For those of you who don't know, SELinux is a collection of administrative tools on Linux OS'. However, what is it for on android, and what does it do on android? After all, Android is not Linux.
SELinux contributes to part of the Android OS. Its two modes, 'Permissive' and 'enforcing' can have a huge impact on the versatility of Root usage.
Answer
The purpose of SElinux is for security and explained by the Android site:
As part of the Android security model, Android uses SELinux to enforce mandatory access control (MAC) over all processes, even processes running with root/superuser privileges (a.k.a. Linux capabilities). SELinux enhances Android security by confining privileged processes and automating security policy creation.
Then in the background section it goes on to explain the two modes permissive and enforcing are:
SELinux operates on the ethos of default denial. Anything that is not explicitly allowed is denied. SELinux can operate in one of two global modes: permissive mode, in which permission denials are logged but not enforced, and enforcing mode, in which denials are both logged and enforced. SELinux also supports a per-domain permissive mode in which specific domains (processes) can be made permissive while placing the rest of the system in global enforcing mode. A domain is simply a label identifying a process or set of processes in the security policy, where all processes labeled with the same domain are treated identically by the security policy. Per-domain permissive mode enables incremental application of SELinux to an ever-increasing portion of the system. Per-domain permissive mode also enables policy development for new services while keeping the rest of the system enforcing.
No comments:
Post a Comment