Re: Confidentiality and privacy

[Casey Schaufler]

On 10/13/2016 2:19 PM, Eduardo Aguirre wrote:
>
> Aren't Tomoyo, Apparmor and Smack other LSMs (Linux Security Modules) in the 
> Linux Kernel used in Android?
>

No, they are not.

>
> El jue., oct. 13, 2016 16:04, Stephen Smalley  > escribió:
>
> On 10/13/2016 04:53 PM, Eduardo Aguirre wrote:
> > Thank you so much for all your help!
> >
> > Any recommended documentation about SE for Android, LSMs implemented in
> > Android and maybe an in-depth view of Android security?
> > I have already read the official documentation and the "Android security
> > internals book" but I was wondering if there is another good source of
> > information.
>
> The list of links from
> https://source.android.com/security/selinux/#supporting_documentation
> is a good starting point.
>
> >
> > El jue., 13 oct. 2016 a las 11:25, Stephen Smalley ( 
> > >>) escribió:
> >
> > On 10/13/2016 11:20 AM, Eduardo Aguirre wrote:
> > > Do you know why the MMAC mechanisms proposed in SEAndroid weren't
> > > adopted?  I have also heard of something called "Intent firewall" 
> that
> > > has not been integrated to Android(as far as I know).
> >
> > Not entirely sure why (we didn't get feedback), but recent versions 
> of
> > Android do incorporate a runtime permissions model (built on top of
> > AppOps) and also include various enterprise-focused features.
> >
> > Last I looked, Intent Firewall was still part of Android, but not
> > something that can be configured by anyone other than the OEM (aside
> > from using custom ROMs).  Some information about Intent Firewall is
> > available here:
> > http://www.cis.syr.edu/~wedu/android/IntentFirewall/ 
> 
> >
> > > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley
> > (mailto:s...@tycho.nsa.gov> 
> >
> > >  
>  > >
> > > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
> > > > Could a policy in SEAndroid ensure confidentality and 
> privacy?:
> > > >
> > > > Restrict emails to some domains, restrict messages from some
> > contacts,
> > > > or even modify some rules when location changes?
> > > >
> > > > I think nothing like this has been implemented, but I also
> > think that
> > > > SEAndroid could be used to do something like that (maybe 
> some
> > > > modifications are needed?)
> > >
> > > The concepts you are describing would be implemented at the
> > middleware
> > > or, in some cases, even the application layer.  While the SE
> > for Android
> > > project did experiment with several middleware mandatory
> > access control
> > > mechanisms (MMAC), none of those were ever adopted into the
> > Android Open
> > > Source Project; only the SELinux support was.
> > >
> >
>
>
>
> ___
> Seandroid-list mailing list
> Seandroid-list@tycho.nsa.gov
> To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to 
> seandroid-list-requ...@tycho.nsa.gov.

___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: Confidentiality and privacy

[William Roberts]

On Thu, Oct 13, 2016 at 5:19 PM, Eduardo Aguirre  wrote:
> Aren't Tomoyo, Apparmor and Smack other LSMs (Linux Security Modules) in the
> Linux Kernel used in Android?

Officially no, just SE Linux. However, I have seen some devices with
TOMOYO enabled,
but those were OEM enabled.

