NSA releases its first security enhanced Android

The feature list first:

•  Per-file security labeling support for yaffs2,
• Filesystem images (yaffs2 and ext4) labeled at build time,
• Kernel permission checks controlling Binder IPC,
• Labeling of service sockets and socket files created by init,
• Labeling of device nodes created by ueventd,
• Flexible, configurable labeling of apps and app data directories,
• Userspace permission checks controlling use of the Zygote socket commands,
• Minimal port of SELinux userspace,
• SELinux support for the Android toolbox,
• Small TE policy written from scratch for Android,
• Confined domains for system services and apps,
• Use of MLS categories to isolate apps.

Called SEAndroid, this is a project run by NSA to make Android more secure by using SELinux in Android. A highly detailed document explaining what SEAndroid is, how to get the source code and work on the source code, building the source code for specific architectures etc is available in this page.

You can also join the SELinux Mailing list, detail on how to is  available at "http://www.nsa.gov/research/selinux/subscribe.shtml".

Related articles

• NSA Releases Security-Enhanced Android (linux.slashdot.org)
• Segnalazione SELinux all'avvio di Google Chrome (fedora-os.org)
• Android - meet NSA/SELinux lockdown (eset.com)
• Dragbox: Easily Share Source Code Online With Friends (chasingeyes.com)