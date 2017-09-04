With Android Oreo, Google Is Introducing Linux Kernel Requirements (betanews.com) 12
Mark Wilson shares a report from BetaNews: As is easy to tell by comparing versions of Android from different handset manufacturers, developers are -- broadly speaking -- free to do whatever they want with Android, but with Oreo, one aspect of this is changing. Google is introducing a new requirement that OEMs must meet certain requirements when choosing the Linux kernel they use. Until now, as pointed out by XDA Developers, OEMs have been free to use whatever Linux kernel they wanted to create their own version of Android. Of course, their builds still had to pass Google's other tests, but the kernel number itself was not an issue. Moving forward, Android devices running Oreo must use at least kernel 3.18, but there are more specific requirements to meet as well. Google explains on the Android Source page: "Android O mandates a minimum kernel version and kernel configuration and checks them both in VTS as well as during an OTA. Android device kernels must enable the kernel .config support along with the option to read the kernel configuration at runtime through procfs."
If the complete kernel configuration can be read, does this mean malware authors like NSA, CIA, criminals etc. will have an easier time getting inside your phone?
Since you also have access to the kernel sources it would be easy to fake the interface and kernel version if you were to plan to use an unsupported kernel. Any problems would however be at your dime, not to be blamed on Android or Linus.
I can understand the minimum level requirements on the kernel and possibly also to allow the rest of Android to inspect the kernel configuration in order for the environment to be able to ensure that the platform it runs on is providing sufficient services. But these should
If the complete kernel configuration can be read, does this mean malware authors like NSA, CIA, criminals etc. will have an easier time getting inside your phone?
Not really. It seems to me all Google is doing is forcing Linux on these Android phones to behave closer to the way it already does on Linux servers and desktops.
Linux has never been about security through obscurity - that's just weirdness introduced by certain handset manufacturers.
All we need now is Wayland and the Unity desktop
All we need now is Wayland
Congratulation, you've successfully described Jolla's Sailfish OS....
and the Unity desktop
...and Canonical's attempts at Ubuntu Touch.
I know it's a little more complicated than that, but I know that some of those handset devs will be tempted to try just modifying the kernel number to pass the test.
So, they want you to run a kernel that is younger than two years old, and they want to be able to see which features it has enabled. Both perfectly reasonable requirements, most likely based or real engineering issues.