Android 4.3 [LWN.net]

Android 4.3

Posted Jul 24, 2013 18:14 UTC (Wed) by hpro (subscriber, #74751)
Parent article: Android 4.3

But full SELinux MAC is noteworthy. But maybe someone with better understanding than me will explain that it does not really change anything?

Android 4.3

Posted Jul 24, 2013 19:40 UTC (Wed) by arjan (subscriber, #36785) [Link] (2 responses)

if they use SELinux in enforcing mode, the primary thing it will give is that malware from the store will have a harder time breaching their permission boundaries.

Against exploits... SELinux is not really designed to stop those (it may however stop a successful exploit from escalating further if the stars align).

Android 4.3

Posted Jul 24, 2013 19:47 UTC (Wed) by mr_bean (subscriber, #5398) [Link] (1 responses)

If they use SELinux in enforcing mode rooting the phone might get you precisely diddly squat.

Android 4.3

Posted Jul 24, 2013 23:26 UTC (Wed) by spender (guest, #23067) [Link]

Apparently the false view has been repeated so much by those with authority that even if the proper place of SELinux is now mentioned by higher-ups (Arjan here above), the ignorance stubbornly remains pervasive (as evidenced by the parent comment).

http://www.youtube.com/watch?v=WI0FXZUsLuI
http://www.youtube.com/watch?v=llqxbMgIztk

-Brad

Android 4.3

Posted Jul 24, 2013 23:41 UTC (Wed) by marcH (subscriber, #57642) [Link]

> But maybe someone with better understanding than me will explain that it does not really change anything?

I think SELinux changes everything. It's:

1. So fine-grained that it's extremely complicated to configure == impossible for mere mortals to configure correctly or even just audit
2. Designed by the NSA

Reach your own conclusion!

Android 4.3

Posted Jul 27, 2013 1:17 UTC (Sat) by jonabbey (guest, #2736) [Link]

Running 'getenforce' on an Android 4.3 system with an adb shell shows that SELinux is not configured to run in enforcing mode.