Android has tried to document pretty extensively how the reduction of attack surface provided by SELinux has resulted in a significant percentage of bugs being unreachable. See, for example https://www.blackhat.com/docs/us-17/thursday/us-17-Kralevich-Honey-I-Shrunk-The-Attack-Surface-Adventures-In-Android-Security-Hardening.pdf slide 52, where 44% of our security bulletin class bugs are reduced in severity because of SELinux attack surface management. However, SELinux's primary goal isn't attack surface management (although it's very good at it). It's primary purpose is containment and being able to reason about the state of the system assuming a compromise of any component. If SELinux stops a malware author, that malware author will simply choose to not publish their non-working code. Most people, including malware authors, will only celebrate their successes, but won't publicize their failures. Measurements in this area are hard. -- Nick On Wed, Sep 20, 2017 at 9:13 PM, masoom alam <masoom.alam@xxxxxxxxx> wrote: > Hi every one, > > Do we have some thing like the mentioned subject documented? > > Thank you. > > > ---- > Dr. Masoom Alam, > