I've finished the time consuming process of setting up new infrastructure for Android 9 and running full Compatibility Test Suite testing of Android Open Source Project builds for various devices. There are a huge number of tests and it takes time to investigate the flaky ones.
Conversation
Now that I have a baseline to work from with a list of the flaky tests and the reasons for them failing, I can properly test builds incorporating new hardening work. A manifest for the future work is available at github.com/AndroidHardeni. It doesn't yet incorporate any hardening.
1
3
The initial work will be incorporating github.com/AndroidHardeni into the builds and integrating it into Bionic libc. It will remain a self-contained component portable to other operating systems though. I'll aim to have libc integration build on top of unmodified tagged releases.
Replying to
The hardened malloc project is MIT licensed and that will also be the case for the Bionic (AOSP) and musl integration. I intend to implement a much broader range of security and privacy enhancements again but the work will need to be funded. Until then, the scope is very narrow.
1