Google has outlined four key kernel hardening features its engineers have backported from upstream Linux to Android kernels on devices that ship with Android 8.0 Oreo.
They will benefit “all Android kernels supported in devices that first ship with this release”, according to Sami Tolvanen, a senior software engineer on the Android Security team.
The new kernel protections should also help developers who are responsible for building Android hardware drivers detect kernel security bugs before shipping them to users.
According to Google, 85 percent of the kernel vulnerabilities in Android were due to bugs in vendor drivers. Kernel bugs themselves made up more than a third of Android security bugs last year.
Android Oreo is the first time Android’s kernel has the added protection of Kernel Address Space Layout Randomization (KASLR), which makes it harder for attackers to remotely exploit the kernel. KASLR is available in Android kernels 4.4 and newer.
“KASLR helps mitigate kernel vulnerabilities by randomizing the location where kernel code is loaded on each boot. On ARM64, for example, it adds 13-25 bits of entropy depending on the memory configuration of the device, which makes code reuse attacks more difficult,” explains Tolvanen.
Google has also backported Linux 4.8’s “hardened usercopy” feature to protect usercopy functions, which the kernel uses to transfer data between user space to kernel space memory. The security feature adds bounds checking to user copy functions. This has been backported to Android kernels 3.18 and above: according to Tolvanen, nearly half of Android kernel vulnerabilities since 2014 have been due to missing or invalid bounds checking.
Android Oreo also introduces “Privileged Access Never emulation”, a software version of ARM v8.1’s hardware-based PAN, which helps prevent the kernel from accessing user space memory directly and forces developers to go through user copy…