CDD: Clarify definition of a Tablet

Bug: 156249412
Change-Id: I7ce3cc90380060dfdb6cf1b811a0e0d1bc49e237

Merge "Docs: Title page for Dec. errata run, CDD 9" into pie-dev

CDD: Relax GNSS requirement for Automotive.

Relaxing GNSS technology generation requirements for Automotive from
MUST to STRONGLY RECOMMENDED.

Bug: 121005128
Test: N/A
Change-Id: I2e7812545ccbb05a91a7bd680ea432d016db3097
Merged-in: I2e7812545ccbb05a91a7bd680ea432d016db3097
(cherry picked from commit b9907aa6a2200829a9b990d66c1ba1b9b54c326a)

Docs: TEE spelled out only on first use.

Test: make_cdd.py --version  <version-number> --branch <branch>
Change-Id: Icfb36e5c32ffd0a235733b02ec0477f2ffd6e96a

CDD: Relax requirements for WebView useragent.

Allow the "$(MODEL)" and "Build/$(BUILD)" tokens to be omitted from the
WebView useragent string, to match the current/future behaviour of
Chrome on Android. This is a minor improvement to privacy (reduces
fingerprinting) and security (removes information that may be useful for
targeting exploits).

Bug: 122453525
Change-Id: I8200e619e62a30f84b7c2ebf68f8fa0be47d95b8
(cherry picked from commit 9a8210988ede1f7ca1b76fbf90a3a0c44cf948b3)

Docs: Link fixes section 2.

Test: ./cdd_gen.sh --version 9 --branch pie-dev
Change-Id: I4cab7430c50d8ffec9fbdd2be43521b83accfb6a

Docs: Typo fixes.

Test: ./cdd_gen.sh --version 9 --branch pie-dev
Change-Id: Ic4a076c8c09bcae2317edc4251502caedef3a3d1

CDD build script and helper shell script.

Test: ./cdd_gen.sh --version <version-number> --branch <branch-name>
Change-Id: Iaec01dd19385623b7d53462969d8f604ffde45c9

CDD: Relax the requirement for S3 power saving mode

- Updating the requirement 8.3/C-1-1 to enter S3 power saving mode,
  allowing the device to enter S3 as long as the app compatibility
  is secured.

Change-Id: I99167b0c1cb610a7cadc5db9ef221206a3b8c897
Bug: 123097076

Docs: Title page for Dec. errata run, CDD 9

Test: make_cdd.py --version  <version-number> --branch <branch>
Change-Id: Ifcfb1ad18facaa98380dab07f7ad74202609c994

CDD: Expand allowed encryption implementation

Previously, if a device had AES performance <= 50 MiB/sec, it
had two options: Encryption with AES, or no encryption.

We add a third option for this class of device: Encryption
with Adiantum.  Adiantum provides better performance than AES
on this class of device, while still providing strong protection.

Note there is no change to the requirement that devices with
AES performance > 50 MiB/sec MUST encrypt with AES.

Test: None
Change-Id: Ib612f2c8ebdb7631e3963f50020436a6af8d6ec5

CDD: Change 7.4.2 C-1-6 from MUST to STRONGLY RECOMMENDED.

Bug: 112345549
Test: python make_cdd.py --version 9.0 --branch pi-dev --output /tmp/cdd
Change-Id: Ica47cdf9f78b80a517b1b657cab4bd4919251660

Docs: Consistent use of terms preinstalled and third-party.

Test: make_cdd.py --version  <version-number> --branch <branch>
Change-Id: I98b896d819fc5652aba1d19bf82d15670b6287a0

CDD Errata: Add missing changes from Oreo-MR1 to Pie

BUG: 116495107

Test: make_cdd.py --version  <version-number> --branch <branch>
Change-Id: Id021f5ac5ad24bff2d6fca6a9988c95af2dc4daa

Merge "CDD: Relax UI requirement for restricted apps" into pie-dev

CDD: Relax untested Vulkan requirements for VR.

These requirements are currently missing CTS tests, so vendors cannot
verify them in a systematic way. Downgrade from MUST to SR.

Bug: 119684099
Test: N/A
Change-Id: Icf94b6c022d33665cf5e602c702589cd8b4b76d1

CDD: Relax assistant requirement for Automotive.

Bug: 118146407
Test: N/A
Change-Id: Ib5951938560e6bc129738208766f8d8d716d73d7

Merge "CDD: Relax the radius requirement for rounded corners" into pie-dev

CDD: Relax UI requirement for restricted apps

- Relaxing 3.5.1/C-1-1 from MUST to STRONGLY RECOMMEND.
- This requirement is still highly recommended for better user experience.

