|
|
Log in / Subscribe / Register

Hardening the Kernel in Android Oreo (Android Developers Blog)

[Posted August 31, 2017 by corbet]

The Android Developers Blog has an overview of the security features added to the kernel in the Android "Oreo" release. "Usercopy functions are used by the kernel to transfer data from user space to kernel space memory and back again. Since 2014, missing or invalid bounds checking has caused about 45% of Android's kernel vulnerabilities. Hardened usercopy adds bounds checking to usercopy functions, which helps developers spot misuse and fix bugs in their code. Also, if obscure driver bugs slip through, hardening these functions prevents the exploitation of such bugs."
to post comments

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 7:21 UTC (Thu) by kronat (guest, #117266) [Link] (17 responses)

In the post, the author has written that the developers have backported features into kernel versions 3.18 and above. From the link "https://arstechnica.com/gadgets/2017/05/ars-talks-android...", it seems that Android uses 3.18 (released on Sun, 7 Dec 2014 ) in current versions or 4.4 (released on Sun, 10 Jan 2016) internally (for testing?). To be honest, my Nexus 5 uses 3.4 (released on 20 May 2012, with no update possibilities). Anyway, 3.18 support ended January 2017 (are we 'yelling very loudly at our hardware vendor', using the words of GKH?).

Moreover, Dave Burke specifies: "The other thing is, generally, we don't change the kernel with an update. No one really does that in the industry". Probably the work of the kernel maintainers and developers is not industry-worth, in his eyes.

So, my opinion is that "Hardening the Kernel" referring to Android devices does not make any technical sense, it is only marketing.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 8:00 UTC (Thu) by juliank (guest, #45896) [Link] (6 responses)

kernel 3.18 just received an update yesterday, but it is indeed marked as EOL. It is the kernel version new devices are being released with at the moment.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 20:57 UTC (Thu) by thestinger (guest, #91827) [Link] (5 responses)

> It is the kernel version new devices are being released with at the moment.

Current generation Snapdragon SoC lines use Linux 4.4 for their drivers trees. Android has a 4.9 common kernel which works on HiKey (Kirin SoC) but most Android phones use Qualcomm SoCs. Exynos is used by the international Samsung phones but Samsung keeps it in line with the Qualcomm kernel versions since they need to support both and want the devices to be as close as possible despite having totally different driver platforms.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 21:15 UTC (Thu) by juliank (guest, #45896) [Link] (4 responses)

Well, maybe the newest flagship CPU. The new Nokia phones with SD430 released with 3.18.y

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 21:25 UTC (Thu) by thestinger (guest, #91827) [Link] (3 responses)

The kernel version is tied to the SoC generation, not whether it's a flagship. 3.18 was used for the past generation low, mid and high end SoC up to the Snapdragon 821. The current generation Qualcomm SoC line uses 4.4 for the low end too. Huawei, NVIDIA, etc. are better at using newer kernel versions for their platforms.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 21:37 UTC (Thu) by juliank (guest, #45896) [Link] (2 responses)

Given that 430 devices are released this year, this makes it a current gen. Maybe we'll see newer ones next year, but I'm not holding my breath.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 21:41 UTC (Thu) by thestinger (guest, #91827) [Link]

Not released with Oreo, though. They can release a device with a 430 and Oreo, but I don't think many will.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 21:50 UTC (Thu) by thestinger (guest, #91827) [Link]

The current low-end SoC Snapdragon just launched 2 months ago so devices are only just starting to come out with it. It lines up with Oreo. I'm not talking about all of 2017. Oreo was only released a week ago.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 8:15 UTC (Thu) by cpitrat (subscriber, #116459) [Link] (1 responses)

I understand 'in the industry' as 'in the phone OS industry', and 'update' as 'OS version upgrade pushed to users'. Which probably means apple doesn't do that either for iphones. And probably also Microsoft for windows phone.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 10:15 UTC (Thu) by kronat (guest, #117266) [Link]

> I understand 'in the industry' as 'in the phone OS industry', and 'update' as 'OS version
> upgrade pushed to users'. Which probably means apple doesn't do that either for
> iphones. And probably also Microsoft for windows phone.

For what regards iPhones, a rapid check on Wikipedia gives:

"The iOS kernel is the XNU kernel of Darwin. The original iPhone OS (1.0) up to iPhone OS 3.1.3 used Darwin 9.0.0d1. iOS 4 was based on Darwin 10. iOS 5 was based on Darwin 11. iOS 6 was based on Darwin 13. iOS 7 and iOS 8 are based on Darwin 14. iOS 9 is based on Darwin 15. iOS 10 is based on Darwin 16."

