Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / docs / source.android.com / ee98ff3b050b36f5cd745f75b5a96c29978e2e55^1..ee98ff3b050b36f5cd745f75b5a96c29978e2e55 / .
commitee98ff3b050b36f5cd745f75b5a96c29978e2e55[log] [tgz]
authorNick Kralevich <nnk@google.com>Tue May 07 16:42:18 2013 -0700
committerAndroid Git Automerger <android-git-automerger@android.com>Tue May 07 16:42:18 2013 -0700
treee24788e858913c0b3748859180c5676d1148bdab
parent6c5c5fe7620c7f2a56be894ce58df0b7e973da51 [diff]
parent71395562283b7f65ab12c9e2fddd5e8962311501 [diff]
am 71395562: Merge "security: update SELinux section." into jb-mr2-dev

* commit '71395562283b7f65ab12c9e2fddd5e8962311501':
  security: update SELinux section.

diff --git a/src/devices/tech/security/enhancements43.jd b/src/devices/tech/security/enhancements43.jd
index 4ecae12..277e010 100644
--- a/src/devices/tech/security/enhancements43.jd
+++ b/src/devices/tech/security/enhancements43.jd

@@ -9,11 +9,13 @@
 
 <ul>
   <li><strong>Android sandbox reinforced with SELinux.</strong>
-  Android now uses SELinux,
-  a mandatory access control (MAC) system in the Linux kernel originally
-  designed for government security, to augment the UID based Application
-  sandbox. This protects the operating system against potential security
-  vulnerabilities.</li>
+  This release strengthens the Android sandbox using the SELinux
+  mandatory access control system (MAC) in the Linux kernel. SELinux
+  reinforcement is invisible to users and developers, and adds robustness
+  to the existing Android security model while maintaining compatibility
+  with existing applications. To ensure continued compatibility this release
+  allows the use of SELinux in a permissive mode. This mode logs any policy
+  violations, but will not break applications or affect system behavior.</li>
 
   <li><strong>No setuid/setgid programs.</strong>
   Added support for filesystem capabilities