I'm reading about SELinux on Android, and I don't understand what are the benefits of using it?
You cannot define too many rules in policy, since it's slowing the system down. I thought normal DAC (permissions) provides every thing needed.

SELinux provides mandatory permissions (MAC). DAC permissions can be changed by the file owner... MAC can't be bypassed by the user. This protects files by enforcing defined partitions between data, applications, processes.

SELinux is an *extension* to traditional Linux Access Control. Traditional Linux Access Control has two defining properties: 1. It is "identity-based" access control. 2. It is "de-centralized" access control (AKA discretionary access control)

SELinux aims to address challenges of "traditional identity-based DAC". DAC is coarse grained in that you generally have several process and files all associated with a single identity. DAC allows individual processes to govern security attributes of entities associated with it's identity.

SELinux defines itself as follows: Flexible and customizable access control framework that allows for fine grained mandatory (centralized) access control.

SEAndroid takes advantage of SELinux in several ways. A few ways that come to mind are: 1. ioctl whitelisting/blacklisting. 2. restricting the loading of kernel modules. Only kernel modules from trusted (encrypted) partitions can be loaded.

SELinux enables one to address the widest range of access control challenges.

1 members found this post helpful.

On a phone/tablet?

That's like building a car from 18 gauge steel. It may never get dented, but it'll be heavy!

The art is to achieve your goals in a efficient yet effective way. It is a myth that SELinux is "heavy". Whether SELinux implementations are "heavy" or not depends on the requirements.

The framework gives you the canvas, a wide variety of paint and brushes (most of it is implemented in Linux as a Linux Security Module). Whether you use it to create some complex or some really simple piece is up to you, and it depends on your requirements.

I think it speaks volumes that Android decided to use SELinux on their devices.

Specially on a phone/tablet. Actually, it would be good everywhere.

The overhead for SELinux is around 3% when access is granted. If DAC rejects the access, the overhead is zero.

I think that it is also worth noting that, today, there are other technologies ... (very specifically, "AppArmor") that might, today, be more to your liking.

These alternative technologies use the same operating-system "plumbing" that drives SELinux, but with a different and more-targeted approach, e.g. "I really [just] want to constrain Apache ..."

They are also less reliable.

If you want to constrain Apache, they DON'T work very well. With SELinux you define what accesses are allowed, then assign that restriction to Apache.

With the others, you can't.