Tuesday, January 17, 2012

SE Android

Once upon a time, we had SELinux, and now, we have SE Android, a security enhanced version of Google's Android operating system. It came from USA's NSA which deals with this kind of area.

By enabling SELinux functionality on Android, they hoped to isolate and prevent privilege escalation by applications, but it still can't help users against kernel vulnerabilities and misconfiguration of the security policy.

SEAndroid is only available as source and is built by cloning the Android Open Source Project (AOSP) git repository, and then applying the SE Android modifications from the project's git repository.

Please have a look on the presentation by Stephen Smalley of the NSA in 2011 Linux Security Summit for more detail.