Exploring SE for Android

Discover Security Enhancements (SE) for Android to build your own protected Android-based systems
Preview in Mapt

Exploring SE for Android

William Confer, William Roberts

Discover Security Enhancements (SE) for Android to build your own protected Android-based systems
Mapt Subscription
FREE
$29.99/m after trial
eBook
$18.90
RRP $26.99
Save 29%
Print + eBook
$44.99
RRP $44.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$18.90
$44.99
$29.99 p/m after trial
RRP $26.99
RRP $44.99
Subscription
eBook
Print + eBook
Start 30 Day Trial

Frequently bought together


Exploring SE for Android Book Cover
Exploring SE for Android
$ 26.99
$ 18.90
Full Stack Angular for Java Developers Book Cover
Full Stack Angular for Java Developers
$ 39.99
$ 28.00
Buy 2 for $35.00
Save $31.98
Add to Cart

Book Details

ISBN 139781784390594
Paperback214 pages

Book Description

You will start by exploring the nature of the security mechanisms behind Linux and SELinux, and as you complete the chapters, you will integrate and enable SE for Android into a System on Chip (SoC), a process that, prior to this book, has never before been documented in its entirety! Discover Android’s unique user space, from its use of the common UID and GID model to promote its security goals to its custom binder IPC mechanism. Explore the interface between the kernel and user space with respect to SELinux and investigate contexts and labels and their application to system objects.

This book will help you develop the necessary skills to evaluate and engineer secured products with the Android platform, whether you are new to the world of Security Enhanced Linux (SELinux) or experienced in secure system deployment.

Table of Contents

Chapter 1: Linux Access Controls
Changing permission bits
Changing owners and groups
The case for more
Capabilities model
Android's use of DAC
Glancing at Android vulnerabilities
Summary
Chapter 2: Mandatory Access Controls and SELinux
Getting back to the basics
Labels
Access vectors
Multilevel security
Putting it together
Complexities and best practices
Summary
Chapter 3: Android Is Weird
Android's security model
Binder
Zygote – application spawn
The property service
Summary
Chapter 4: Installation on the UDOO
Retrieving the source
Flashing image on an SD card
UDOO serial and Android Debug Bridge
Flipping the switch
It's alive
Summary
Chapter 5: Booting the System
Policy load
Fixing the policy version
Summary
Chapter 6: Exploring SELinuxFS
Locating the filesystem
Interrogating the filesystem
Java SELinux API
Summary
Chapter 7: Utilizing Audit Logs
Upgrades – patches galore
The audit system
Interpreting SELinux denial logs
Contexts
Summary
Chapter 8: Applying Contexts to Files
Labeling filesystems
Examples and tools
A side note on security
Summary
Chapter 9: Adding Services to Domains
Init – the king of daemons
Dynamic domain transitions
Explicit contexts via seclabel
Relabeling processes
Limitations on app labeling
Summary
Chapter 10: Placing Applications in Domains
The case to secure the zygote
Fortifying the zygote
Summary
Chapter 11: Labeling Properties
Labeling via property_contexts
Permissions on properties
Relabeling existing properties
Creating and labeling new properties
Special properties
Summary
Chapter 12: Mastering the Tool Chain
Building subcomponents – targets and projects
Exploring sepolicy's Android.mk
Standalone tools
Summary
Chapter 13: Getting to Enforcing Mode
Updating to SEPolicy master
Purging the device
Setting up CTS
Running CTS
Gathering the results
Authoring device policy
Second policy pass
Field trials
Going enforcing
Summary

What You Will Learn

  • Experiment with Linux and SELinux access controls
  • Build custom Android kernels
  • Backport SE for Android patches to different Android versions
  • Explore binder and property services, what they are, and how and why SELinux integrates them
  • Work with Android core internal systems like init and zygote
  • Learn how to keep pace with and navigate the details of fast moving open source projects
  • Overcome obstacles in policy development through directed experimentation

Authors

Table of Contents

Chapter 1: Linux Access Controls
Changing permission bits
Changing owners and groups
The case for more
Capabilities model
Android's use of DAC
Glancing at Android vulnerabilities
Summary
Chapter 2: Mandatory Access Controls and SELinux
Getting back to the basics
Labels
Access vectors
Multilevel security
Putting it together
Complexities and best practices
Summary
Chapter 3: Android Is Weird
Android's security model
Binder
Zygote – application spawn
The property service
Summary
Chapter 4: Installation on the UDOO
Retrieving the source
Flashing image on an SD card
UDOO serial and Android Debug Bridge
Flipping the switch
It's alive
Summary
Chapter 5: Booting the System
Policy load
Fixing the policy version
Summary
Chapter 6: Exploring SELinuxFS
Locating the filesystem
Interrogating the filesystem
Java SELinux API
Summary
Chapter 7: Utilizing Audit Logs
Upgrades – patches galore
The audit system
Interpreting SELinux denial logs
Contexts
Summary
Chapter 8: Applying Contexts to Files
Labeling filesystems
Examples and tools
A side note on security
Summary
Chapter 9: Adding Services to Domains
Init – the king of daemons
Dynamic domain transitions
Explicit contexts via seclabel
Relabeling processes
Limitations on app labeling
Summary
Chapter 10: Placing Applications in Domains
The case to secure the zygote
Fortifying the zygote
Summary
Chapter 11: Labeling Properties
Labeling via property_contexts
Permissions on properties
Relabeling existing properties
Creating and labeling new properties
Special properties
Summary
Chapter 12: Mastering the Tool Chain
Building subcomponents – targets and projects
Exploring sepolicy's Android.mk
Standalone tools
Summary
Chapter 13: Getting to Enforcing Mode
Updating to SEPolicy master
Purging the device
Setting up CTS
Running CTS
Gathering the results
Authoring device policy
Second policy pass
Field trials
Going enforcing
Summary

Book Details

ISBN 139781784390594
Paperback214 pages
Read More

Read More Reviews

Recommended for You

Hacking Android Book Cover
Hacking Android
$ 35.99
$ 25.20
Mastering Mobile Forensics Book Cover
Mastering Mobile Forensics
$ 35.99
$ 25.20
Practical Internet of Things Security Book Cover
Practical Internet of Things Security
$ 35.99
$ 25.20
Mastering KVM Virtualization Book Cover
Mastering KVM Virtualization
$ 39.99
$ 28.00
Android 6 Essentials Book Cover
Android 6 Essentials
$ 23.99
$ 16.80
Asynchronous Android Programming - Second Edition Book Cover
Asynchronous Android Programming - Second Edition
$ 39.99
$ 28.00