http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Linux_Security_Summit_2015%2FAbstracts%2FSmalleyLinux Security Summit 2015/Abstracts/Smalley - Revision history2026-05-07T12:06:53ZRevision history for this page on the wikiMediaWiki 1.36.1http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2015/Abstracts/Smalley&diff=3574&oldid=prevJamesMorris: Created page with "== Title == SELinux in Android Lollipop and Android M == Presenter == Stephen Smalley, NSA == Abstract == At last year's LSS, we looked at how SELinux had been applied to..."2015-07-01T13:37:05Z<p>Created page with "== Title == SELinux in Android Lollipop and Android M == Presenter == Stephen Smalley, NSA == Abstract == At last year's LSS, we looked at how SELinux had been applied to..."</p>
<p><b>New page</b></p><div>== Title ==<br />
<br />
SELinux in Android Lollipop and Android M<br />
<br />
== Presenter ==<br />
<br />
Stephen Smalley, NSA<br />
<br />
== Abstract ==<br />
<br />
At last year's LSS, we looked at how SELinux had been applied to<br />
protect the Android Trusted Computing Base (TCB), starting with<br />
selective root daemon confinement in the Android 4.4 KitKat release<br />
and then working toward full confinement and enforcing a core set of<br />
TCB protection goals in what was then referred to as Android L,<br />
subsequently released as Android 5.0 Lollipop in early November of last<br />
year. Android 5.0 Lollipop is the first mainline Android release to<br />
ship with SELinux enforcing for all processes, although a number of<br />
Samsung devices were shipping with SELinux enforcing for all processes<br />
as early as Android 4.3.<br />
<br />
In this talk, we will first briefly review the final state of SELinux<br />
in the Android 5.0 Lollipop release, including any changes made in<br />
subsequent Lollipop updates (e.g. Android 5.1). We will then look at<br />
how the Android SELinux support has advanced in the Android Open<br />
Source Project (AOSP) master branch since Lollipop was forked and what<br />
we expect to be present in the upcoming Android M release later this<br />
year (a preview of the M release was just made available and announced<br />
at Google I/O). The talk will include discussion of how<br />
SELinux has been applied to reinforce user isolation for Android's<br />
multi-user model and how SELinux has been applied to strengthen the<br />
Chrome sandbox among other hardening improvements. We will also<br />
examine enhancements to the Android Compatibility Test Suite (CTS) to<br />
validate the Android SELinux policy for all Android devices and how<br />
these tests reduce the risk that OEMs will undermine the system<br />
security goals.</div>JamesMorris