How would you keep compatibility with existing apps that are not aware of this access control system? Would you grant them blindly all the access rights?
On Thu, Jun 16, 2011 at 6:57 PM, Charles Clancy <[email protected]> wrote: > On 6/16/2011 3:31 PM, Chris Palmer wrote: > >> We're conducting a research project at Virginia Tech this summer to >>> add SELinux into the Android distro. This would go beyond the some of >>> the previous work into actually extending Binder to pass the >>> appropriate security context information to SELinux for application >>> policy enforcement. I'm curious what the community thinks about this. >>> >> What Android security problem(s) would SELinux solve? >> >> Of those, why is SELinux the best solution? >> > > SELinux implements mandatory access control, which provides more > fine-grained control than UID/GID-based permissions. Processes have > security contexts associated with them, and detailed policies describe what > those processes can and cannot do -- everything from file system access > control to kernel system calls. > > The Android kernel binder driver just exposes /dev/binder interface that is > readable and writable by all apps -- everything can talk to everything. The > goal is to instrument the kernel binder driver with security hooks that > correspond to SELinux hooks. Each app would have a detailed policy > specifying what it can and cannot do, which would be enforced by the kernel > via SELinux. > > The goal here is to enforce that apps only access what they're supposed to > via /dev/binder. > > You could do this sort of enforcement without SELinux, by implementing > everything within the binder driver, but you'd need to reinvent the policy > language and associated tools. Also, SELinux will let you enforce policies > about other parts of the kernel too -- not just apps. > > That's the idea anyway -- if I'm way off base here, I welcome constructive > criticism about the potential utility of implementing this, and the proposed > approach. > > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to android-security-discuss@** > googlegroups.com <[email protected]>. > To unsubscribe from this group, send email to android-security-discuss+** > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at http://groups.google.com/** > group/android-security-**discuss?hl=en<http://groups.google.com/group/android-security-discuss?hl=en> > . > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
