[curt15]

>And today this is.. not sufficient. What we require today is to run software protected from each other. For quite some time I tried to use Unix permissions for this (one user per application I run), but it's totally unworkable. You need a capabilities model, not an user permission model

Unix permissions remain a fundamental building block of Android's sandbox. Each app runs as its own unix user.

[surajrmal]

Android sandboxing works in spite of the underlying security model, not because of it. It's also really selinux that does a lot of heavy lifting.

[goodthenandnow]

Subthread from a while ago where I wrote some details on how Android sandboxing architecture uses Linux’s primitives: https://news.ycombinator.com/item?id=40676309

[nextaccountic]

I really want a desktop distro that is based on Android but can run normal desktop apps, fully isolated by default

Can Binder run on desktop, with some non-mainline kernel? Is someone maintaining such kernel with up to date patches?