On 10/13/2016 11:20 AM, Eduardo Aguirre wrote:
> Do you know why the MMAC mechanisms proposed in SEAndroid weren't
> adopted?  I have also heard of something called "Intent firewall" that
> has not been integrated to Android(as far as I know).

Not entirely sure why (we didn't get feedback), but recent versions of
Android do incorporate a runtime permissions model (built on top of
AppOps) and also include various enterprise-focused features.

Last I looked, Intent Firewall was still part of Android, but not
something that can be configured by anyone other than the OEM (aside
from using custom ROMs).  Some information about Intent Firewall is
available here:

> El jue., 13 oct. 2016 a las 10:00, Stephen Smalley (<s...@tycho.nsa.gov
> <mailto:s...@tycho.nsa.gov>>) escribió:
>     On 10/13/2016 10:33 AM, Eduardo Aguirre wrote:
>     > Could a policy in SEAndroid ensure confidentality and privacy?:
>     >
>     > Restrict emails to some domains, restrict messages from some contacts,
>     > or even modify some rules when location changes?
>     >
>     > I think nothing like this has been implemented, but I also think that
>     > SEAndroid could be used to do something like that (maybe some
>     > modifications are needed?)
>     The concepts you are describing would be implemented at the middleware
>     or, in some cases, even the application layer.  While the SE for Android
>     project did experiment with several middleware mandatory access control
>     mechanisms (MMAC), none of those were ever adopted into the Android Open
>     Source Project; only the SELinux support was.

Seandroid-list mailing list
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 

Reply via email to