upload android base code part8
This commit is contained in:
August
parent
841ae54672
commit
5425409085
57075 changed files with 9846578 additions and 0 deletions
120
android/docs/source.android.com/en/security/selinux/index.html
Normal file
120
android/docs/source.android.com/en/security/selinux/index.html
Normal file
|
|
@ -0,0 +1,120 @@
|
|||
<html devsite>
|
||||
<head>
|
||||
<title>Security-Enhanced Linux in Android</title>
|
||||
<meta name="project_path" value="/_project.yaml" />
|
||||
<meta name="book_path" value="/_book.yaml" />
|
||||
</head>
|
||||
<body>
|
||||
<!--
|
||||
Copyright 2017 The Android Open Source Project
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
|
||||
|
||||
|
||||
<h2 id=introduction>Introduction</h2>
|
||||
|
||||
<p>The Android security model is based in part on the concept of application
|
||||
sandboxes. Each application runs in its own sandbox. Prior to Android 4.3,
|
||||
these sandboxes were defined by the creation of a unique Linux UID for each
|
||||
application at time of installation. Starting with Android 4.3,
|
||||
Security-Enhanced Linux (SELinux) is used to further define the boundaries of
|
||||
the Android application sandbox.</p>
|
||||
|
||||
<p>As part of the Android <a href="/security/index.html">
|
||||
security model</a>, Android uses SELinux to enforce mandatory access control
|
||||
(MAC) over all processes, even processes running with root/superuser privileges
|
||||
(a.k.a. Linux capabilities). SELinux enhances Android security by confining
|
||||
privileged processes and automating security policy creation.</p>
|
||||
|
||||
<p>Contributions to it have been made by a number
|
||||
of companies and organizations; all Android code
|
||||
and contributors are publicly available for review on <a
|
||||
href="https://android.googlesource.com/">android.googlesource.com</a>. With
|
||||
SELinux, Android can better protect and confine system services, control
|
||||
access to application data and system logs, reduce the effects of malicious
|
||||
software, and protect users from potential flaws in code on mobile devices.</p>
|
||||
|
||||
<p>Android includes SELinux in enforcing mode and a
|
||||
corresponding security policy that works by default across the <a
|
||||
href="https://android.googlesource.com/">Android Open Source Project</a>. In
|
||||
enforcing mode, illegitimate actions are prevented and all attempted violations
|
||||
are logged by the kernel to <code>dmesg</code> and <code>logcat</code>. Android
|
||||
device manufacturers should gather information about errors so they may
|
||||
refine their software and SELinux policies before enforcing them.</p>
|
||||
|
||||
<h2 id=background>Background</h2>
|
||||
|
||||
<p>SELinux operates on the ethos of default denial. Anything that is not
|
||||
explicitly allowed is denied. SELinux can operate in one of two global modes:
|
||||
permissive mode, in which permission denials are logged but not enforced, and
|
||||
enforcing mode, in which denials are both logged and enforced. SELinux also
|
||||
supports a per-domain permissive mode in which specific domains (processes) can
|
||||
be made permissive while placing the rest of the system in global enforcing
|
||||
mode. A domain is simply a label identifying a process or set of processes in
|
||||
the security policy, where all processes labeled with the same domain are
|
||||
treated identically by the security policy. Per-domain permissive mode enables
|
||||
incremental application of SELinux to an ever-increasing portion of the system.
|
||||
Per-domain permissive mode also enables policy development for new services
|
||||
while keeping the rest of the system enforcing.</p>
|
||||
|
||||
<p>In the Android 5.0 (L) release, Android moves to full enforcement of
|
||||
SELinux. This builds upon the permissive release of 4.3 and the partial
|
||||
enforcement of 4.4. In short, Android is shifting from enforcement on a
|
||||
limited set of crucial domains (<code>installd</code>, <code>netd</code>,
|
||||
<code>vold</code> and <code>zygote</code>) to everything (more than 60
|
||||
domains). This means manufacturers will have to better understand and scale
|
||||
their SELinux implementations to provide compatible devices. Understand
|
||||
that:</p>
|
||||
|
||||
|
||||
<ul>
|
||||
<li>Everything is in enforcing mode in the 5.0 release</li>
|
||||
<li> No processes other than <code>init</code> should run in the
|
||||
<code>init</code> domain</li>
|
||||
<li> Any generic denial (for a block_device, socket_device, default_service,
|
||||
etc.) indicates that device needs a special domain</li>
|
||||
</ul>
|
||||
|
||||
<h2 id=supporting_documentation>Supporting documentation</h2>
|
||||
|
||||
<p>See the documentation below for details on constructing useful policies:</p>
|
||||
|
||||
<p><a href="https://events.linuxfoundation.org/sites/events/files/slides/abs2014_seforandroid_smalley.pdf">
|
||||
https://events.linuxfoundation.org/sites/events/files/slides/
|
||||
abs2014_seforandroid_smalley.pdf</a></p>
|
||||
|
||||
<p><a href="https://www.internetsociety.org/sites/default/files/02_4.pdf">
|
||||
https://www.internetsociety.org/sites/default/files/02_4.pdf</a></p>
|
||||
|
||||
<p><a href="http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf">
|
||||
http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf</a></p>
|
||||
|
||||
<p><a href="http://selinuxproject.org/page/ObjectClassesPerms">
|
||||
http://selinuxproject.org/page/ObjectClassesPerms</a></p>
|
||||
|
||||
<p><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/implementing-selinux-as-linux-security-module-report.pdf">
|
||||
https://www.nsa.gov/resources/everyone/digital-media-center/publications/
|
||||
research-papers/assets/files/
|
||||
implementing-selinux-as-linux-security-module-report.pdf</a></p>
|
||||
|
||||
<p><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/configuring-selinux-policy-report.pdf">
|
||||
https://www.nsa.gov/resources/everyone/digital-media-center/publications/
|
||||
research-papers/assets/files/configuring-selinux-policy-report.pdf</a></p>
|
||||
|
||||
<p><a href="https://www.gnu.org/software/m4/manual/index.html">
|
||||
https://www.gnu.org/software/m4/manual/index.html</a></p>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Add table
Add a link
Reference in a new issue