FORUMS

[KERNEL][ICS][07-04-12] AniDroid-Hardened-TF101 (2.6.39.4)

309 posts
Thanks Meter: 627
 
Post Reply Email Thread
AniDroid-Hardened-TF101 Kernel


Short Kernel information:


AniDroid-Hardened Kernel is the first Hardened kernel for Android that uses GRSecurity subsystem to provide different useful Security functionality.
AniDroid-Hardened Kernel now is in early stage of developing but it's almost ready for using and testing on Asus Transformer TF101 and Google (Samsung) Nexus S devices

Provided Features:
  • Linux Kernel version 2.6.39.4
  • GRSecurity version 2.2.2 with different security features enabled by default (see GRSecurity Feature List for details)
  • EXT4, NTFS, CIFS support
  • init.d support
  • Compatible with any OTA-based and AOSP ICS Roms
  • 1024 Kb ReadAhead support
  • Automatic Process Group Scheduling
  • -fstack-protector buffer overflow detection

GRSecurity Feature List:
  • Kernel Memory Protection (restrict read/write access to /dev/kmem, /dev/mem, and /dev/port)
  • Active Exploits Protection (deter exploit bruteforcing, active kernel exploit response)
  • Role Based Access Control (RBAC)
  • Filesystem Advanced Protection (including advanced security for applications running in CHROOT environment)
  • Full Kernel Auditing (event logging for many kernel events)
  • Executable Protection (deter ptrace-based process snooping)
  • Network Protection (TCP/UDP blackhole and LAST_ACK DoS prevention)
  • Managing support via Sysctl Interface

  • Ondemand (Default)
  • Interactive
  • Conservative
  • Powersave
  • Performance

  • CFQ (Default)
  • Noop
  • Deadline (tweaked for flash devices)
  • Simple IO (SIO)

Links:

Changelogs and issues info:


Alpha 1 known issues:
  • BCM4329 WiFi kernel module temporarely doesn't work
  • SU is temporarely cause "Permission denied"

WARNING!!!
AniDroid-Hardened-TF101 Kernel is still need testing!
So, you can flash and use this kernel at your oun risk!



Thanks to msticninja, guevor, eugene373, koush, ezekeel, supercurio, morfic, franciscofranco, sztupy, reddv1, byeonggonlee!!!
The Following 6 Users Say Thank You to novic_dev For This Useful Post: [ View ] Gift novic_dev Ad-Free
7th April 2012, 01:30 PM |#2  
Senior Member
Thanks Meter: 29
 
More
Great to see another kernel option. Awesome work, mate!
I'll give it a try.
The Following User Says Thank You to linuques For This Useful Post: [ View ] Gift linuques Ad-Free
7th April 2012, 04:23 PM |#3  
sert00's Avatar
Senior Member
Flag cesena,IT
Thanks Meter: 504
 
More
hi!great to see new kernelz every week!after reading all the features in the nexus 3ad,i wonder if you'll put some of them un future in this tf's build...some of them i use every day on smartphones and are very Usefull..like touchwake,liveOC,BLX , fast charge and others..(fast charge especially)glad to test this kernel now,hoping that wifi works,anyway thanks for the hard work and keep it up in future release!i'll report how it goes...
The Following User Says Thank You to sert00 For This Useful Post: [ View ] Gift sert00 Ad-Free
8th April 2012, 05:48 AM |#4  
Senior Member
Phoenix, Arizona
Thanks Meter: 456
 
More
Quote:
Originally Posted by sert00

hi!great to see new kernelz every week!after reading all the features in the nexus 3ad,i wonder if you'll put some of them un future in this tf's build...some of them i use every day on smartphones and are very Usefull..like touchwake,liveOC,BLX , fast charge and others..(fast charge especially)glad to test this kernel now,hoping that wifi works,anyway thanks for the hard work and keep it up in future release!i'll report how it goes...

As far as I know, fast charge from a computer USB port isn't possible on the tf101 because it requires 12v to go into fast charge mode where a normal USB port only provides 5v.
The Following 3 Users Say Thank You to a.mcdear For This Useful Post: [ View ] Gift a.mcdear Ad-Free
8th April 2012, 05:53 AM |#5  
Senior Member
Thanks Meter: 178
 
More
Congrats on getting the kernel compiled with your changes. I'll post some fixes tomorrow that you might want to pull to your git. I have to be honest though, I don't really see the point of grsecurity on android. Do people actually get hacked?
The Following User Says Thank You to msticninja For This Useful Post: [ View ] Gift msticninja Ad-Free
8th April 2012, 11:26 AM |#6  
j3tt3's Avatar
Senior Member
Thanks Meter: 50
 
More
noted but will flash when somebody got the balls to try...

Sent from my Transformer TF101 using xda premium
8th April 2012, 11:38 PM |#7  
Senior Member
Thanks Meter: 26
 
More
Quote:
Originally Posted by j3tt3

noted but will flash when somebody got the balls to try...

Sent from my Transformer TF101 using xda premium

Never mind the balls, I don't see the point of flashing a kernel where wifi and SU (both quite critical in my opinion) don't work.
9th April 2012, 09:55 AM |#8  
Senior Member
Flag Moscow
Thanks Meter: 2,903
 
More
Basically, su won't work with GRSec because of the RBAC model. Another way needs to be found

Sent from my LT26i using XDA
The Following User Says Thank You to K900 For This Useful Post: [ View ] Gift K900 Ad-Free
9th April 2012, 11:13 AM |#9  
novic_dev's Avatar
OP Senior Member
Flag Moscow
Thanks Meter: 627
 
Donate to Me
More
Quote:
Originally Posted by K900

Basically, su won't work with GRSec because of the RBAC model. Another way needs to be found

Sent from my LT26i using XDA

SU will work as privileged user can be allowed to run privileged operations useful for such apps as Titanium Backup and so on ..it's not GRSec issue - vanilla asus source have tha same issue for me.. it's either compiler or ramdisk problem..
9th April 2012, 04:52 PM |#10  
Senior Member
Flag Moscow
Thanks Meter: 2,903
 
More
Quote:
Originally Posted by novic_dev

SU will work as privileged user can be allowed to run privileged operations useful for such apps as Titanium Backup and so on ..it's not GRSec issue - vanilla asus source have tha same issue for me.. it's either compiler or ramdisk problem..

I meant that you need to either allow switching to root, which defeats the whole purpose of GRSec or use its own access controls, which needs to be done in apps.

Sent from my LT26i using XDA
The Following User Says Thank You to K900 For This Useful Post: [ View ] Gift K900 Ad-Free
10th April 2012, 05:03 PM |#11  
novic_dev's Avatar
OP Senior Member
Flag Moscow
Thanks Meter: 627
 
Donate to Me
More
Quote:
Originally Posted by K900

I meant that you need to either allow switching to root, which defeats the whole purpose of GRSec or use its own access controls, which needs to be done in apps.

Sent from my LT26i using XDA

It will be an App

Sent from my Nexus S using xda premium
The Following User Says Thank You to novic_dev For This Useful Post: [ View ] Gift novic_dev Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes