Security Enhanced Android Released By NSA
Android may be secure enough for the average consumer, but it is hardly air tight. The National Security Agency (NSA) released the first version of their custom build of Google’s popular OS, called Security Enhanced Android. The system is designed to minimize the impact of security holes on Android. The SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps.
Specifically, Android SE aims to offer:
- Per-file security labeling support for yaffs2,
- Filesystem images (yaffs2 and ext4) labeled at build time,
- Kernel permission checks controlling Binder IPC,
- Labeling of service sockets and socket files created by init,
- Labeling of device nodes created by ueventd,
- Flexible, configurable labeling of apps and app data directories,
- Userspace permission checks controlling use of the Zygote socket commands,
- Minimal port of SELinux userspace,
- SELinux support for the Android toolbox,
- Small TE policy written from scratch for Android,
- Confined domains for system services and apps,
- Use of MLS categories to isolate apps.
Would you like to see Android SE features built into your favorite ROM? Sound off in the comments, or you can get the source code from Android Open Source Project in this link