Merge "CDD: Clarify the requirement for kernel stack buffer overflow protections." into oreo-devandroid-wear-p-preview-2android-p-preview-5android-p-preview-4android-p-preview-3android-p-preview-2android-o-mr1-iot-release-1.0.2android-o-mr1-iot-release-1.0.1android-o-mr1-iot-release-1.0.0android-o-mr1-iot-preview-8android-o-mr1-iot-preview-7android-n-iot-release-smart-display-r2android-n-iot-release-smart-displayandroid-n-iot-release-polk-at1android-n-iot-release-lg-thinq-wk7o-mr1-iot-preview-8o-mr1-iot-preview-7

am: ab75ac73a1

Change-Id: I9e7a3349b07a45559129352cc14d397ced014266

1 files changed, 4 insertions, 3 deletions

diff --git a/9_security-model/9_7_kernel-security-features.md b/9_security-model/9_7_kernel-security-features.md
index a6a5d8d3..e4aebaa0 100644
--- a/9_security-model/9_7_kernel-security-features.md
+++ b/9_security-model/9_7_kernel-security-features.md
@@ -30,8 +30,9 @@ synchronization (TSYNC) as described
 Kernel integrity and self-protection features are integral to Android
 security. Device implementations:
 
-*   [C-0-7] MUST implement kernel stack buffer overflow protections
-(e.g. `CONFIG_CC_STACKPROTECTOR_STRONG`).
+*   [C-0-7] MUST implement kernel stack buffer overflow protection mechanisms.
+Examples of such mechanisms are `CC_STACKPROTECTOR_REGULAR` and
+`CONFIG_CC_STACKPROTECTOR_STRONG`.
 *   [C-0-8] MUST implement strict kernel memory protections where executable
 code is read-only, read-only data is non-executable and non-writable, and
 writable data is non-executable (e.g. `CONFIG_DEBUG_RODATA` or `CONFIG_STRICT_KERNEL_RWX`).
@@ -72,4 +73,4 @@ policy for their own device-specific configuration.
 If device implementations use kernel other than Linux, they:
 
 *   [C-2-1] MUST use an mandatory access control system that is
-equivalent to SELinux.
\ No newline at end of file
+equivalent to SELinux.