The Linux kernel is the heart of the Android operating system. Without it, Android devices would not be able to function. It interfaces user-space software with physical hardware devices. It enforces the isolation between processes and governs what privileges those processes execute with. Due to its profound role and privileged position, attacking the Linux kernel is a straightforward way to achieve full control over an Android device.
This chapter introduces attacking the Linux kernel used by Android devices. It covers background information about the Linux kernel used on Android devices; how to configure, build, and use custom kernels and kernel modules; how to debug the kernel from a post-mortem and live perspective; and how to exploit issues in the kernel to achieve privilege escalation. The chapter concludes with a few case studies that examine the process of turning three vulnerabilities into working exploits.
Android's Linux Kernel
The Linux kernel used by Android devices began as Russell King's project to port Linux 1.0 to the Acorn A5000 in 1994. That project predated many of the efforts to port the Linux kernel to other architectures such as SPARC, Alpha, or MIPS. Back then, the toolchains lacked support for ARM. The GNU Compiler Collection (GCC) did not support ARM, nor did many of the supplementary tools in the toolchain. As time went on, further work was done on ARM Linux and the toolchain. However, it wasn't until Android ...