Introducing “Android Security Internals” training and courseware

Karim Yaghmour

As part of our work assisting customers putting Android in all sorts of embedded devices we’ve always had requests for information regarding the intricacies of Android’s security. In Android’s early days the story was fairly simple: Linux filesystem permissions. Over the years, however, Android’s security has become far more complicated, especially with the introduction of SELinux/SEAndroid.

Last year we spent some time doing a fairly thorough survey of Android’s security mechanisms and putting together a class around that topic, and we’re making it available today under CC-BY-SA — just click on courseware:
https://www.opersys.com/training/android-security-internals/

There are over 300 slides covering topics such as secure boot, TrustZone, SEAndroid/SELinux, FDE/FBE, OTAs and securing ADB. There’s an important emphasis on SEAndroid/SELinux with about 125 slides and a good chunk of the exercises on the topic. Understanding and creating SEAndroid/SELinux policies has been one of the biggest pain points for platform developers over the years. The courseware’s thorough coverage of this topic should lower the barrier to entry for getting productive work done.

This material has already been used a few times, so it should be quite “robust”, but comments/suggestions are encouraged. Obviously as updates/additions are made, we’ll publish them back at the same spot.