[KronisLV]

Doesn't this imply that Linux is falling behind somewhat in the area of permissions management? Personally, i think that limiting access to files and such based on users and groups simply isn't enough and instead the user should be prompted (or should be able to configure) which piece of software is allowed to do what (network access, file system access, talking to specific devices) based on their own individual needs.

> Oh and reverse engineer the high level intent of the user / application far enough to present an intelligible question to the potentially nontechnical user.

I don't believe that this is such a big problem, since Android is pretty explicit about this - a camera app asking for access to my contacts will simply get denied and will promptly be uninstalled.

[fulafel]

Depends on your POV I guess, whether you think this model is a worthy one. Personally I think we'd be better off building simpler and more understandable compartmentalization.

Re Android, it was designed from the ground up for this (the camera app request is even called "Intent"). So it's not really solving the question of running unmodified applications.

[blablabla123]

Isn't this something that was addressed already years ago by SELinux, even before Android? Personally I prefer to not use it since I don't find it very user friendly but Fedora seems to have it activated by default.

[user-the-name]

> Doesn't this imply that Linux is falling behind somewhat in the area of permissions management?

This happened years ago. Linux is way behind.

[pjmlp]

Android only uses the Linux kernel, everything else is completly unrelated to GNU/Linux, besides the lockdown enforced via LinuxSE and seccomp, so Google could naturally make this kind of customization.