linux security feature overview

This page will record all the security related information for fast search and study purpose.

Security

Below 3 middleware are inherited from Tizen by AGL.

• cynara:GIT
• SMACK:GIT
• security manager:GIT

LSM(Linux Security Modules):IBM/eLinux/TXT

• SMACK:SRC/TXT/OsChina
• SELINUX:SRC/TXT
• APPARMOR:SRC/TXT
• TOMOYO:SRC/TXT
• YAMA:SRC/TXT

dm_verity :: Android & Linux

Nowdays more and more features of Linux are coming from Android, such as the dm-verity which is some how part of the secure boot that gurantee the security of system during run-time. dm-verity helps prevent persistent rootkits that can hold onto root privileges and compromise devices.

• kernel/drivers/md/dm_verity.c
• android/system/core/fs_mgr/fs_mgr_verity.c
• kernel/Documentation/device-mapper/verity.txt
• csdn:Android 中的dm-verity

So for linux, whether the fs_mgr should be ported to do this job to mount the verity block by a special fs_tab with flags “verity=/dev/mmcblk0p1” for example, or use the linux tool dmsetup:veritysetup.

IMA/EVM

• src
• evmctl: README is important