September 14-15, 2017 - Los Angeles, CA
Click Here For Information & Registration
Back To Schedule
Friday, September 15 • 2:25pm - 3:10pm
SELinux in Android O: Separating Policy to Allow for Independent Updates - Daniel Cashman, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
SELinux has provided Android with a mandatory access control (MAC) system that has enabled a centralized representation of Android's security model that covers every part of the system. In Android O, project treble (https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html) presented a fundamental re-architecting of Android by separating the ownership of the core Android framework from vendor hardware implementation to enable independent updates.

This talk discusses changes to Android's SELinux infrastructure and policy maintenance to allow for such policy modularization. This includes the creation of an SELinux API and versioning scheme, the incorporation of CIL, and move to on-device policy creation, in addition to policy changes for the release.


Daniel Cashman

I am a software engineer at Google currently working on the Android Platform Security team and am one of the primary SELinux on Android maintainers. No previous conference speaking experience.

Friday September 15, 2017 2:25pm - 3:10pm PDT
Gold 4