android系统上权限提升的安全增强框架

ndroid security system based on discretionary access control mechanism of traditional Unix systems, leverage it for the sandbox isolation between applications. However, there are inherent shortcoming of this mechanism that it is not enough to deal with today's wide range of security threats. A lot of work trying to extend security mechanisms of Android, but has not been officially accepted. SELinux is a mandatory access control mechanism, which has now been integrated in the source code of Android. This paper presents a framework based on SELinux for securiting privilege escalation, it guarantee privileged applications run only on a limit set of known operation, then framework has been validated and the results are given, finally the future work has been pointed out.