I would think on a phone the primary concern is protecting the user
data.
E.g. sms, contacts, history.
If somebody was able to malicously install software on the phone, your
pretty much already $%@#'ed. Not letting it call out helps, but it's
already defeated. I'm assuming we're not installing a lot of new
unknowns on a secure device, and anything trying to make network
connections is evol.
I've been picturing running an encrypted rootfs image off an SD card.
There could be multiple encrypted rootfs images, only one would be the
real one, or they all could be used for different reasons.
Once the system boots it's up to the user to unlock the keys to the
encrypted image to be used and that gets booted from the already running
kernel.
-----Original Message-----
From: community-bounces@lists.openmoko.org
[mailto:community-bounces@lists.openmoko.org] On Behalf Of Tilman
Baumann
Sent: Monday, July 14, 2008 10:38 AM
To: List for Openmoko community discussion
Subject: Re: MokSec - The Security Framework
Kalle Happonen wrote:
> However, later on an easily configurable firewall would be almost
should
> is that users can do what they want, it doesn't mean that the apps
they
viable
SELinux comes to mind. Or at least the capabilites framework.
This way i could choose to allow a app to open sockets. (Little bit like
java sandboxes)
As far as i know we could even have a popup asking for permission.
And to give my 2 Eurocents to the everything as root discusion.
Running user apps as root must end, better soon.
If apps need things only root can do (not much comes to my mind) we
could use sudo wrapper or SELinux rules.
--
Drucken Sie diese Mail bitte nur auf Recyclingpapier aus.
Please print this mail only on recycled paper.
