Characterizing SEAndroid Policies in the Wild
This work addresses security challenges for Android device manufacturers by characterizing real-world SEAndroid policy issues, though it is incremental as it builds on existing SEAndroid frameworks.
The paper analyzed SEAndroid policies from multiple Android 5.0 Lollipop devices to identify common problems and developed SEAL, a practical tool to improve policy design and analysis.
Starting from the 5.0 Lollipop release all Android processes must be run inside confined SEAndroid access control domains. As a result, Android device manufacturers were compelled to develop SEAndroid expertise in order to create policies for their device-specific components. In this paper we analyse SEAndroid policies from a number of 5.0 Lollipop devices on the market, and identify patterns of common problems we found. We also suggest some practical tools that can improve policy design and analysis. We implemented the first of such tools, SEAL.