>
>
> El jue., oct. 13, 2016 16:04, Stephen Smalley  escribió:
>>
>> On 10/13/2016 04:53 PM, Eduardo Aguirre wrote:
>> > Thank you so much for all your help!
>> >
>> > Any recommended documentation about SE for Android, LSMs implemented in
>> > Android and maybe an in-depth view of Android security?
>> > I have already read the official documentation and the "Android security
>> > internals book" but I was wondering if there is another good source of
>> > information.
>>
>> The list of links from
>> https://source.android.com/security/selinux/#supporting_documentation
>> is a good starting point.
>>
>> >
>> > El jue., 13 oct. 2016 a las 11:25, Stephen Smalley (> > >) escribió:
>> >
>> > On 10/13/2016 11:20 AM, Eduardo Aguirre wrote:
>> > > Do you know why the MMAC mechanisms proposed in SEAndroid weren't
>> > > adopted?  I have also heard of something called "Intent firewall"
>> > that
>> > > has not been integrated to Android(as far as I know).
>> >
>> > Not entirely sure why (we didn't get feedback), but recent versions
>> > of
>> > Android do incorporate a runtime permissions model (built on top of
>> > AppOps) and also include various enterprise-focused features.
>> >
>> > Last I looked, Intent Firewall was still part of Android, but not
>> > something that can be configured by anyone other than the OEM (aside
>> > from using custom ROMs).  Some information about Intent Firewall is
>> > available here:
>> > http://www.cis.syr.edu/~wedu/android/IntentFirewall/
>> >
>> > > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley
>> > (mailto:s...@tycho.nsa.gov>
>> > > >>) escribió:
>> > >
>> > > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
>> > > > Could a policy in SEAndroid ensure confidentality and
>> > privacy?:
>> > > >
>> > > > Restrict emails to some domains, restrict messages from some
>> > contacts,
>> > > > or even modify some rules when location changes?
>> > > >
>> > > > I think nothing like this has been implemented, but I also
>> > think that
>> > > > SEAndroid could be used to do something like that (maybe
>> > some
>> > > > modifications are needed?)
>> > >
>> > > The concepts you are describing would be implemented at the
>> > middleware
>> > > or, in some cases, even the application layer.  While the SE
>> > for Android
>> > > project did experiment with several middleware mandatory
>> > access control
>> > > mechanisms (MMAC), none of those were ever adopted into the
>> > Android Open
>> > > Source Project; only the SELinux support was.
>> > >
>> >
>>
>
> ___
> Seandroid-list mailing list
> Seandroid-list@tycho.nsa.gov
> To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to
> seandroid-list-requ...@tycho.nsa.gov.



-- 
Respectfully,

William C Roberts

___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: Confidentiality and privacy

[Eduardo Aguirre]

Aren't Tomoyo, Apparmor and Smack other LSMs (Linux Security Modules) in
the Linux Kernel used in Android?

El jue., oct. 13, 2016 16:04, Stephen Smalley  escribió:

> On 10/13/2016 04:53 PM, Eduardo Aguirre wrote:
> > Thank you so much for all your help!
> >
> > Any recommended documentation about SE for Android, LSMs implemented in
> > Android and maybe an in-depth view of Android security?
> > I have already read the official documentation and the "Android security
> > internals book" but I was wondering if there is another good source of
> > information.
>
> The list of links from
> https://source.android.com/security/selinux/#supporting_documentation
> is a good starting point.
>
> >
> > El jue., 13 oct. 2016 a las 11:25, Stephen Smalley ( > >) escribió:
> >
> > On 10/13/2016 11:20 AM, Eduardo Aguirre wrote:
> > > Do you know why the MMAC mechanisms proposed in SEAndroid weren't
> > > adopted?  I have also heard of something called "Intent firewall"
> that
> > > has not been integrated to Android(as far as I know).
> >
> > Not entirely sure why (we didn't get feedback), but recent versions
> of
> > Android do incorporate a runtime permissions model (built on top of
> > AppOps) and also include various enterprise-focused features.
> >
> > Last I looked, Intent Firewall was still part of Android, but not
> > something that can be configured by anyone other than the OEM (aside
> > from using custom ROMs).  Some information about Intent Firewall is
> > available here:
> > http://www.cis.syr.edu/~wedu/android/IntentFirewall/
> >
> > > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley
> > (mailto:s...@tycho.nsa.gov>
> > > >>) escribió:
> > >
> > > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
> > > > Could a policy in SEAndroid ensure confidentality and
> privacy?:
> > > >
> > > > Restrict emails to some domains, restrict messages from some
> > contacts,
> > > > or even modify some rules when location changes?
> > > >
> > > > I think nothing like this has been implemented, but I also
> > think that
> > > > SEAndroid could be used to do something like that (maybe some
> > > > modifications are needed?)
> > >
> > > The concepts you are describing would be implemented at the
> > middleware
> > > or, in some cases, even the application layer.  While the SE
> > for Android
> > > project did experiment with several middleware mandatory
> > access control
> > > mechanisms (MMAC), none of those were ever adopted into the
> > Android Open
> > > Source Project; only the SELinux support was.
> > >
> >
>
>
___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: Confidentiality and privacy

[Stephen Smalley]

On 10/13/2016 04:53 PM, Eduardo Aguirre wrote:
> Thank you so much for all your help!
> 
> Any recommended documentation about SE for Android, LSMs implemented in
> Android and maybe an in-depth view of Android security?
> I have already read the official documentation and the "Android security
> internals book" but I was wondering if there is another good source of
> information.

The list of links from
https://source.android.com/security/selinux/#supporting_documentation
is a good starting point.

