Aren't Tomoyo, Apparmor and Smack other LSMs (Linux Security Modules) in the Linux Kernel used in Android?
El jue., oct. 13, 2016 16:04, Stephen Smalley <s...@tycho.nsa.gov> escribió: > On 10/13/2016 04:53 PM, Eduardo Aguirre wrote: > > Thank you so much for all your help! > > > > Any recommended documentation about SE for Android, LSMs implemented in > > Android and maybe an in-depth view of Android security? > > I have already read the official documentation and the "Android security > > internals book" but I was wondering if there is another good source of > > information. > > The list of links from > https://source.android.com/security/selinux/#supporting_documentation > is a good starting point. > > > > > El jue., 13 oct. 2016 a las 11:25, Stephen Smalley (<s...@tycho.nsa.gov > > <mailto:s...@tycho.nsa.gov>>) escribió: > > > > On 10/13/2016 11:20 AM, Eduardo Aguirre wrote: > > > Do you know why the MMAC mechanisms proposed in SEAndroid weren't > > > adopted? I have also heard of something called "Intent firewall" > that > > > has not been integrated to Android(as far as I know). > > > > Not entirely sure why (we didn't get feedback), but recent versions > of > > Android do incorporate a runtime permissions model (built on top of > > AppOps) and also include various enterprise-focused features. > > > > Last I looked, Intent Firewall was still part of Android, but not > > something that can be configured by anyone other than the OEM (aside > > from using custom ROMs). Some information about Intent Firewall is > > available here: > > http://www.cis.syr.edu/~wedu/android/IntentFirewall/ > > > > > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley > > (<s...@tycho.nsa.gov <mailto:s...@tycho.nsa.gov> > > > <mailto:s...@tycho.nsa.gov <mailto:s...@tycho.nsa.gov>>>) escribió: > > > > > > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote: > > > > Could a policy in SEAndroid ensure confidentality and > privacy?: > > > > > > > > Restrict emails to some domains, restrict messages from some > > contacts, > > > > or even modify some rules when location changes? > > > > > > > > I think nothing like this has been implemented, but I also > > think that > > > > SEAndroid could be used to do something like that (maybe some > > > > modifications are needed?) > > > > > > The concepts you are describing would be implemented at the > > middleware > > > or, in some cases, even the application layer. While the SE > > for Android > > > project did experiment with several middleware mandatory > > access control > > > mechanisms (MMAC), none of those were ever adopted into the > > Android Open > > > Source Project; only the SELinux support was. > > > > > > >
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
