Section outline

• Select section Module 1: SELinux Theory (3.5 hours)

  Module 1: SELinux Theory (3.5 hours)

  Collapse all Expand all

  • What is SELinux, MAC, and DAC?
  • SELinux history and evolution.
  • Core policies: MLS, TE, RBAC, UBAC.
  • How SELinux works: LSM hooks.
  • SELinux Labels and Policies: Domains, Types, Attributes.
  • Classes and Permissions.
  • Understanding AVC Denials and policy enforcement.
  • SELinux Macros:
    • File permissions
    • Socket permissions
    • Type enforcement
  • SELinux Tools: audit2allow, sepolicy-analyze.
• Select section Module 2: SELinux Hands-On Practice (3.5 hours)

  Module 2: SELinux Hands-On Practice (3.5 hours)

  • Enforcing vs. Permissive modes.
  • Labeling:
    • New files and devices
    • Services and native daemons
  • Creating and defining:
    • New SELinux Types
    • New SELinux Rules for HALs, System Services, and Apps.
  • Modifying existing policies.
  • Reading AVC Denials and resolving them.
• Select section Module 3: Advanced SELinux Concepts (3.5 hours)

  Module 3: Advanced SELinux Concepts (3.5 hours)

  • SELinux in Android OS
  • SELinux Compatibility Testing (CTS)
  • System Properties and Vendor Init
  • Treble Changes and SELinux
  • System_ext and Product Sepolicy
  • Policy Compatibility and Maintenance
  • Qualcomm Sepolicy Overview
  • Best Practices and Common Mistakes