1page.title=Security Enhancements in Android 4.3 2@jd:body 3 4<p> 5Every Android release includes dozens of security enhancements to protect 6users. The following are some of the security enhancements available 7in Android 4.3: 8</p> 9 10<ul> 11 <li><strong>Android sandbox reinforced with SELinux.</strong> 12 This release strengthens the Android sandbox using the SELinux 13 mandatory access control system (MAC) in the Linux kernel. SELinux 14 reinforcement is invisible to users and developers, and adds robustness 15 to the existing Android security model while maintaining compatibility 16 with existing applications. To ensure continued compatibility this release 17 allows the use of SELinux in a permissive mode. This mode logs any policy 18 violations, but will not break applications or affect system behavior.</li> 19 20 <li><strong>No setuid/setgid programs.</strong> 21 Added support for filesystem capabilities 22 to Android system files and removed all setuid/setguid programs. This 23 reduces root attack surface and the likelihood of potential security 24 vulnerabilities.</li> 25 26 <li><strong>ADB Authentication.</strong> 27 Since Android 4.2.2, connections to ADB are 28 authenticated with an RSA keypair. This prevents unauthorized use of 29 ADB where the attacker has physical access to a device.</li> 30 31 <li><strong>Restrict Setuid from Android Apps.</strong> 32 The /system partition is now mounted 33 nosuid for zygote-spawned processes, preventing Android applications 34 from executing setuid programs. This reduces root attack surface and 35 the likelihood of potential security vulnerabilities.</li> 36 37 <li><strong>Capability bounding.</strong> 38 Android zygote and ADB now use prctl(PR_CAPBSET_DROP) to drop 39 unnecessary capabilities prior to executing applications. 40 This prevents Android applications and applications launched from 41 the shell from acquiring privileged capabilities.</li> 42 43 <li><strong>AndroidKeyStore Provider.</strong> 44 Android now has a keystore provider that allows 45 applications to create exclusive use keys. This provides applications 46 with an API to create or store private keys that cannot be used by 47 other applications.</li> 48 49 <li><strong>KeyChain isBoundKeyAlgorithm.</strong> 50 Keychain API now provides a method 51 (isBoundKeyType) that allows applications to confirm that system-wide keys 52 are bound to a hardware root of trust for the device. This provides 53 a place to create or store private keys that cannot be exported off the 54 device, even in the event of a root compromise.</li> 55 56 <li><strong>NO_NEW_PRIVS.</strong> 57 Android zygote now uses prctl(PR_SET_NO_NEW_PRIVS) to block addition 58 of new privileges prior to execution application code. This 59 prevents Android applications from performing operations which can 60 elevate privileges via execve. (This requires Linux kernel version 3.5 61 or greater).</li> 62 63 <li><strong>FORTIFY_SOURCE enhancements.</strong> 64 Enabled FORTIFY_SOURCE on Android x86 and MIPS 65 and fortified strchr(), strrchr(), strlen(), and umask() calls. This 66 can detect potential memory corruption vulnerabilities or unterminated 67 string constants.</li> 68 69 <li><strong>Relocation protections.</strong> 70 Enabled read only relocations (relro) for 71 statically linked executables and removed all text relocations in Android 72 code. This provides defense in depth against potential memory corruption 73 vulnerabilities.</li> 74 75 <li><strong>Improved EntropyMixer.</strong> 76 EntropyMixer now writes entropy at shutdown / 77 reboot, in addition to periodic mixing. This allows retention of all 78 entropy generated while devices are powered on, and is especially useful 79 for devices that are rebooted immediately after provisioning.</li> 80 81 <li><strong>Security Fixes.</strong> 82 Android 4.3 also includes fixes for Android-specific 83 vulnerabilities. Information about these vulnerabilities has been provided 84 to Open Handset Alliance members and fixes are available in Android Open 85 Source Project. To improve security, some devices with earlier versions 86 of Android may also include these fixes.</li> 87</ul> 88