In an earlier post on open-source defense, I talked briefly about SELinux, a version of the Linux operating system modified for greater security by the US National Security Agency [NSA]. Recently, the NSA has expressed an interest in developing a more secure smart phone, and has now announced the release of SEAndroid, a set of modifications for the Android mobile operating system, analogous to SELinux. Android is a Linux-based system, produced by the Open Handset Alliance, led by Google.
As the project page for SEAndroid points out, the work builds on already-existing SELinux facilities.
Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps.
Going forward, the project will develop additional Android-specific capabilities. SEAndroid is available in source code. Th eproject page has access instructions, as well as information on the public SEAndroid mailing list.