从selinux到SeAndroid-新手30分钟入门.ppt

SEAndroid Overview For beginner 1 From SeLinux Best and short summary /business/13/11/selinux-policy-guide Why Integrity (Type Enforcement) Confidentiality (Multi Level Security) Role Based Access Control What SELinux is a security enhancement to Linux which allows users and administrators more control over access control. DAC and MAC When SELinux kernel policy is presently compiled as part of the Android build and added to the ramdisk image so that it can be loaded by init very early in boot, before mounting the system partition. Once the data partition has been mounted, policy can be updated by placing policy files under a subdirectory of /data/security, creating a symbolic link named current under /data/security to that subdirectory, and setting the selinux.reload_policy property to 1 (setprop selinux.reload_policy 1). This will trigger a reload of policy by init. Where? Kernel: Security server, Object manager, Access Vector Cache User Space: Coreutils, Policy coreutils, Checkpolicy SELinux-policy: Configuration data , Rules that govern access Traditional UNIX DAC approach Owner controls access to object File owner/group Process with effective UID/GID File mode Almighty root user above the rules SELinux MAC approach Policy controls access to objects Labeled objects (files, sockets, …) Labeled processes (domains) Policy rules Concept of “almighty” unconfined processes is defined within policy DAC of UNIX VS MAC of SELinux File owner/group: UID/GID Process effective user/group: UID/GID File mode setuid() Setuid bit File context (FC): label Process domain: label Type Enforcement (TE) rules Domain transition File context + implicit domain transition rule labels $ ls -Z /var/spool/anacron/cron.daily -rw. root root system_u:object_r:system_cron_spool_t:s0 /var/spool/anacron/cron.daily $ ps uxZ |grep /usr/sbin/atd system_u:system_r:crond_t:s0-s0:c0.c1023 root 4371 0.0 0.0 21448 212 ? Ss 2012 0:00 /usr/sbin/atd Policy Delivered via RPM packages