On 05/12/2015 02:15 PM, Stephen Smalley wrote: > On 05/12/2015 12:46 PM, 食肉大灰兔V5 wrote: >> Hi, all >> >> I noticed that some rooting software can "root" the Android device and >> provide root access for other apps, like KingRoot 4.0 recently has >> successfully rooted my Nexus 5 running AOSP 5.1.0 R3. I wonder whether >> restricting such rooting conduct is one of SEAndroid's objectives? If >> yes, then how to protect from it? > > Depends on what you mean by "root" the Android device. > There's a legitimate way to do that for a Nexus device, i.e. boot into > bootloader mode, run fastboot oem unlock, accept it on the screen, wait > for userdata to be erased, and then use fastboot to flash any partition > you like with a custom image containing anything you want. SE for > Android isn't going to prevent that, except insofar as the default > policy may interfere with its operation unless they reflash the boot > image with one containing a custom policy. > > Then there is the illegimate way to do it, i.e. install an app or run > something via adb shell that exploits a vulnerability in Android to > escalate privileges and then proceeds to modify /system or other > partitions. In some cases, SE for Android can prevent the privilege > escalation, but this depends on the nature of the vulnerability (kernel > or userspace) and whether the vulnerable code is reachable/exploitable > under the policy. Also, SE for Android can prevent writing to /system > or other partitions but if they are using a kernel vulnerability and > gaining kernel code execution, then they can just disable SELinux (or > any other kernel security feature). > > With regard to detecting or preventing kernel exploits, Samsung KNOX has > something called TIMA that seeks to detect and protect the kernel via > software running in the TrustZone secure world. grsecurity is a project > that has implemented a number of kernel self-protection features that > could potentially be ported to the Android kernel in order to improve > its robustness against common flaws.
The other potentially relevant protection mechanism is verified boot, which, if enabled, will detect tampering with /system or other verified partitions at boot time. See: https://source.android.com/devices/tech/security/verifiedboot/index.html http://nelenkov.blogspot.com/2014/05/using-kitkat-verified-boot.html _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
