Comment by curt15
15 days ago
>And today this is.. not sufficient. What we require today is to run software protected from each other. For quite some time I tried to use Unix permissions for this (one user per application I run), but it's totally unworkable. You need a capabilities model, not an user permission model
Unix permissions remain a fundamental building block of Android's sandbox. Each app runs as its own unix user.
Android sandboxing works in spite of the underlying security model, not because of it. It's also really selinux that does a lot of heavy lifting.
Subthread from a while ago where I wrote some details on how Android sandboxing architecture uses Linux’s primitives: https://news.ycombinator.com/item?id=40676309
I really want a desktop distro that is based on Android but can run normal desktop apps, fully isolated by default
Can Binder run on desktop, with some non-mainline kernel? Is someone maintaining such kernel with up to date patches?