Access to standard Android permissions are not handled by SELinux today. -- Nick
On Sat, Jul 26, 2014 at 9:28 AM, Tal Palant <[email protected]> wrote: > Thanks for the answer. > > Do you have information regrading the ability of the current SEAndroid > mode to influence the permissions given to applications? > > Can the current SEAndroid mode block permissions given to applications > during installation? > > > On Saturday, July 26, 2014 7:24:10 PM UTC+3, nnk wrote: > >> That document is correct. In Android 4.4, there was a focus on locking >> down some of the highest privileged processes in Android: installd, netd, >> vold, and zygote. Other security domains were in permissive, defaulting to >> the standard Unix security model (DAC). >> >> AOSP master has a substantially more complete SELinux implementation. All >> SELinux security domains are in enforcing, and most uses of the minimally >> restrictive "unconfined" domain have been removed. >> >> -- Nick >> >> >> On Sat, Jul 26, 2014 at 8:44 AM, Tal Palant <[email protected]> wrote: >> >>> Hi, >>> >>> i found this statement in: "http://source.android.com/ >>> devices/tech/security/se-linux.html" >>> >>> In Android 4.3, SELinux was fully permissive. In Android 4.4, SELinux >>> was made enforcing for the domains for several root processes: installd >>> , netd, vold and zygote. *All other processes, including other services >>> and all apps, remain in permissive mode to allow further evaluation and >>> prevent failures in Android 4.4. Still, an errant application could trigger >>> an action in a root process that is not allowed, thereby causing the >>> process or the application to crash.* >>> >>> which mean that SEAndroid is not fully enabled yet, can anyone confirm >>> this please? >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Android Security Discussions" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> >>> Visit this group at http://groups.google.com/ >>> group/android-security-discuss. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Nick Kralevich | Android Security | [email protected] | 650.214.4037 >> > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- Nick Kralevich | Android Security | [email protected] | 650.214.4037 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
