Hi William, we share similar concerns about this topic. I have a master student who just started his thesis aiming for detecting JNI invocations statically/dynamically. Lets see, how well this goes.
BR, Aubrey William Enck wrote: > > I imagine some folks on this list have seen this (or a similar story): > > http://theandroidsite.com/2009/08/16/rooting-your-android-with-one-click/ > > I haven't investigated it in any depth, but my speculation is that the > exploitation of the referenced kernel privilege escalation > vulnerability > (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2692) > results from the ability to execute native code. > > I understand the public pressure to allow native code, and that > Android's security model provides protection at the process level; > however, as an Android user, I would like the ability to disallow > third party native libraries for security purposes (defense in depth). > > I imagine there is a library path that can be checked somewhere to > ensure JNI only allows the /system prefix. Alternatively, the LSM hook > for mmap could be useful. > > While this won't stop users from rooting their devices when kernel > privilege escalation vulnerabilities inevitably emerge, it provides a > nice buffer between the time the vulnerability is found to the time a > security patch is deployed that will protect many normal users. > > I'm going to take a look at generating a patch when I get a chance, > but that might not be for a little while. If anyone starts to work on > this, please let me know. > > Thanks, > -Will >
