Exploring SE for Android

Book Description

Discover Security Enhancements (SE) for Android to build your own protected Android-based systems

About This Book

• Learn the fundamental security models and motivations behind Linux, SELinux, and SE for Android.
• Build and enable current security enhancements from the SE for Android project onto a working embedded UDOO board.
• Discover how to leverage SE for Android to secure your own projects in powerful ways using this step by step guide.

Who This Book Is For

This book is intended for developers and engineers with some familiarity of operating system concepts as implemented by Linux. A basic background in C code would be helpful. Their positions range from hobbyists wanting to secure their Android powered creations to OEM engineers building handsets to engineers of emerging areas where Android is seeing growth.

In Detail

You will start by exploring the nature of the security mechanisms behind Linux and SELinux, and as you complete the chapters, you will integrate and enable SE for Android into a System on Chip (SoC), a process that, prior to this book, has never before been documented in its entirety! Discover Android’s unique user space, from its use of the common UID and GID model to promote its security goals to its custom binder IPC mechanism. Explore the interface between the kernel and user space with respect to SELinux and investigate contexts and labels and their application to system objects.

This book will help you develop the necessary skills to evaluate and engineer secured products with the Android platform, whether you are new to world of Security Enhanced Linux (SELinux) or experienced in secure system deployment.

Table of Contents

Chapter 1. Linux Access Controls
Chapter 2. Mandatory Access Controls and SELinux
Chapter 3. Android Is Weird
Chapter 4. Installation on the UDOO
Chapter 5. Booting the System
Chapter 6. Exploring SELinuxFS
Chapter 7. Utilizing Audit Logs
Chapter 8. Applying Contexts to Files
Chapter 9. Adding Services to Domains
Chapter 10. Placing Applications in Domains
Chapter 11. Labeling Properties
Chapter 12. Mastering the Tool Chain
Chapter 13. Getting to Enforcing Mode

中文：

书名：探索面向Android的SE

了解针对Android的安全增强功能(SE)，以构建您自己的受保护的基于Android的系统

关于本书

• 了解Linux、SELinux和SE for Android背后的基本安全模型和动机。
• 将当前的安全增强功能从SE for Android项目构建并启用到工作的嵌入式UDOO板上。
• 使用本分步指南，了解如何利用SE for Android以强大的方式保护您自己的项目。

Who This Book Is For

本书面向对由Linux实现的操作系统概念有一定了解的开发人员和工程师。有C代码的基本背景会很有帮助。他们的职位范围很广，从希望确保Android支持的产品安全的业余爱好者，到制造手机的OEM工程师，再到Android正在增长的新兴领域的工程师。

详细地说

您将从探索Linux和SELinux背后的安全机制的本质开始，在完成各章后，您将把SE for Android集成并启用到片上系统(SoC)中，这一过程在本书之前从未被完整地记录过！探索Android独特的用户空间，从它使用通用的UID和GID模型来提升其安全目标到其定制的绑定器IPC机制。探索与SELinux相关的内核和用户空间之间的接口，并研究上下文和标签及其对系统对象的应用。

这本书将帮助您开发必要的技能来评估和设计Android平台的安全产品，无论您是安全增强型Linux(SELinux)世界的新手还是在安全系统部署方面经验丰富的人。

目录表

第1章.Linux访问控制
第2章.强制访问控制和SELinux
第三章：Android是怪异的
第4章.UDOO上的安装
第5章.引导系统
第6章.探索SELinuxFS
第7章：使用审核日志
Chapter 8. Applying Contexts to Files
第9章：将服务添加到域
第10章.在域中放置应用程序
第11章.标注属性
第十二章掌握工具链
第13章：进入强制执行模式