SEApp enables developers to define ad-hoc Mandatory Access Control policies for their apps. This repository provides a set of changes to the Android Open Source Project.
When SELinux was introduced into Android 4.3 in 2013, it used a limited set of
system domains and it was mainly aimed at separating system resources from user
apps.
In the next releases, the configuration of SELinux has progressively become
more complex, with a growing set of domains isolating different services and
resources, so that a bug or vulnerability in some system component does not
lead to a direct compromise of the whole system.
The introduction of SELinux into Android has been a clear success.
Unfortunately, the stronger protection benefits do not extend to regular apps
which are assigned with a single domain named untrusted_app.
Since Android 9, isolation of apps is enforced also with the use of categories,
which guarantee that distinct apps operate with incompatible security contexts.
Our proposal, SEApp, builds upon the observation that giving app developers the
ability to apply MAC to the internal structure of the app would provide stronger
protection against a number of common internal vulnerabilities (see the Showcase app to have a glimpse of SEApp capabilities).
The following image depicts the evolution of SELinux since its introduction in Android, and the improvement introduced by SEApp.
SEApp enables developers to define ad-hoc Mandatory Access Control policies for their apps.
While developing SEApp, dedicated attention was paid to:
- preserve system security assumptions (e.g., do not alter the default behavior of key system services; do not provide
untrusted_appwith potentially dangerous SELinux permissions; etc.) - provide a solution with negligible performance impact at runtime and limited performance impact at install time
- give to the developers an easy-to-use solution that does not require the developer to understand system security internals
- provide a solution that is fully backward compatible
The latest version satisfies the previous requirements, though further improvements may be necessary to facilitate the use of SEApp to a wider range of application developers.
You can find additional information in our publication [1].
Ensure your system meets the hardware and software requirements.
Set up your local work environment to build the Android source files. Establishing a Build Environment details all the required steps, according to your operating system.
Download the source tree for the specific android-10.0.0_r41 code-line, which is what this branch is based on.
See Downloading the Source for the step-by-step instructions.
Finally, overwrite the AOSP files with the ones provided under platform in this repository to add SEApp functionality within the AOSP source tree.
Follow the Building Android guide.
Follow the instruction in Establishing a Build Environment and Build and run it with the
exception that when choosing the build target you should choose sdk_phone_x86_64 (as suggested in building AVD images).
To improve emulator performance we recommend to enable CPU virtualization extensions and build an x86 64-bit AVD.
[1] M. Rossi, D. Facchinetti, E. Bacis, M. Rosa and S. Paraboschi. SEApp: Bringing Mandatory Access Control to Android Apps. In Proceeding of the 30th USENIX Security Symposium, 2021. (Available here).