diff options
author | Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com> | 2017-10-02 17:21:33 -0700 |
---|---|---|
committer | Clay Murphy <claym@google.com> | 2017-10-03 10:11:20 -0700 |
commit | af5d5a21a1561328b5aedfb86d32aae034ddf2f0 (patch) | |
tree | 1d26705099b6732e96c75ac6ed0012d9ed4934e0 /en/security/selinux/index.html | |
parent | f231ed8efb5bcdd321a8af8488e05b29fe63534d (diff) | |
download | source.android.com-af5d5a21a1561328b5aedfb86d32aae034ddf2f0.tar.gz |
Docs: Changes to source.android.com
- 170780545 Remove empty sectiion by daroberts <daroberts@google.com>
- 170778785 Remove VTS and Architecture exclusions form translation f... by daroberts <daroberts@google.com>
- 170776221 ignore paths -> ignore_paths (Added underscode) by Android Partner Docs <noreply@android.com>
- 170770237 Add tags for October Security Release. by Android Partner Docs <noreply@android.com>
- 170760109 Remove a note that doesn't belong on this page. by Android Partner Docs <noreply@android.com>
- 170722413 Update Oct 2017 Pixel Bulletin headers by daroberts <daroberts@google.com>
- 170718989 Small edits to Pixel bulletin by daroberts <daroberts@google.com>
- 170716226 Fix broken link by daroberts <daroberts@google.com>
- 170712949 October 2017 Android and Pixel security bulletins by daroberts <daroberts@google.com>
- 170543005 Add section highlighting latest version packages, downgra... by claym <claym@google.com>
- 170533303 Fix fileencryption flag from Ruslan Piasetskyi by claym <claym@google.com>
- 170497015 Temporarily excluding the architecture and VTS directories by daroberts <daroberts@google.com>
- 170490636 Update CDD link and section number by claym <claym@google.com>
- 170409254 Consolidate and fix binary links, add VNDK section to req... by claym <claym@google.com>
- 170390746 Update android-base.cfg link. by cqn <cqn@google.com>
- 170369057 Updated incorrect vendor reference. by Android Partner Docs <noreply@android.com>
- 170353198 Make final list ordered now that we know all apply. by claym <claym@google.com>
- 170246953 Fix flashing procedure description by Android Partner Docs <noreply@android.com>
- 170203192 Adding titles for resources, fixing links, minor text twe... by hvm <hvm@google.com>
- 170113678 Fix ambigious profile reference by claym <claym@google.com>
- 170113463 researcher acknowledgment update by Android Partner Docs <noreply@android.com>
- 170100609 Adding definition for DRM. by hvm <hvm@google.com>
- 170099262 Add link to /git-repo/+/master/docs/manifest-format.txt by claym <claym@google.com>
- 170098404 Fix Site Feedback link by claym <claym@google.com>
- 170088099 Add Help this Site plea to home page About statement by claym <claym@google.com>
- 170066318 Fixing uncapitalized start of sentence. by hvm <hvm@google.com>
PiperOrigin-RevId: 170780545
Change-Id: I9b379d805b97eff2cc683746700cfb75282ffc4d
Diffstat (limited to 'en/security/selinux/index.html')
-rw-r--r-- | en/security/selinux/index.html | 124 |
1 files changed, 62 insertions, 62 deletions
diff --git a/en/security/selinux/index.html b/en/security/selinux/index.html index f45d517d..e5ad9a12 100644 --- a/en/security/selinux/index.html +++ b/en/security/selinux/index.html @@ -39,83 +39,83 @@ security model</a>, Android uses SELinux to enforce mandatory access control (a.k.a. Linux capabilities). SELinux enhances Android security by confining privileged processes and automating security policy creation.</p> -<p>Contributions to it have been made by a number -of companies and organizations; all Android code -and contributors are publicly available for review on <a -href="https://android.googlesource.com/">android.googlesource.com</a>. With -SELinux, Android can better protect and confine system services, control -access to application data and system logs, reduce the effects of malicious -software, and protect users from potential flaws in code on mobile devices.</p> - -<p>Android includes SELinux in enforcing mode and a -corresponding security policy that works by default across the <a -href="https://android.googlesource.com/">Android Open Source Project</a>. In -enforcing mode, illegitimate actions are prevented and all attempted violations -are logged by the kernel to <code>dmesg</code> and <code>logcat</code>. Android -device manufacturers should gather information about errors so they may -refine their software and SELinux policies before enforcing them.</p> +<p>Many companies and organizations have contributed to SELinux; their +contributions are publicly available for review on +<a href="https://android.googlesource.com/" class="external">android.googlesource.com</a>, +aka the Android Open Source Project (AOSP). With SELinux, Android can better +protect and confine system services, control access to application data and +system logs, reduce the effects of malicious software, and protect users from +potential flaws in code on mobile devices.</p> + +<p>Android includes SELinux in enforcing mode and a corresponding security +policy that works by default across AOSP. In enforcing mode, illegitimate +actions are prevented and all attempted violations are logged by the kernel to +<code>dmesg</code> and <code>logcat</code>. Android device manufacturers should +gather information about errors so they may refine their software and SELinux +policies before enforcing them.</p> <h2 id=background>Background</h2> +<p>SELinux operates on the ethos of default denial: Anything not explicitly +allowed is denied. SELinux can operate in one of two global modes:</p> +<ul> +<li><em>Permissive</em> mode, in which permission denials are logged but not +enforced.</li> +<li><em>Enforcing</em> mode, in which permissions denials are both logged +<strong>and</strong> enforced.