Bug: 119223097
Change-Id: I45c7343386856e3438f9b72667a53f9407fbaec3

Merge "Docs: First set of errata fixes for Pie CDD." into pie-dev

Merge "CDD: errata for VR requirements." into pie-dev

CDD: errata for VR requirements.

Demote sensor direct channel, layered AHardwareBuffers,
GL_EXT_external_buffer and GL_EXT_EGL_image_array to 'strongly
recommended'. Some upgrading phones cannot meet these requirements.

Bug: 119322466
Test: N/A
Change-Id: Ic94161dbd55412eba1c75083b501032987e7cec4

CDD: correct file type for USAC

Remove requirement for .loas and .xhe files, not required by P.

Bug: 77327971
Test: stage CDD
Change-Id: Ibf085b5f3f1e6466c5e839de84916561003cfcfa

CDD: Relax the radius requirement for rounded corners

- Updated the radius up to 38dp.


Bug: 114749730

modified:   7_hardware-compatibility/7_1_display-and-graphics.md

Change-Id: Id031916d02dd58222f511e1d2300108e54034018

Docs: First set of errata fixes for Pie CDD.

Bugs: 112901422, 112599330

Test: make_cdd.py --version 8.0 --branch "pie-dev"
Change-Id: Ib71a88eb4c80c4ce5a2b9edb962297e7e97ee9fb

CDD errata: Fix mention of 3480p

Test: N/A CDD change
Bug: 113546218
Change-Id: I08c00f4c80433143c521592c84fe2a95e52b0eaa

Docs: Errata for Android 9 CDD.

- Fixed Section 9.10 by removing C-2-1 due to the introduction of C-0-2
- Fixed typos in other sections

Bug: 112010610

Test: ./cdd_gen.sh --version 9 --branch pie-dev
Change-Id: Ie4003beb20425a7fc83cf68ea23772aca389b85b

Merge pi-dev as of ag/4582919 into stage-aosp-pi-dev.

Bug: 112189069
Change-Id: I75bb942d019ec903e2fe8c8a3933faf1200d8e85

Merge "Docs: Resolving bug on 7.3 C-1-2" into pi-dev

Merge "Docs: Fixed language for section 3" into pi-dev

Merge "Docs: Correct the words for GPS and GNSS" into pi-dev

Merge "CDD: Requirement for Power Management features" into pi-dev

Docs: Resolving bug on 7.3 C-1-2

Requirement 7.3 C-1-2 was breaking into a different bullet point due to
a bug in markdown. Breaking the line in a different place to resolve
that.

Test: N/A
Bug: 111654280
Change-Id: I065ff4a07f6c3a0749b2fc0f44dc504d9e53c04a

Docs: Fixed language for section 3

- 3.2.3.2: Excluded the Settings app that third party apps can override.
- 3.15 : Replacing "ephemeral" with "instant".

Bug:111602321
Change-Id: Idb99d9fd42a7a0b06273674c041dbad583158d62

CDD: Move the req of supporting encryption under perf carve-out

- Ensure the consistent security across devices
- Replace the carve-out of secure lock screen with the perf carve-out
 for supporting encryption

Test: None
Bug: 71909258
Change-Id: Ied56bb0bdd99e3f27e68c13829073c5982019c74

Docs: Correct the words for GPS and GNSS

- More consistency on the terminology update.

Bug: 110838439
Test: TH only, minor text changes
Change-Id: I21093ba2b14714dc6a6c22a34457b3243faf58df

Merge "CDD: Require logging of some basic events available to app developers through statsd." into pi-dev

Merge "CDD: Requirements for Heavyweight app mode" into pi-dev

CDD: Requirement for Power Management features

- Ensure the consistent behaviors of power management features across devices.
- Clarify the background restrictions so that apps aren't restricted when they shouldn't be.
- Ensure that the user affordance is provided so that the user has visibility into
what restrictions are enabled and can control the restriction.

Bug:70803569, 79491895
Change-Id: Ibf27cbbf6960521e5dc7c0c0de375f3a2ef86466

Merge "CDD: Update the condition to enter S3/S4 power saving modes" into pi-dev

CDD: Update the condition to enter S3/S4 power saving modes

- Clarifying the condition to enter S3/S4 power saving modes.

