Cargando…

Exploring SE for android : discover Security Enhancements (SE) for Android to build your own protected Android-based systems /

Annotation

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Confer, William (Autor), Roberts, William (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham, England : Packt Publishing Ltd, 2015.
Colección:Community experience distilled.
Temas:
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Cover; Copyright; Credits; Foreword; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Linux Access Controls; Changing permission bits; Changing owners and groups; The case for more; Capabilities model; Android's use of DAC; Glancing at Android vulnerabilities; Skype vulnerability; GingerBreak; Rage against the cage; MotoChopper; Summary; Chapter 2: Mandatory Access Controls and SELinux; Getting back to the basics; Labels; Users; Roles; Types; Access vectors; Multilevel security; Putting it together; Complexities and best practices; Summary
  • Chapter 3: Android Is WeirdAndroid's security model; Binder; Binder's architecture; Binder and security; Zygote
  • application spawn; The property service; Summary; Chapter 4: Installation on the UDOO; Retrieving the source; Flashing image on an SD card; UDOO serial and Android Debug Bridge; Flipping the switch; It's alive; Summary; Chapter 5: Booting the System; Policy load; Fixing the policy version; Summary; Chapter 6: Exploring SELinuxFS; Locating the filesystem; Interrogating the filesystem; The enforce node; The disable file interface; The policy file; The null file; The mls file
  • The status fileAccess Vector Cache; The booleans directory; The class directory; The initial_contexts directory; The policy_capabilities directory; ProcFS; Java SELinux API; Summary; Chapter 7: Utilizing Audit Logs; Upgrades
  • patches galore; The audit system; The auditd daemon; Auditd internals; Interpreting SELinux denial logs; Contexts; Summary; Chapter 8: Applying Contexts to Files; Labeling filesystems; fs_use; fs_task_use; fs_use_trans; genfscon; Mount options; Labeling with extended attributes; The file_contexts file; Dynamic type transitions; Examples and tools; Fixing up /data
  • A side note on securitySummary; Chapter 9: Adding Services to Domains; Init
  • the king of daemons; Dynamic domain transitions; Explicit contexts via seclabel; Relabeling processes; Limitations on app labeling; Summary; Chapter 10: Placing Applications in Domains; The case to secure the zygote; Fortifying the zygote; Plumbing the zygote socket; The mac_permissions.xml file; keys.conf; seapp_contexts; Summary; Chapter 11: Labeling Properties; Labeling via property_contexts; Permissions on properties; Relabeling existing properties; Creating and labeling new properties; Special properties
  • Control propertiesPersistent properties; SELinux properties; Summary; Chapter 12: Mastering the Tool Chain; Building subcomponents
  • targets and projects; Exploring sepolicy's Android.mk; Building sepolicy; Controlling the policy build; Digging deeper into build_policy; Building mac_permissions.xml; Building seapp_contexts; Building file_contexts; Building property_contexts; Current NSA research files; Standalone tools; sepolicy-check; sepolicy-analyze; Summary; Chapter 13: Getting to Enforcing Mode; Updating to SEPolicy master; Purging the device; Setting up CTS; Running CTS