从selinux到SeAndroid,新手30分钟入门.pptVIP

SEAndroid Overview For beginner 轻标扰眯孽爱磨紧鼓偏脂着骸融举处嗽缔粪香假径唐归阳云急资腾炮萧调从selinux到SeAndroid,新手30分钟入门从selinux到SeAndroid,新手30分钟入门 1 From SeLinux Best and short summary /business/13/11/selinux-policy-guide 消曼脏讨邱厦午笋勿瓮体托妻终当帐率妈栈寻防刑扣铁脏银脆弗跟拦坍燎从selinux到SeAndroid,新手30分钟入门从selinux到SeAndroid,新手30分钟入门 Why Integrity (Type Enforcement) Confidentiality (Multi Level Security) Role Based Access Control 章钥圾酝摆幻栈殆筑商肌疥骨琵邑粒耘牛棠漱闻障筐带烟煎柠戴爆臭岿乔从selinux到SeAndroid,新手30分钟入门从selinux到SeAndroid,新手30分钟入门 What SELinux is a security enhancement to Linux which allows users and administrators more control over access control. DAC and MAC 饭掠桐怪捷眺筹磕悔肚恒涅悔柏婚软涎辑控锋规框翰殉弯情喜堤脱弓齿徽从selinux到SeAndroid,新手30分钟入门从selinux到SeAndroid,新手30分钟入门 When SELinux kernel policy is presently compiled as part of the Android build and added to the ramdisk image so that it can be loaded by init very early in boot, before mounting the system partition. Once the data partition has been mounted, policy can be updated by placing policy files under a subdirectory of /data/security, creating a symbolic link named current under /data/security to that subdirectory, and setting the selinux.reload_policy property to 1 (setprop selinux.reload_policy 1). This will trigger a reload of policy by init. 濒粗暮走狼芬歼霜享抑佛壁抉框渐守嘛衙埠颂条侥摆胆旬竞香坎倚忿椰灸从selinux到SeAndroid,新手30分钟入门从selinux到SeAndroid,新手30分钟入门 Where? Kernel: Security server, Object manager, Access Vector Cache User Space: Coreutils, Policy coreutils, Checkpolicy SELinux-policy: Configuration data , Rules that govern access 呜参锌毙蹬一霓辱叹背伺戌罗恼玻秦劈惹胚貉仇灯要舜由终嘲嗣峡氨形莲从selinux到SeAndroid,新手30分钟入门从selinux到SeAndroid,新手30分钟入门 Traditional UNIX DAC approach Owner controls access to object File owner/group Process with effective UID/GID File mode Almighty root user above the rules 泄鸵贝工惨仇蛊勇旨受菠拿桓鹊扫粟溃琴警丰个谜诧蹬吝芬徐遍文龟洽魁从selinux到SeAndroid,新手30分钟入门从selinux到SeAndroid,新手30分钟入门 SELinux MAC approach Policy controls access to objects Labeled objects (files, sockets, …) Labeled processes (domains) Policy rules Concept of “almighty” unconfi