Android 安全框架 -- 总概

先吐槽一下，那些说Android不安全的人（早期版本的确存在一些问题，比如APP权限管理太粗放，这个我会在后面的文章进行讲解），到底有没有认真了解过它的安全架构，它从低至上的安全机制难道不让人心动？

既然Android的安全框架优秀，那到底它做了些什么呢？下面这张图做了很好的解释



这张图很直观但我觉得还不够详细，我把Android的安全功能归类为

Trust binary
Runtime security
Security data storage and exchange

我自己整理了一个表格

Category	item	description	Android M status	What we need to implement
Trust binary	Secure boot	Make sure only boot image signed by Harman can be booted on our hardware device. The boot image is verified by the boot rom, is designed by OEM(TI).	depends on HW platform	Integrate SOC's secure boot support
verified boot	Verified boot guarantees the integrity of the device software starting from a hardware root of trust up to the system partition. During boot, each stage verifies the integrity and authenticity of the next stage before executing it.	Bootloader requirements and Green/Yellow/Red Boot state definition. ·         "boot_signer" tool (system/extra/verify) to append signature to the boot image ·         Adopt Linux kernel's "dm-verity" for block based partition, e.g. system, verification ·         build/tools/releasetools/build_image.py now handles overall creation of dm-verity signed filesystem images ·         build/target/product/verity.mk ·         PackageManager aware of verified boot by system/etc/permissions/android.software.verified_boot.xml	·         Verify boot and recovery partition with HW fused OEM key as well as embeded ceritication
OTA update	Secure SW update.	Propose the Redbend solution
3rd APP install	Check the signature of 3rd APP, make sure the APP is valid.	Done by Google
Runtime security	Process sandbox	Using the DAC(Discretionary Access Control) and SELinux(Mandatory Access Control) to provide a fine granular access control mechanism to enforce the concept of least privilege.	Done by Google	Add the new rules for the new files and process
APP permission		Done by Google	Prefer to provide a HMI menu to manage the APP permission dynamically
Trust execute environment	Using hardware feature to provide a isolate execute environment	Done by Google and SOC supplier	If OEM need some new feature, should develop with the SOC supplier together.
Security data storage and exchange	Full disk encryption	Full disk encryption is the process of encoding all user data on an Android device using an encrypted key. Once a device is encrypted, all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process.	Done by Google
Keystore	The availability of a trusted execution environment in a system on a chip (SoC) offers an opportunity for Android devices to provide hardware-backed, strong security services to the Android OS, to platform services, and even to third-party apps.