Docs: Add 6.0 security enhancements
Bug: 24889601
Change-Id: I4bcd36256cf90aed17ff46e94bc3a6ad300353ac
diff --git a/src/devices/devices_toc.cs b/src/devices/devices_toc.cs
index 7c73238..c1149ec 100644
--- a/src/devices/devices_toc.cs
+++ b/src/devices/devices_toc.cs
@@ -310,6 +310,7 @@
</a>
</div>
<ul>
+ <li><a href="<?cs var:toroot ?>devices/tech/security/enhancements/enhancements60.html">Android 6.0</a></li>
<li><a href="<?cs var:toroot ?>devices/tech/security/enhancements/enhancements50.html">Android 5.0</a></li>
<li><a href="<?cs var:toroot ?>devices/tech/security/enhancements/enhancements44.html">Android 4.4</a></li>
<li><a href="<?cs var:toroot ?>devices/tech/security/enhancements/enhancements43.html">Android 4.3</a></li>
diff --git a/src/devices/tech/security/enhancements/enhancements60.jd b/src/devices/tech/security/enhancements/enhancements60.jd
new file mode 100644
index 0000000..7cc786e
--- /dev/null
+++ b/src/devices/tech/security/enhancements/enhancements60.jd
@@ -0,0 +1,38 @@
+page.title=Security Enhancements in Android 6.0
+@jd:body
+
+<p>Every Android release includes dozens of security enhancements to protect
+users. Here are some of the major security enhancements available in Android
+6.0:</p>
+<ul>
+ <li><strong>Runtime Permissions</strong>. Applications request permissions at
+ runtime instead of being granted at App
+ install time. Users can toggle permissions on and off for both M and pre-M
+ applications.</li>
+ <li><strong>Verified Boot</strong>. A set of cryptographic checks of system
+ software are conducted prior to
+ execution to ensure the phone is healthy from the bootloader all the way up to
+ the operating system.</li>
+ <li><strong>Hardware-Isolated Security</strong>. New Hardware Abstraction
+ Layer (HAL) used by Fingerprint API, Lockscreen,
+ Device Encryption, and Client Certificates to protect keys against kernel
+ compromise and/or local physical attacks</li>
+ <li><strong>Fingerprints</strong>. Devices can now be unlocked with just a
+ touch. Developers can also take
+ advantage of new APIs to use fingerprints to lock and unlock encryption keys.</li>
+ <li><strong>SD Card Adoption</strong>. Removable media can be
+ <em>adopted</em> to a device and expand available storage for
+ app local data, photos, videos, etc., but still be protected by block-level
+ encryption.</li>
+ <li><strong>Clear Text Traffic</strong>. Developers can use a new StrictMode
+ to make sure their application doesn't use
+ cleartext.</li>
+ <li><strong>System Hardening</strong>. Hardening of the system via policies
+ enforced by SELinux. This offers better
+ isolation between users, IOCTL filtering, reduce threat of exposed services,
+ further tightening of SELinux domains, and extremely limited /proc access.</li>
+ <li><strong>USB Access Control:</strong> Users must confirm to allow USB
+ access to files, storage, or other
+ functionality on the phone. Default is now <em>charge only</em> with access
+ to storage requiring explicit approval from the user.</li>
+</ul>