On 6/16/2011 3:31 PM, Chris Palmer wrote:
We're conducting a research project at Virginia Tech this summer to
add SELinux into the Android distro. This would go beyond the some of
the previous work into actually extending Binder to pass the
appropriate security context information to SELinux for application
policy enforcement. I'm curious what the community thinks about this.
What Android security problem(s) would SELinux solve?
Of those, why is SELinux the best solution?
SELinux implements mandatory access control, which provides more
fine-grained control than UID/GID-based permissions. Processes have
security contexts associated with them, and detailed policies describe
what those processes can and cannot do -- everything from file system
access control to kernel system calls.
The Android kernel binder driver just exposes /dev/binder interface that
is readable and writable by all apps -- everything can talk to
everything. The goal is to instrument the kernel binder driver with
security hooks that correspond to SELinux hooks. Each app would have a
detailed policy specifying what it can and cannot do, which would be
enforced by the kernel via SELinux.
The goal here is to enforce that apps only access what they're supposed
to via /dev/binder.
You could do this sort of enforcement without SELinux, by implementing
everything within the binder driver, but you'd need to reinvent the
policy language and associated tools. Also, SELinux will let you
enforce policies about other parts of the kernel too -- not just apps.
That's the idea anyway -- if I'm way off base here, I welcome
constructive criticism about the potential utility of implementing this,
and the proposed approach.
--
You received this message because you are subscribed to the Google Groups "Android
Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
