Docs: Add Security to top tab, create its nav file
Bug: 24908502
Change-Id: I70037156111410d7b54be11995c4e3fa50ea4acc
diff --git a/src/security/enhancements/enhancements41.jd b/src/security/enhancements/enhancements41.jd
new file mode 100644
index 0000000..2881c08
--- /dev/null
+++ b/src/security/enhancements/enhancements41.jd
@@ -0,0 +1,44 @@
+page.title=Security Enhancements in Android 1.5 through 4.1
+@jd:body
+
+<p>
+Android provides a multi-layered security model described in the <a href="{@docRoot}security/index.html">Android
+Security Overview</a>. Each update to Android includes dozens of
+security enhancements to protect users. The following are some of the security
+enhancements introduced in Android versions 1.5 through 4.1:</p>
+
+<dl>
+<dt><strong>Android 1.5</strong></dt>
+<dd><ul>
+<li>ProPolice to prevent stack buffer overruns (-fstack-protector)</li>
+<li>safe_iop to reduce integer overflows</li>
+<li>Extensions to OpenBSD dlmalloc to prevent double free() vulnerabilities and
+to prevent chunk consolidation attacks. Chunk consolidation attacks are a
+common way to exploit heap corruption.</li>
+<li>OpenBSD calloc to prevent integer overflows during memory allocation</li>
+</ul>
+</dd>
+
+<dt><strong>Android 2.3</strong></dt>
+<dd><ul>
+<li>Format string vulnerability protections (-Wformat-security -Werror=format-security)</li>
+<li>Hardware-based No eXecute (NX) to prevent code execution on the stack and heap</li>
+<li>Linux mmap_min_addr to mitigate null pointer dereference privilege
+escalation (further enhanced in Android 4.1)</li>
+</ul>
+</dd>
+
+<dt><strong>Android 4.0</strong></dt>
+<dd>Address Space Layout Randomization (ASLR) to randomize key locations in memory
+</dd>
+
+<dt><strong>Android 4.1</strong></dt>
+<dd><ul>
+<li>PIE (Position Independent Executable) support</li>
+<li>Read-only relocations / immediate binding (-Wl,-z,relro -Wl,-z,now)</li>
+<li>dmesg_restrict enabled (avoid leaking kernel addresses)</li>
+<li>kptr_restrict enabled (avoid leaking kernel addresses)</li>
+</ul>
+</dd>
+
+</dl>
diff --git a/src/security/enhancements/enhancements42.jd b/src/security/enhancements/enhancements42.jd
new file mode 100644
index 0000000..d6e48d5
--- /dev/null
+++ b/src/security/enhancements/enhancements42.jd
@@ -0,0 +1,60 @@
+page.title=Security Enhancements in Android 4.2
+@jd:body
+
+<p>
+Android provides a multi-layered security model described in the <a href="{@docRoot}security/index.html">Android
+Security Overview</a>. Each update to Android includes dozens of
+security enhancements to protect users. The following are some of the security
+enhancements introduced in Android 4.2:</p>
+
+<ul>
+<li><strong>Application verification</strong> - Users can choose to enable “Verify Apps" and
+have applications screened by an application verifier, prior to installation.
+App verification can alert the user if they try to install an app that might be
+harmful; if an application is especially bad, it can block installation.</li>
+<li><strong>More control of premium SMS</strong> - Android will provide a notification if an
+application attempts to send SMS to a short code that uses premium services
+which might cause additional charges. The user can choose whether to allow the
+application to send the message or block it.</li>
+
+<li><strong>Always-on VPN</strong> - VPN can be configured so that applications will not have
+access to the network until a VPN connection is established. This prevents
+applications from sending data across other networks.</li>
+
+<li><strong>Certificate Pinning</strong> - The Android core libraries now support
+<a href="https://developer.android.com/reference/android/net/http/X509TrustManagerExtensions.html">certificate pinning</a>.
+Pinned domains will receive a certificate validation
+failure if the certificate does not chain to a set of expected certificates.
