diff options
author | Nick Kralevich <nnk@google.com> | 2013-05-07 16:26:50 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2013-05-07 16:29:23 -0700 |
commit | 33d8cd656a09badbd732a836351c1d301823b061 (patch) | |
tree | 1cd90305eed7b394d3e2363ba920132e375a360c /src/devices/tech | |
parent | da9bef3fc20bd5a19bfba4af29c1847345d96c05 (diff) | |
download | source.android.com-33d8cd656a09badbd732a836351c1d301823b061.tar.gz |
security: update SELinux section.
Bug: 8776692
Change-Id: Id6d4ed1ef701202d68d8066df7b001f5fff983c7
Diffstat (limited to 'src/devices/tech')
-rw-r--r-- | src/devices/tech/security/enhancements43.jd | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/devices/tech/security/enhancements43.jd b/src/devices/tech/security/enhancements43.jd index 4ecae12b..277e010a 100644 --- a/src/devices/tech/security/enhancements43.jd +++ b/src/devices/tech/security/enhancements43.jd @@ -9,11 +9,13 @@ in Android 4.3: <ul> <li><strong>Android sandbox reinforced with SELinux.</strong> - Android now uses SELinux, - a mandatory access control (MAC) system in the Linux kernel originally - designed for government security, to augment the UID based Application - sandbox. This protects the operating system against potential security - vulnerabilities.</li> + This release strengthens the Android sandbox using the SELinux + mandatory access control system (MAC) in the Linux kernel. SELinux + reinforcement is invisible to users and developers, and adds robustness + to the existing Android security model while maintaining compatibility + with existing applications. To ensure continued compatibility this release + allows the use of SELinux in a permissive mode. This mode logs any policy + violations, but will not break applications or affect system behavior.</li> <li><strong>No setuid/setgid programs.</strong> Added support for filesystem capabilities |