Can a normal Android storefront app run JIT code I created myself, or does security prevent this?

Android is too locked down for this, or is it possible for the app to enable custom JIT (only at compile time)? For example, for Javascript or emulator. Once I have compiled the code (in memory), can I just call this address as a function (long jump to that address)? Or will protection be disabled (for example, disable execution protection) because I'm trying to execute a page of memory that hasn't been marked executable? Is there a special way to allocate memory so that it can run executable code?

+3


source to share


1 answer


Android PlayStore has no specific security restrictions for on-the-fly generated or managed code. It is very easy to compile a piece of C code with gcc on the device, create a shared library ( .so ), and load that library from your Java or native code. Or create an executable and exec () from Java or native code.



On the other hand, since r.2.3, that is, for a long time, Android allows DEP . To tell you how difficult it is to bypass this protection, depending on the hardware platform, kernel version, and ROM (for example, whether to enable SeLinux), I cannot say. Note that ASLR is enabled by default after r.4.0, making on-the-fly manipulation even more difficult.

0


source







All Articles