To investigate the status quo of SEAndroid policy customization, we propose SEPAL, a universal tool to automatically retrieve and examine the customized policy rules. SEPAL applies the NLP technique and employs and trains a wide&deep model to quickly and precisely predict whether one rule is unregulated or not.Our evaluation shows SEPAL is effective, practical and scalable. We verify SEPAL outperforms the state of the art approach (i.e., EASEAndroid) by 15% accuracy rate on average. In our experiments, SEPAL successfully identifies 7,111 unregulated policy rules with a low false positive rate from 595,236 customized rules (extracted from 774 Android firmware images of 72 manufacturers). We further discover the policy customization problem is getting worse in newer Android versions (e.g., around 8% for Android 7 and nearly 20% for Android 9), even though more and more efforts are made. Then, we conduct a deep study and discuss why the unregulated rules are introduced and how they can compromise user devices. Last, we report some unregulated rules to seven vendors and so far four of them confirm our findings.

中文翻译：

---

SEPAL：进行SEAndroid策略自定义的大规模分析

为了调查SEAndroid策略自定义的现状，我们建议使用SEPAL，这是一种自动检索和检查自定义策略规则的通用工具。SEPAL应用了NLP技术，并采用并训练了一个广泛而深入的模型来快速准确地预测一个规则是否不受管制。我们的评估表明SEPAL是有效，实用和可扩展的。我们验证SEPAL的平均准确率要比最新方法（即EASEAndroid）好15％。在我们的实验中，SEPAL从595,236个自定义规则（从72个制造商的774个Android固件映像中提取）成功识别了7,111个误报率低的不受管制的策略规则。我们进一步发现，政策定制问题在较新的Android版本中变得越来越严重（例如，Android 7约为8％，Android 9接近20％），即使付出了越来越多的努力。然后，我们进行了深入的研究，并讨论了为什么引入不受管制的规则以及它们如何危害用户设备。最后，我们向7个供应商报告了一些不受管制的规则，到目前为止，其中4个证实了我们的发现。