As a longtime user of SELinux in server deployments, I knew its benefitsfrom a security point of view and also knew how much Android could benefit from them.. He has made contributions t
Trang 1CuuDuongThanCong.com
Trang 3www.it-ebooks.info
CuuDuongThanCong.com
Trang 10Index
Trang 11CuuDuongThanCong.com
Trang 12Exploring SE for Android
Trang 13CuuDuongThanCong.com
Trang 14Copyright © 2015 Packt Publishing
All rights reserved No part of this book may be reproduced, stored in a retrieval system,
or transmitted in any form or by any means, without the prior written permission of thepublisher, except in the case of brief quotations embedded in critical articles or reviews.Every effort has been made in the preparation of this book to ensure the accuracy of theinformation presented However, the information contained in this book is sold withoutwarranty, either express or implied Neither the authors, nor Packt Publishing, and itsdealers and distributors will be held liable for any damages caused or alleged to be causeddirectly or indirectly by this book
Trang 15CuuDuongThanCong.com
Trang 17CuuDuongThanCong.com
Trang 18The first talk of SELinux on Android started almost as soon as Android was announced.The interest at that time was mainly shown by academic circles and developers of
SELinux itself As a longtime user of SELinux in server deployments, I knew its benefitsfrom a security point of view and also knew how much Android could benefit from them
At that time, I may have been coy about the reasons I wanted to commit some of the initialpatches to the SELinux project Looking back at the code reviews for those Android OpenSource Project (AOSP) changes, I now remember how much resistance there was in thebeginning Space on devices was at a premium, and it was considered a victory if we
could save a few kilobytes And here were the SELinux libraries and policies that
increased the system size by thirty kilobytes! The performance impact had not even beenmeasured at that time
The work continued unabated with SELinux contributors, such as Stephen Smalley,
Robert Craig, Joshua Brindle, and an author of this book, William Roberts, as well as withthe help of my coworkers Geremy Condra and Nick Kralevich at Google Slowly, throughthe herculean efforts of everyone involved, the project materialized and became more andmore complete Since Android 4.4 KitKat, SELinux is shipped in enforcing mode, and allAndroid users can benefit from the added protection that it affords
The tale doesn’t end there! Now, it’s your turn to learn This book is the first referenceavailable for the specific flavor of SELinux found in Android It’s my sincere hope thatthis book imparts the knowledge you need to understand and contribute to its continueddevelopment William Roberts has been submitting code to AOSP since the beginning ofSELinux for Android, and his and Dr Confer’s knowledge is contained in these pages It’s
up to you to read it and help write the next chapter of this saga
Kenny Root
Mountain View, CA
Trang 19CuuDuongThanCong.com
Trang 20William Confer has been engineering embedded and mobile systems since 1997 He has
worked for Samsung Mobile as a managing staff engineer and currently teaches computerscience at SUNY Polytechnic Institute He holds a patent in low-cost character recognitionfor extremely resource-limited devices and has multiple other patents pending for mobiletechnologies
My wife, Ása, sacrificed endlessly to help give me the space and time needed for thiswork, and I owe her more than I can say My three daughters also ensured I couldn’t
always be working on this book and distracted me in the best possible ways I couldn’t rest
if I didn’t thank all my fall 2014 students from SUNY Polytechnic Institute who put upwith me when I was sidetracked by this book Finally, and most importantly, my greatestthanks goes to my coauthor (and friend, student, and teacher), William Roberts, withoutwhom I would have to have found another
William Roberts is a software engineer who is focused on OS-level security and platform
enhancements He is one of the engineers who founded the Samsung KNOX product and
an early adopter of SE for Android He has made contributions to several open sourceprojects, such as SE for Android, the Android Open Source Project, the Linux Kernel,CyanogenMod, and OpenSC His recent interests have taken him to Smart Card
technologies and the virtualization of smart cards In his spare time, he works with Dr
simulator
I would like to thank Dr William Confer, the coauthor, for helping me write this book; hiscontributions were invaluable Also, I would like to thank my wife for supporting me andgiving me the time to do this, even though we were renovating the house Also, I wouldlike to thank my family and friends for their encouragement along the way
Trang 21CuuDuongThanCong.com
Trang 22Joshua Brindle is the CTO and cofounder of Quark Security Inc., a company focused on
solving mobile and cross-domain security problems Joshua has 12 years of professionalexperience in the area of development for government, academic, and open source
