Skip to content

MASTG-TEST-0222: Position Independent Code (PIC) Not Enabled

Overview

This test case checks if the native libraries of the app are compiled without enabling Position Independent Code (PIC), a common mitigation technique against memory corruption attacks.

Since Android 5.0 (API level 21), Android requires all dynamically linked executables to support PIE.

Build System Maintainers Guide - Additional Required Arguments: Android requires Position-independent executables beginning with API 21. Clang builds PIE executables by default. If invoking the linker directly or not using Clang, use -pie when linking.

Steps

  1. Use Extracting Bundled Native Libraries to extract the native libraries from the app package.
  2. Use Obtaining Compiler-Provided Security Features on each native library to obtain the compiler-provided security features.

Observation

The output should show all the security features enabled for each native library, including PIC.

Evaluation

The test case fails if PIC is disabled.