Skip to main content
Annual Computer Security Applications Conference (ACSAC) 2017

Full Program »

Analysis of SEAndroid Policies: Combining MAC and DAC in Android

Android has become a dominant computing platform, and its popularity has coincided with a surge of malware. The incorporation of SEAndroid has been one of the most important security enhancements to the platform. While SEAndroid adds the mandatory protection benefits that SELinux brought to desktops and servers, the protection is only as good as the policy. Existing Android devices contain a wide variety of SEAndroid policies, depending on both the version of Android as well as the device manufacturer. In this paper, we present a systematic approach to understand SEAndroid policies and their problem areas. We apply our approach to four different versions of Android Open Source Project (AOSP) as well as devices from seven different manufacturers. In all of these policies, we found trends that lead to unintentional privilege assignments (e.g., compositional privileges and coarse object types). More importantly, these trends identify a new approach for analyzing, comparing, and discussing SEAndroid policies that will greatly benefit future policy versions.

Haining Chen
Purdue University
United States

Ninghui Li
Purdue University
United States

William Enck
North Carolina State University
United States

Yousra Aafer
Purdue University
United States

Xiangyu Zhang
Purdue University
United States

 

Powered by OpenConf®
Copyright ©2002-2017 Zakon Group LLC