fuquan/allwinner_a64
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
allwinner_a64/android/docs/source.android.com/en/security/enhancements/enhancements44.html
August 5425409085 upload android base code part8
2018-08-08 20:10:12 +08:00

73 lines
2.7 KiB
HTML
Raw Blame History

<html devsite>
<head>
<title>Security Enhancements in Android 4.4</title>
<meta name="project_path" value="/_project.yaml" />
<meta name="book_path" value="/_book.yaml" />
</head>
<body>
<!--
Copyright 2017 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<p>
Every Android release includes dozens of security enhancements to protect
users. The following are some of the security enhancements available
in Android 4.4:
</p>
<ul>
<li><strong>Android sandbox reinforced with SELinux.</strong>
Android now uses SELinux in enforcing mode. SELinux is a mandatory
access control (MAC) system in the Linux kernel used to augment the
existing discretionary access control (DAC) based security model.
This provides additional protection against potential security
vulnerabilities.</li>
<li><strong>Per User VPN.</strong>
On multi-user devices, VPNs are now applied per user.
This can allow a user to route all network traffic through a VPN
without affecting other users on the device.</li>
<li><strong>ECDSA Provider support in AndroidKeyStore.</strong>
Android now has a keystore provider that allows use of ECDSA and
DSA algorithms.</li>
<li><strong>Device Monitoring Warnings.</strong>
Android provides users with a warning if any certificate has been
added to the device certificate store that could allow monitoring of
encrypted network traffic.</li>
<li><strong>FORTIFY_SOURCE.</strong>
Android now supports FORTIFY_SOURCE level 2, and all code is compiled
with these protections. FORTIFY_SOURCE has been enhanced to work with
clang.</li>
<li><strong>Certificate Pinning.</strong>
Android 4.4 detects and prevents the use of fraudulent Google
certificates used in secure SSL/TLS communications.</li>
<li><strong>Security Fixes.</strong>
Android 4.4 also includes fixes for Android-specific vulnerabilities.
Information about these vulnerabilities has been provided to Open
Handset Alliance members and fixes are available in Android Open Source
Project. To improve security, some devices with earlier versions of
Android may also include these fixes.</li>
</ul>
</body>
</html>
Reference in a new issue View git blame Copy permalink