket.org/PapersandPresentations.html</a></p>
+<p><a href="http://seandroid.bitbucket.org/PapersandPresentations.html">
+http://seandroid.bitbucket.org/PapersandPresentations.html</a></p>
-<p><a href="https://www.codeproject.com/Articles/806904/Android-Security-Customization-with-SEAndroid">https://www.codeproject.com/Articles/806904/Android-Security-Customization-with-SEAndroid</a></p>
+<p><a href="https://www.codeproject.com/Articles/806904/Android-Security-Customization-with-SEAndroid">
+https://www.codeproject.com/Articles/806904/
+Android-Security-Customization-with-SEAndroid</a></p>
-<p><a href="https://events.linuxfoundation.org/sites/events/files/slides/abs2014_seforandroid_smalley.pdf">https://events.linuxfoundation.org/sites/events/files/slides/abs2014_seforandroid_smalley.pdf</a></p>
+<p><a href="https://events.linuxfoundation.org/sites/events/files/slides/abs2014_seforandroid_smalley.pdf">
+https://events.linuxfoundation.org/sites/events/files/slides/
+abs2014_seforandroid_smalley.pdf</a></p>
-<p><a href="https://www.internetsociety.org/sites/default/files/02_4.pdf">https://www.internetsociety.org/sites/default/files/02_4.pdf</a></p>
+<p><a href="https://www.internetsociety.org/sites/default/files/02_4.pdf">
+https://www.internetsociety.org/sites/default/files/02_4.pdf</a></p>
-<p><a href="http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf">http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf</a></p>
+<p><a href="http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf">
+http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf</a></p>
-<p><a href="http://selinuxproject.org/page/ObjectClassesPerms">http://selinuxproject.org/page/ObjectClassesPerms</a></p>
+<p><a href="http://selinuxproject.org/page/ObjectClassesPerms">
+http://selinuxproject.org/page/ObjectClassesPerms</a></p>
-<p><a href="https://www.nsa.gov/research/_files/publications/implementing_selinux.pdf">https://www.nsa.gov/research/_files/publications/implementing_selinux.pdf</a></p>
+<p><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/implementing-selinux-as-linux-security-module-report.pdf">
+https://www.nsa.gov/resources/everyone/digital-media-center/publications/
+research-papers/assets/files/
+implementing-selinux-as-linux-security-module-report.pdf</a></p>
-<p><a href="https://www.nsa.gov/research/_files/publications/selinux_configuring_policy.pdf">https://www.nsa.gov/research/_files/publications/selinux_configuring_policy.pdf</a></p>
+<p><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/configuring-selinux-policy-report.pdf">
+https://www.nsa.gov/resources/everyone/digital-media-center/publications/
+research-papers/assets/files/configuring-selinux-policy-report.pdf</a></p>
-<p><a href="https://www.gnu.org/software/m4/manual/index.html">https://www.gnu.org/software/m4/manual/index.html</a></p>
+<p><a href="https://www.gnu.org/software/m4/manual/index.html">
+https://www.gnu.org/software/m4/manual/index.html</a></p>