On Thu, Oct 13, 2016 at 5:19 PM, Eduardo Aguirre <ironw...@gmail.com> wrote: > Aren't Tomoyo, Apparmor and Smack other LSMs (Linux Security Modules) in the > Linux Kernel used in Android?
Officially no, just SE Linux. However, I have seen some devices with TOMOYO enabled, but those were OEM enabled. > > > El jue., oct. 13, 2016 16:04, Stephen Smalley <s...@tycho.nsa.gov> escribió: >> >> On 10/13/2016 04:53 PM, Eduardo Aguirre wrote: >> > Thank you so much for all your help! >> > >> > Any recommended documentation about SE for Android, LSMs implemented in >> > Android and maybe an in-depth view of Android security? >> > I have already read the official documentation and the "Android security >> > internals book" but I was wondering if there is another good source of >> > information. >> >> The list of links from >> https://source.android.com/security/selinux/#supporting_documentation >> is a good starting point. >> >> > >> > El jue., 13 oct. 2016 a las 11:25, Stephen Smalley (<s...@tycho.nsa.gov >> > <mailto:s...@tycho.nsa.gov>>) escribió: >> > >> > On 10/13/2016 11:20 AM, Eduardo Aguirre wrote: >> > > Do you know why the MMAC mechanisms proposed in SEAndroid weren't >> > > adopted? I have also heard of something called "Intent firewall" >> > that >> > > has not been integrated to Android(as far as I know). >> > >> > Not entirely sure why (we didn't get feedback), but recent versions >> > of >> > Android do incorporate a runtime permissions model (built on top of >> > AppOps) and also include various enterprise-focused features. >> > >> > Last I looked, Intent Firewall was still part of Android, but not >> > something that can be configured by anyone other than the OEM (aside >> > from using custom ROMs). Some information about Intent Firewall is >> > available here: >> > http://www.cis.syr.edu/~wedu/android/IntentFirewall/ >> > >> > > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley >> > (<s...@tycho.nsa.gov <mailto:s...@tycho.nsa.gov> >> > > <mailto:s...@tycho.nsa.gov <mailto:s...@tycho.nsa.gov>>>) escribió: >> > > >> > > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote: >> > > > Could a policy in SEAndroid ensure confidentality and >> > privacy?: >> > > > >> > > > Restrict emails to some domains, restrict messages from some >> > contacts, >> > > > or even modify some rules when location changes? >> > > > >> > > > I think nothing like this has been implemented, but I also >> > think that >> > > > SEAndroid could be used to do something like that (maybe >> > some >> > > > modifications are needed?) >> > > >> > > The concepts you are describing would be implemented at the >> > middleware >> > > or, in some cases, even the application layer. While the SE >> > for Android >> > > project did experiment with several middleware mandatory >> > access control >> > > mechanisms (MMAC), none of those were ever adopted into the >> > Android Open >> > > Source Project; only the SELinux support was. >> > > >> > >> > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov. -- Respectfully, William C Roberts _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
