diff options
author | Nick Kralevich <nnk@google.com> | 2013-04-30 17:08:38 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2013-05-01 15:34:44 -0700 |
commit | cb4c927b416003c8db004df1782e6ad2a2fa44c4 (patch) | |
tree | 687b676990f44507d0f552a62420d439a0b519a0 /src | |
parent | 89e17bf81e2c16bc31e8f66b23dc0091a1d334cc (diff) | |
download | source.android.com-cb4c927b416003c8db004df1782e6ad2a2fa44c4.tar.gz |
Add 4.3 security documentation.
Bug: 8776692
Change-Id: Id93dc3348913d2b689c217013701b39c102d4c30
Diffstat (limited to 'src')
-rw-r--r-- | src/devices/devices_toc.cs | 5 | ||||
-rw-r--r-- | src/devices/tech/security/enhancements43.jd | 85 |
2 files changed, 90 insertions, 0 deletions
diff --git a/src/devices/devices_toc.cs b/src/devices/devices_toc.cs index a1a37c62..34fe84ca 100644 --- a/src/devices/devices_toc.cs +++ b/src/devices/devices_toc.cs @@ -158,6 +158,11 @@ <span class="en">Security Enhancements in Android 4.2</span> </a> </li> + <li> + <a href="<?cs var:toroot ?>devices/tech/security/enhancements43.html"> + <span class="en">Security Enhancements in Android 4.3</span> + </a> + </li> </ul> </li> diff --git a/src/devices/tech/security/enhancements43.jd b/src/devices/tech/security/enhancements43.jd new file mode 100644 index 00000000..4ecae12b --- /dev/null +++ b/src/devices/tech/security/enhancements43.jd @@ -0,0 +1,85 @@ +page.title=Security Enhancements in Android 4.3 +@jd:body + +<p> +Every Android release includes dozens of security enhancements to protect +users. The following are some of the security enhancements available +in Android 4.3: +</p> + +<ul> + <li><strong>Android sandbox reinforced with SELinux.</strong> + Android now uses SELinux, + a mandatory access control (MAC) system in the Linux kernel originally + designed for government security, to augment the UID based Application + sandbox. This protects the operating system against potential security + vulnerabilities.</li> + + <li><strong>No setuid/setgid programs.</strong> + Added support for filesystem capabilities + to Android system files and removed all setuid/setguid programs. This + reduces root attack surface and the likelihood of potential security + vulnerabilities.</li> + + <li><strong>ADB Authentication.</strong> + Since Android 4.2.2, connections to ADB are + authenticated with an RSA keypair. This prevents unauthorized use of + ADB where the attacker has physical access to a device.</li> + + <li><strong>Restrict Setuid from Android Apps.</strong> + The /system partition is now mounted + nosuid for zygote-spawned processes, preventing Android applications + from executing setuid programs. This reduces root attack surface and + the likelihood of potential security vulnerabilities.</li> + + <li><strong>Capability bounding.</strong> + Android zygote and ADB now use prctl(PR_CAPBSET_DROP) to drop + unnecessary capabilities prior to executing applications. + This prevents Android applications and applications launched from + the shell from acquiring privileged capabilities.</li> + + <li><strong>AndroidKeyStore Provider.</strong> + Android now has a keystore provider that allows + applications to create exclusive use keys. This provides applications + with an API to create or store private keys that cannot be used by + other applications.</li> + + <li><strong>KeyChain isBoundKeyAlgorithm.</strong> + Keychain API now provides a method + (isBoundKeyType) that allows applications to confirm that system-wide keys + are bound to a hardware root of trust for the device. This provides + a place to create or store private keys that cannot be exported off the + device, even in the event of a root compromise.</li> + + <li><strong>NO_NEW_PRIVS.</strong> + Android zygote now uses prctl(PR_SET_NO_NEW_PRIVS) to block addition + of new privileges prior to execution application code. This + prevents Android applications from performing operations which can + elevate privileges via execve. (This requires Linux kernel version 3.5 + or greater).</li> + + <li><strong>FORTIFY_SOURCE enhancements.</strong> + Enabled FORTIFY_SOURCE on Android x86 and MIPS + and fortified strchr(), strrchr(), strlen(), and umask() calls. This + can detect potential memory corruption vulnerabilities or unterminated + string constants.</li> + + <li><strong>Relocation protections.</strong> + Enabled read only relocations (relro) for + statically linked executables and removed all text relocations in Android + code. This provides defense in depth against potential memory corruption + vulnerabilities.</li> + + <li><strong>Improved EntropyMixer.</strong> + EntropyMixer now writes entropy at shutdown / + reboot, in addition to periodic mixing. This allows retention of all + entropy generated while devices are powered on, and is especially useful + for devices that are rebooted immediately after provisioning.</li> + + <li><strong>Security Fixes.</strong> + Android 4.3 also includes fixes for Android-specific + vulnerabilities. Information about these vulnerabilities has been provided + to Open Handset Alliance members and fixes are available in Android Open + Source Project. To improve security, some devices with earlier versions + of Android may also include these fixes.</li> +</ul> |