... but honestly, I don't want to bring it into an "Android vs. iOS discussion". What matters is that they ('probably') are marketing results on the Linux kernel without ('maybe') providing the full, contextual, information.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 14:18 UTC (Thu) by alonz (subscriber, #815) [Link] (2 responses)

Android's current requirements for the Linux kernel are documented here:
  • All SoCs productized in 2017 must launch with kernel 4.4 or newer.
  • All other SoCs launching new Android devices running Android O must use kernel 3.18 or newer.
  • Regardless of launch date, all SoCs with device launches on Android O remain subject to kernel changes required to enable Treble.
  • Older Android devices released prior to Android O but that will be upgraded to Android O can continue to use their original base kernel version if desired.

The main reason for these odd requirements is mentioned elsewhere in the Android architecture documentation – many system-on-chip devices have huge patch sets, so cannot be ported to newer kernels without the SoC vendor's participation (and these vendors have little incentive to do that, as they prefer to invest in their newer generations instead).

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 16:10 UTC (Thu) by excors (subscriber, #95769) [Link] (1 responses)

That's useful for phones, though it might be worth noting they're only really "requirements" if you want to use Google's proprietary services (Play store, Gmail, Maps, etc). If you don't care about those services, e.g. if you're making an IoT device that doesn't even have a screen, there's nothing to stop you from completely ignoring all the compatibility guidelines while still using almost the entire Android platform (AOSP plus the SoC vendor's Androidified kernel and BSP). And those kinds of devices will often use quite old SoCs (because they're cheaper), with correspondingly old kernels, which is unfortunate.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 21:00 UTC (Thu) by thestinger (guest, #91827) [Link]

It's only Android if it meets the Compatibility Definition Document / Compatibility Test Suites requirements. Google is responsible for defining those and the Android trademark can't be used without complying with them, i.e. a fork not in compliance is very explicitly not Android.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Aug 31, 2017 21:31 UTC (Thu) by thestinger (guest, #91827) [Link] (2 responses)

> it seems that Android uses 3.18 (released on Sun, 7 Dec 2014 ) in current versions or 4.4 (released on Sun, 10 Jan 2016) internally (for testing?)

The current active branches are 3.10, 3.18, 4.4 or 4.9. It's tied to the version the SoC vendor chose for the SoC generation used on a device. Current generation Qualcomm Snapdragon SoC line uses 4.4 from the low end through to the highest end chip (835) used in the Galaxy S8. Past generation used 3.18, and another generation back was 3.10. Generation ~= 1 year.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Sep 1, 2017 5:48 UTC (Fri) by alison (subscriber, #63752) [Link] (1 responses)

thestinger informs us:
>The current active branches are 3.10, 3.18, 4.4 or 4.9.

What then can we buy with 4.9?

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Sep 1, 2017 6:16 UTC (Fri) by thestinger (guest, #91827) [Link]

AOSP supports the 4.9 kernel for https://www.96boards.org/product/hikey/ which is Kirin-based. I'm not familiar with Huawei's Kirin-based phones so I don't know which kernel versions they use.

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Sep 2, 2017 3:23 UTC (Sat) by marcH (subscriber, #57642) [Link]

> Moreover, Dave Burke specifies: "The other thing is, generally, we don't change the kernel with an update. No one really does that in the industry". Probably the work of the kernel maintainers and developers is not industry-worth, in his eyes.

The development work is worth a massive, massive lot and valued as much. The expensive, tedious and time-consuming QA and especially non-regression work is nowhere near enough what's required for the marketplace. It's just the way things are because we live a world of finite resources. How could every validation suite be run on every Linux device under the sun on every kernel version before it gets released?

https://groups.google.com/a/chromium.org/forum/#!msg/chro...
https://www.chromium.org/chromium-os/chromiumos-design-do...

Hardening the Kernel in Android Oreo (Android Developers Blog)

Posted Sep 7, 2017 16:02 UTC (Thu) by brianr (subscriber, #2180) [Link]

> To be honest, my Nexus 5 uses 3.4 (released on 20 May 2012, with no update possibilities).

Likely the least of your worries on that device. The Nexus 5 has a Broadcom WiFi chipset which runs a binary-only blob with a giant OTA exploitable security hole.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds