-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>Hello all,<br> <br> I am the GSoC student working on the SELinux project.<br>The URL for the projectpage is<br><a href="http://code.google.com/p/selinux-openmoko">http://code.google.com/p/selinux-openmoko</a> (recently ported<br>
<a href="http://fromprojects.openmoko.org">fromprojects.openmoko.org</a>) if this status report leaves you wanting<br>more. <br><br>- - - - -----------<br>Problem Area: <br>A mobile device is, by nature, a single user device. As a design<br>
consequence, many Linux based mobile devices run all processes as<br>root. Obviously, this presents an attacker with lots of opportunities<br>for privilege escalation.<br><br>Idea: <br>Design a simplified "targeted" SELinux policy to sandbox system<br>
daemons on the OpenMoko device. This policy could<br>prevent privilege escalation and improve overall security on a mobile device.<br><br>Status:<br>There are two main phases to the project. The first is porting SELinux<br>
on to the device (this will eventually become a package available<br>through opkg) and the second is developing the "targeted" policy<br>itself.<br><br>The first phase is almost complete. It has taken a lot longer than I<br>
had anticipated =)). <br>What has been completed so far:<br> - The required SELinux tools and library binaries have been<br>built (using the OpenMoko tool chain)<br> - SELinux enabled kernel is running<br> - SELinux will run on the device (it doesn't enforce the policy though)<br>
What needs to be done:<br> - there is an error relabeling the filesystem. This is<br>preventing the policy from being enforced. <br><br>As mentioned before, the second part of the project is developing and<br>testing the "targeted" policy itself. Currently, there is a bare bones<br>
targeted policy in the SVN repo which should compile correctly on the<br>device (see the wiki for installation details). The next step in<br>policy development will be adding on to this basic policy. The daemon<br>we will be focusing on is dbus. <br>
- - - - -----------------------<br><br>That about sums it up. The wiki on the project page is updated<br>regularly if you want to stay current with the status of the project. <br><br>*Hopefully* a beta build will be ready pretty soon =). I will send out<br>
an announcement when it is.<br><br>- - - Willis <br><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.6 (GNU/Linux)<br><br>iD8DBQFIboDrqCokMvr1WNARArr0AKCf22kmHxKu5/jLUsCClR7rTMc4YwCdHhNl<br>w6SdmhlaZ1yPUQ4Lqgct/MM=<br>
=4ev0<br>-----END PGP SIGNATURE-----<br><br><br>