On 10/13/2016 04:53 PM, Eduardo Aguirre wrote: > Thank you so much for all your help! > > Any recommended documentation about SE for Android, LSMs implemented in > Android and maybe an in-depth view of Android security? > I have already read the official documentation and the "Android security > internals book" but I was wondering if there is another good source of > information.
The list of links from https://source.android.com/security/selinux/#supporting_documentation is a good starting point. > > El jue., 13 oct. 2016 a las 11:25, Stephen Smalley (<s...@tycho.nsa.gov > <mailto:s...@tycho.nsa.gov>>) escribió: > > On 10/13/2016 11:20 AM, Eduardo Aguirre wrote: > > Do you know why the MMAC mechanisms proposed in SEAndroid weren't > > adopted? I have also heard of something called "Intent firewall" that > > has not been integrated to Android(as far as I know). > > Not entirely sure why (we didn't get feedback), but recent versions of > Android do incorporate a runtime permissions model (built on top of > AppOps) and also include various enterprise-focused features. > > Last I looked, Intent Firewall was still part of Android, but not > something that can be configured by anyone other than the OEM (aside > from using custom ROMs). Some information about Intent Firewall is > available here: > http://www.cis.syr.edu/~wedu/android/IntentFirewall/ > > > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley > (<s...@tycho.nsa.gov <mailto:s...@tycho.nsa.gov> > > <mailto:s...@tycho.nsa.gov <mailto:s...@tycho.nsa.gov>>>) escribió: > > > > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote: > > > Could a policy in SEAndroid ensure confidentality and privacy?: > > > > > > Restrict emails to some domains, restrict messages from some > contacts, > > > or even modify some rules when location changes? > > > > > > I think nothing like this has been implemented, but I also > think that > > > SEAndroid could be used to do something like that (maybe some > > > modifications are needed?) > > > > The concepts you are describing would be implemented at the > middleware > > or, in some cases, even the application layer. While the SE > for Android > > project did experiment with several middleware mandatory > access control > > mechanisms (MMAC), none of those were ever adopted into the > Android Open > > Source Project; only the SELinux support was. > > > _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
