SELinux on Android

Posted Sep 1, 2014 14:44 UTC (Mon) by raven667 (subscriber, #5198)
In reply to: SELinux on Android by brugolsky
Parent article: SELinux on Android

> I'm willing to trade some battery life for better protection against 0days

You are probably in a tiny minority with that opinion, battery life is a sell-able feature on phones and anything which reduces it is going to be perceived as a negative, you will get beaten up in the marketplace by the vendor without security but one more hour of battery life.

I too would love better protections by default but as you can see from the trends of past history only a small fraction are willing to pay any performance cost for security, those people are the current grsecurity customer base 8-)

to post comments

SELinux on Android

Posted Sep 1, 2014 16:11 UTC (Mon) by spender (guest, #23067) [Link]

Yes, because it seems Samsung and other vendors who have adopted SELinux with its marginal benefit and 10% performance hit are being pummeled in the market. With users reporting KNOX using up to 62% of their battery (http://forums.androidcentral.com/samsung-safe-knox/326105..., http://forums.androidcentral.com/samsung-safe-knox/304515..., http://forums.androidcentral.com/samsung-galaxy-note-2/35..., etc) Or the ones that have taken on the performance hit of SSP on ARM with its nonexistent security benefit.

In fact, we just got an email within the past hour from a company that's enabled basically all grsecurity features from https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecur... on a system processing ~50 emails a second through anti-virus and anti-spam at only a 14% performance hit. The kernel they were running had full memory sanitization on free enabled, which caught a use-after-free bug in the upstream netfilter code.

I'm leaning towards you being the small fraction, and this just being one big straw man.

-Brad