+This protects against possible compromise of Certificate Authorities.</li>
+
+<li><strong>Improved display of Android permissions</strong> - Permissions have been organized
+into groups that are more easily understood by users. During review of the
+permissions, the user can click on the permission to see more detailed
+information about the permission.</li>
+
+<li><strong>installd hardening</strong> - The <code>installd</code> daemon does not run as the root user,
+reducing potential attack surface for root privilege escalation.</li>
+
+<li><strong>init script hardening</strong> - init scripts now apply <code>O_NOFOLLOW</code> semantics to
+prevent symlink related attacks.</li>
+
+<li><strong>FORTIFY_SOURCE</strong> - Android now implements <code>FORTIFY_SOURCE</code>. This is used by
+system libraries and applications to prevent memory corruption.</li>
+
+<li><strong>ContentProvider default configuration</strong> - Applications which target API
+level 17 will have "export" set to "false" by default for each
+<a href="https://developer.android.com/reference/android/content/ContentProvider.html">Content
+Provider</a>, reducing default attack surface for applications.</li>
+
+<li><strong>Cryptography</strong> - Modified the default implementations of SecureRandom and
+Cipher.RSA to use OpenSSL. Added SSL Socket support for TLSv1.1 and TLSv1.2
+using OpenSSL 1.0.1</li>
+
+<li><strong>Security Fixes</strong> - Upgraded open source libraries with security fixes include
+WebKit, libpng, OpenSSL, and LibXML. Android 4.2 also includes fixes for
+Android-specific vulnerabilities. Information about these vulnerabilities has
+been provided to Open Handset Alliance members and fixes are available in
+Android Open Source Project. To improve security, some devices with earlier
+versions of Android may also include these fixes.</li>
+
+</ul>
diff --git a/src/security/enhancements/enhancements43.jd b/src/security/enhancements/enhancements43.jd
new file mode 100644
index 0000000..277e010
--- /dev/null
+++ b/src/security/enhancements/enhancements43.jd
@@ -0,0 +1,87 @@
+page.title=Security Enhancements in Android 4.3
+@jd:body
+
+<p>
+Every Android release includes dozens of security enhancements to protect
+users. The following are some of the security enhancements available
+in Android 4.3:
+</p>
+
+<ul>
+ <li><strong>Android sandbox reinforced with SELinux.</strong>
+ This release strengthens the Android sandbox using the SELinux
+ mandatory access control system (MAC) in the Linux kernel. SELinux
+ reinforcement is invisible to users and developers, and adds robustness
+ to the existing Android security model while maintaining compatibility
+ with existing applications. To ensure continued compatibility this release
+ allows the use of SELinux in a permissive mode. This mode logs any policy
+ violations, but will not break applications or affect system behavior.</li>
+
+ <li><strong>No setuid/setgid programs.</strong>
+ Added support for filesystem capabilities
+ to Android system files and removed all setuid/setguid programs. This
+ reduces root attack surface and the likelihood of potential security
+ vulnerabilities.</li>
+
+ <li><strong>ADB Authentication.</strong>
+ Since Android 4.2.2, connections to ADB are
+ authenticated with an RSA keypair. This prevents unauthorized use of
+ ADB where the attacker has physical access to a device.</li>
+
+ <li><strong>Restrict Setuid from Android Apps.</strong>
+ The /system partition is now mounted
+ nosuid for zygote-spawned processes, preventing Android applications
+ from executing setuid programs. This reduces root attack surface and
+ the likelihood of potential security vulnerabilities.</li>
+
+ <li><strong>Capability bounding.</strong>
+ Android zygote and ADB now use prctl(PR_CAPBSET_DROP) to drop
+ unnecessary capabilities prior to executing applications.
+ This prevents Android applications and applications launched from
+ the shell from acquiring privileged capabilities.</li>
+
+ <li><strong>AndroidKeyStore Provider.</strong>
+ Android now has a keystore provider that allows
+ applications to create exclusive use keys. This provides applications
+ with an API to create or store private keys that cannot be used by
+ other applications.</li>
+
+ <li><strong>KeyChain isBoundKeyAlgorithm.</strong>
+ Keychain API now provides a method
+ (isBoundKeyType) that allows applications to confirm that system-wide keys
+ are bound to a hardware root of trust for the device. This provides
+ a place to create or store private keys that cannot be exported off the
+ device, even in the event of a root compromise.</li>
+
+ <li><strong>NO_NEW_PRIVS.</strong>
+ Android zygote now uses prctl(PR_SET_NO_NEW_PRIVS) to block addition
+ of new privileges prior to execution application code. This
+ prevents Android applications from performing operations which can
+ elevate privileges via execve. (This requires Linux kernel version 3.5
+ or greater).</li>
+
+ <li><strong>FORTIFY_SOURCE enhancements.</strong>
+ Enabled FORTIFY_SOURCE on Android x86 and MIPS