software that focuses on security in Linux Joshua has contributed to numerous opensource projects, both as a project maintainer and as a developer His work can be found onall SELinux systems and nearly all Linux systems Joshua’s recent experience focuses onbuilding secure mobile devices using technologies such as Security Enhancements forAndroid, mobile device, and application management
Hiromu Yakura is a student at Nada High School, Japan He is the youngest person to
hold the national information security qualification from Japan He has given lecturesabout SE for Android at many conferences He is also familiar with the security
competition, Capture the Flag (CTF), and has participated in DEF CON CTF 2014 as ateam binja
I would like to express my gratitude to my family for their understanding and support
Trang 23CuuDuongThanCong.com
Trang 24www.PacktPub.com
Trang 25Support files, eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and
a print book customer, you are entitled to a discount on the eBook copy Get in touch with
At www.PacktPub.com, you can also read a collection of free technical articles, sign upfor a range of free newsletters and receive exclusive discounts and offers on Packt booksand eBooks
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt’s online digitalbook library Here, you can search, access, and read Packt’s entire library of books
www.it-ebooks.info
CuuDuongThanCong.com
Trang 26Fully searchable across every book published by PacktCopy and paste, print, and bookmark content
On demand and accessible via a web browser
Trang 27PacktLib today and view 9 entirely free books Simply use your login credentials forimmediate access
www.it-ebooks.info
CuuDuongThanCong.com
Trang 29This book introduces the Security Enhancements (SE) for Android open source projectand walks you through the process of securing new embedded systems with SE for
Android To our knowledge, this book is the first source to document such a process in itsentirety so that students, DIY hobbyists, and engineers can create custom systems secured
by SE for Android Generally, only original equipment manufacturers (OEMs) do this, andquite commonly, the target device is a phone or tablet We truly hope our book will changethat, engaging a wide audience in development so they can use and understand these
modern security tools
We worked very hard to ensure this text is not just a step-by-step technology book
Specifically, we’ve chosen a model that directs you to fail your way to success You willfirst gain appropriate theoretical understanding of how security is gained and enforced.Then we will introduce a system that has never been secured that way (not even by us,prior to writing this book) Next, we’ll guide you through all our intelligent guesswork,embracing unexpected failures for the newly found idiosyncrasies they expose, and
eventually enforcing our custom security policies It requires you to learn to resolve
differences between major open source projects such as SELinux, SE for Android, andGoogle Android, each of which has independent goals and deployment schedules Thisprepares you to secure other devices, the process for which is always different, but
hopefully, will now be more accessible
www.it-ebooks.info
CuuDuongThanCong.com
Trang 30Chapter 1, Linux Access Controls, discusses the basics of Discretionary Access Control
(DAC), how some Android exploits leverage DAC problems, and demonstrate the needfor more robust solutions
Chapter 2, Mandatory Access Controls and SELinux, examines Mandatory Access Control
(MAC) and its manifestation in SELinux This chapter also explores tangible policy tocontrol SELinux object interaction
Chapter 9, Adding Services to Domains, emphasizes process labeling, notably the Android
services run and managed by init
Chapter 10, Placing Applications in Domains, shows you how to properly label the private
data directories of applications, as well as application runtime contexts via configurationfiles and SELinux policy
Chapter 11, Labeling Properties, demonstrates how to create and label new and existing
properties, and some of the anomalies that occur when doing so
Chapter 12, Mastering the Tool Chain, covers how the various components that control
policy on the device are actually built and created This chapter reviews the Android.mkcomponents, detailing how the heart of the build and configuration management works
Chapter 13, Getting to Enforcing Mode, utilizes all the skills you learned in the earlier
chapters to respond to audit logs from CTS and get the UDOO in enforcing mode
Appendix, The Development Environment, walks you through the necessary steps of
setting up a Linux environment suitable for you to follow all the activities in this book
Trang 31CuuDuongThanCong.com
Trang 32Hardware requirements include:
A UDOO-embedded development board
An 8 GB Mini SD card (while you can use a card with greater capacity, we do notrecommended it)
Trang 33CuuDuongThanCong.com
Trang 34This book is intended for developers and engineers who are somewhat familiar withoperating system concepts as implemented by Linux They could be hobbyists wanting tosecure their Android-powered creations, OEM engineers building handsets, or engineersfrom emerging areas where Android is seeing growth A basic background in C
