CuuDuongThanCong.com www.it-ebooks.info CuuDuongThanCong.com www.it-ebooks.info Exploring SE for Android CuuDuongThanCong.com www.it-ebooks.info Table of Contents Exploring SE for Android Credits Foreword About the Authors About the Reviewers www.PacktPub.com Support files, eBooks, discount offers, and more Why subscribe? Free access for Packt account holders Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the example code Errata Piracy Questions Linux Access Controls Changing permission bits Changing owners and groups The case for more Capabilities model Android’s use of DAC Glancing at Android vulnerabilities Skype vulnerability GingerBreak CuuDuongThanCong.com www.it-ebooks.info Rage against the cage MotoChopper Summary Mandatory Access Controls and SELinux Getting back to the basics Labels Users Roles Types Access vectors Multilevel security Putting it together Complexities and best practices Summary Android Is Weird Android’s security model Binder Binder’s architecture Binder and security Zygote – application spawn The property service Summary Installation on the UDOO Retrieving the source Flashing image on an SD card UDOO serial and Android Debug Bridge Flipping the switch It’s alive Summary Booting the System Policy load CuuDuongThanCong.com www.it-ebooks.info Fixing the policy version Summary Exploring SELinuxFS Locating the filesystem Interrogating the filesystem The enforce node The disable file interface The policy file The null file The mls file The status file Access Vector Cache The booleans directory The class directory The initial_contexts directory The policy_capabilities directory ProcFS Java SELinux API Summary Utilizing Audit Logs Upgrades – patches galore The audit system The auditd daemon Auditd internals Interpreting SELinux denial logs Contexts Summary Applying Contexts to Files Labeling filesystems fs_use fs_task_use CuuDuongThanCong.com www.it-ebooks.info fs_use_trans genfscon Mount options Labeling with extended attributes The file_contexts file Dynamic type transitions Examples and tools Fixing up /data A side note on security Summary Adding Services to Domains Init – the king of daemons Dynamic domain transitions Explicit contexts via seclabel Relabeling processes Limitations on app labeling Summary 10 Placing Applications in Domains The case to secure the zygote Fortifying the zygote Plumbing the zygote socket The mac_permissions.xml file keys.conf seapp_contexts Summary 11 Labeling Properties Labeling via property_contexts Permissions on properties Relabeling existing properties Creating and labeling new properties Special properties CuuDuongThanCong.com www.it-ebooks.info Control properties Persistent properties SELinux properties Summary 12 Mastering the Tool Chain Building subcomponents – targets and projects Exploring sepolicy’s Android.mk Building sepolicy Controlling the policy build Digging deeper into build_policy Building mac_permissions.xml Building seapp_contexts Building file_contexts Building property_contexts Current NSA research files Standalone tools sepolicy-check sepolicy-analyze Summary 13 Getting to Enforcing Mode Updating to SEPolicy master Purging the device Setting up CTS Running CTS Gathering the results CTS test results Audit logs Authoring device policy adbd bootanim debuggerd CuuDuongThanCong.com www.it-ebooks.info drmserver dumpstate installd keystore mediaserver netd rild servicemanager surfaceflinger system_server toolbox untrusted_app vold watchdogd wpa Second policy pass init shell init_shell.te Field trials Going enforcing Summary A The Development Environment VirtualBox Ubuntu Linux 12.04 (precise pangolin) VirtualBox extension pack and guest additions VirtualBox extension pack VirtualBox guest additions Save time with shared folders The build environment Oracle Java 6 CuuDuongThanCong.com www.it-ebooks.info Summary Index CuuDuongThanCong.com www.it-ebooks.info I initial_contexts directory / The initial_contexts directory init process about / Init – the king of daemons Interprocess Communication (IPC) about / Binder CuuDuongThanCong.com www.it-ebooks.info J Java SELinux API about / Java SELinux API CuuDuongThanCong.com www.it-ebooks.info K kernel SELinux, enabling in / It’s alive kernel-common URL / Upgrades – patches galore kernel-common project URL / Upgrades – patches galore keys.conf / keys.conf CuuDuongThanCong.com www.it-ebooks.info L labeling via property_contexts / Labeling via property_contexts labels about / Labels users / Users roles / Roles types / Types Linux Security Module (LSM) about / Binder and security CuuDuongThanCong.com www.it-ebooks.info M mac_permissions.xml building / Building mac_permissions.xml mac_permissions.xml file about / The mac_permissions.xml file mls file / The mls file MotoChopper / MotoChopper mount options / Mount options multi-level security (MLS) / The mls file multilevel security (MLS) model about / Multilevel security CuuDuongThanCong.com www.it-ebooks.info N National Security Agency (NSA) about / Binder and security NSA repositories URL / Upgrades – patches galore NSA research files / Current NSA research files null file / The null file CuuDuongThanCong.com www.it-ebooks.info O Oracle Java 6 about / Oracle Java 6 Oracle Java archive URL / Oracle Java 6 owners changing / Changing owners and groups CuuDuongThanCong.com www.it-ebooks.info P patches about / Upgrades – patches galore permission bits changing / Changing permission bits permissions, on properties about / Permissions on properties permissive