Bug: b/76169148
Test: N/A
Change-Id: Ie98bcebd10b7f27c9816cfad52d3e130f4dae0e8

CDD: Clarifying kernel page table isolation

- Modifying the requirement language for C-0-12(kernel page table isolation)
 requirement to add clarity.

Bug: 79088532
Change-Id: If3b3da40b78203c177cb4b833ea49837336a72b7

Merge "CDD: Device implementations must report the number of bytes read and written to flash based SSD storage." into pi-dev

CDD: Requirements for Heavyweight app mode

Some apps like games have special needs for memory management, since they
tend to be very heavy on memory resources and unable to restore
to their last state (participate in Android’s state saving mechanism).
To preserve games in memory, Android P offers a heavyweight app mode that
will keep an app persistent in memory. There can be only one heavyweight
app designated at a time. If there are multiple heavyweight apps running,
the user will be asked to designate which app should stay in memory. To identify
themselves as a heavyweight app, the app designates a flag in their manifest,
"cantSaveState".  The entire experience is available in AOSP and does not require
modification. Device implementations are required to respect this behavior.

Bug: 78457189
Change-Id: I5397f169923abe530fca17af6a5631adbefeed08
Test: tested in CDD editor

Merge "CDD: Require the restrictive behavior of hidden APIs to be consistent." into pi-dev

Merge "CDD: Requirements for services that have access to "android.permission.RECOVER_KEYSTORE"" into pi-dev

CDD: Require the restrictive behavior of hidden APIs to be consistent.

- Ensure that the defined limitations for private API list is kept
to keep the same expectations across devices.
- Clarifying what can be allowed for adding / removing APIs in API
 list.


bug: 74128885
Test: m
Change-Id: I9a20ad2db814969e19dfc1f8cf8de1b930a310e5

CDD: Require logging of some basic events available to app developers through statsd.

Enlist required fields to be more specific about what is
needed for developer tools and what is needed for privacy.

Bug: 76161779
Bug: 74125988

Test: None
Change-Id: I4ff9a73f72c3270caaac0f116297d666a58561fb

CDD: Device implementations must report the number of bytes read
and written to flash based SSD storage.

Flash wear is an important concern. The statistics
reported here is important to analyze and find the apps that use flash
most heavily.

This CDD requirement requires that these statistics should be
reported.

Bug: 74887330
Test: N/A
Change-Id: I361f23e59649705d2b2fc517ddb80ede1647f92f

CDD: Requirements for services that have access to "android.permission.RECOVER_KEYSTORE"

- Prevent brute-force attacks on the lockscreen knowledge factor.

Bug: 73599998

Test: None
Change-Id: I8f7fa701b11f015e26429c4683a36d37aa2faa47

Merge "CDD: Handheld recommedations for long press of KEYCODE_MEDIA_PLAY_PAUSE/ KEYCODE_HEADSETHOOK." into pi-dev

Merge "CDD: Add section about Android Protected Confirmation API" into pi-dev

Merge "CDD: Update CDD language for biometrics and lockscreen." into pi-dev

CDD: Add section about Android Protected Confirmation API

 - Device implementations with secure hardware may implement the
   Android Protected Confirmation API to request the user to
   approve a textual message.

Bug: 73001803
Test: n/a
Change-Id: I96c5929b0b4ab99b31a9fe7ca0ac82710f94cdca

Merge "Docs: Clarification to `KEYCODE_BACK` requirements." into pi-dev

Merge "CDD: Allow rectangular display with rounded corners with certain conditions" into pi-dev

CDD: Update CDD language for biometrics and lockscreen.

This CL makes CDD changes that are aimed at providing more explicit
guidance on creating secure biometric based unlocks, and on
consolidating the CDD language for secure lockscreens to make the
authentication model consistent with our security bar.

More specifically, it changes the following things:
(1) A new section similar to "7.3.10 Fingerprint Sensors" that's more
generic and applicable to all biometric sensors. Should have mostly
the same constraints but slightly altered where necessary.
(2) Language that deals with match-on-chip solutions for biometrics.
(3) A new requirement in 9.11 that mandates keeping a minimum
Sleep timeout of at most 15 seconds.
(4) New requirements in "9.11.1 Secure Lock Screens" that:
  (a) Constrain what a primary authentication can be.
  (b) Adds information related to alternate biometric unlocks and
  adhering to the SAR/IAR bar that was introduced in the 8.1 CDD
  (c) Adds requirements around 'passive' biometric unlocks like Face
  when used to unlock keystore keys.
  (d) Clarifies some language around falling back to requiring primary
  auth every 72 hours for all non-primary modes of authentication
(5) Removes the API requirement to return false for both the KeyguardManager.isKeyguardSecure() and the KeyguardManager.isDeviceSecure() methods.

