Exploring SE for Android

Discover Security Enhancements (SE) for Android to build your own protected Android-based systems

Exploring SE for Android

Learning
William Confer, William Roberts

Discover Security Enhancements (SE) for Android to build your own protected Android-based systems
$26.99
$44.99
RRP $26.99
RRP $44.99
eBook
Print + eBook

Instantly access this course right now and get the skills you need in 2017

With unlimited access to a constantly growing library of over 4,000 eBooks and Videos, a subscription to Mapt gives you everything you need to learn new skills. Cancel anytime.

Free Sample

Book Details

ISBN 139781784390594
Paperback214 pages

Book Description

You will start by exploring the nature of the security mechanisms behind Linux and SELinux, and as you complete the chapters, you will integrate and enable SE for Android into a System on Chip (SoC), a process that, prior to this book, has never before been documented in its entirety! Discover Android’s unique user space, from its use of the common UID and GID model to promote its security goals to its custom binder IPC mechanism. Explore the interface between the kernel and user space with respect to SELinux and investigate contexts and labels and their application to system objects.

This book will help you develop the necessary skills to evaluate and engineer secured products with the Android platform, whether you are new to the world of Security Enhanced Linux (SELinux) or experienced in secure system deployment.

Table of Contents

Chapter 1: Linux Access Controls
Changing permission bits
Changing owners and groups
The case for more
Capabilities model
Android's use of DAC
Glancing at Android vulnerabilities
Summary
Chapter 2: Mandatory Access Controls and SELinux
Getting back to the basics
Labels
Access vectors
Multilevel security
Putting it together
Complexities and best practices
Summary
Chapter 3: Android Is Weird
Android's security model
Binder
Zygote – application spawn
The property service
Summary
Chapter 4: Installation on the UDOO
Retrieving the source
Flashing image on an SD card
UDOO serial and Android Debug Bridge
Flipping the switch
It's alive
Summary
Chapter 5: Booting the System
Policy load
Fixing the policy version
Summary
Chapter 6: Exploring SELinuxFS
Locating the filesystem
Interrogating the filesystem
Java SELinux API
Summary
Chapter 7: Utilizing Audit Logs
Upgrades – patches galore
The audit system
Interpreting SELinux denial logs
Contexts
Summary
Chapter 8: Applying Contexts to Files
Labeling filesystems
Examples and tools
A side note on security
Summary
Chapter 9: Adding Services to Domains
Init – the king of daemons
Dynamic domain transitions
Explicit contexts via seclabel
Relabeling processes
Limitations on app labeling
Summary
Chapter 10: Placing Applications in Domains
The case to secure the zygote
Fortifying the zygote
Summary
Chapter 11: Labeling Properties
Labeling via property_contexts
Permissions on properties
Relabeling existing properties
Creating and labeling new properties
Special properties
Summary
Chapter 12: Mastering the Tool Chain
Building subcomponents – targets and projects
Exploring sepolicy's Android.mk
Standalone tools
Summary
Chapter 13: Getting to Enforcing Mode
Updating to SEPolicy master
Purging the device
Setting up CTS
Running CTS
Gathering the results
Authoring device policy
Second policy pass
Field trials
Going enforcing
Summary

What You Will Learn

  • Experiment with Linux and SELinux access controls
  • Build custom Android kernels
  • Backport SE for Android patches to different Android versions
  • Explore binder and property services, what they are, and how and why SELinux integrates them
  • Work with Android core internal systems like init and zygote
  • Learn how to keep pace with and navigate the details of fast moving open source projects
  • Overcome obstacles in policy development through directed experimentation

Authors

Table of Contents

Chapter 1: Linux Access Controls
Changing permission bits
Changing owners and groups
The case for more
Capabilities model
Android's use of DAC
Glancing at Android vulnerabilities
Summary
Chapter 2: Mandatory Access Controls and SELinux
Getting back to the basics
Labels
Access vectors
Multilevel security
Putting it together
Complexities and best practices
Summary
Chapter 3: Android Is Weird
Android's security model
Binder
Zygote – application spawn
The property service
Summary
Chapter 4: Installation on the UDOO
Retrieving the source
Flashing image on an SD card
UDOO serial and Android Debug Bridge
Flipping the switch
It's alive
Summary
Chapter 5: Booting the System
Policy load
Fixing the policy version
Summary
Chapter 6: Exploring SELinuxFS
Locating the filesystem
Interrogating the filesystem
Java SELinux API
Summary
Chapter 7: Utilizing Audit Logs
Upgrades – patches galore
The audit system
Interpreting SELinux denial logs
Contexts
Summary
Chapter 8: Applying Contexts to Files
Labeling filesystems
Examples and tools
A side note on security
Summary
Chapter 9: Adding Services to Domains
Init – the king of daemons
Dynamic domain transitions
Explicit contexts via seclabel
Relabeling processes
Limitations on app labeling
Summary
Chapter 10: Placing Applications in Domains
The case to secure the zygote
Fortifying the zygote
Summary
Chapter 11: Labeling Properties
Labeling via property_contexts
Permissions on properties
Relabeling existing properties
Creating and labeling new properties
Special properties
Summary
Chapter 12: Mastering the Tool Chain
Building subcomponents – targets and projects
Exploring sepolicy's Android.mk
Standalone tools
Summary
Chapter 13: Getting to Enforcing Mode
Updating to SEPolicy master
Purging the device
Setting up CTS
Running CTS
Gathering the results
Authoring device policy
Second policy pass
Field trials
Going enforcing
Summary

Book Details

ISBN 139781784390594
Paperback214 pages
Read More

Read More Reviews