SELinux in Android Lollipop and M

More documents

Recommendations

Info

SELinux and Android Multi-User (cont'd)●●●Apps running for different users areautomatically assigned different levels.SELinux blocks sending signals, accessing/proc/pid, opening app data files, orcommunicating via local sockets across levels.No per-user or per-app policy configurationrequired; just using MLS and categories.14
The Chrome for Android sandbox●●●●Combines multi-process architecture with UID isolation.App service components can be declared with aprocess=”name” and an isolatedProcess=”true” attribute.Android will run such services in a separate process andUID from the main app.This process has no Android permissions and the usualDAC restrictions, i.e. cannot read or write the files of themain app unless they are world accessible.15
Page 1 and 2: SELinux in Android Lollipop and MSt
Page 3 and 4: CLASSIFICATION HEADERToday's Talk
Page 5 and 6: SELinux in Android 5.0 Lollipop•
Page 7 and 8: Service-specific Protection via SEL
Page 9 and 10: Lollipop Updates●●●5.0.1 thro
Page 11 and 12: SELinux in Android M●●●●●
Page 13: SELinux and Android Multi-User●
Page 17 and 18: Locking down the Binder• Binder i
Page 19 and 20: Policy Hardening• Forced init to
Page 21 and 22: Android & Upstream SELinux• Andro
Page 23 and 24: Ongoing and Future Work• Enable a

SELinux in Android Lollipop and M

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?