Exploring SE for Android (2015)
The first talk of SELinux on Android started almost as soon as Android was announced. The interest at that time was mainly shown by academic circles and developers of SELinux itself. As a longtime user of SELinux in server deployments, I knew its benefits from a security point of view and also knew how much Android could benefit from them.
At that time, I may have been coy about the reasons I wanted to commit some of the initial patches to the SELinux project. Looking back at the code reviews for those Android Open Source Project (AOSP) changes, I now remember how much resistance there was in the beginning. Space on devices was at a premium, and it was considered a victory if we could save a few kilobytes. And here were the SELinux libraries and policies that increased the system size by thirty kilobytes! The performance impact had not even been measured at that time.
The work continued unabated with SELinux contributors, such as Stephen Smalley, Robert Craig, Joshua Brindle, and an author of this book, William Roberts, as well as with the help of my coworkers Geremy Condra and Nick Kralevich at Google. Slowly, through the herculean efforts of everyone involved, the project materialized and became more and more complete. Since Android 4.4 KitKat, SELinux is shipped in enforcing mode, and all Android users can benefit from the added protection that it affords.
The tale doesn't end there! Now, it's your turn to learn. This book is the first reference available for the specific flavor of SELinux found in Android. It's my sincere hope that this book imparts the knowledge you need to understand and contribute to its continued development. William Roberts has been submitting code to AOSP since the beginning of SELinux for Android, and his and Dr. Confer's knowledge is contained in these pages. It's up to you to read it and help write the next chapter of this saga.