MASTG-TEST-0222: Position Independent Code (PIC) Not Enabled
Content in BETA
This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Overview¶
This test case checks if the native libraries of the app are compiled without enabling Position Independent Code (PIC), a common mitigation technique against memory corruption attacks.
Since Android 5.0 (API level 21), Android requires all dynamically linked executables to support PIE.
Build System Maintainers Guide - Additional Required Arguments: Android requires Position-independent executables beginning with API 21. Clang builds PIE executables by default. If invoking the linker directly or not using Clang, use
-pie
when linking.
Steps¶
- Extract the app contents ( Exploring the App Package).
- Run Obtaining Compiler Provided Security Features on each shared library and grep for "pic" or the corresponding keyword used by the selected tool.
Observation¶
The output should list if PIC is enabled or disabled.
Evaluation¶
The test case fails if PIC is disabled.