Google hardens the Linux kernel in Android

Google has switched on new security features for the Linux kernel in Android, hoping to reduce vulnerabilities and to improve the robustness of its mobile operating system.

Android is built around the open source Linux kernel, the core computer program that controls the software running on devices, and the hardware they're built upon. 

The kernel defence mechanisms focus on memory protection and attack surface reduction, Google Android security team member Jeff Vander Stoep wrote in a blog this week.

Google has tightened up the kernel as well as adding userspace process memory protection to avoid vulnerabilities impacting unrelated parts of system memory.

Kernel memory is now segmented into logical sections, with restrictive page access permissions on each, Stoep said.

Android's Linux kernel will be prevented from directly accessing userspace memory to make exploits more difficult to execute, as attackers have much less control over kernel memory that's executable.

The stack-protector-strong option for the GCC 4.9 compiler can now be used for better protection against stack smashing attacks that seek to inject executable code into running processes to take control of them.

To harden the Linux kernel in Android, Google is also removing a number of its possible entry points.

The reduction in attack surfaces includes blocking access to the perf measurement and analysis tool in Android Nougat and onwards. Developers can still enable perf, but for the majority of users removing access to it improves security by reducing attack surfaces.

Apps will also be restricted from accessing most ioctl syscall commands with only a small whitelist of those used for network socket control and manipulation permitted in Nougat.

Most ioctl commands are not necessary for third-party apps' functionality, and Stoep said most kernel vulnerabilities reported for Android occur in drivers, and are reached through the syscalls - so removing access for apps improves security.

In Android Nougat, the now mandatory seccomp-bpf sandboxing mechanism will further restrict syscalls and their arguments through a configurable filter, to further shrink the attack surface for the Linux kernel.

A spate of serious vulnerabilities found in Android recently has forced Google to focus on improving the security for its mobile operating system, with the new Nougat version adding several improvements.