The National Security Agency (NSA) has released SE Android, a security-enhanced version of Android, which provides and enforces stricter access-control policies than those found in the popular mobile operating system by default.
SE Android is based on NSA’s previous research into mandatory access controls that gave birth to the Security-Enhanced Linux project back in 2000. SE Linux is a collection of Linux kernel security modules and other tools that provide a flexible mechanism for restricting what resources users or applications can access.
Over the years, most of the low-level SE Linux modifications were merged into the official Linux kernel and they were also ported to Solaris and FreeBSD.
The NSA revealed its plan to port SE Linux to Android as part of a new project called SE Android at the Linux Security Summit last year. The first version was released on Jan. 6.
One of the main things that SE Android is trying to improve is Android’s application security model, which is based on the default Linux discretionary access control. Under DAC, an application run by a particular user has access to all of the files and resources accessible to that user.
However, under the MAC model implemented by SE Linux and now SE Android, the resources available to an application can be restricted to whatever is defined in a policy, regardless of the user’s permissions on the system. Because of this, SE Android can be used to confine privileged services and limit the damage that attackers can do if they exploit vulnerabilities.
Many Android root exploits like GingerBreak, Exploid or RageAgainstTheCage, target vulnerabilities in Android services. For example, the GingerBreak exploit leverages a vulnerability in vold, the Android volume daemon, which runs as root. SE Android can block the GingerBreak exploit at six different steps during its execution, depending on how strict the enforced policies are.
Unfortunately, installing SE Android on devices is not as straightforward as installing other custom Android ROMs, because the SE Android project doesn’t provide any pre-compiled builds.
Users interested in deploying SE Android need to download and build the official Android Open Source Project source code and then sync their AOSP clone with the SE Android git trees in order to apply all patches and modifications. The SE Android project website contains instructions on how to do this.
SE Android is aimed at companies and organizations that need to implement strict access-control policies similar to those mandated by the U.S. Department of Defense.