Skip to content

MASTG-TEST-0222: Position Independent Code (PIC) Not Enabled

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

This test case checks if the native libraries of the app are compiled without enabling Position Independent Code (PIC), a common mitigation technique against memory corruption attacks.

Since Android 5.0 (API level 21), Android requires all dynamically linked executables to support PIE.

Build System Maintainers Guide - Additional Required Arguments: Android requires Position-independent executables beginning with API 21. Clang builds PIE executables by default. If invoking the linker directly or not using Clang, use -pie when linking.

Steps

  1. Extract the app contents ( Exploring the App Package).
  2. Run Obtaining Compiler Provided Security Features on each shared library and grep for "pic" or the corresponding keyword used by the selected tool.

Observation

The output should list if PIC is enabled or disabled.

Evaluation

The test case fails if PIC is disabled.