this post was submitted on 29 Jan 2025
14 points (88.9% liked)

Programming

17984 readers
211 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
14
How does Android partition works? (feddit.it)
submitted 2 days ago by [email protected] to c/[email protected]
4 comments fedilink hide all child comments
 

How can it have a system partition which is read only and still make the user create and use its files? How does it differ from Linux in terms of permissions and user management? How are the users kind of "confined" in android?

top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 2 days ago* (last edited 2 days ago) (1 children)

selinux and a kernel based sandbox.

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago) (1 children)

It looks really complicated, very different from Linux! I cannot understand properly all the sandboxing thing.. But I guess it's years of development and policies enforcement.. Now I can see why Android it's much more closed compared to a normal Linux distro, I guess this provides a lot of security but less customization. I also have to understand the role of the device manager in all of this. Is there any Linux distro that behaves similarly?

Why so much effort into securing it? Isn't the Linux behaviour with users etc enough?

[–] [email protected] 3 points 1 day ago

FWIW SELinux is a standard Linux feature - mostly used by RedHat distros.

The difference is the approach to how much a system should be locked down. Desktop systems are traditionally more flexible, probably more for historic reasons, partly due to being used by more technically sophisticated users (or at least assuming users would be more sophisticated). Smart phones, however, were marketed towards the lowest-common denominator users running on a device with many limitations as well. I'm not disparaging these users mind - just stating a fact. So things need to be locked down more. And since these platforms had no legacy expectations on them they could do it however they like (e.g. they can dictate which directories are used for what purposes).

The desktop is sorta moving in this direction as well. Flatpaks and snaps run applications in containers which can be restricted and isolated from each other as well as from the rest of the system. It takes time for applications to catch up to being sandboxed though so it is happening slowly.

[–] [email protected] 6 points 2 days ago

Android is Linux using SELinux for user confinement plus users do not have root access and it uses verified boot to enforce all that.

Keep in mind the system meaning root can do anything it wants. User apps cannot though they can ask the system to do certain things for example by SUID executables for example or other methods. Not sure how android actually does it.

What is different about Android is owner, user, work profiles, and the new private space structure. Not sure low level how that is done but presumably combination of different users, SELinix, and different encryption keys.