upload android base code part8
This commit is contained in:
August
parent
841ae54672
commit
5425409085
57075 changed files with 9846578 additions and 0 deletions
|
|
@ -0,0 +1,72 @@
|
|||
<html devsite>
|
||||
<head>
|
||||
<title>Encryption</title>
|
||||
<meta name="project_path" value="/_project.yaml" />
|
||||
<meta name="book_path" value="/_book.yaml" />
|
||||
</head>
|
||||
<body>
|
||||
<!--
|
||||
Copyright 2017 The Android Open Source Project
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
|
||||
|
||||
|
||||
<p>
|
||||
Encryption is the process of encoding all user data on an Android device using
|
||||
symmetric encryption keys. Once a device is encrypted, all user-created data is
|
||||
automatically encrypted before committing it to disk and all reads automatically
|
||||
decrypt data before returning it to the calling process. Encryption ensures that
|
||||
even if an unauthorized party tries to access the data, they won’t be able to
|
||||
read it.
|
||||
</p>
|
||||
<p>
|
||||
Android has two methods for device encryption: full-disk encryption and
|
||||
file-based encryption.
|
||||
</p>
|
||||
<h2 id=full-disk>Full-disk encryption</h2>
|
||||
<p>
|
||||
Android 5.0 and above supports <a href="full-disk.html">full-disk encryption</a>.
|
||||
Full-disk encryption uses a single key—protected with the user’s device password—to
|
||||
protect the whole of a device’s userdata partition. Upon boot, the user must
|
||||
provide their credentials before any part of the disk is accessible.
|
||||
</p>
|
||||
<p>
|
||||
While this is great for security, it means that most of the core functionality
|
||||
of the phone in not immediately available when users reboot their device.
|
||||
Because access to their data is protected behind their single user credential,
|
||||
features like alarms could not operate, accessibility services were unavailable,
|
||||
and phones could not receive calls.
|
||||
</p>
|
||||
<h2 id=file-based>File-based encryption</h2>
|
||||
<p>
|
||||
Android 7.0 and above supports <a href="file-based.html">file-based encryption</a>.
|
||||
File-based encryption
|
||||
allows different files to be encrypted with different keys that can be unlocked
|
||||
independently. Devices that support file-based encryption can also support a new
|
||||
feature called <a
|
||||
href="https://developer.android.com/preview/features/direct-boot.html">Direct
|
||||
Boot</a> that allows encrypted devices to boot straight to the lock screen, thus
|
||||
enabling quick access to important device features like accessibility services
|
||||
and alarms.
|
||||
</p>
|
||||
<p>
|
||||
With the introduction of file-based encryption and new APIs to make
|
||||
applications aware of encryption, it is possible for these apps to operate
|
||||
within a limited context. This can happen before users have provided their
|
||||
credentials while still protecting private user information.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Add table
Add a link
Reference in a new issue