Pretty cool: an alpha image of Android 4.2 from the leaked LG Nexus device includes SELinux. “According to the layout xml, SELinux will have a status readout tacked-on to the current About Phone screen. It will now list ‘SELinux Status’ at the very bottom, right under ‘Kernel version’ and ‘Build Number’. If you’re wondering why there are 3 options and not just ‘on’ and ‘off’, ‘Permissive’ is a logging mode, which will tell you when it would have blocked something, but won’t actually block things. The other key piece of information to get from the string file is that this is an optional mode, don’t go around saying that Google is shutting down root functionality or anything. This is for security conscious enterprise and government-types and probably won’t be enabled on consumer phones.”
As long as keeping control of your own device can be implemented in a manner that’s as widely-implemented as the non-market APKs toggle, I’d welcome SELinux on end-user Android phones.
Maybe we can finally get general opinion of SELinux turned around by first building an ecosystem of tools, tutorials, and developers on a platform already used to permission-based whitelisting.
(Not to mention, SELinux would complement Android permissions well. From what I remember, they’re less granular than SELinux in the areas SELinux is designed to deal with.)
Either way, we definitely need more SELinux adoption. Whitelist-based security is the most powerful part of firewalling and something similar for code execution in non-toy applications is long overdue.
Edited 2012-10-18 03:31 UTC
I was going to comment in the Ubuntu donations article from 8 days ago but it is now archived and I can’t comment
I also don’t like how I can’t upvote stuff in a thread I decided to comment in. Just because I decided to make my own comment doesn’t mean other people don’t also have valid points worth an upvote.
It’s to stop people voting up or down things that agree or disagree with them. We all like to think everyone is even handed, but it’s not true.
Same, but I accept their decision. I usually skim the comments, vote for any, and then comment.
Despite Tom’s disclaimer I still thing at least LG is eventually determined to block root. I doubt that’d be a Google decision, though it certainly could be.