Re: Confidentiality and privacy

2016-10-13 Thread Casey Schaufler
On 10/13/2016 2:19 PM, Eduardo Aguirre wrote: > > Aren't Tomoyo, Apparmor and Smack other LSMs (Linux Security Modules) in the > Linux Kernel used in Android? > No, they are not. > > El jue., oct. 13, 2016 16:04, Stephen Smalley > escribió: > > On 10/13/2016 04:5

Re: Confidentiality and privacy

2016-10-13 Thread William Roberts
On Thu, Oct 13, 2016 at 5:19 PM, Eduardo Aguirre wrote: > Aren't Tomoyo, Apparmor and Smack other LSMs (Linux Security Modules) in the > Linux Kernel used in Android? Officially no, just SE Linux. However, I have seen some devices with TOMOYO enabled, but those were OEM enabled. > > > El jue., o

Re: Confidentiality and privacy

2016-10-13 Thread Eduardo Aguirre
Aren't Tomoyo, Apparmor and Smack other LSMs (Linux Security Modules) in the Linux Kernel used in Android? El jue., oct. 13, 2016 16:04, Stephen Smalley escribió: > On 10/13/2016 04:53 PM, Eduardo Aguirre wrote: > > Thank you so much for all your help! > > > > Any recommended documentation about

Re: Confidentiality and privacy

2016-10-13 Thread Stephen Smalley
On 10/13/2016 04:53 PM, Eduardo Aguirre wrote: > Thank you so much for all your help! > > Any recommended documentation about SE for Android, LSMs implemented in > Android and maybe an in-depth view of Android security? > I have already read the official documentation and the "Android security > i

Re: Confidentiality and privacy

2016-10-13 Thread William Roberts
The only "LSM" in Android is SELinux. The term LSM means Linux Security Module and is a Linux kernel technology. If you want to actually look deeper in how SE Linux was integrated, parts of Exploring SE for Android (my book), may be of help. As far as Android Security, that internals book you men

Re: Confidentiality and privacy

2016-10-13 Thread Eduardo Aguirre
Thank you so much for all your help! Any recommended documentation about SE for Android, LSMs implemented in Android and maybe an in-depth view of Android security? I have already read the official documentation and the "Android security internals book" but I was wondering if there is another good

Re: Confidentiality and privacy

2016-10-13 Thread Stephen Smalley
On 10/13/2016 11:20 AM, Eduardo Aguirre wrote: > Do you know why the MMAC mechanisms proposed in SEAndroid weren't > adopted? I have also heard of something called "Intent firewall" that > has not been integrated to Android(as far as I know). Not entirely sure why (we didn't get feedback), but re

Re: Confidentiality and privacy

2016-10-13 Thread Eduardo Aguirre
Do you know why the MMAC mechanisms proposed in SEAndroid weren't adopted? I have also heard of something called "Intent firewall" that has not been integrated to Android(as far as I know). El jue., 13 oct. 2016 a las 10:00, Stephen Smalley () escribió: > On 10/13/2016 10:33 AM, Eduardo Aguirre w

Re: Confidentiality and privacy

2016-10-13 Thread Stephen Smalley
On 10/13/2016 10:33 AM, Eduardo Aguirre wrote: > Could a policy in SEAndroid ensure confidentality and privacy?: > > Restrict emails to some domains, restrict messages from some contacts, > or even modify some rules when location changes? > > I think nothing like this has been implemented, but I

Confidentiality and privacy

2016-10-13 Thread Eduardo Aguirre
Could a policy in SEAndroid ensure confidentality and privacy?: Restrict emails to some domains, restrict messages from some contacts, or even modify some rules when location changes? I think nothing like this has been implemented, but I also think that SEAndroid could be used to do something lik