ebook img

Exploring SE for Android: Discover Security Enhancements (SE) for Android to build your own protected Android-based systems PDF

379 Pages·2015·2.046 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Exploring SE for Android: Discover Security Enhancements (SE) for Android to build your own protected Android-based systems

www.it-ebooks.info www.it-ebooks.info Exploring SE for Android www.it-ebooks.info Table of Contents Exploring SE for Android Credits Foreword About the Authors About the Reviewers www.PacktPub.com Support files, eBooks, discount offers, and more Why subscribe? Free access for Packt account holders Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the example code Errata Piracy Questions 1. Linux Access Controls Changing permission bits Changing owners and groups The case for more Capabilities model Android’s use of DAC Glancing at Android vulnerabilities Skype vulnerability GingerBreak www.it-ebooks.info Rage against the cage MotoChopper Summary 2. Mandatory Access Controls and SELinux Getting back to the basics Labels Users Roles Types Access vectors Multilevel security Putting it together Complexities and best practices Summary 3. Android Is Weird Android’s security model Binder Binder’s architecture Binder and security Zygote – application spawn The property service Summary 4. Installation on the UDOO Retrieving the source Flashing image on an SD card UDOO serial and Android Debug Bridge Flipping the switch It’s alive Summary 5. Booting the System Policy load www.it-ebooks.info Fixing the policy version Summary 6. Exploring SELinuxFS Locating the filesystem Interrogating the filesystem The enforce node The disable file interface The policy file The null file The mls file The status file Access Vector Cache The booleans directory The class directory The initial_contexts directory The policy_capabilities directory ProcFS Java SELinux API Summary 7. Utilizing Audit Logs Upgrades – patches galore The audit system The auditd daemon Auditd internals Interpreting SELinux denial logs Contexts Summary 8. Applying Contexts to Files Labeling filesystems fs_use fs_task_use www.it-ebooks.info fs_use_trans genfscon Mount options Labeling with extended attributes The file_contexts file Dynamic type transitions Examples and tools Fixing up /data A side note on security Summary 9. Adding Services to Domains Init – the king of daemons Dynamic domain transitions Explicit contexts via seclabel Relabeling processes Limitations on app labeling Summary 10. Placing Applications in Domains The case to secure the zygote Fortifying the zygote Plumbing the zygote socket The mac_permissions.xml file keys.conf seapp_contexts Summary 11. Labeling Properties Labeling via property_contexts Permissions on properties Relabeling existing properties Creating and labeling new properties Special properties www.it-ebooks.info Control properties Persistent properties SELinux properties Summary 12. Mastering the Tool Chain Building subcomponents – targets and projects Exploring sepolicy’s Android.mk Building sepolicy Controlling the policy build Digging deeper into build_policy Building mac_permissions.xml Building seapp_contexts Building file_contexts Building property_contexts Current NSA research files Standalone tools sepolicy-check sepolicy-analyze Summary 13. Getting to Enforcing Mode Updating to SEPolicy master Purging the device Setting up CTS Running CTS Gathering the results CTS test results Audit logs Authoring device policy adbd bootanim debuggerd www.it-ebooks.info drmserver dumpstate installd keystore mediaserver netd rild servicemanager surfaceflinger system_server toolbox untrusted_app vold watchdogd wpa Second policy pass init shell init_shell.te Field trials Going enforcing Summary A. The Development Environment VirtualBox Ubuntu Linux 12.04 (precise pangolin) VirtualBox extension pack and guest additions VirtualBox extension pack VirtualBox guest additions Save time with shared folders The build environment Oracle Java 6 www.it-ebooks.info Summary Index www.it-ebooks.info

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.