On Wed, 2017-05-03 at 14:56 -0400, Rik van Riel wrote:
> On Wed, 2017-05-03 at 12:50 +0800, Shawn wrote:
> 
> > The fragmentation of Android eco-system may be inevitable. The whole
> > chains is too long from ASOP/BSP/Vendors and it affect the security
> > fix being delivered to the end user. According to my own statistic
> > from my customers, there will be more than 7 millions of Android
> > phone
> > will be using some features of PaX/Grsec this year.
> 
> That is great news. I am glad to hear the hardening features
> are being used on that many phones.
> 
> Of course, given the fragmentation of the eco-system, the
> only thing that can get the hardening on all of the (new)
> phones in the future will be getting the hardening features
> into the upstream kernel.

Just worth noting that the upstream in this case almost always includes
the Android common kernel. There's still some baseline out-of-tree
Android code, although there's much less than there used to be so the
vast majority of the code these days is SoC vendor code needed by a non-
Android Linux distribution on those devices too.

That's forked into the SoC vendor kernels and then the device kernels if
applicable (some are device-specific, but some vendors like Sony have
moved to having a shared kernel and the Pixel / Pixel XL share a kernel
since they're basically the same thing). Google can also verify that
hardening is present via the Compatibility Test Suite if it can be
detected from an unprivileged userspace app. Hopefully they'll turn
passing their new privileged vts test suite into a requirement too so
they can test for kernel self protection features.

For example, Android devices are required to have perf_event_paranoid=3
even though it was rejected upstream for the time being. If a clearly
useful change is rejected, that doesn't mean Google won't add it to
their common kernel which will then propagate at least to new devices
from other vendors and their own first-party released devices.