about / The enforce node persistent properties / Persistent properties pet analogy URL / Putting it together about / Putting it together policy build controlling / Controlling the policy build policy file / The policy file policy load about / Policy load policy pass about / Second policy pass init / init shell / shell init_shell.te / init_shell.te policy version fixing / Fixing the policy version policy_capabilities directory / The policy_capabilities directory processes relabeling / Relabeling processes Process ID (PID) / Binder’s architecture, Init – the king of daemons procfs / ProcFS projects building / Building subcomponents – targets and projects properties creating / Creating and labeling new properties labeling / Creating and labeling new properties property service about / The property service property_contexts labeling via / Labeling via property_contexts building / Building property_contexts CuuDuongThanCong.com www.it-ebooks.info R Radio Interface Layer Daemon (RILD) / Android’s security model, Init – the king of daemons README testkey / The case to secure the zygote platform / The case to secure the zygote shared / The case to secure the zygote media / The case to secure the zygote role-based access controls (RBAC) about / Roles roles, labels / Roles CuuDuongThanCong.com www.it-ebooks.info S seapp_contexts / seapp_contexts building / Building seapp_contexts security and Binder / Binder and security security id (sid) / Labeling filesystems security identifier (sid) / The initial_contexts directory security model system component services / Android’s security model applications / Android’s security model SELinux about / Getting back to the basics implementing / Multilevel security benefits / Putting it together best practices / Complexities and best practices complexities / Complexities and best practices enabling, in kernel / It’s alive SELinux denial logs interpreting / Interpreting SELinux denial logs SELinuxFS about / Policy load SELinux properties / SELinux properties sepolicy building / Building sepolicy sepolicy-analyze tool / sepolicy-analyze sepolicy-check tool / sepolicy-check SEPolicy master updating / Updating to SEPolicy master setsockcreatecon() function / Init – the king of daemons shared folders about / Save time with shared folders Skype vulnerability / Skype vulnerability source retrieving / Retrieving the source special properties about / Special properties control properties / Control properties persistent properties / Persistent properties SELinux properties / SELinux properties standalone tools about / Standalone tools sepolicy-check / sepolicy-check sepolicy-analyze / sepolicy-analyze CuuDuongThanCong.com www.it-ebooks.info status file / The status file subject about / Getting back to the basics switch flipping / Flipping the switch system apps about / The case to secure the zygote system component services / Android’s security model system server about / Android’s security model CuuDuongThanCong.com www.it-ebooks.info T target about / Getting back to the basics targets building / Building subcomponents – targets and projects tools, filesystems about / Examples and tools /data filesystem, fixing up / Fixing up /data security / A side note on security type enforcement (TE) about / Types, Dynamic domain transitions type field value, filesystem object about / The file_contexts file — / The file_contexts file -d / The file_contexts file -b / The file_contexts file -s / The file_contexts file -c / The file_contexts file -l / The file_contexts file -p / The file_contexts file types, labels / Types CuuDuongThanCong.com www.it-ebooks.info U Ubuntu Linux 12.04 about / Ubuntu Linux 12.04 (precise pangolin) URL / Ubuntu Linux 12.04 (precise pangolin) UDOO documentation URL / Retrieving the source UDOO serial about / UDOO serial and Android Debug Bridge user-based access controls (UBAC) about / Users users, labels / Users userspace object manager / The status file CuuDuongThanCong.com www.it-ebooks.info V variables BOARD_SEPOLICY_DIRS / Controlling the policy build BOARD_SEPOLICY_UNION / Controlling the policy build BOARD_SEPOLICY_REPLACE / Controlling the policy build BOARD_SEPOLICY_IGNORE / Controlling the policy build VirtualBox about / VirtualBox URL / VirtualBox extension pack / VirtualBox extension pack guest additions / VirtualBox guest additions virtual machine (VM) / Zygote – application spawn CuuDuongThanCong.com www.it-ebooks.info Z Zygote about / Zygote – application spawn zygote securing / The case to secure the zygote fortifying / Fortifying the zygote socket, plumbing / Plumbing the zygote socket mac_permissions.xml file / The mac_permissions.xml file keys.conf / keys.conf seapp_contexts / seapp_contexts zygote socket plumbing / Plumbing the zygote socket CuuDuongThanCong.com www.it-ebooks.info ... Access: (0664/-rw-rw-r ) Uid: ( 1000/bookuser) Gid: ( 1000/bookuser) Access: 201 4-0 8-0 4 15:53:01.951024557 -0 700 Modify: 201 4-0 6-2 3 19:44:14.308741592 -0 700 Change: 201 4-0 6-2 3 19:44:14.308741592 -0 700... 4 bookuser bookuser 4096 Aug 4 16:20 android -rw-rw-r 1 bookuser bookuser 130 Jun 19 17:51 apport-ignore.xml -rw-rw-r 1 bookuser bookuser 365 Jun 23 19:44 hello.txt -rw - 1 bookuser bookuser 19276 Aug... In the context of the target object, USER can be referred to as owner or creator $ ls -la total 296 drwxr-xr-x 38 bookuser bookuser 4096 Aug 23 11:08 drwxr-xr-x 3 root root 4096 Jun 8 18:50 -rw-rw-r 1 bookuser bookuser 116 Jul 22 13:13 a.c drwxrwxr-x 4 bookuser bookuser