On Tue, Jun 5, 2012 at 10:02 PM, jinghua sima <[email protected]> wrote: > I recently read about the “ Android security Overview” and would like > to know the plan for the future version about it. As we all > know,android is become the most important mobile platform for all > kinds of devices. When the security problem is become serious .now we > can find out same solution for enable android security such as > SEAndroid that maintained with NSA and claimed to will open source > SEAndroid for AOSP.so I will want to know how and when the SEAndroid > porting into the AOSP. Join the SE Android milling list: http://selinuxproject.org/page/SEAndroid.
I like the mandatory labels and policy based authorizations, but don't drink the kool-aide. The project is full of CompSci 101 mistakes. I know the project does not fix some mistakes when brought to their attention. At least three cases of possible silent truncations when using snprintf all went unfixed. I know they exist because I reviewed the patch and provided the feedback. There projects' use of global variables makes some stuff unsuitable for multithreaded environments (if the module can be loaded from user land); and the project suffers from TOCTOUs (see Matt Bishop's paper circa 1997). So you have application and architectural defects. And no public archive of the mailing list (that I am aware). Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
