That document is correct. In Android 4.4, there was a focus on locking down some of the highest privileged processes in Android: installd, netd, vold, and zygote. Other security domains were in permissive, defaulting to the standard Unix security model (DAC).
AOSP master has a substantially more complete SELinux implementation. All SELinux security domains are in enforcing, and most uses of the minimally restrictive "unconfined" domain have been removed. -- Nick On Sat, Jul 26, 2014 at 8:44 AM, Tal Palant <[email protected]> wrote: > Hi, > > i found this statement in: " > http://source.android.com/devices/tech/security/se-linux.html"; > > In Android 4.3, SELinux was fully permissive. In Android 4.4, SELinux was > made enforcing for the domains for several root processes: installd, netd > , vold and zygote. *All other processes, including other services and all > apps, remain in permissive mode to allow further evaluation and prevent > failures in Android 4.4. Still, an errant application could trigger an > action in a root process that is not allowed, thereby causing the process > or the application to crash.* > > which mean that SEAndroid is not fully enabled yet, can anyone confirm > this please? > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- Nick Kralevich | Android Security | [email protected] | 650.214.4037 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
