> For the complete documentation index, see [llms.txt](https://sec88.0x88.online/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sec88.0x88.online/android-appsec/android-app-fundamentals/android-security-model.md).

# Android Security Model

### 1. Linux Security Models (DAC - Discretionary Access Control)

**DAC (Discretionary Access Control)** is a security model where each system object (files, processes, etc.) has an owner, and the owner has discretion over who is granted access to the object. The access control decisions are at the discretion of the object's owner. In the context of Android, this model is implemented in the Linux kernel, forming the foundation of Android's security.

<figure><img src="/files/qk5iaGp60oS5FYByWVhP" alt=""><figcaption><p>DAC Linex Security</p></figcaption></figure>

### 2. SELinux Security Model (MAC - Mandatory Access Control)

**MAC (Mandatory Access Control)** is a security model where access permissions are set by a central authority, typically the operating system or a security policy. **SELinux (Security-Enhanced Linux)** is an implementation of MAC on the Linux kernel, providing an additional layer of security on top of DAC.

<figure><img src="/files/prFeIh2kUsNpQ8wHBE4K" alt=""><figcaption><p>SELinux for every file</p></figcaption></figure>

* **Principle: Default Denied:**
  * In SELinux, the default principle is to deny access unless explicitly allowed. This ensures a more secure environment by minimizing the potential for unintended access.
* **SELinux History:**
  * Versions 4.2.2 and below didn't support SELinux.
  * Version 4.3 supported SELinux but with the status "Permissive."
  * Versions 5.0 and up support SELinux with the status "Enforce."
* **SELinux States:**
  * **Enforce:** Enforcing SELinux policies, denying any actions that violate the set policies.
  * **Permissive:** Logging violations but not enforcing them, allowing for policy testing without blocking actions.
  * **Disabled:** SELinux is turned off, and no security policies are applied.
* **SELinux Types:**
  * **Default:** Basic SELinux security model.
  * **MLS (Multi-Level Security):** Allows different levels of access to different users.
  * **SRC (Strict/Role-Based Access Control):** Users have roles, and access is defined based on roles.
* **Who Can Set SELinux?:**
  * Identification of entities with the authority to configure SELinux. Typically, system administrators or users with specific privileges or the Android Phone Company Engineers.
* **How to Get SELinux State (Android - Linux):**
  * `getenforce`: Getting the SELinux status.
  * `setenforce 0`: Change the status permanently to permissive.

### Permissions for system apps

Every permission has a protection level (`android:protectionlevel`), which is a combination of one required protection (`PermissionInfo.getProtection()`) and multiple optional protection flags (`PermissionInfo.getProtectionFlags()`).

#### Permission protection level

* [`normal`](https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/permission/Permissions.md#requesting-a-permission): The permission will be granted to apps requesting it in their manifest.
  * Vibrate, ACCESS\_NETWORK\_STATE
* [`dangerous`](https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/permission/Permissions.md#runtime-permissions): The permission will be a runtime permission.
  * Gallery, Contacts, Camera, GPS
* [`signature`](https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/permission/Permissions.md#signature-permissions): The permission will be granted to apps being signed with the same certificate as the app defining the permission. If the permission is a platform permission, it means those apps need to be platform-signed.
* `signatureORsystem` - > (deprecatedin API 23)
* `internal`: This is a no-op protection so that it won't allow granting the permission by itself. However, it will be useful when defining permissions that should only be granted according to its protection flags, e.g. `internal|role` for a role-only permission.<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sec88.0x88.online/android-appsec/android-app-fundamentals/android-security-model.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.