> There might be an oppy to use selinux to make android more impervious to > malware in general (departing from the app-based discussion for a moment). > With selinux you can lock down the rights of every daemon to do only what it > explicitly needs to do in order to function. So an exploit in one daemon > doesn't equate to the hacker getting the full rights & permissions of the > user running the daemon. Even for programs running as root!
Thought experiment: pick any recent Android malware, and explain how standard security mechanisms could not have stopped it and how SELinux could have. -- http://noncombatant.org/ "These days, though, you have to be pretty technical before you can even aspire to crudeness." — William Gibson -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.