How can it have a system partition which is read only and still make the user create and use its files? How does it differ from Linux in terms of permissions and user management? How are the users kind of “confined” in android?
How can it have a system partition which is read only and still make the user create and use its files? How does it differ from Linux in terms of permissions and user management? How are the users kind of “confined” in android?
It looks really complicated, very different from Linux! I cannot understand properly all the sandboxing thing… But I guess it’s years of development and policies enforcement… Now I can see why Android it’s much more closed compared to a normal Linux distro, I guess this provides a lot of security but less customization. I also have to understand the role of the device manager in all of this. Is there any Linux distro that behaves similarly?
Why so much effort into securing it? Isn’t the Linux behaviour with users etc enough?
FWIW SELinux is a standard Linux feature - mostly used by RedHat distros.
The difference is the approach to how much a system should be locked down. Desktop systems are traditionally more flexible, probably more for historic reasons, partly due to being used by more technically sophisticated users (or at least assuming users would be more sophisticated). Smart phones, however, were marketed towards the lowest-common denominator users running on a device with many limitations as well. I’m not disparaging these users mind - just stating a fact. So things need to be locked down more. And since these platforms had no legacy expectations on them they could do it however they like (e.g. they can dictate which directories are used for what purposes).
The desktop is sorta moving in this direction as well. Flatpaks and snaps run applications in containers which can be restricted and isolated from each other as well as from the rest of the system. It takes time for applications to catch up to being sandboxed though so it is happening slowly.