programming will be helpful
Trang 35CuuDuongThanCong.com
Trang 37CuuDuongThanCong.com
Trang 38Feedback from our readers is always welcome Let us know what you think about thisbook—what you liked or disliked Reader feedback is important for us as it helps usdevelop titles that you will really get the most out of
book’s title in the subject of your message
If there is a topic that you have expertise in and you are interested in either writing or
Trang 39CuuDuongThanCong.com
Trang 40Now that you are the proud owner of a Packt book, we have a number of things to helpyou to get the most from your purchase
Trang 42Although we have taken every care to ensure the accuracy of our content, mistakes dohappen If you find a mistake in one of our books—maybe a mistake in the text or thecode—we would be grateful if you could report this to us By doing so, you can save otherreaders from frustration and help us improve subsequent versions of this book If you find
selecting your book, clicking on the Errata Submission Form link, and entering the
details of your errata Once your errata are verified, your submission will be accepted andthe errata will be uploaded to our website or added to any list of existing errata under theErrata section of that title
To view the previously submitted errata, go to
https://www.packtpub.com/books/content/support and enter the name of the book in the
search field The required information will appear under the Errata section.
Trang 43Piracy of copyrighted material on the Internet is an ongoing problem across all media AtPackt, we take the protection of our copyright and licenses very seriously If you comeacross any illegal copies of our works in any form on the Internet, please provide us withthe location address or website name immediately so that we can pursue a remedy
material
We appreciate your help in protecting our authors and our ability to bring you valuablecontent
www.it-ebooks.info
CuuDuongThanCong.com
Trang 44If you have a problem with any aspect of this book, you can contact us at
< questions@packtpub.com >, and we will do our best to address the problem
Trang 45CuuDuongThanCong.com
Trang 46Android is an operating system composed of two distinct components The first
component is a forked mainline Linux kernel and shares almost everything in commonwith Linux The second component, which will be discussed later, is the user space
portion, which is very custom and Android specific Since the Linux kernel underpins thissystem and is responsible for the majority of access control decisions, it is the logicalplace to begin a detailed look at Android
Linux maintains data structures in the kernel for managing these permission fields, whichare accessible from user space, and ones that should be familiar to Linux and *NIX usersalike The first set of access control metadata belongs to the process, and forms a portion
of its credential set The common credentials are user and group In general, we use theterm group to mean both primary group and possible secondary group(s) You can view
Trang 47bookuser and GROUP as bookuserhand side of the output There are seven fields to consider as well Each empty field is
Modify: 2014-06-23 19:44:14.308741592 -0700
Change: 2014-06-23 19:44:14.308741592 -0700
Birth: -The first access line is the most compelling It contains all the important information forthe access controls The second line is just a timestamp letting us know when the file was
bookuser as well The permission flags, (0664/-rw-rw-r ), identify the two ways that
bookuser, has permission to read from and write to hello.txt, and everyone else has
www.it-ebooks.info
CuuDuongThanCong.com
Trang 48programs), so any command we invoke should inherit our user’s permissions We canview it by issuing:
$ groups bookuser
bookuser : bookuser sudo fuse
Now that read permission is verified, let’s try write One simple way to do this is to write asimple program that writes something to the existing file In this case, we will write the
Trang 50testuser and bookuser That means when testuser accesses a file or other object (such
Trang 51As before, testuser is able to read the file The only difference is that it can now read the
Trang 53owner of an object can allow various forms of access by managing the permission bits of
testuser:
$ chown bookuser:testuser hello.txt
chown: changing ownership of `hello.txt': Operation not permitted
This did not work as we intended, but what is the issue? In Linux, only privileged
when attempting to execute that process Only processes create objects Privileged
capabilities set We will dive into the details of capabilities later For now, let’s focus onthe root
www.it-ebooks.info
CuuDuongThanCong.com
Trang 54Modify: 2014-08-23 12:47:19.123113845 -0700 Change: 2014-08-23 13:08:46.059058649 -0700 Birth: -
Trang 55CuuDuongThanCong.com
Trang 56in order to change the user and group of an object, you need to be privileged You can only
addressed by the capabilities model