FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 11-01-2011, 02:15 PM
Mr Dash Four
 
Default SELinux on Android

Has this been done/implemented?

I've come across quite a few attempts - all in the not-so-recent past,
but don't like any of them. The most "promising" effort I could find was
by Yuichi Nakamura (ynakam@hitachisoft.jp), Hitachi Software Engineering
Co., Ltd dating about 5 years ago! This effort is described at
http://elinux.org/images/a/a3/ELC2008_nakamura.pdf.

Are there any better SELinux attempts/implementations done since then?
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 11-01-2011, 02:27 PM
Stephen Smalley
 
Default SELinux on Android

On Tue, 2011-11-01 at 15:15 +0000, Mr Dash Four wrote:
> Has this been done/implemented?
>
> I've come across quite a few attempts - all in the not-so-recent past,
> but don't like any of them. The most "promising" effort I could find was
> by Yuichi Nakamura (ynakam@hitachisoft.jp), Hitachi Software Engineering
> Co., Ltd dating about 5 years ago! This effort is described at
> http://elinux.org/images/a/a3/ELC2008_nakamura.pdf.
>
> Are there any better SELinux attempts/implementations done since then?

There was the Shabtai et al project,
Shabtai et al, "Securing Android-Powered Mobile Devices Using SELinux",
IEEE Security & Privacy, May-June 2010.

There is my project:
http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf

--
Stephen Smalley
National Security Agency

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 11-01-2011, 02:30 PM
Mr Dash Four
 
Default SELinux on Android

> There is my project:
> http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf
>
Funny enough I was just reading this file (was on p.44) when I started
the thread. Is this project still active?
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 11-01-2011, 03:33 PM
Stephen Smalley
 
Default SELinux on Android

On Tue, 2011-11-01 at 15:30 +0000, Mr Dash Four wrote:
> > There is my project:
> > http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf
> >
> Funny enough I was just reading this file (was on p.44) when I started
> the thread. Is this project still active?

Yes. I just gave that talk in September at the Linux Security Summit.
It is still an early prototype, but we are continuing to work on it and
plan to release it once we've integrated with the application layer
access controls and can show a more complete solution.

--
Stephen Smalley
National Security Agency

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 11-01-2011, 11:17 PM
Mr Dash Four
 
Default SELinux on Android

> Yes. I just gave that talk in September at the Linux Security Summit.
> It is still an early prototype, but we are continuing to work on it and
> plan to release it once we've integrated with the application layer
> access controls and can show a more complete solution.
>
Thanks for that!

Right now I am torn between two alternatives: 1) android + very limited
(if at all) selinux support +
google-installed-bloatware-I-cannot-remove; or 2) old-ish fedora kernel
for the target arch (arm-compatible) + selinux +
software-packages-I-want (including iptables, openvpn etc) I have
compiled from source for the target arch.

As it stands right now, I am inclined to go for option 2, not least
because SELinux is much more likely to be supported there. The drawback,
though, is I do not know whether any of the packages I want to put in my
smartphone are supported there? I am also petrified of the lax security
which exists on android. Unreal!

What is not an option for me though is leaving the "standard" android
system with all the bloatware installed on that smartphone.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 07:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org