diff --git a/debian/changelog b/debian/changelog
index 99331a2f1..14d9b58cd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -70,6 +70,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium
   [ Ben Hutchings ]
   * [amd64,arm64,armhf] android: Build modules to support Anbox
     (Closes: #901492)
+    - Export symbols needed by Android drivers
     - Enable building ashmem and binder as modules
     - Enable ANDROID
     - Enable ANDROID_BINDER_IPC, ASHMEM as modules
diff --git a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch
new file mode 100644
index 000000000..696df27e8
--- /dev/null
+++ b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch
@@ -0,0 +1,146 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 26 Jun 2018 16:59:01 +0100
+Subject: Export symbols needed by Android drivers
+Bug-Debian: https://bugs.debian.org/901492
+
+We want to enable use of the Android ashmem and binder drivers to
+support Anbox, but they should not be built-in as that would waste
+resources and increase security attack surface on systems that don't
+need them.
+
+Export the currently un-exported symbols they depend on.
+
+---
+--- a/fs/file.c
++++ b/fs/file.c
+@@ -409,6 +409,7 @@ struct files_struct *get_files_struct(st
+ 
+ 	return files;
+ }
++EXPORT_SYMBOL_GPL(get_files_struct);
+ 
+ void put_files_struct(struct files_struct *files)
+ {
+@@ -421,6 +422,7 @@ void put_files_struct(struct files_struc
+ 		kmem_cache_free(files_cachep, files);
+ 	}
+ }
++EXPORT_SYMBOL_GPL(put_files_struct);
+ 
+ void reset_files_struct(struct files_struct *files)
+ {
+@@ -533,6 +535,7 @@ out:
+ 	spin_unlock(&files->file_lock);
+ 	return error;
+ }
++EXPORT_SYMBOL_GPL(__alloc_fd);
+ 
+ static int alloc_fd(unsigned start, unsigned flags)
+ {
+@@ -606,6 +609,7 @@ void __fd_install(struct files_struct *f
+ 	rcu_assign_pointer(fdt->fd[fd], file);
+ 	rcu_read_unlock_sched();
+ }
++EXPORT_SYMBOL_GPL(__fd_install);
+ 
+ void fd_install(unsigned int fd, struct file *file)
+ {
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -999,6 +999,7 @@ void mmput_async(struct mm_struct *mm)
+ 		schedule_work(&mm->async_put_work);
+ 	}
+ }
++EXPORT_SYMBOL_GPL(mmput_async);
+ #endif
+ 
+ /**
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -1280,6 +1280,7 @@ struct sighand_struct *__lock_task_sigha
+ 
+ 	return sighand;
+ }
++EXPORT_SYMBOL_GPL(__lock_task_sighand);
+ 
+ /*
+  * send signal info to all the members of a group
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -1624,6 +1624,7 @@ void zap_page_range(struct vm_area_struc
+ 	mmu_notifier_invalidate_range_end(mm, start, end);
+ 	tlb_finish_mmu(&tlb, start, end);
+ }
++EXPORT_SYMBOL_GPL(zap_page_range);
+ 
+ /**
+  * zap_page_range_single - remove user pages in a given range
+--- a/mm/shmem.c
++++ b/mm/shmem.c
+@@ -4326,6 +4326,7 @@ int shmem_zero_setup(struct vm_area_stru
+ 
+ 	return 0;
+ }
++EXPORT_SYMBOL_GPL(shmem_zero_setup);
+ 
+ /**
+  * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags.
+--- a/mm/vmalloc.c
++++ b/mm/vmalloc.c
+@@ -1308,6 +1308,7 @@ int map_kernel_range_noflush(unsigned lo
+ {
+ 	return vmap_page_range_noflush(addr, addr + size, prot, pages);
+ }
++EXPORT_SYMBOL_GPL(map_kernel_range_noflush);
+ 
+ /**
+  * unmap_kernel_range_noflush - unmap kernel VM area
+@@ -1448,6 +1449,7 @@ struct vm_struct *get_vm_area(unsigned l
+ 				  NUMA_NO_NODE, GFP_KERNEL,
+ 				  __builtin_return_address(0));
+ }
++EXPORT_SYMBOL_GPL(get_vm_area);
+ 
+ struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags,
+ 				const void *caller)
+--- a/security/security.c
++++ b/security/security.c
+@@ -231,24 +231,28 @@ int security_binder_set_context_mgr(stru
+ {
+ 	return call_int_hook(binder_set_context_mgr, 0, mgr);
+ }
++EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
+ 
+ int security_binder_transaction(struct task_struct *from,
+ 				struct task_struct *to)
+ {
+ 	return call_int_hook(binder_transaction, 0, from, to);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transaction);
+ 
+ int security_binder_transfer_binder(struct task_struct *from,
+ 				    struct task_struct *to)
+ {
+ 	return call_int_hook(binder_transfer_binder, 0, from, to);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
+ 
+ int security_binder_transfer_file(struct task_struct *from,
+ 				  struct task_struct *to, struct file *file)
+ {
+ 	return call_int_hook(binder_transfer_file, 0, from, to, file);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transfer_file);
+ 
+ int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
+ {
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -3976,6 +3976,7 @@ int can_nice(const struct task_struct *p
+ 	return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
+ 		capable(CAP_SYS_NICE));
+ }
++EXPORT_SYMBOL_GPL(can_nice);
+ 
+ #ifdef __ARCH_WANT_SYS_NICE
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 6736bbfa8..d9ef5ef33 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,6 +12,7 @@ debian/modpost-symbol-prefix.patch
 debian/tools-perf-version.patch
 debian/tools-perf-install.patch
 debian/wireless-add-debian-wireless-regdb-certificates.patch
+debian/export-symbols-needed-by-android-drivers.patch
 debian/android-enable-building-ashmem-and-binder-as-modules.patch
 
 # Fixes/improvements to firmware loading