On 11/27/2013 06:22 AM, Hanks Wang wrote: > Hi Stephen and SEAndroiders, > > It's quite clear that involving SELinux in Android is a wise choice. I know > seandroiders' great effort for this. May I ask a liberty questions, which > is if using polkit in the android system, whether SEAndroid is necessary > and what will happened? > > Developers could make polkit embeded in the middle-ware layer in the > android system, which could determine wether a application could use system > services or not. We could set the authority for each application to allow > or deny it's accessing the system services. > >>From your security experts side, does the above idea has any security flaw?
I'm not aware of any plan to integrate polkit into Android. You might be interested in our middleware MAC extensions, see: http://selinuxproject.org/page/SEforAndroid#Middleware_MAC Regardless, you would still want SELinux at the kernel layer in order to address security concerns at that level and to ensure that the middleware security mechanisms (no matter what underlying policy engine they use) are protected against tampering and bypass. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
