# SElinux

Source: [https://docs.qualcomm.com/doc/80-88500-4/topic/81_SElinux.html](https://docs.qualcomm.com/doc/80-88500-4/topic/81_SElinux.html)

SELinux is a security enhancement to Linux that allows more control over access to
    system. It was created by the United States National Security Agency (NSA) as a set of patches
    to Linux kernel using the Linux kernel module, and later, it was adopted by Linux
    kernel.

- It provides a mandatory access control (MAC) system, which defines access control for processes.
        Thus, improving the security of the system.
- After SELinux is enabled in the Enforcing mode, the corresponding SELinux policies are enabled across the modules of the HLOS software.
- When this software is executed, disallowed access is prevented. The kernel logs an attempted
        access violation as an access vector cache (AVC) denial message to dmesg and logcat.
- By writing new SELinux policies or redefining the existing policies, these AVC denials can be
        used to refine the HLOS software.

For more information, see [https://www.redhat.com/en/topics/linux/what-is-selinux](https://www.redhat.com/en/topics/linux/what-is-selinux).

**Parent Topic:** [HLOS security](https://docs.qualcomm.com/doc/80-88500-4/topic/79_HLOS_security.html)

Last Published: Aug 18, 2023

[Previous Topic
DM-verity](https://docs.qualcomm.com/bundle/publicresource/80-88500-4/topics/80_DM_verity.md) [Next Topic
Device access control](https://docs.qualcomm.com/bundle/publicresource/80-88500-4/topics/82_Device_access_control.md)