SELinux coming to CyanogenMod

by: Rob TriggsJuly 15, 2013
Shop ▾
32 21 99

CyanogenMod logo

Continuing its recent commitments to patching up various security flaws with Android, CyanogenMod is currently testing out its implementation of SE Linux with its custom version of Android. A picture of CyanogenMod running the SELinux patch was posted up by Ricardo Cerqueira at the end of last week, which you can check out below.

What is SE Linux?

SELinux is short for Security Enhanced Linux, and works on the premise of mandatory access controls (MAC) in order to manage administrator privies, rather than the root permissions that some of you may be familiar with. SELinxu is a set of kernel modifications which can be added to a Linux distribution, such as Android, in order to improve security.

SELinux CyanogenMod

CyanogenMod’s SELinux implementation is still in testing at the moment.

This aims to separate enforcement of security decisions from the security policy itself, confining programs and other processes to the minimum amount of privilege that they require to do their jobs, thereby preventing any security bypasses and limiting the potential damage caused by a rouge program. Even if you install a malicious app, it won’t be able to access any other parts of your system or alter any administrator privileges.

SELinux was originally created by the National Security Agency as an example of how mandatory access controls could work with Linux, and was released to the open source community back at the end of 2000. Since then it’s been implemented into various Linux distributions in an effort to improve system security.

NSA? Break out the tinfoil hats

The recent NSA spying scandal is sure to put some people off from SE Linux, but remember that the NSA is equally as interested in securing data from prying eyes as it is in gathering intelligence. As Bogdan Petrovan already discussed regarding the relationship between the NSA and Android, being open-source, thousands of programmers have had the opportunity to go over the code, so it’s unlikely that anything remains hidden. Besides, the project has long been out of the NSA’s hands anyway.

The NSA is a longtime contributor to Linux security projects, including Security Enhanced Android

It’s also worth remembering that MAC wasn’t even invented by the NSA – the government agency simply showed how the feature could be used on Linux. There’s no evidence to suggest that the NSA was interested in spying on a small selection of Linux users; instead the project was designed to protect its own projects which used Linux.

In summary, it’s a promising new feature being worked on by a development team which has proven its commitment to user security in many of its recent projects. It’s still a work in progress, so don’t expect any nightly builds to show up quite yet, but I will certainly be updating if/when this update goes live.

  • levin

    does this SE Linux have good support for encrypted storage, on both internal & extended (sdcard) ?

  • MasterMuffin

    Android manufacturers should take example from CM team, these guys just never stop working to bring more awesome stuff (that’s not gimmick)

  • Ravi Vaishya

    CM team rocks…SELinux after privacy guard…Pretty impressive. Thank you so much.

  • Cylon Centurion

    It’s already live in some of the commits… Kerberos Auth and SEPolicy, it has been for quite a while, I can deduce in summery you don’t have the latest commit because you are not running android 4.2.2 if you where then you would have also noticed the Encryption option to encrypt your android device and it’s removable media with AES-256

  • patlecat

    It’s a bit naive to use any NSA technology nowadays unless you are a professional cryptographer and know what you’re doing…and I think Cyanogenmod hasn’t any of them.