> 
> El jue., 13 oct. 2016 a las 11:25, Stephen Smalley ( >) escribió:
> 
> On 10/13/2016 11:20 AM, Eduardo Aguirre wrote:
> > Do you know why the MMAC mechanisms proposed in SEAndroid weren't
> > adopted?  I have also heard of something called "Intent firewall" that
> > has not been integrated to Android(as far as I know).
> 
> Not entirely sure why (we didn't get feedback), but recent versions of
> Android do incorporate a runtime permissions model (built on top of
> AppOps) and also include various enterprise-focused features.
> 
> Last I looked, Intent Firewall was still part of Android, but not
> something that can be configured by anyone other than the OEM (aside
> from using custom ROMs).  Some information about Intent Firewall is
> available here:
> http://www.cis.syr.edu/~wedu/android/IntentFirewall/
> 
> > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley
> (mailto:s...@tycho.nsa.gov>
> > >>) escribió:
> >
> > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
> > > Could a policy in SEAndroid ensure confidentality and privacy?:
> > >
> > > Restrict emails to some domains, restrict messages from some
> contacts,
> > > or even modify some rules when location changes?
> > >
> > > I think nothing like this has been implemented, but I also
> think that
> > > SEAndroid could be used to do something like that (maybe some
> > > modifications are needed?)
> >
> > The concepts you are describing would be implemented at the
> middleware
> > or, in some cases, even the application layer.  While the SE
> for Android
> > project did experiment with several middleware mandatory
> access control
> > mechanisms (MMAC), none of those were ever adopted into the
> Android Open
> > Source Project; only the SELinux support was.
> >
> 

___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: Confidentiality and privacy

[William Roberts]

The only "LSM" in Android is SELinux. The term LSM means Linux
Security Module and
is a Linux kernel technology.

If you want to actually look deeper in how SE Linux was integrated, parts of
Exploring SE for Android (my book), may be of help.

As far as Android Security, that internals book you mention is the
best general coverage
I have found.

On Thu, Oct 13, 2016 at 4:53 PM, Eduardo Aguirre  wrote:
> Thank you so much for all your help!
>
> Any recommended documentation about SE for Android, LSMs implemented in
> Android and maybe an in-depth view of Android security?
> I have already read the official documentation and the "Android security
> internals book" but I was wondering if there is another good source of
> information.
>
> El jue., 13 oct. 2016 a las 11:25, Stephen Smalley ()
> escribió:
>>
>> On 10/13/2016 11:20 AM, Eduardo Aguirre wrote:
>> > Do you know why the MMAC mechanisms proposed in SEAndroid weren't
>> > adopted?  I have also heard of something called "Intent firewall" that
>> > has not been integrated to Android(as far as I know).
>>
>> Not entirely sure why (we didn't get feedback), but recent versions of
>> Android do incorporate a runtime permissions model (built on top of
>> AppOps) and also include various enterprise-focused features.
>>
>> Last I looked, Intent Firewall was still part of Android, but not
>> something that can be configured by anyone other than the OEM (aside
>> from using custom ROMs).  Some information about Intent Firewall is
>> available here:
>> http://www.cis.syr.edu/~wedu/android/IntentFirewall/
>>
>> > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley (> > >) escribió:
>> >
>> > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
>> > > Could a policy in SEAndroid ensure confidentality and privacy?:
>> > >
>> > > Restrict emails to some domains, restrict messages from some
>> > contacts,
>> > > or even modify some rules when location changes?
>> > >
>> > > I think nothing like this has been implemented, but I also think
>> > that
>> > > SEAndroid could be used to do something like that (maybe some
>> > > modifications are needed?)
>> >
>> > The concepts you are describing would be implemented at the
>> > middleware
>> > or, in some cases, even the application layer.  While the SE for
>> > Android
>> > project did experiment with several middleware mandatory access
>> > control
>> > mechanisms (MMAC), none of those were ever adopted into the Android
>> > Open
>> > Source Project; only the SELinux support was.
>> >
>>
>
> ___
> Seandroid-list mailing list
> Seandroid-list@tycho.nsa.gov
> To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to
> seandroid-list-requ...@tycho.nsa.gov.



-- 
Respectfully,

William C Roberts

___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: Confidentiality and privacy

[Eduardo Aguirre]

Thank you so much for all your help!

Any recommended documentation about SE for Android, LSMs implemented in
Android and maybe an in-depth view of Android security?
I have already read the official documentation and the "Android security
internals book" but I was wondering if there is another good source of
information.