+ and fortified strchr(), strrchr(), strlen(), and umask() calls. This
+ can detect potential memory corruption vulnerabilities or unterminated
+ string constants.</li>
+
+ <li><strong>Relocation protections.</strong>
+ Enabled read only relocations (relro) for
+ statically linked executables and removed all text relocations in Android
+ code. This provides defense in depth against potential memory corruption
+ vulnerabilities.</li>
+
+ <li><strong>Improved EntropyMixer.</strong>
+ EntropyMixer now writes entropy at shutdown /
+ reboot, in addition to periodic mixing. This allows retention of all
+ entropy generated while devices are powered on, and is especially useful
+ for devices that are rebooted immediately after provisioning.</li>
+
+ <li><strong>Security Fixes.</strong>
+ Android 4.3 also includes fixes for Android-specific
+ vulnerabilities. Information about these vulnerabilities has been provided
+ to Open Handset Alliance members and fixes are available in Android Open
+ Source Project. To improve security, some devices with earlier versions
+ of Android may also include these fixes.</li>
+</ul>
diff --git a/src/security/enhancements/enhancements44.jd b/src/security/enhancements/enhancements44.jd
new file mode 100644
index 0000000..ec0aee8
--- /dev/null
+++ b/src/security/enhancements/enhancements44.jd
@@ -0,0 +1,48 @@
+page.title=Security Enhancements in Android 4.4
+@jd:body
+
+<p>
+Every Android release includes dozens of security enhancements to protect
+users. The following are some of the security enhancements available
+in Android 4.4:
+</p>
+
+<ul>
+ <li><strong>Android sandbox reinforced with SELinux.</strong>
+ Android now uses SELinux in enforcing mode. SELinux is a mandatory
+ access control (MAC) system in the Linux kernel used to augment the
+ existing discretionary access control (DAC) based security model.
+ This provides additional protection against potential security
+ vulnerabilities.</li>
+
+ <li><strong>Per User VPN.</strong>
+ On multi-user devices, VPNs are now applied per user.
+ This can allow a user to route all network traffic through a VPN
+ without affecting other users on the device.</li>
+
+ <li><strong>ECDSA Provider support in AndroidKeyStore.</strong>
+ Android now has a keystore provider that allows use of ECDSA and
+ DSA algorithms.</li>
+
+ <li><strong>Device Monitoring Warnings.</strong>
+ Android provides users with a warning if any certificate has been
+ added to the device certificate store that could allow monitoring of
+ encrypted network traffic.</li>
+
+ <li><strong>FORTIFY_SOURCE.</strong>
+ Android now supports FORTIFY_SOURCE level 2, and all code is compiled
+ with these protections. FORTIFY_SOURCE has been enhanced to work with
+ clang.</li>
+
+ <li><strong>Certificate Pinning.</strong>
+ Android 4.4 detects and prevents the use of fraudulent Google
+ certificates used in secure SSL/TLS communications.</li>
+
+ <li><strong>Security Fixes.</strong>
+ Android 4.4 also includes fixes for Android-specific vulnerabilities.
+ Information about these vulnerabilities has been provided to Open
+ Handset Alliance members and fixes are available in Android Open Source
+ Project. To improve security, some devices with earlier versions of
+ Android may also include these fixes.</li>
+
+</ul>
diff --git a/src/security/enhancements/enhancements50.jd b/src/security/enhancements/enhancements50.jd
new file mode 100644
index 0000000..7a143b6
--- /dev/null
+++ b/src/security/enhancements/enhancements50.jd
@@ -0,0 +1,56 @@
+page.title=Security Enhancements in Android 5.0
+@jd:body
+
+<p>Every Android release includes dozens of security enhancements to protect
+users. Here are some of the major security enhancements available in Android
+5.0:</p>
+
+<ul>
+ <li><strong>Encrypted by default.</strong> On devices that ship with L
+out-of-the-box, full disk encryption is enabled by default to improve
+protection of data on lost or stolen devices. Devices that
+update to L can be encrypted in <strong>Settings</strong> > <strong>Security</strong>.
+ <li><strong>Improved full disk encryption.</strong> The user password is
+protected against brute-force attacks using <code>scrypt</code> and, where
+available, the key is bound to the hardware keystore to prevent
+off-device attacks. As always, the Android screen lock secret and the device
+encryption key are not sent off the device or exposed to any application.
+ <li><strong>Android sandbox reinforced with SELinux</strong>. Android now
+requires SELinux in enforcing mode for all domains. SELinux is a
+mandatory access control (MAC) system in the Linux kernel used to augment the
+existing discretionary access control (DAC) security model. This new layer
+provides additional protection against potential security vulnerabilities.
+ <li><strong>Smart Lock. </strong>Android now includes trustlets that provide
+more flexibility for unlocking devices. For example, trustlets can allow
+devices to be unlocked automatically when close to another trusted device (via
+NFC, Bluetooth) or being used by someone with a trusted face.
