Google Git
Sign in
android / platform / docs / source.android.com / be8b5b2^! / .
commitbe8b5b2209aff29462687279847137a08da239e5[log] [tgz]
authorNick Kralevich <nnk@google.com>Wed Jun 27 11:39:01 2012 -0700
committerNick Kralevich <nnk@google.com>Thu Jun 28 12:25:15 2012 -0700
treeb9333ec2ddef1d610cfa815d34d0b805cb334661
parent358da47b5ac2a82b1ec38f4145c5e6db4bbde404 [diff]
security: update Memory Management Security section

Add Android 4.1 features, including:
* relro
* mmap_min_addr
* dmesg_restrict
* kptr_restrict

Reorganize the sections to better indicate when various security
features were added.

(cherry picked from commit e02a1b99dc87805c6f192eb6f1512e6e12f183a9)

Change-Id: I227bd67b8e79c21e2ebdf9e6ba4a9ca55241f21c

diff --git a/src/tech/security/index.md b/src/tech/security/index.md
index 2b55206..b384546 100644
--- a/src/tech/security/index.md
+++ b/src/tech/security/index.md

@@ -1,4 +1,4 @@
-[TOC]
+[TOC]
 #Android Security Overview
 
 ##Introduction
@@ -319,17 +319,32 @@
 exploit. The Android SDK, compilers, and OS use tools to make common memory
 corruption issues significantly harder to exploit, including:
 
-+ Address Space Layout Randomization (ASLR) to randomize key locations in memory
-+ Hardware-based No eXecute (NX) to prevent code execution on the stack and heap
+**Android 2.2+**
+
 + ProPolice to prevent stack buffer overruns (-fstack-protector)
 + safe_iop to reduce integer overflows
 + Extensions to OpenBSD dlmalloc to prevent double free() vulnerabilities and
 to prevent chunk consolidation attacks.  Chunk consolidation attacks are a
 common way to exploit heap corruption.
 + OpenBSD calloc to prevent integer overflows during memory allocation
-+ Linux mmap_min_addr() to mitigate null pointer dereference privilege
-escalation
+
+**Android 2.3+**
+
 + Format string vulnerability protections (-Wformat-security -Werror=format-security)
++ Hardware-based No eXecute (NX) to prevent code execution on the stack and heap
++ Linux mmap_min_addr to mitigate null pointer dereference privilege
+escalation (further enhanced in Android 4.1)
+
+**Android 4.0+**
+
++ Address Space Layout Randomization (ASLR) to randomize key locations in memory
+
+**Android 4.1+**
+
++ PIE (Position Independent Executable) support
++ Read-only relocations / immediate binding (-Wl,-z,relro -Wl,-z,now)
++ dmesg_restrict enabled (avoid leaking kernel addresses)
++ kptr_restrict enabled (avoid leaking kernel addresses)
 
 ##Rooting of Devices