Cargando…
Exploring SE for android : discover Security Enhancements (SE) for Android to build your own protected Android-based systems /
Annotation
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England :
Packt Publishing Ltd,
2015.
|
| Colección: | Community experience distilled.
|
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Copyright; Credits; Foreword; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Linux Access Controls; Changing permission bits; Changing owners and groups; The case for more; Capabilities model; Android's use of DAC; Glancing at Android vulnerabilities; Skype vulnerability; GingerBreak; Rage against the cage; MotoChopper; Summary; Chapter 2: Mandatory Access Controls and SELinux; Getting back to the basics; Labels; Users; Roles; Types; Access vectors; Multilevel security; Putting it together; Complexities and best practices; Summary
- Chapter 3: Android Is WeirdAndroid's security model; Binder; Binder's architecture; Binder and security; Zygote
- application spawn; The property service; Summary; Chapter 4: Installation on the UDOO; Retrieving the source; Flashing image on an SD card; UDOO serial and Android Debug Bridge; Flipping the switch; It's alive; Summary; Chapter 5: Booting the System; Policy load; Fixing the policy version; Summary; Chapter 6: Exploring SELinuxFS; Locating the filesystem; Interrogating the filesystem; The enforce node; The disable file interface; The policy file; The null file; The mls file
- The status fileAccess Vector Cache; The booleans directory; The class directory; The initial_contexts directory; The policy_capabilities directory; ProcFS; Java SELinux API; Summary; Chapter 7: Utilizing Audit Logs; Upgrades
- patches galore; The audit system; The auditd daemon; Auditd internals; Interpreting SELinux denial logs; Contexts; Summary; Chapter 8: Applying Contexts to Files; Labeling filesystems; fs_use; fs_task_use; fs_use_trans; genfscon; Mount options; Labeling with extended attributes; The file_contexts file; Dynamic type transitions; Examples and tools; Fixing up /data
- A side note on securitySummary; Chapter 9: Adding Services to Domains; Init
- the king of daemons; Dynamic domain transitions; Explicit contexts via seclabel; Relabeling processes; Limitations on app labeling; Summary; Chapter 10: Placing Applications in Domains; The case to secure the zygote; Fortifying the zygote; Plumbing the zygote socket; The mac_permissions.xml file; keys.conf; seapp_contexts; Summary; Chapter 11: Labeling Properties; Labeling via property_contexts; Permissions on properties; Relabeling existing properties; Creating and labeling new properties; Special properties
- Control propertiesPersistent properties; SELinux properties; Summary; Chapter 12: Mastering the Tool Chain; Building subcomponents
- targets and projects; Exploring sepolicy's Android.mk; Building sepolicy; Controlling the policy build; Digging deeper into build_policy; Building mac_permissions.xml; Building seapp_contexts; Building file_contexts; Building property_contexts; Current NSA research files; Standalone tools; sepolicy-check; sepolicy-analyze; Summary; Chapter 13: Getting to Enforcing Mode; Updating to SEPolicy master; Purging the device; Setting up CTS; Running CTS