Security Enhanced (SE) Android is a project by NSA(National Security Agency) to provide with strict control access to the very popular mobile operating system Android. This project was started by NSA to the increased numbers Android mobile operating system vulnerabilities and applications that need extra privileges to operate. SE Android was first publically described in a presentation at the Linux Security Summit 2011.
The SE Android is based on AOSP (Android Open Source Project) and applies application layer security which will enable it to check and defend against unauthorized access to your and devices information. The SE Android is based on SE Linux and implements it in the Android to minimize the security holes.
Some distinctive features of our SE Android reference implementation in comparison to prior efforts of which we are aware include:
- Per-file security labeling support for yaffs2,
- Filesystem images (yaffs2 and ext4) labeled at build time,
- Kernel permission checks controlling Binder IPC,
- Labeling of service sockets and socket files created by init,
- Labeling of device nodes created by ueventd,
- Flexible, configurable labeling of apps and app data directories,
- Userspace permission checks controlling use of the Zygote socket commands,
- Minimal port of SELinux userspace,
- SELinux support for the Android toolbox,
- Small TE policy written from scratch for Android,
- Confined domains for system services and apps,
- Use of MLS categories to isolate apps.
This is however not a build that you can easily flash to your Android device like CyanogenMod or MIUI. If you are interested in using this on your Android device, you will first need to be able to build the AOSP code and then sync it with SE Android AOSP to apply all the patches and modification.
We’ll have to wait and see if Manufacturers take any step to implement the features of SE Android to their devices. If this happens we will have a much secure Android Ecosystem and users will feel much safer with their Android devices.
