Working with SELinux on Android

SELinux is a security feature of the Linux kernel that provides support to enforce access control security policies to enforce MAC (Mandatory Access Control).

Since Android 5.0, SELinux has been a core part of Android and is enabled by default. Developers when working on a third-party OS based on AOSP (Android Open Source Project) or developing a system application that uses privileged APIs such as OS Updater need to write appropriate security policies to ensure that the OS and apps work properly but also that it not weak which will allow security vulnerabilities.

This talk will introduce what is SELinux and how Android developers can work with it. Real-world projects will be used as examples which include a third-party OS based on AOSP (LineageOS) for a smartphone and a SystemUpdater app.