Language Selection

English French German Italian Portuguese Spanish

Control Flow Integrity in the Android kernel

Filed under
Android

Android's security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android releases and in Android 9, we continued this work by focusing on compiler-based security mitigations against code reuse attacks.

Google's Pixel 3 will be the first Android device to ship with LLVM's forward-edge Control Flow Integrity (CFI) enforcement in the kernel, and we have made CFI support available in Android kernel versions 4.9 and 4.14. This post describes how kernel CFI works and provides solutions to the most common issues developers might run into when enabling the feature.

Read more

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story 4 cool new projects to try in COPR for December 2018 Rianne Schestowitz 17/12/2018 - 9:11am
Story Linux Networking Improvements To Mitigate Retpoline Overhead Ready For 4.21 Kernel Rianne Schestowitz 17/12/2018 - 7:52am
Story Linux 4.20--rc76 Rianne Schestowitz 17/12/2018 - 12:12am
Story Android Leftovers Rianne Schestowitz 17/12/2018 - 12:06am
Story 1080p Linux Gaming Performance - NVIDIA 415.22 vs. Mesa 19.0-devel RADV/RadeonSI Rianne Schestowitz 16/12/2018 - 11:57pm
Story This week in Usability & Productivity, part 49 Roy Schestowitz 1 16/12/2018 - 2:47pm
Story VK9, the project that aims to support Direct3D 9 over Vulkan has hit another milestone Roy Schestowitz 1 16/12/2018 - 1:55pm
Story Sparky SU 0.1.0 Roy Schestowitz 16/12/2018 - 1:50pm
Story Leftovers: Linux in the Ham Shack and Golden Age of the iPhone Is Ending Roy Schestowitz 16/12/2018 - 1:24pm
Story OSS Leftovers Roy Schestowitz 16/12/2018 - 1:18pm