SELint: an SEAndroid policy analysis tool
Elena Reshetova, Filippo Bonazzi, N. Asokan
TL;DR
SELint is a customizable tool designed to assist Android OEMs in creating more accurate and efficient SEAndroid policies, addressing the shortcomings of existing tools and reducing policy mistakes.
Contribution
The paper introduces SELint, an extensible and configurable tool that improves SEAndroid policy analysis for OEMs, with a default setup based on AOSP policies.
Findings
SELint helps identify mistakes and redundancies in SEAndroid policies.
It is customizable for different OEM needs.
Provides a default configuration based on AOSP policies.
Abstract
SEAndroid enforcement is now mandatory for Android devices. In order to provide the desired level of security for their products, Android OEMs need to be able to minimize their mistakes in writing SEAndroid policies. However, existing SEAndroid and SELinux tools are not very useful for this purpose. It has been shown that SEAndroid policies found in commercially available devices for multiple manufacturers contain mistakes and redundancies. In this paper we present a new tool, SELint, which aims to help OEMs to produce better SEAndroid policies. SELint is extensible and configurable to suit the needs of different OEMs. It is provided with a default configuration based on the AOSP SEAndroid policy, but can be customized by OEMs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.