Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / docs / source.android.com / af3775743bb828396f98abcf72ea4e54461a081c^! / . / src / security / enhancements / enhancements41.jd
commitaf3775743bb828396f98abcf72ea4e54461a081c[log] [tgz]
authorClay Murphy <claym@google.com>Thu Oct 29 15:38:46 2015 -0700
committerClay Murphy <claym@google.com>Thu Oct 29 17:22:50 2015 -0700
treedc4a541bf84f35efd022a2b577b6320525000613
parenta67c3782ae30ea4162064e730ba23ce141ebbe8b [diff] [blame]
Docs: Add Security to top tab, create its nav file

Bug: 24908502
Change-Id: I70037156111410d7b54be11995c4e3fa50ea4acc

diff --git a/src/security/enhancements/enhancements41.jd b/src/security/enhancements/enhancements41.jd
new file mode 100644
index 0000000..2881c08
--- /dev/null
+++ b/src/security/enhancements/enhancements41.jd

@@ -0,0 +1,44 @@
+page.title=Security Enhancements in Android 1.5 through 4.1
+@jd:body
+
+<p>
+Android provides a multi-layered security model described in the <a href="{@docRoot}security/index.html">Android
+Security Overview</a>. Each update to Android includes dozens of
+security enhancements to protect users.  The following are some of the security
+enhancements introduced in Android versions 1.5 through 4.1:</p>
+
+<dl>
+<dt><strong>Android 1.5</strong></dt>
+<dd><ul>
+<li>ProPolice to prevent stack buffer overruns (-fstack-protector)</li>
+<li>safe_iop to reduce integer overflows</li>
+<li>Extensions to OpenBSD dlmalloc to prevent double free() vulnerabilities and
+to prevent chunk consolidation attacks.  Chunk consolidation attacks are a
+common way to exploit heap corruption.</li>
+<li>OpenBSD calloc to prevent integer overflows during memory allocation</li>
+</ul>
+</dd>
+
+<dt><strong>Android 2.3</strong></dt>
+<dd><ul>
+<li>Format string vulnerability protections (-Wformat-security -Werror=format-security)</li>
+<li>Hardware-based No eXecute (NX) to prevent code execution on the stack and heap</li>
+<li>Linux mmap_min_addr to mitigate null pointer dereference privilege
+escalation (further enhanced in Android 4.1)</li>
+</ul>
+</dd>
+
+<dt><strong>Android 4.0</strong></dt>
+<dd>Address Space Layout Randomization (ASLR) to randomize key locations in memory
+</dd>
+
+<dt><strong>Android 4.1</strong></dt>
+<dd><ul>
+<li>PIE (Position Independent Executable) support</li>
+<li>Read-only relocations / immediate binding (-Wl,-z,relro -Wl,-z,now)</li>
+<li>dmesg_restrict enabled (avoid leaking kernel addresses)</li>
+<li>kptr_restrict enabled (avoid leaking kernel addresses)</li>
+</ul>
+</dd>
+
+</dl>