</li> +</ul> -<p>SELinux operates on the ethos of default denial. Anything that is not -explicitly allowed is denied. SELinux can operate in one of two global modes: -permissive mode, in which permission denials are logged but not enforced, and -enforcing mode, in which denials are both logged and enforced. SELinux also -supports a per-domain permissive mode in which specific domains (processes) can -be made permissive while placing the rest of the system in global enforcing -mode. A domain is simply a label identifying a process or set of processes in -the security policy, where all processes labeled with the same domain are -treated identically by the security policy. Per-domain permissive mode enables -incremental application of SELinux to an ever-increasing portion of the system. -Per-domain permissive mode also enables policy development for new services -while keeping the rest of the system enforcing.</p> - -<p>In the Android 5.0 (L) release, Android moves to full enforcement of -SELinux. This builds upon the permissive release of 4.3 and the partial -enforcement of 4.4. In short, Android is shifting from enforcement on a -limited set of crucial domains (<code>installd</code>, <code>netd</code>, -<code>vold</code> and <code>zygote</code>) to everything (more than 60 -domains). This means manufacturers will have to better understand and scale -their SELinux implementations to provide compatible devices. Understand -that:</p> - +<p>SELinux also supports a <em>per-domain permissive</em> mode in which specific +domains (processes) can be made permissive while placing the rest of the system +in global enforcing mode. A domain is simply a label identifying a process or set +of processes in the security policy, where all processes labeled with the same +domain are treated identically by the security policy. Per-domain permissive +mode enables incremental application of SELinux to an ever-increasing portion of +the system and policy development for new services (while keeping the rest of +the system enforcing).</p> + +<p>The Android 5.0 release moved to full enforcement of SELinux, building on the +permissive release of Android 4.3 and the partial enforcement of Android 4.4. +With this change, Android shifted from enforcement on a limited set of crucial +domains (<code>installd</code>, <code>netd</code>, <code>vold</code> and +<code>zygote</code>) to everything (more than 60 domains). Specifically:</p> <ul> -<li>Everything is in enforcing mode in the 5.0 release</li> -<li> No processes other than <code>init</code> should run in the -<code>init</code> domain</li> -<li> Any generic denial (for a block_device, socket_device, default_service, -etc.) indicates that device needs a special domain</li> +<li>Everything is in enforcing mode in Android 5.x and higher.</li> +<li>No processes other than <code>init</code> should run in the +<code>init</code> domain.</li> +<li>Any generic denial (for a <code>block_device</code>, +<code>socket_device</code>, <code>default_service</code>, etc.) indicates that +device needs a special domain.</li> </ul> +<p>As a result, manufacturers need to better understand and scale their SELinux +implementations to provide compatible devices.</p> -<h2 id=supporting_documentation>Supporting documentation</h2> +<h2 id=supporting_documentation>Additional resources</h2> -<p>See the documentation below for details on constructing useful policies:</p> +<p>For help constructing useful SELinux policies, refer to the following +resources:</p> -<p><a href="https://events.linuxfoundation.org/sites/events/files/slides/abs2014_seforandroid_smalley.pdf"> -https://events.linuxfoundation.org/sites/events/files/slides/ -abs2014_seforandroid_smalley.pdf</a></p> +<ul><li><a href="https://events.linuxfoundation.org/sites/events/files/slides/abs2014_seforandroid_smalley.pdf" class="external"> +Security Enhancements for Linux</a></li> -<p><a href="https://www.internetsociety.org/sites/default/files/02_4.pdf"> -https://www.internetsociety.org/sites/default/files/02_4.pdf</a></p> +<li><a href="http://www.cs.columbia.edu/~lierranli/coms6998-7Spring2014/papers/SEAndroid-NDSS2013.pdf" class="external"> +Security Enhanced (SE) Android: Bringing Flexible MAC to Android</a></li> -<p><a href="http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf"> -http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf</a></p> +<li><a href="http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf" class="external"> +The SELinux Notebook, 4th Edition</a></li> -<p><a href="http://selinuxproject.org/page/ObjectClassesPerms"> -http://selinuxproject.org/page/ObjectClassesPerms</a></p> +<li><a href="http://selinuxproject.org/page/ObjectClassesPerms" class="external"> +SELinux Object Classes and Permissions Reference</a></li> -<p><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/implementing-selinux-as-linux-security-module-report.pdf"> -https://www.nsa.gov/resources/everyone/digital-media-center/publications/ -research-papers/assets/files/ -implementing-selinux-as-linux-security-module-report.pdf</a></p> +<li><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/implementing-selinux-as-linux-security-module-report.pdf" class="external"> +Implementing SELinux as a Linux Security Module</a></li> -<p><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/configuring-selinux-policy-report.pdf"> -https://www.nsa.gov/resources/everyone/digital-media-center/publications/ -research-papers/assets/files/configuring-selinux-policy-report.pdf</a></p> +<li><a href="https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/configuring-selinux-policy-report.pdf" class="external"> +Configuring the SELinux Policy</a></li> -<p><a href="https://www.gnu.org/software/m4/manual/index.html"> -https://www.gnu.org/software/m4/manual/index.html</a></p> +<li><a href="https://www.gnu.org/software/m4/manual/index.html" class="external"> +GNU M4 - GNU Macro Processor Manual</a></li> +</ul> </body> </html> |