[TESTING] [ALPHA] SeAndroid Rom

[x942]

SeAndroid ROM
TESTING ONLY!!!!​

WARNING ONLY USE THIS ROM FOR TESTING PURPOSES!!!!

THIS ROM IS EXTREMELY FAR FROM BEING STABLE!!!

What is SeAndroid Rom?

SeAndroid ROM is a custom AOSP 4.2.2 rom with SeAndroid patched in. SeAndroid is the android port of SeLinux. This is mainly for Developers to test and incorporate into their ROMS. It is EXTREMELY buggy at first since you have to let SeAndroid run in permisive mode for a while and ensure you get no deniels before enforcing the policies (or you WILL get crashes, bootloops etc.) This ROM's goal is to get other ROM Dev's to work on making android more secure

Info:

Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.
SE Android also refers to the reference implementation produced by the SE Android project. The current SE Android reference implementation provides a worked example of how to enable and apply SELinux at the lower layers of the Android software stack and provides a working demonstration of the value provided by SELinux in confining various root exploits and application vulnerabilities.

Features:

• Stock AOSP Base 4.2.2
• SeAndroid built in
• NO ROOT (For security)

Screen Shots:​

How can I help?

The point of this post is to get as many people on board as possible. I am hoping many users and developers can take this ROM and make it better. Some things to help with:

1. Testing different SeLinux Policies and seeing what works/doesn't
2. Testing other parts of the phone (Call's/settings/apps) - What works? Doesn't?
3. Find all bugs!!
4. A nice boot animation and wallpaper!
5. Port SeAndroid to your ROM! So we can all enjoy more secure android builds!
6. Please post any logs from when you run in SeAndroid in permissive mode so we can get this working much better with enforcing!

DOWNLOAD:

WARNING!! MAKE SURE YOU PICK THE RIGHT ZIP!!!

WARNING!! THIS MAY BRICK YOU PHONE!!!

WARNING!! I AM NOT RESPONSIBLE IF THIS BRICKS/DAMGES/etc. YOUR PHONE OR ANYTHING ELSE!!

Build HowTo:
http://selinuxproject.org/page/SEAndroid
(Sources are also on that page for both SeAndroid and AOSP)

ZIP:
https://www.dropbox.com/s/ea5s71hyph7vwl9/seandroid_test.zip ( installs OG Google Recovery too!).

Flashing Instructions
Boot your Nexus 4 into Fastboot mode with:

adb reboot bootloader

Now make sure your are bootloader unlocked:

fasboot oem unlock

flash the file:

fastboot -w update [INSERT ROM NAME FILE HERE]

 

[x942]

Reserved,

 

[x942]

Re: [DEVS ONLY] [TESTING] SeAndroid Rom

Downloads are up now!

Sent from my Nexus 4 using xda premium

 

[Paradoxxx]

Re: [DEVS ONLY] [TESTING] SeAndroid Rom

Looks interesting for development purpose.

Envoyé depuis mon Nexus 4 avec Tapatalk

 

[x942]

Looks interesting for development purpose.

Envoyé depuis mon Nexus 4 avec Tapatalk

I am hoping if enough people can use it we can get SeAndroid policies good enough to run this a daily driver.

If we can do that I will port it to a full ROM on the nexus 4 and GNex.


Sent from my Nexus 4 using xda premium

 

[Paradoxxx]

I am hoping if enough people can use it we can get SeAndroid policies good enough to run this a daily driver.

If we can do that I will port it to a full ROM on the nexus 4 and GNex.


Sent from my Nexus 4 using xda premium

Yeah and why not adding this to every ROMs when fully working and unbugged. This may become a good addition to all ROMs

Envoyé depuis mon Nexus 4 avec Tapatalk

 

[dr.devman]

so....what does this do?

 

[x942]

Yeah and why not adding this to every ROMs when fully working and unbugged. This may become a good addition to all ROMs

Envoyé depuis mon Nexus 4 avec Tapatalk

Agreed More secure android is a great thing!

so....what does this do?

It is a custom ROM running stock 4.2.2 with SeAndroid patched in. SeAndroid is a MAC (Mandatory Access Control):

SELinux is a security enhancement to Linux which allows users and administrators more control over access control.
Access can be constrained on such variables as which users and applications can access which resources. These resources may take the form of files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications.
SELinux also adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on. SELinux allows you to specify access to many resources other than files as well, such as network resources and interprocess communication (IPC).
For more information about SELinux see the FAQ and other resources listed here.

Basically it allows the user to control what apps can access what. So for example I can say:

Chrome can access the internet and my downloads but not my photos or contacts.

And SeAndroid will prevent it from doing so. The main benefit is if malware got on the system it is VERY limited in what it can damage/steal.