The Tizen Security Policy May Work For You, But What … Tizen Isn’t Android • Android • Apps identified by UID • Intent based IPC • SELinux retrofit • Tizen • Users

The Tizen Security Policy May

Work For You, But What About

Me?

Casey Schaufler

Intel

2

Wait … That’s Not Ryan!

• Casey Schaufler

• Tizen Security Architect

• Kernel Developer 1979

• Smack LSM 2008

3

What Is The Tizen Security Policy?

• It’s amazing how few people ask!

• Applications have a policy

• The platform has a policy

• Today’s talk is about the platform

4

Tizen Isn’t Android

• Android

• Apps identified by UID

• Intent based IPC

• SELinux retrofit

• Tizen

• Users identified by UID

• Socket based IPC

• Smack from inception

5

Tizen Isn’t Windows Phone, Either

• Windows

• Access controls on APIs

• DLL based services

• Proprietary implementation

• Tizen

• Access controls in system calls

• Process based services

• Community open source

6

Nor Is Tizen A Linux Distribution

• Distributions

• Complete end user control

• Unconstrained network access

• Generic use model

• Tizen

• Vendor configuration control

• Control over network access

• Configured to specific purposes

7

Well, What Is Tizen?

• Collection of packages

• Configured for specific profiles

• UDS based services

8

And Tizen Security?

• Security domains

• Simple separation

• Enforced by Smack

9

Why Does My Program Break?

• No access to another domain

• Reading files

• Writing files

• Sending messages

10

But I’m Using The API Correctly!

• APIs hide details from you

• Those details can matter for security

• Sometimes APIs do questionable things

11

Case In Point: Vconf

• Looks like configuration manager

• Pile of code on top of files

• File access rules apply

12

To Further Complicate Things

• Sockets have access controls

• Need permission to talk at all

• Many APIs hide communications

13

So, What Do I Do?

• Understand Smack Policy

• Know what your APIs do

• Consider Security Before you code

14

Smack Policy - Briefly

• No access between domains

• Smack rules make exceptions

• No global sharing

15

Smack Rules

• Me You rx

• Me You::Share rwxat

• Me Service w

• Service Me w

16

Who Are You Sharing With?

• Identify the objects you use

• Find out how you access them

• You can

• Join a domain

• Create Smack rules

• Do things differently

17

Know Your APIs

• Read the internals documentation

• Run using strace

• Ask someone

• Don’t assume the API knows what

it is doing

18

Sorry, but …

• No magic wand

“You

security

people are

insane!”

Documents

The Tizen Security Policy May Work For You, But What … Tizen Isn’t Android • Android • Apps identified by UID • Intent based IPC • SELinux retrofit • Tizen • Users