NSA releases security-enhanced Android
The National Security Agency's SELinux Project has announced the first release of SE Android, a security enhanced version of Google's Android operating system. SEAndroid is the name of both a project to identify, and find solutions for, critical gaps in Android security and of a reference implementation of a security enhanced Android. The project is currently focusing its efforts on enabling SELinux functionality in the hope that it can limit the damage done by malicious apps, but hopes to widen its scope in the future.
In a presentation originally given at the 2011 Linux Security Summit, Stephen Smalley of the NSA explained the functionality within SEAndroid. He noted that it brings Mandatory Access Control to Android's Linux kernel and can help sandbox, isolate and prevent privilege escalation by applications with a centralised policy that is amenable to analysis. That said, it cannot protect against kernel vulnerabilities and misconfiguration of the security policy. Smalley also discussed how SEAndroid works to protect against a number of known exploits and how SEAndroid would have stopped them in different ways.
The SEAndroid reference implementation currently offers per-file security labelling for yaffs2, build-time labelled yaffs2 and ext2 filesystem images, Binder's inter-process communication made subject to kernel permission checks, labelling of service sockets, socket files and device nodes and flexible labelling of apps and app data directories. There is a "minimal port" of the SELinux userspace. A small type enforcement (TE) policy written specifically for Android is used to determine if a process can access an object. As is usual with SELinux, anything that is not expressly permitted is prohibited. SEAndroid is able to create confined domains to control the interaction of system services and apps and uses MLS (Multi-Level-Security) categories to isolate applications.
SEAndroid is only available as source and is built by cloning the Android Open Source Project (AOSP) git repository, and then applying the SE Android modifications from the project's git repository. Currently the project is builds on Fedora 16, and has built on Fedora 14 and 15. Instructions how to build for emulators and devices (specifically the Nexus S) and how to get started developing policies are available from the project's wiki.
(djwm)