Introducing Rust into the Android Platform
The Android platform has gone through a lot of changes in the past few years and the platform is continuously skyrocketing its capabilities. It has recently taken another step to make the platform more efficient by bring the Rust programming language into the AOSP and it is already there. Google have mentioned in their blog that for the past 18 months they have been adding the Rust support to the Android Open Source Project.
For those of you who are not familiar with Rust. Rust is a multi-paradigm programming language focused on performance and safety, especially safe concurrency. It is syntactically similar to C++ but provides similar speed and memory safety without using garbage collection. If one might want their code to be extremely safe, avoid memory leaks and other undefined behaviour then Rust is the way to go and that is exactly why Android has decided to introduce Rust into the AOSP.
Why Rust ?
Many core Android system components and services, such as ART and HAL, are built from native code that require native libraries written in C and C++. This is because the Lower levels of the OS require languages which are light and more predictable when they are in a resource constrained environment. But C and C++ has its limitations too. Especially in the area of memory protection. And according to Google about 70% of Android’s high severity security vulnerabilities are due to the memory safety bugs. So it is a vital thing to look for an alternative while not cutting down on the performance to secure a good future for the platform.
How does Rust come into play ?
- Rust guarantees that your application will be safe from dereferencing null or dangling pointers. Rust also makes it difficult to leak memory.
- Rust language does not have a Garbage Collector (GC). Rust would know when the variable gets out of scope or its lifetime ends and thus free the memory. This improves the performance at runtime. Further, with C and C++, developers must manage memory lifecycles themselves, which is prone to mistakes.
- When it comes to speed it is almost similar to that of C.
Rust provides the same control and performance as C/C++ but along with that adds memory protection which is lacking in the former and this has been the reason for the adoption, because according to Google a vast majority of Android’s high severity security vulnerabilities are related to memory. Now when a piece of code is very risky, and directly exposed to untrusted users, it is desirable to sandbox the code. Since C/C++ has problem with memory protection it is obvious to sandbox the processes belonging to the OS. Now the issue with sandboxing is that it comes with a price tag of performance. Hence the solution is adopting a language with added memory safety whilst not cutting down on efficiency and control hence the adoption of Rust!
Currently all the android process are sandboxed and Google uses the Rule of 2 to decide if the process requires additional security. If two of the below is true then the code will be contained within a tightly constrained and unprivileged sandbox.
- The code processes untrustworthy inputs.
- The code is written in an unsafe language.
- The code does not have a strong sandbox.
You can learn more about sandboxing from here. Sandbox overview
How things are going to take effect from here?
Google have mentioned that it would not be feasible to rewrite all those code in Rust and that most of the memory related bugs have come only in the recent additions. Hence it is not necessary to rewrite all the existing C/C++ implementation in Rust. Rather they are going to focus on writing the upcoming additions to the AOSP which could have been the domain of C/C++ with Rust hence maintaining a bug free code for the parts to come in the Android platform.
The future of Android is bright and we are all looking forward to it!
You can read more about this from the official google blog.
