1 <html devsite><head> 2 <title></title> 3 <meta name="project_path" value="/_project.yaml"/> 4 <meta name="book_path" value="/_book.yaml"/> 5 </head> 6 <body> 7 <!-- 8 Copyright 2017 The Android Open Source Project 9 10 Licensed under the Apache License, Version 2.0 (the "License"); 11 you may not use this file except in compliance with the License. 12 You may obtain a copy of the License at 13 14 http://www.apache.org/licenses/LICENSE-2.0 15 16 Unless required by applicable law or agreed to in writing, software 17 distributed under the License is distributed on an "AS IS" BASIS, 18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 See the License for the specific language governing permissions and 20 limitations under the License. 21 --> 22 23 <p>Android Android </p> 24 25 <p><a href="http://developer.android.com/guide/practices/security.html"></a></p> 26 27 <p>Android <a href="/compatibility/cts">Android </a> (CTS) <a href="http://tools.android.com/tips/lint">Android Lint</a> Android <code>root/cts/tests/tests/security/src/android/security/cts</code></p> 28 29 <h2 id="dev-process"></h2> 30 <p></p> 31 32 <h3 id="sec-review"></h3> 33 <p>Android </p> 34 35 <ul> 36 <li> Android SDK <a href="http://tools.android.com/tips/lint">Android Lint</a></li> 37 <li></li> 38 <li>Android LLVM AddressSanitizer UndefinedBehaviorSanitizer</li> 39 </ul> 40 41 <h3 id="auto-test"></h3> 42 <p></p> 43 44 <ul> 45 <li> CTS CTS </li> 46 <li> CTSAndroid CTS 47 </li> 48 <li></li> 49 </ul> 50 51 <h3 id="sign-sysimg"></h3> 52 <p></p> 53 54 <ul> 55 <li></li> 56 <li> (HSM)</li> 57 </ul> 58 59 <h3 id="sign-apk"> (APK) </h3> 60 <p></p> 61 62 <ul> 63 <li></li> 64 <li> HSM</li> 65 <li></li> 66 <li></li> 67 </ul> 68 69 <h3 id="apps-pub"></h3> 70 <p> Google Play </p> 71 72 <ul> 73 <li> Google Play (OTA) /</li> 74 <li></li> 75 <li> Google Play Play </li> 76 </ul> 77 78 <h3 id="incident-response"></h3> 79 <p></p> 80 81 <ul> 82 <li> security (a] your-company.com <em></em></li> 83 <li> Android Android <a href="https://code.google.com/p/android/issues/entry?template=Security%20bug%20report"></a> Android </li> 84 </ul> 85 86 <h2 id="prod-implement"></h2> 87 <p></p> 88 89 <h3 id="root-processes"> Root </h3> 90 <p>Root Root CTS Root </p> 91 92 <ul> 93 <li> Root Android Root ICS Galaxy Nexus 6 Root voldinetdzygotetf_daemonueventd init Root AOSP </li> 94 <li> Root IPC Root Root Binder </li> 95 <li>Root </li> 96 <li>Root Java VM</li> 97 </ul> 98 99 <h3 id="sys-apps"></h3> 100 <p> UID UID </p> 101 102 <ul> 103 <li> Android UID UID</li> 104 <li> IPC</li> 105 <li></li> 106 </ul> 107 108 <h3 id="process-isolate"></h3> 109 <p>Android Root </p> 110 111 <ul> 112 <li>Root Android </li> 113 <li>Root Android </li> 114 <li>/</li> 115 </ul> 116 117 <h3 id="suid-files"> SUID </h3> 118 <p> SetUID SetUID Root SetUID </p> 119 120 <ul> 121 <li>SUID Android shell </li> 122 <li> SUID </li> 123 <li>SUID SUID SUID 124 </li> 125 <li>SUID Root shell SUID </li> 126 </ul> 127 128 <p>CTS SUID CTS SetUID </p> 129 130 <h3 id="listening-sockets"></h3> 131 <p>CTS Android </p> 132 133 <ul> 134 <li></li> 135 <li> OTA </li> 136 <li>Root </li> 137 <li> UID </li> 138 <li> IPC UNIX IPC UNIX +RW UNIX </li> 139 <li>/ iptables </li> 140 <li>Google </li> 141 </ul> 142 143 <h3 id="logging"></h3> 144 <p> Android </p> 145 146 <ul> 147 <li></li> 148 <li> (PII)</li> 149 </ul> 150 151 <p>CTS </p> 152 153 <h3 id="directories"></h3> 154 <p></p> 155 156 <p> Root CTS </p> 157 158 <h3 id="config-files"></h3> 159 <p> <code>/system/etc</code><code>/data</code> </p> 160 161 <ul> 162 <li></li> 163 <li></li> 164 </ul> 165 166 <h3 id="native-code"></h3> 167 <p> <code>/vendor</code> <code>/system</code> </p> 168 169 <h3 id="device-drivers"></h3> 170 <p>CTS 171 </p> 172 173 <h3 id="adb"> ADB</h3> 174 <p>Android (ADB) </p> 175 176 <ul> 177 <li>ADB </li> 178 <li>ADB </li> 179 </ul> 180 181 <h3 id="unlockable-bootloaders"></h3> 182 <p> Android / ROM Google Nexus <code>fastboot oem unlock</code> </p> 183 184 <div style="background-color: #B2EBF2; padding: 10px;margin-right:25px"> 185 186 <p><strong>Unlock bootloader?</strong></p> 187 188 <p>If you unlock the bootloader, you will be able to install custom operating system software on this phone.</p> 189 190 <p>A custom OS is not subject to the same testing as the original OS, and can cause your phone and installed applications to stop working properly.</p> 191 192 <p>To prevent unauthorized access to your personal data, unlocking the bootloader will also delete all personal data from your phone (a "factory data reset").</p> 193 194 <p>Press the Volume Up/Down buttons to select Yes or No. Then press the Power button to continue.</p> 195 196 <p><strong>Yes</strong>: Unlock bootloader (may void warranty)</p> 197 198 <p><strong>No</strong>: Do not unlock bootloader and restart phone.</p> 199 </div> 200 201 <br /> 202 <p> Android Android </p> 203 204 <ul> 205 <li> <code>unlocked</code> </li> 206 <li></li> 207 <li> <code>ioctl(BLKSECDISCARD)</code> eMMC Secure Erase Secure Trim eMMC 4.5 Erase Trim Sanitize </li> 208 <li> <code>BLKSECDISCARD</code> <code>ioctl(BLKDISCARD)</code> eMMC Trim </li> 209 <li> <code>BLKDISCARD</code> </li> 210 <li> Nexus <code>fastboot oem lock</code> </li> 211 <li>/ eFuses </li> 212 </ul> 213 214 <p></p> 215 216 <p> <code>fastboot oem lock</code> </p> 217 218 </body></html>