El jue., 13 oct. 2016 a las 11:25, Stephen Smalley ()
escribió:

> On 10/13/2016 11:20 AM, Eduardo Aguirre wrote:
> > Do you know why the MMAC mechanisms proposed in SEAndroid weren't
> > adopted?  I have also heard of something called "Intent firewall" that
> > has not been integrated to Android(as far as I know).
>
> Not entirely sure why (we didn't get feedback), but recent versions of
> Android do incorporate a runtime permissions model (built on top of
> AppOps) and also include various enterprise-focused features.
>
> Last I looked, Intent Firewall was still part of Android, but not
> something that can be configured by anyone other than the OEM (aside
> from using custom ROMs).  Some information about Intent Firewall is
> available here:
> http://www.cis.syr.edu/~wedu/android/IntentFirewall/
>
> > El jue., 13 oct. 2016 a las 10:00, Stephen Smalley ( > >) escribió:
> >
> > On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
> > > Could a policy in SEAndroid ensure confidentality and privacy?:
> > >
> > > Restrict emails to some domains, restrict messages from some
> contacts,
> > > or even modify some rules when location changes?
> > >
> > > I think nothing like this has been implemented, but I also think
> that
> > > SEAndroid could be used to do something like that (maybe some
> > > modifications are needed?)
> >
> > The concepts you are describing would be implemented at the
> middleware
> > or, in some cases, even the application layer.  While the SE for
> Android
> > project did experiment with several middleware mandatory access
> control
> > mechanisms (MMAC), none of those were ever adopted into the Android
> Open
> > Source Project; only the SELinux support was.
> >
>
>
___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: Confidentiality and privacy

[Stephen Smalley]

On 10/13/2016 11:20 AM, Eduardo Aguirre wrote:
> Do you know why the MMAC mechanisms proposed in SEAndroid weren't
> adopted?  I have also heard of something called "Intent firewall" that
> has not been integrated to Android(as far as I know).

Not entirely sure why (we didn't get feedback), but recent versions of
Android do incorporate a runtime permissions model (built on top of
AppOps) and also include various enterprise-focused features.

Last I looked, Intent Firewall was still part of Android, but not
something that can be configured by anyone other than the OEM (aside
from using custom ROMs).  Some information about Intent Firewall is
available here:
http://www.cis.syr.edu/~wedu/android/IntentFirewall/

> El jue., 13 oct. 2016 a las 10:00, Stephen Smalley ( >) escribió:
> 
> On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
> > Could a policy in SEAndroid ensure confidentality and privacy?:
> >
> > Restrict emails to some domains, restrict messages from some contacts,
> > or even modify some rules when location changes?
> >
> > I think nothing like this has been implemented, but I also think that
> > SEAndroid could be used to do something like that (maybe some
> > modifications are needed?)
> 
> The concepts you are describing would be implemented at the middleware
> or, in some cases, even the application layer.  While the SE for Android
> project did experiment with several middleware mandatory access control
> mechanisms (MMAC), none of those were ever adopted into the Android Open
> Source Project; only the SELinux support was.
> 

___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: Confidentiality and privacy

[Eduardo Aguirre]

Do you know why the MMAC mechanisms proposed in SEAndroid weren't adopted?
I have also heard of something called "Intent firewall" that has not been
integrated to Android(as far as I know).

El jue., 13 oct. 2016 a las 10:00, Stephen Smalley ()
escribió:

> On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
> > Could a policy in SEAndroid ensure confidentality and privacy?:
> >
> > Restrict emails to some domains, restrict messages from some contacts,
> > or even modify some rules when location changes?
> >
> > I think nothing like this has been implemented, but I also think that
> > SEAndroid could be used to do something like that (maybe some
> > modifications are needed?)
>
> The concepts you are describing would be implemented at the middleware
> or, in some cases, even the application layer.  While the SE for Android
> project did experiment with several middleware mandatory access control
> mechanisms (MMAC), none of those were ever adopted into the Android Open
> Source Project; only the SELinux support was.
>
___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: Confidentiality and privacy

[Stephen Smalley]

On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
> Could a policy in SEAndroid ensure confidentality and privacy?:
> 
> Restrict emails to some domains, restrict messages from some contacts,
> or even modify some rules when location changes?
> 
> I think nothing like this has been implemented, but I also think that
> SEAndroid could be used to do something like that (maybe some
> modifications are needed?)

The concepts you are describing would be implemented at the middleware
or, in some cases, even the application layer.  While the SE for Android
project did experiment with several middleware mandatory access control
mechanisms (MMAC), none of those were ever adopted into the Android Open
Source Project; only the SELinux support was.
___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.