The only "LSM" in Android is SELinux. The term LSM means Linux Security Module and is a Linux kernel technology.
If you want to actually look deeper in how SE Linux was integrated, parts of Exploring SE for Android (my book), may be of help. As far as Android Security, that internals book you mention is the best general coverage I have found. On Thu, Oct 13, 2016 at 4:53 PM, Eduardo Aguirre <ironw...@gmail.com> wrote: > Thank you so much for all your help! > > Any recommended documentation about SE for Android, LSMs implemented in > Android and maybe an in-depth view of Android security? > I have already read the official documentation and the "Android security > internals book" but I was wondering if there is another good source of > information. > > El jue., 13 oct. 2016 a las 11:25, Stephen Smalley (<s...@tycho.nsa.gov>) > escribió: >> >> On 10/13/2016 11:20 AM, Eduardo Aguirre wrote: >> > Do you know why the MMAC mechanisms proposed in SEAndroid weren't >> > adopted? I have also heard of something called "Intent firewall" that >> > has not been integrated to Android(as far as I know). >> >> Not entirely sure why (we didn't get feedback), but recent versions of >> Android do incorporate a runtime permissions model (built on top of >> AppOps) and also include various enterprise-focused features. >> >> Last I looked, Intent Firewall was still part of Android, but not >> something that can be configured by anyone other than the OEM (aside >> from using custom ROMs). Some information about Intent Firewall is >> available here: >> http://www.cis.syr.edu/~wedu/android/IntentFirewall/ >> >> > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley (<s...@tycho.nsa.gov >> > <mailto:s...@tycho.nsa.gov>>) escribió: >> > >> > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote: >> > > Could a policy in SEAndroid ensure confidentality and privacy?: >> > > >> > > Restrict emails to some domains, restrict messages from some >> > contacts, >> > > or even modify some rules when location changes? >> > > >> > > I think nothing like this has been implemented, but I also think >> > that >> > > SEAndroid could be used to do something like that (maybe some >> > > modifications are needed?) >> > >> > The concepts you are describing would be implemented at the >> > middleware >> > or, in some cases, even the application layer. While the SE for >> > Android >> > project did experiment with several middleware mandatory access >> > control >> > mechanisms (MMAC), none of those were ever adopted into the Android >> > Open >> > Source Project; only the SELinux support was. >> > >> > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov. -- Respectfully, William C Roberts _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
