The U.S. government's National Security Agency (NSA) has created and released a hardened version of Google's Android, a move aimed at sealing "critical gaps in the security" of the mobile operating system.
The project, called Security Enhanced (SE) Android, uses SELinux to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps, according to documentation released by the NSA.
- Per-file security labeling support for yaffs2,
- Filesystem images (yaffs2 and ext4) labeled at build time,
- Kernel permission checks controlling Binder IPC,
- Labeling of service sockets and socket files created by init,
- Labeling of device nodes created by ueventd,
- Flexible, configurable labeling of apps and app data directories,
- Userspace permission checks controlling use of the Zygote socket commands,
- Minimal port of SELinux userspace,
- SELinux support for the Android toolbox,
- Small TE policy written from scratch for Android,
- Confined domains for system services and apps,
- Use of MLS categories to isolate apps.
More information on the goals of SE Android can be found in these presentation slides [pdf].