Android Security Modules

License

Copyright 2013-2014. North Carolina State University and Technische Universität Darmstadt. All rights reserved.

ASM has been open sourced for general non-commercial purposes (including research, academic, evaluation and personal use) under the BSD 3-Clause Licence (changes to the Android OS and system applications) and GPLv2 Licence (changes to the Linux kernel). By downloading or using this software, (1) you accept the terms and conditions of the aforementioned open source licenses and (2) acknowledge that commercial use could require a commercial license. For a commercial license, please contact NCSU Technology Transfer at techtransfer[at]ncsu.edu and copy contact[at]androidsecuritymodules.org.


Device support

We currently provide required changes to the mako branch of the msm and goldfish (x86) Linux/Android 3.4 kernel, so out of the box the LG Nexus 4 and the x86 emulator are supported by ASM. Porting ASM to other kernels should be straightforward.


Getting the Sourcecode

To get access to the ASM sourcecode, please send the following information to: contact[at]androidsecuritymodules.org :

Your Name
Your Affiliation
Your SSH Public Key
Intended Use: non-commercial, commercial or academic

Please note that we will publish your affiliation (e.g., your university or company) on our website once we fulfill your request. If you do not want this information to appear on our website please tell us in your request email.

We will notify you as soon as we have fulfilled your request.

Configure your ssh client. For instance:

$ cat .ssh/config
Host git.androidsecuritymodules.org
    HostName git.androidsecuritymodules.org
    IdentityFile ~/.ssh/<your private key file>

Verify that you can connect to git.androidsecuritymodules.org via ssh.

$ ssh gitolite3@git.androidsecuritymodules.org info

The public key fingerprint should be :

f8:63:55:f2:27:0b:a2:d5:cc:da:b5:6e:b5:40:76:c3 (ECDSA) or

04:21:e2:e1:74:de:1e:eb:05:bb:f3:fc:8e:64:91:d7 (DSA) or

48:2d:d9:67:5e:e8:39:74:b5:30:e3:8a:8f:58:24:93 (RSA)

Accept the key!

To build ASM, first setup an AOSP development environment as described here.

$ repo init -u https://android.googlesource.com/platform/manifest -b android-4.4_r1.2
$ repo sync

Checkout the ASM manifest:

$ git clone -b asm_project_release_r1 gitolite3@git.androidsecuritymodules.org:asm/manifests
$ mkdir .repo/local_manifests
$ cp manifests/local_manifest.xml .repo/local_manifests/

Synchronize the repository again:

$ repo sync

Building the ASM kernel

Note: Only SELinux and ASM LSM will work correctly in this kernel at this time, other LSMs will need further modifications. The patchset for multi-LSM support can be found here.

Change the “-j” parameter in the instructions to match your machine specs (nr. of jobs).

Mako (LG Nexus 4 GSM)

$ cd kernel/msm
$ ARCH=arm SUBARCH=arm CROSS_COMPILE=../../prebuilts/gcc/linux-x86/arm/arm-eabi-4.6/bin/arm-eabi- make -j8 mako_defconfig
$ ARCH=arm SUBARCH=arm CROSS_COMPILE=../../prebuilts/gcc/linux-x86/arm/arm-eabi-4.6/bin/arm-eabi- make -j8 
$ cd ../..

x86 Emulator

$ cd kernel/goldfish
$ ARCH=x86 make -j8 goldfish_defconfig
$ ARCH=x86 make -j8 
$ cd ../..

Building ASM

Replace aosp_mako-userdebug with aosp_x86-eng for the x86 emulator target. Also install the correct mako drivers if you want to build for mako (see here).

Mako (LG Nexus 4 GSM)

$ . build/envsetup.sh
$ lunch aosp_mako-userdebug
$ make -j8

x86 Emulator

$ . build/envsetup.sh
$ lunch aosp_x86-eng
$ make -j8

Running ASM on the x86 Emulator

Create an sdcard image:

$ mksdcard 512M sdcard.img

Run the emulator:

$ emulator-x86 -kernel kernel/goldfish/arch/x86/boot/bzImage -sdcard sdcard.img -wipe-data -gpu off -qemu -show-kernel -enable-kvm -usbdevice keyboard