[unsignedint]

Exactly, so it's not so productive for NSA to tinker with SELinux just to get their trojan in the gate.

IMNO, hardware backdoor on the processors is a bit skeptical, though. I'm no expert on this but I don't know how easy to even exploit this type of backdoor without an assistance from the OS kernel. (Which MS might have implemented somehow.)

[beagle3]

If properly done in hardware, it needs no help from anything. Think about CPU "data breakpoints" - breakpoints that trigger if a specified if a specific value gets written to a specific range.

It's really a no-brainer to make such breakpoints that watch data in memory or registers that will be triggered by (e.g.) just processing a specific DNS packet.

[unsignedint]

Yeah, I suppose. I thought it'd be a bit more challenging to get the data out. I suppose they could do drop and retrieve, or attach some air-interface, etc.

[AsymetricCom]

Once they have root, they can use the existing resources just like you would a regular PC, but chances are they would load their own micro-kernel to do the dirty work.