+ <li><strong>Multi user, restricted profile, and guest modes for phones &
+tablets.</strong> Android now provides for multiple users on phones and
+includes a guest mode that can be used to provide easy temporary access to your
+device without granting access to your data and apps.
+ <li><strong>Updates to WebView without OTA. </strong> WebView can now be
+updated independent of the framework and without a system
+OTA. This will allow for faster response to potential security issues in
+WebView.
+ <li><strong>Updated cryptography for HTTPS and TLS/SSL.</strong> TLSv1.2 and
+TLSv1.1 is now enabled, Forward Secrecy is now preferred, AES-GCM
+is now enabled, and weak cipher suites (MD5, 3DES, and export cipher suites)
+are now disabled. See <a
+href="https://developer.android.com/reference/javax/net/ssl/SSLSocket.html">https://developer.android.com/reference/javax/net/ssl/SSLSocket.html</a>
+for more details.
+ <li><strong>non-PIE linker support removed.</strong> Android now requires all
+dynamically linked executables to support PIE
+(position-independent executables). This enhances Android’s address space
+layout randomization (ASLR) implementation.
+ <li><strong>FORTIFY_SOURCE improvements.</strong> The following libc
+functions now implement FORTIFY_SOURCE protections: <code>stpcpy()</code>,
+<code>stpncpy()</code>, <code>read()</code>, <code>recvfrom()</code>,
+<code>FD_CLR()</code>, <code>FD_SET()</code>, and <code>FD_ISSET()</code>. This
+provides protection against memory-corruption vulnerabilities involving
+those functions.
+ <li><strong>Security Fixes.</strong> Android 5.0 also includes fixes for
+Android-specific vulnerabilities. Information about these vulnerabilities has
+been provided to Open Handset Alliance members, and fixes are available in
+Android Open Source Project. To improve security, some devices with earlier
+versions of Android may also include these fixes.
+</ul>
diff --git a/src/security/enhancements/enhancements60.jd b/src/security/enhancements/enhancements60.jd
new file mode 100644
index 0000000..7cc786e
--- /dev/null
+++ b/src/security/enhancements/enhancements60.jd
@@ -0,0 +1,38 @@
+page.title=Security Enhancements in Android 6.0
+@jd:body
+
+<p>Every Android release includes dozens of security enhancements to protect
+users. Here are some of the major security enhancements available in Android
+6.0:</p>
+<ul>
+ <li><strong>Runtime Permissions</strong>. Applications request permissions at
+ runtime instead of being granted at App
+ install time. Users can toggle permissions on and off for both M and pre-M
+ applications.</li>
+ <li><strong>Verified Boot</strong>. A set of cryptographic checks of system
+ software are conducted prior to
+ execution to ensure the phone is healthy from the bootloader all the way up to
+ the operating system.</li>
+ <li><strong>Hardware-Isolated Security</strong>. New Hardware Abstraction
+ Layer (HAL) used by Fingerprint API, Lockscreen,
+ Device Encryption, and Client Certificates to protect keys against kernel
+ compromise and/or local physical attacks</li>
+ <li><strong>Fingerprints</strong>. Devices can now be unlocked with just a
+ touch. Developers can also take
+ advantage of new APIs to use fingerprints to lock and unlock encryption keys.</li>
+ <li><strong>SD Card Adoption</strong>. Removable media can be
+ <em>adopted</em> to a device and expand available storage for
+ app local data, photos, videos, etc., but still be protected by block-level
+ encryption.</li>
+ <li><strong>Clear Text Traffic</strong>. Developers can use a new StrictMode
+ to make sure their application doesn't use
+ cleartext.</li>
+ <li><strong>System Hardening</strong>. Hardening of the system via policies
+ enforced by SELinux. This offers better
+ isolation between users, IOCTL filtering, reduce threat of exposed services,
+ further tightening of SELinux domains, and extremely limited /proc access.</li>
+ <li><strong>USB Access Control:</strong> Users must confirm to allow USB
+ access to files, storage, or other
+ functionality on the phone. Default is now <em>charge only</em> with access
+ to storage requiring explicit approval from the user.</li>
+</ul>
diff --git a/src/security/enhancements/index.jd b/src/security/enhancements/index.jd
new file mode 100644
index 0000000..82ef403
--- /dev/null
+++ b/src/security/enhancements/index.jd
@@ -0,0 +1,20 @@
+page.title=Security Enhancements
+@jd:body
+
+<!--
+ Copyright 2014 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<p>Android continuously improves its security abilities and offerings. See the
+lists of enhancements by release in the left navigation.</p>