Yesterday (20180827) on the Linux Security Submit USA 2018, Jeff Vander Stoep and Sami Tolvanen from Google brought their talk Year in Review: Android Kernel Security
In this talk, they released some valuable information about android kernel security:
- 1/3 of android vulnerabilities belong to kernel
- the attack surface reduction mitigation (such as selinux) works very well
- other userspace-> kernel mitigations: hardened usercopy and PAN
- other access vectors such as : wifi/usb/dsp/bluetooth/modem lack mitigations
- first android devices with LTO+CFI kernels will ship this year CFI of LLVM
The most important thing is the introduction of CFI
