Security
AOSP Security Hardening & SELinux
I focus on realistic hardening for embedded devices: narrowing attack surface, tightening SELinux policy, and documenting why changes were made. The goal is fewer surprises in the field, not theoretical perfection.
I reply within 24h.
What I do
- Review SELinux policy, audit denials, and reduce noisy domains.
- Harden privileged services, native daemons, and system apps.
- Limit exposed components and tighten permission boundaries.
- Design mitigation plans with measurable checkpoints.
What you provide
- Repo access or source snapshots (AOSP + vendor trees).
- Repro steps, logs, and any existing security requirements.
- Test devices or a reliable lab environment.
Deliverables
- Patch series with clear commit messages and rationale.
- Updated policy, allowlists, and documentation.
- Risk register or mitigation checklist for your team.
Typical timelines
- Audit + quick wins: 1–2 weeks.
- Policy cleanup + deeper hardening: 3–6 weeks.
- Ongoing support: retainer or monthly check-ins.
Boundaries
I am not a certification lab. I can help with test readiness and failure triage where applicable, but certification remains with your team and your accredited partners.