1 ## 9.14\. Automotive Vehicle System Isolation 2 3 Android Automotive devices are expected to exchange data with critical vehicle 4 subsystems by using the [vehicle HAL](http://source.android.com/devices/automotive.html) 5 to send and receive messages over vehicle networks such as CAN bus. 6 7 The data exchange can be secured by implementing security features below the 8 Android framework layers to prevent malicious or unintentional interaction with 9 these subsystems. Automotive device implementations: 10 11 * [A-0-1] MUST gatekeep messages from Android framework vehicle subsystems, 12 e.g., whitelisting permitted message types and message sources. 13 * [A-0-2] MUST watchdog against denial of service attacks from the Android 14 framework or third-party apps. This guards against malicious software flooding 15 the vehicle network with traffic, which may lead to malfunctioning vehicle 16 subsystems.