ANDROID 4.3 + SEAndroid + SELinux
Features:
Hi all, as the name implies... a ROM based on Android 4.3 with the new feature SEAndroid really enabled...
What is SE for Android?
SEAndroid is a project to identify and address critical gaps in the security of Android. Initially, the project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the project is not limited to SELinux.
SE for Android also refers to the reference implementation produced by the project. The current reference implementation provides a worked example of how to enable and apply SELinux at the lower layers of the Android software stack and provides a working demonstration of the value provided by SELinux in confining various root exploits and application vulnerabilities.
How to flash the ROM
Before to flash the rom there is the need to fromat the internal storage:
N.B. Before to perform these commands (that will erase all the data in your device), make a Nandroid backup with a recovery.
Now you are ready to flash the device
Wait for the process to complete.
How to use it
By default SEAndroid is set in “Permissive mode”, before to set in “Enforce mode” make sure you don't have any residual denials to address in your policy. To check type this command:
If everything is ok, then to set enforcing mode at runtime type:
check
You will see "Enforcing"... enjoy :)
references:
http://selinuxproject.org/page/SEAndroid
http://source.android.com/source/building.html
Features:
- SELinux (kernel 3.1.10-gdacad36)
- SEAndroid
- All updated to 07/31/2013
- MD5: c1df52bead26b49dfaa7851706804084
Hi all, as the name implies... a ROM based on Android 4.3 with the new feature SEAndroid really enabled...
What is SE for Android?
SEAndroid is a project to identify and address critical gaps in the security of Android. Initially, the project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the project is not limited to SELinux.
SE for Android also refers to the reference implementation produced by the project. The current reference implementation provides a worked example of how to enable and apply SELinux at the lower layers of the Android software stack and provides a working demonstration of the value provided by SELinux in confining various root exploits and application vulnerabilities.
How to flash the ROM
Before to flash the rom there is the need to fromat the internal storage:
N.B. Before to perform these commands (that will erase all the data in your device), make a Nandroid backup with a recovery.
Code:
fastboot format cacheCode:
fastboot format userdata- Download the zip (here)
- Extract it
- go to the folder
- from shell type: chmod a+x flash-all.sh
- boot the device in bootloader mode (adb reboot bootloader)
- from shell type: ./flash-all.sh
Wait for the process to complete.
How to use it
By default SEAndroid is set in “Permissive mode”, before to set in “Enforce mode” make sure you don't have any residual denials to address in your policy. To check type this command:
Code:
adb shell su 0 dmesg | grep avcCode:
adb shell su 0 setenforce 1Code:
adb shell su 0 getenforceany feedback is fully appreciated
please hit thanks
references:
http://selinuxproject.org/page/SEAndroid
http://source.android.com/source/building.html