Because Linus signed off on it. To get that complex change into the kernel, the NSA had to convince Linus that it's a good idea, which can be a next-to-impossible task. I trust him to review the code more than I trust myself.
Linus doesn't review everything. He delegates and trusts.
That's tangential, though. More importantly, I expect NSA contributions to be poured over because the NSA isn't highly trusted, and it would make a great mailing list post to say "The NSA has a backdoor in our code here, here, and here."
Many eyes and a suspect contributor make all backdoors shallow.
SElinux is just policy based MAC you can clearly see what the source is doing. Not everything the NSA does is totally evil, sometimes they actually do what they are supposed to do, which is secure US infrastructure and that includes open source projects. SEAndroid is also a good project, and the NSA is just like any other security specialist who likes to work with open software and rejects blackboxes. At least your intel agency gives you something in return, mine spies on us and gives us nothing.
They wouldn't need to purposely sabotage the linux kernel anyways it's like 15+ million lines of code they can easily review and find bugs as a homework assignment in first year internal classes on offensive exploitation.
While this is possible, I believe it'd be extremely unlikely.
Let's say they indeed decided to include something in the code submitted. It's an open source project, and it is a just matter of when someone will catch that. Once someone catch that, it gives them nothing but material evidence that they are up for something there. (and for that matter, it's not that every Linux users will have SELinux enabled to begin with.)
Exactly, so it's not so productive for NSA to tinker with SELinux just to get their trojan in the gate.
IMNO, hardware backdoor on the processors is a bit skeptical, though. I'm no expert on this but I don't know how easy to even exploit this type of backdoor without an assistance from the OS kernel. (Which MS might have implemented somehow.)
If properly done in hardware, it needs no help from anything. Think about CPU "data breakpoints" - breakpoints that trigger if a specified if a specific value gets written to a specific range.
It's really a no-brainer to make such breakpoints that watch data in memory or registers that will be triggered by (e.g.) just processing a specific DNS packet.
Yeah, I suppose. I thought it'd be a bit more challenging to get the data out. I suppose they could do drop and retrieve, or attach some air-interface, etc.
Once they have root, they can use the existing resources just like you would a regular PC, but chances are they would load their own micro-kernel to do the dirty work.