Google最近发出关于安全测试套件(STS)2月上传要求的更新信息。预计通过STS将很快成为强制性的要求,必须在未来几个月内为STS做好准备。
正如在香港OEM峰会上所传达的那样,谷歌将要求合作伙伴从2019年2月4日开始上传所有2019-03-01 SPL或更高版本的版本的STS结果。合作伙伴不需要通过STS,而只需上传STS运行的结果及其构建提交。
合作伙伴需要下载和使用与其SPL相对应的STS二进制文件。这些可以从2019年2月的STS预览二进制文件下载。
合作伙伴必须在用户调试或eng模式下运行STS,以确保所有测试都按照STS强制执行的说明执行。
OEM应遵循安全测试套件中的STS / CTS配置指南。如果不这样做可能会导致STS不稳定或测试失败不准确。
As communicated at the Hong Kong OEM summit, Google will be requiring that partners upload STS results starting February 4, 2019 for all builds asserting a 2019-03-01 SPL or higher. Partners are not required to pass STS, but only to upload the results of the STS run with their build submission.
- Partners are required to download and utilize the STS binary that corresponds to their SPL. These can be downloaded from February 2019 STS Preview Binary.
-
- Partners must run STS in user-debug or eng mode to ensure that all tests are executed as explained STS Enforcement.
- Partners who encounter test failures or other STS issues must raise a bug and assign it to sts-triage@google.com.
- OEMs should follow the STS/CTS configuration guidelines located Security Test Suite. Failure to do so may cause STS instability or inaccurate test failures.
If you run into issues with either STS framework or STS test failures, please read our FAQ page.
另,最近很多公司收到关于com.android.managedprovisioning安全提示的信息,原因及解决方案尚未明确。
We are following up on our intention to increase enforcement for devices that have pre-installed apps that modify sensitive security settings, such as Google Play Protect (GPP) and enable Unknown Sources.
In addition, to help guide your remediation efforts, we have identified the following builds submitted to Google AFPE between 1-18 January, that include the prohibited behavior。
We are requesting that does the following:
a. List all original sources for the impacted packages (please list all upstream authors of the listed packages that you are aware of) using the attached spreadsheet, tab 'Packages'.
b. Generating an OTA patch to remove GPP Disabling.
c. If you are generating a new, patched build, please submit them to Google APFE and provide a mapping of the old Fingerprint name to the new name in the attached spreadsheet, tab 'Fingerprints'.
d. If you are pushing the patched APK over the air without pushing the entire build, we recommend that you still upload a new build to AFPE as an SMR in order to validate that it is free from the prohibited behavior.