Bug: 73723272
Bug: 77656214
Bug: 111053551
Test: --
Change-Id: Iede9eba5ac79de56802cd830c3dc4e521f40e098

CDD: 9.10. Device Integrity: Change verified boot items from SR to MUST.

Change STRONGLY RECOMMENDED to MUST for verified boot items and slight
cleanup of language used:

 - MUST use tamper-evident storage: for storing whether the bootloader
   is unlocked. Tamper-evident storage means that the boot loader can
   detect if the storage has been tampered with from inside Android.

 - MUST prompt the user, while using the device, and require physical
   confirmation before allowing a transition from boot loader locked
   mode to boot loader unlocked mode.

 - MUST implement rollback protection for the partitions used by
   Android (e.g. boot, system partitions) and use tamper-evident
   storage for storing the metadata used for determining the minimum
   allowable OS version.

Test: n/a
Bug: 72919368
Change-Id: Ifcb0c994cb86f92a422dcde6fa6da1ca064d4ca0

CDD: Handheld recommedations for long press of KEYCODE_MEDIA_PLAY_PAUSE/
KEYCODE_HEADSETHOOK.

This enables a way to launch voice search with wired/BT headsets
across different devices.


BUG: 69103849
TEST: manual -
Change-Id: I9e74bc8d8c09681338b5e7ec23565cb126258ec1

Docs: Clarification to `KEYCODE_BACK` requirements.

Bug: 76218955

Change-Id: Iba17c9a87736921e455b343037bc07f8ad4e71e7

CDD: Allow rectangular display with rounded corners with certain conditions

- Unless UI_MODE_WATCH, the assumption of app developers has been that the
 rectangular logical display will be used, without any part of it being
 obscured (except for the notch). However since 2017 there are devices
 that have been launched with rounded-corners, this is to institutionalize
 the rules for such device implementations so that the rounded corners
 would not obstruct the touch target
 (https://material.io/design/layout/density.html#touch-click-targets)
- Ensure the consistent behavior for devices with UI normal mode.


Bug:68055709
Change-Id: I3b665eb010b1d0312b1d07a5f622bc2c66602411

Merge "CDD: Handheld: Require Lockdown mode and sleep timeout for devices  with secure lock screen" into pi-dev

CDD: Handheld: Require Lockdown mode and sleep timeout for devices
 with secure lock screen

- Ensure the consistent security among handheld devices

-Bug:76434535, 73723272
Change-Id: Ic85fce3b71a771eba355830e7374b7517d3fc12a

CDD: Don't require any more the 32-bit equivalent ABIs for 64-bit devices

With 64-bit ABIs being introduced some time ago, and more apps and
system servers on the path to have 64-bit implementations, the need
to support 32-bit equivalent pairs of the 64-bit ABIs has been
diminshing.

This change will open the path to introduce 64-bit only devices.

Bug: 80085042
Test: n/a
Change-Id: I55b31e87363dc89b73093568d07639e0230ca245

Merge "Docs: Automotive: Added developer facing links for android.car.* namespace API's." into pi-dev

Merge "CDD: Require a user warning for an app with API level <= 16" into pi-dev

Merge "CDD: Require HEIF decoding." into pi-dev

Docs: Automotive: Added developer facing links for android.car.* namespace
API's.

Bug:74887599
Test: NA
Change-Id: I92ad9cfa4fd5b51b3b7d133e646f7b405fbed072

Merge "CDD: Tighten SR to MUST for HOT GNSS TTFF to 5 sec to keep consistency with CTS" into pi-dev

Merge "CDD: Requirements for androidx namespace." into pi-dev

Merge "CDD: Strengthen analog audio port requirements." into pi-dev

Merge "CDD: 2.5.3 Requirements for launching assistant for Automotive and Handheld." into pi-dev

Merge "CDD: Developer options to be made available for all developers" into pi-dev

CDD: Requirements for androidx namespace.

Device implementations must not make any modifications to Android
extension libraries (androidx) namespace as that creates developer
confusion.

BUG: 77285480

Change-Id: I3c7006db25a8c39e82354a9fd769d3cc045eb69a

CDD: Strengthen analog audio port requirements.

Strengthened analog audio requirements for devices with 3.5 mm jack
so accessories work the same across everywhere.

