What is SE Android?Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.
SE Android also refers to the reference implementation produced by the SE Android project. The current SE Android reference implementation provides a worked example of how to enable and apply SELinux at the lower layers of the Android software stack and provides a working demonstration of the value provided by SELinux in confining various root exploits and application vulnerabilities.
SE Android was first publically described in a presentation at the Linux Security Summit 2011. The slides from that talk can be found at http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf.
Some distinctive features of our SE Android reference implementation in comparison to prior efforts of which we are aware include:
- Per-file security labeling support for yaffs2,
- Filesystem images (yaffs2 and ext4) labeled at build time,
- Kernel permission checks controlling Binder IPC,
- Labeling of service sockets and socket files created by init,
- Labeling of device nodes created by ueventd,
- Flexible, configurable labeling of apps and app data directories,
- Userspace permission checks controlling use of the Zygote socket commands,
- Minimal port of SELinux userspace,
- SELinux support for the Android toolbox,
- Small TE policy written from scratch for Android,
- Confined domains for system services and apps,
- Use of MLS categories to isolate apps.
How do I get the SE Android code?First, you should make sure that you are able to successfully download, build and run the Android Open Source Project (AOSP) source code by following the instructions starting from http://source.android.com/source/initializing.html.
You should clone the master branch of AOSP as SE Android is based on it. The AOSP instructions are for Ubuntu or MacOS X users; we are building on 64-bit Fedora (14-16 are known to work, with minor modifications). Some Fedora-specific notes can be found further below. Ubuntu should also work, but you must have checkpolicy installed in order to compile the policy on the build host.
General questions about building and running Android should be directed to the android-building discussion group, not to the selinux mailing list. Only questions specific to SE Android should be directed to the selinux mailing list.
Once you have successfully built and run AOSP, you can obtain a local manifest specifying the SE Android git trees from http://selinuxproject.org/~seandroid/local_manifest.xml. Copy this file to the .repo subdirectory of your AOSP clone, and then run repo sync. Your tree should now include the SE Android modifications.