Maintainer: Shawn C[a.k.a "citypw"], citypw@gmail.com

Thanks to:

• PaX/Grsecurity

PoC: PaX for Android

This project is a PoC to proved Android kernel can be protected by PaX/Grsecurity. Most of work( hardened-flo) has done in May 28 2015.

Testing environment:

flo( Nexus 7 2013)

• Android NDK 9d
• Android 4.4
• msm-flo-kit

marlin( Pixel XL)

• nougat aarch64 toolchain
• Android 7.1.1
• msm-marlin-3.18-nougat

coral( Pixel 4 XL)

• Android NDK r21
• Android 10.0.0
• msm-coral-4.14

Notes: The combination of PXN( inspired by PaX's KERNEXEC), HARDENED_USERCOPY( implemented and ported from PaX/Grsecurity's PAX_USERCOPY partially), RO vdso, DEBUG_RODATA/STRICT_MEMORY_RWX( it originally implemented by PaX's KERNEXEC) and software-based PAN( not strong as PaX's UDEREF) is unlikely to defeat highly customized exploitation( even some exploit vectors, which old dudes forgot already and new dudes never know) but it's strong enough to defeat those easy-to-write exploits used by malwares, which might cause massive affection.

Write-up:

• Linux kernel mitigation checklist
• How can we "hardened" an Android eco-system without Google?
• PaX/Grsecurity for Nexus 7 2013