Compatibility Definition
2f44OdUf0
2f44OdUf0
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
permissions used by the application. If an application needs to make use of a device resource for<br />
which there is a corresponding Android permission (such as Camera, GPS, etc.), the alternate runtime<br />
MUST inform the user that the application will be able to access that resource. If the runtime<br />
environment does not record application capabilities in this manner, the runtime environment MUST<br />
list all permissions held by the runtime itself when installing any application using that runtime.<br />
9.5. Multi-User Support<br />
This feature is optional for all device types.<br />
Android includes support for multiple users and provides support for full user isolation [Resources,<br />
127]. Device implementations MAY enable multiple users, but when enabled MUST meet the following<br />
requirements related to multi-user support [Resources, 128]:<br />
Device implementations that do not declare the android.hardware.telephony feature flag<br />
MUST support restricted profiles, a feature that allows device owners to manage additional<br />
users and their capabilities on the device. With restricted profiles, device owners can<br />
quickly set up separate environments for additional users to work in, with the ability to<br />
manage finer-grained restrictions in the apps that are available in those environments.<br />
Conversely device implementations that declare the android.hardware.telephony feature<br />
flag MUST NOT support restricted profiles but MUST align with the AOSP implementation<br />
of controls to enable /disable other users from accessing the voice calls and SMS.<br />
Device implementations MUST, for each user, implement a security model consistent with<br />
the Android platform security model as defined in Security and Permissions reference<br />
document in the APIs [Resources, 126].<br />
Each user instance on an Android device MUST have separate and isolated external<br />
storage directories. Device implementations MAY store multiple users' data on the same<br />
volume or filesystem. However, the device implementation MUST ensure that applications<br />
owned by and running on behalf a given user cannot list, read, or write to data owned by<br />
any other user. Note that removable media, such as SD card slots, can allow one user to<br />
access another’s data by means of a host PC. For this reason, device implementations<br />
that use removable media for the external storage APIs MUST encrypt the contents of the<br />
SD card if multiuser is enabled using a key stored only on non-removable media<br />
accessible only to the system. As this will make the media unreadable by a host PC,<br />
device implementations will be required to switch to MTP or a similar system to provide<br />
host PCs with access to the current user’s data. Accordingly, device implementations MAY<br />
but SHOULD NOT enable multi-user if they use removable media [Resources, 129] for<br />
primary external storage.<br />
9.6. Premium SMS Warning<br />
Android includes support for warning users of any outgoing premium SMS message [Resources, 130].<br />
Premium SMS messages are text messages sent to a service registered with a carrier that may incur<br />
a charge to the user. Device implementations that declare support for android.hardware.telephony<br />
MUST warn users before sending a SMS message to numbers identified by regular expressions<br />
defined in /data/misc/sms/codes.xml file in the device. The upstream Android Open Source Project<br />
provides an implementation that satisfies this requirement.<br />
9.7. Kernel Security Features<br />
The Android Sandbox includes features that use the Security-Enhanced Linux (SELinux) mandatory<br />
access control (MAC) system and other security features in the Linux kernel. SELinux or any other<br />
security features implemented below the Android framework:<br />
Page 63 of 74