Since its early release days, Android OS has been known for its lacking a secure build towards security vulnerability, but as days went by Google incorporated better security measures into the OS and created a better and safe eco-system.
But when it comes to using Android for its own use, National Security Agency (NSA) decided not to take chances with the OS and thus has released its first “security enhanced” version of the OS. Using this custom build, users can create their own custom ROM thus enhancing the security.
The custom build brings in the following features and enhancements:
- Per-file security labeling support for yaffs2,
- Filesystem images (yaffs2 and ext4) labeled at build time,
- Kernel permission checks controlling Binder IPC,
- Labeling of service sockets and socket files created by init,
- Labeling of device nodes created by ueventd,
- Flexible, configurable labeling of apps and app data directories,
- Userspace permission checks controlling use of the Zygote socket commands,
- Minimal port of SELinux userspace,
- SELinux support for the Android toolbox,
- Small TE policy written from scratch for Android,
- Confined domains for system services and apps,
- Use of MLS categories to isolate apps