An Historical Analysis of SE Android Policy
Wallach, Dan Seth
Master of Science
Android adopted SELinux’s mandatory access control mechanisms in 2013, and since then billions of Android devices are now benefiting from MAC security policies, enforced in the OS kernel. Initially, Android took a gentle approach, with a large number of resources “unconfined”, but the policies are now quite detailed and comprehensive. This paper presents a historical analysis of the MAC security policies enforced by Android, based on years of Git commits in the Android Open Source Project (AOSP). We quantify the complexity of how these policies have evolved over time. In particular, SELinux allows for policies to be expressed as macros, where one policy “rule” may apply to a large number of system objects. We can similarly measure how many rules touch a given system object. Both measures have been creeping steadily upward over the years, suggesting that these measures are a good proxy for “complexity”; reducing this complexity should be a long-term Android engineering goal. We additionally discuss specific hallmarks in Android history, such as the “Stagefright” vulnerability in Android’s media facilities, and the rollout of time-of-use vs. time-of-install permission checks, pointing out how these hallmarks led to changes in the MAC policies.
Android; SELinux; SEAndroid; Security; Access Control