Bug: 36478936
Test: N/A
Change-Id: Idfef08f81ce477ea4b1af243ee5d3a29010ef805

Merge "Docs: Fix broken link in Section 7.2.4" into pi-dev

Merge "CDD: StrongBox requirements" into pi-dev

CDD: 2.5.3 Requirements for launching assistant for Automotive and
Handheld.

On Automotive, short press of the Push to Talk (PTT) button MUST launch
the user-selected on-board assistant.

Also, moved the requirement long press on Home key  to launch assistant
from core requirement to Handheld as other form factors can have another
keys/buttons to launch the assistant e.g Automotive has PTT button.

Bug: 74882070
Bug: 74887509
Test: none
Change-Id: I23854ff211d05ebfa255ddb888fbb9fcf82b7cd7

Merge "CDD: Require the notification for an incoming call" into pi-dev

Merge "Docs: Fixed intent link for section 3.2.3.5" into pi-dev

Merge "CDD: Automotive: Remove [A-0-1] MUST support driving status" into pi-dev

Merge "CDD: Update CDD changes for CFI and IOSAN" into pi-dev

Merge "CDD: Requirements for ways to logout accessible from lockscreen" into pi-dev

Merge "CDD: Requirement for harmful app warnings" into pi-dev

Merge "CDD: Recommend metadata encryption" into pi-dev

Merge "CDD: Add requirement for Open Mobile API" into pi-dev

Merge "CDD: Add GPU debug layer developer requirement" into pi-dev

Docs: Fixed intent link for section 3.2.3.5

 -Appended #ACTION_CHANGE_DEFAULT to
  https://developer.android.com/reference/android/provider/Telephony.Sms.Intents.html

Bug:110211242
Test: N/A
Change-Id: I16a6c194fe852d72eb29619e5cb7598b176a661a

Merge "CDD: Require verified boot on all devices, including low ram devices" into pi-dev

CDD: Modifying VR requirements due to the deprecation of VR flag

- The change is to accommodate the deprecation of android.software.vr.mode

Bug: 71365436
Test: N/A
Change-Id: Id7185bbcc05ea0ae90088624792db8c74e2dfe64

CDD: Update CDD changes for CFI and IOSAN

This CL renames section 9.7 to 'Security Features' (instead of kernel
security features), and adds a new sub-section for userspace specific
security feature advice. There's only a single recommendation in for
P, but we will be using this section to add more details and
recommendations/constraints for Q.

Bug: 73724250
Test: --

Change-Id: If45c5fd9b7668dcafc9ce8dbd2a59b9c4418ca42

CDD: Require a user warning for an app with API level <= 16

- Set the right expectation for the user when running an app that
is targeting at API level <=16.

Bug:74583359
Test:n/a

Change-Id: I7ea57a674b24a4e05a767373eaa0ab79b80c1e57

CDD: StrongBox requirements

- Tighten the security by supporting StrongBox.
- Clarifying the requirements if StrongBox is supported.

Bug: 73002261
Test: N/A
Change-Id: I9834ced2e697bee013cb0725f31745826da1f0c5

Merge "CDD: Add requirement for Remove Location Modes." into pi-dev

Merge "CDD: Update HiFi sensors requirements for P" into pi-dev

CDD: Require verified boot on all devices, including low ram devices

We remove the low RAM exception for verified boot.

Test: None
Bug: 73374550
Change-Id: I340e8753c8648bbe2a68426123851359d4cba1cb

CDD: Requirements for ways to logout accessible from lockscreen

DevicePolicyManager.setLogoutEnabled enables a way to logout (stop current user and switch to user 0), but OEM can decide where to put the button, thus making CTS impossible. e.g. On Pixel, button is on power button menu and lockscreen. Want to include the requirement on CDD to make sure such a button is implemented.

Bug: 73800782
Test: None
Change-Id: Ie48a0ac8431fc0a39603dd996fcb8317394fb8e5

Merge "CDD: Recommended values for AAudioStream_getFramesPerBurst()" into pi-dev

CDD: Update HiFi sensors requirements for P

Provides additional ecosystem guidance targeted primarily at improving
VR and AR experiences.

Bug: 74577780
Test: n/a
Change-Id: Iac08461baf40e8e2eeab2b7b077dcf755669143d

CDD: Developer options to be made available for all developers

- The mechanism to enable developer options can be different per
partners and it should be clearly documented publicly so that any
developers can enable developer options when necessary (i.e.
disallowing only selected developers to access to developer options).

- Fixing a few minor section numbering issues.

Bug: 78370047
Test: NA
Change-Id: I6e433b424aea20caf977838a17690194b45ebe25