Linux Security Summit 2014/Abstracts/Smalley
Protecting the Android TCB with SELinux
Stephen Smalley, NSA
At last year's LSS, SELinux was already shipping in the Samsung Galaxy S4 smartphone and included in the official Android 4.3 release by Google, but was in permissive mode by default. Since last year's LSS, SELinux has been made enforcing by default in Samsung devices and in the official Android 4.4 / KitKat release by Google.
As shipped in Android 4.4, SELinux was focused on protecting a set of root daemons in Android. This protection was successful in preventing exploitation of a long-standing root vulnerability in Android. Since the 4.4 release, significant work has gone into expanding the coverage of SELinux in Android to fully confine and protect all Android processes and to protect the Android Trusted Computing Base (TCB) against a number of practical, real-world threats. In this talk, we will describe how SELinux is being applied to Android to protect its TCB. The Android SELinux changes are already visible in the Android Open Source Project (AOSP) master branch and are expected to be included in the next major release of Android. We will also explain how we addressed various practical challenges to using SELinux effectively and summarize ongoing work to further improve the state of Android security.