The first version of Android Security Enhanced was released by The National Security Agency (NSA).
The main feature of the system is to minimize the impact of security holes on Android devices.
In order to limit the damage that can be done by flawed or malicious apps and to enforce the separation between apps the Security Enhanced (SE) Android project is enabling the use of SELinux in Android.
Features of Security Enhanced Android
- Per-file security labeling support for yaffs2
- Filesystem* images (yaffs2 and ext4) labeled at build time*
- Kernel permission checks controlling Binder IPC
- Labeling sockets and socket files created by init
- Labeling* nodes created by ueventd*
- Configurable labeling of apps and app directories
- Userspace permission checks controlling use of the Zygote socket commands
- Minimal port of SELinux userspace
- SELinux support for the Android toolbox
- Small TE policy written from scratch for Android
- Confined domains for system services and apps
Aim Of Security Enhanced Android
- The main aim of Security Enhanced Android is to* improve and enhance the understanding the Android security.*
- Demonstrate useful security functionality in Android using SELinux
- Improve the suitability of SELinux for Android and Identify other security gaps in Android
Integration of SELinux into Android in a comprehensive and coherent manner
Security Enhanced Android
Confine privileged daemons
- Protect from misuse
- Limit the damage
- Prevent *privilege escalation by apps *
- Isolate and Sandbox apps
- Separate apps from each other
- Separate apps from the system
Want to read more about working go to http://isrlabs.net/wordpress/?p=129.