Week Ending: July 19, 2013 – Special SELinux Edition
“This Week in CyanogenMod” is an ongoing feature that aims to serve as a one-stop shop for weekly updates. Topics discussed are culled from our social media accounts, gerrit, status updates and general thoughts.
This week was about all SELinux and adjusting our source to accommodate it.
What is SELinux?
The project’s official description reads “SELinux is a security enhancement to Linux which allows users and administrators more control over access control.”
SELinux is a set of Open sourced and peer reviewed changes to the core Android Software stack to help prevent apps from performing malicious activities. This is done by establishing a set of policies that act as mandatory access controls (MAC). Depending on the policy, it can do things such as prevent apps from running or accessing specific data, to preventing root access altogether.
SELinux has wide-scale adoption throughout the linux landscape, with Fedora, Red Hat and others incorporating policies to better the system security. The default policies are usually written per distribution, by their maintainers – we have begun this process for CyanogenMod.
We will be working on this policy creation in parallel to Google’s own policies for Android, which we believe will be released with the Android 4.3 source; effectively getting us ahead of the eventual 4.3 source release. As this process is open source, policy creation and suggestions will be handled via our gerrit instance.
What it’s not?
SELinux is not a backdoor for government agencies to spy on you. It is not PRISM, PROMIS, CARNIVORE, The Great Firewall or any other ominous Big Brother-like initiative.
Access Control Modes
By default, we will be shipping with SELinux capabilities enabled in the kernel, but in a Permissive mode. What this means is that your phone will behave exactly as it currently does, with no noticeable change to the user.
There are 3 modes in total, Enforcing, Permissive and Disabled. While in Enforcing mode, SELinux policies are enforced, preventing whatever causes a violation (ie su). Permissive mode logs policy violations, but does not prevent the activity that caused it. Disabled turns SELinux off.
We are using Permissive mode as our default so we can come up with sensible policies. If you submit a log for us to analyze (via JIRA) for SELinux policy improvements, the logged exceptions will be of high value.
This will be an ongoing process as we work to incorporate sensible policies for each device repo. As always our source is available on Github and patches will be peer reviewed via gerrit. For those more attuned to personal data security, you are welcome to watch and audit our efforts. For the rest of you, sit back and relax – no need for pitchforks.
Got a suggestion for a topic you’d like to see in the next round-up? Let us know in the comments below. All device/port requests will be ignored.