Android: SELinux
https://source.android.com/security/selinux/images/SELinux_Treble.pdf
Overview
The goal of these changes is to enable System on Chip (SoC) vendors and Original Device Manufacturer (ODM) partners to customize SELinux settings in an isolated manner without cross-partition modifications.Design goals
The SELinux policy build flow for Android 4.4 through Android 7.0 merged all sepolicy fragments (platform and non-platform) then generated monolithic files in the root directory.
About Android 8.0 architecture
An Android device includes the following partitions:
● system.img. Contains mainly Android framework.
● boot.img. (kernel/ramdisk) Contains Linux kernel + Android patches.
● vendor.img. Contains SoC-specific code and configurations.
● odm.img. Contains device-specific code and configurations.
● oem.img. Contains OEM/carrier-related configurations and customizations.
● bootloader. Brings up the kernel (vendor-proprietary).
● radio. Modem (proprietary).
About SELinux
SELinux is a labeling system that controls the permissions (read/write, etc.).
Every process has a label. Every file/directory object in the operating system has a label. Even network ports, devices, and potentially hostnames have labels assigned to them. We write rules to control the access of a process label to an a object label like a file. We call this policy. The kernel enforces the rules. Sometimes this enforcement is called Mandatory Access Control (MAC).
Standard Linux access control (owner/group + permission flags like rwx) is often called Discretionary Access Control (DAC). SELinux has no concept of UID or ownership of files. Everything is controlled by the labels.
An application has to be allowed by BOTH SELinux and DAC to do certain activities.
留言