To restrict/sandbox processes Android uses SELinux. Why was that chosen and not the linux capabilities or cgroups+namespaces solution? After all the cgroups+namespaces is kind of home grown for them too. What does SELinux provide or what do the others not offer?
Asked
Active
Viewed 1,003 times
2 Answers
4
cgroups and namespaces are about isolation whereas SELinux is a mandatory access control system: fine-grained access over which system calls are allowed, how information is allowed to flow between processes (domains).
The android permissions that applications have to subscribe to can be easily enforced through SELinux, as can process isolation and even many potential vulnerabilities can be mitigated through the SELinux policy (as long as the exploitation of the vulnerability is not contained within the application or is a kernel vulnerability).
cgroups and namespaces have a different function, and not necessarily an exclusive one: SELinux, cgroups and namespaces can happily be used together (improved SELinux support for namespaces is being worked on, but they can already be used together).
Sven Vermeulen
- 41
- 1
2
The cgroups+namespaces technology is just a lot newer, and still somewhat in flux. It takes a lot of time to rework something this fundamental. Remember that Android is taken from Google by a gaggle of hardware manufacturers and customized for their offerings, and on those an army of independent developers offer software.
This is quite different from a typical Linux distribution, they offer most of the software you'd need configured to work smoothly together, and are in a position to do such a switchover with relatively little pain to third parties.
vonbrand
- 149
- 3