Wallach, Dan Seth2019-05-172019-05-172018-052018-05-29May 2018Im, Bumjin. "An Historical Analysis of SE Android Policy." (2018) Master’s Thesis, Rice University. <a href="https://hdl.handle.net/1911/105603">https://hdl.handle.net/1911/105603</a>.https://hdl.handle.net/1911/105603Android adopted SELinux’s mandatory access control mechanisms in 2013, and since then billions of Android devices are now benefiting from MAC security policies, enforced in the OS kernel. Initially, Android took a gentle approach, with a large number of resources “unconfined”, but the policies are now quite detailed and comprehensive. This paper presents a historical analysis of the MAC security policies enforced by Android, based on years of Git commits in the Android Open Source Project (AOSP). We quantify the complexity of how these policies have evolved over time. In particular, SELinux allows for policies to be expressed as macros, where one policy “rule” may apply to a large number of system objects. We can similarly measure how many rules touch a given system object. Both measures have been creeping steadily upward over the years, suggesting that these measures are a good proxy for “complexity”; reducing this complexity should be a long-term Android engineering goal. We additionally discuss specific hallmarks in Android history, such as the “Stagefright” vulnerability in Android’s media facilities, and the rollout of time-of-use vs. time-of-install permission checks, pointing out how these hallmarks led to changes in the MAC policies.application/pdfengCopyright is held by the author, unless otherwise indicated. Permission to reuse, publish, or reproduce the work beyond the bounds of fair use or other exemptions to copyright law must be obtained from the copyright holder.AndroidSELinuxSEAndroidSecurityAccess ControlThesis2019-05-17