Understanding and resolving SELinux denials on Android

Click for: original source

An article by Harsh Shandilya on hot topic of security for Android software. SELinux is an acronym for Security-enhanced Linux. It is a security feature built into the Linux kernel that enforces access control for programs via a predefined security policy put in place by the system administrators.

SELinux is an implementation of a MAC security mechanism. MAC stands for Mandatory Access Control, a paradigm that allows restricting multiple aspects of a process.

It is split in following:

  • What is SELinux?
  • How to detect and resolve SELinux denials on Android
  • Labelling in SELinux

SELinux builds upon DAC-based restrictions and adds additional layers of restrictions above UID and GID to ensure a compromised user can still be restricted from doing things it normally wouldn’t need to do. Great short article!

[Read More]

Tags android app-development infosec