On Sat, Mar 3, 2012 at 10:22 PM, <[email protected]> wrote: > On Sat, 03 Mar 2012 22:04:07 EST, Jeffrey Walton said: >> Will there be an NSA sponsored Market so folks can get hardened apps? >> Anything that adds finer grain permissions for applications is a > > NSA already gave us SELinux. Yes, and a port of android to SE Android ,too.
It appears the coarse grained permissions still plague SE Android (from reading the slides at http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf). I see the slides point out "[Current Android suffers] limited granularity, coarse-grained privilege." But I don't see where SE Android corrected it. For example, it appears PHONE_READ_STATE still encompasses reading a username, device serial number, IMEI, SIM ID, call state, incoming calling number, etc. It would have been nice if permissions were fixed (ie, finer granularity), and see a Market which used the improved permissions. Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
