-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all,
I am the GSoC student working on the SELinux project. The URL for the projectpage is http://code.google.com/p/selinux-openmoko (recently ported fromprojects.openmoko.org) if this status report leaves you wanting more. - - - - ----------- Problem Area: A mobile device is, by nature, a single user device. As a design consequence, many Linux based mobile devices run all processes as root. Obviously, this presents an attacker with lots of opportunities for privilege escalation. Idea: Design a simplified "targeted" SELinux policy to sandbox system daemons on the OpenMoko device. This policy could prevent privilege escalation and improve overall security on a mobile device. Status: There are two main phases to the project. The first is porting SELinux on to the device (this will eventually become a package available through opkg) and the second is developing the "targeted" policy itself. The first phase is almost complete. It has taken a lot longer than I had anticipated =)). What has been completed so far: - The required SELinux tools and library binaries have been built (using the OpenMoko tool chain) - SELinux enabled kernel is running - SELinux will run on the device (it doesn't enforce the policy though) What needs to be done: - there is an error relabeling the filesystem. This is preventing the policy from being enforced. As mentioned before, the second part of the project is developing and testing the "targeted" policy itself. Currently, there is a bare bones targeted policy in the SVN repo which should compile correctly on the device (see the wiki for installation details). The next step in policy development will be adding on to this basic policy. The daemon we will be focusing on is dbus. - - - - ----------------------- That about sums it up. The wiki on the project page is updated regularly if you want to stay current with the status of the project. *Hopefully* a beta build will be ready pretty soon =). I will send out an announcement when it is. - - - Willis -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIboDrqCokMvr1WNARArr0AKCf22kmHxKu5/jLUsCClR7rTMc4YwCdHhNl w6SdmhlaZ1yPUQ4Lqgct/MM= =4ev0 -----END PGP SIGNATURE-----
