Open h3ph4est7s opened 1 year ago
This is in Android as a debugging feature, rather than a hardening feature. I don't think it can really be used as a hardening feature with that said.
We could probably move some (not all) of these features out/away from the debugging property instead.
I'm not sure it actually offers any security benefits - irrespective of the setting, if there is an issue, the process will crash.
Certain parts may be useful for security. Those parts would need to be considered individually.
imho there is security value in some of those checks. The totality of those contain redundant checks and introduce additional overhead but still some can be more than useful. a new hybrid indirect function table in here https://github.com/GrapheneOS/platform_art/blob/13/runtime/jni/jni_env_ext.cc#L76 with a jvm option that utilize some of the functionality from here https://github.com/GrapheneOS/platform_art/blob/13/runtime/jni/check_jni.cc and a new property utilized in here https://github.com/GrapheneOS/platform_frameworks_base/blob/13/core/jni/AndroidRuntime.cpp#L750 will probably do the trick.
We should evaluate what JNI checks from here are security relevant first. We don't want to add all of them.
The AOSP include the capability to enable JNI extended checking system wide including the following checks.
Steps to enable:
dalvik.vm.checkjni
totrue
Reference: https://developer.android.com/training/articles/perf-jni#extended-checking
Proposal: Add an option in security to enable or disable this system wide along with an option to enable or disable it for specific apps in
App Info
->Exploit protection compatibility mode