SELinux in Android Lollipop and M

More documents

Recommendations

Info

Protecting the Android TCB via SELinux• Nothing can map low memory or access /dev/{k}mem.• Only init can set sensitive kernel settings/policy.• Only recovery can write to / or /system (the OS).• Native services can only execute from / and /system.• Only debuggerd can ptrace others.• Apps cannot write to most netlink sockets.• Apps cannot write to most service sockets.• No reading/following untrusted symlinks.6
Service-specific Protection via SELinux• Android keystore– Provides secure storage of keys.• SELinux kernel-enforced guarantees:– Nothing can ptrace the keystore.– Nothing else can open /data/misc/keystore files.• SELinux userspace access control:– Keystore checks SELinux policy for client requests.– Sensitive operations restricted via policy.7
Page 1 and 2: SELinux in Android Lollipop and MSt
Page 3 and 4: CLASSIFICATION HEADERToday's Talk
Page 5: SELinux in Android 5.0 Lollipop•
Page 9 and 10: Lollipop Updates●●●5.0.1 thro
Page 11 and 12: SELinux in Android M●●●●●
Page 13 and 14: SELinux and Android Multi-User●
Page 15 and 16: The Chrome for Android sandbox●
Page 17 and 18: Locking down the Binder• Binder i
Page 19 and 20: Policy Hardening• Forced init to
Page 21 and 22: Android & Upstream SELinux• Andro
Page 23 and 24: Ongoing and Future Work• Enable a

SELinux in Android Lollipop and M

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?