# An Historical Analysis of the SEAndroid Policy Evolution

**Authors:** Bumjin Im, Ang Chen, Dan Wallach

arXiv: 1812.00920 · 2018-12-04

## TL;DR

This paper analyzes the evolution of SEAndroid policies, revealing exponential growth in complexity and highlighting challenges in understanding and managing these security rules over time.

## Contribution

It introduces a new metric for measuring policy complexity and provides a comprehensive analysis of policy evolution, including the impact of major security events.

## Key findings

- Policy complexity has grown exponentially over time.
- Major security incidents influence policy changes.
- Policy rules have become increasingly difficult to understand.

## Abstract

Android adopted SELinux's mandatory access control (MAC) mechanisms in 2013. Since then, billions of Android devices have benefited from mandatory access control security policies. These policies are expressed in a variety of rules, maintained by Google and extended by Android OEMs. Over the years, the rules have grown to be quite complex, making it challenging to properly understand or configure these policies.   In this paper, we perform a measurement study on the SEAndroid repository to understand the evolution of these policies. We propose a new metric to measure the complexity of the policy by expanding policy rules, with their abstraction features such as macros and groups, into primitive "boxes", which we then use to show that the complexity of the SEAndroid policies has been growing exponentially over time. By analyzing the Git commits, snapshot by snapshot, we are also able to analyze the "age" of policy rules, the trend of changes, and the contributor composition. We also look at hallmark events in Android's history, such as the "Stagefright" vulnerability in Android's media facilities, pointing out how these events led to changes in the MAC policies. The growing complexity of Android's mandatory policies suggests that we will eventually hit the limits of our ability to understand these policies, requiring new tools and techniques.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.00920/full.md

## Figures

19 figures with captions in the complete paper: https://tomesphere.com/paper/1812.00920/full.md

## References

53 references — full list in the complete paper: https://tomesphere.com/paper/1812.00920/full.md

---
Source: https://tomesphere.com/paper/1812.00920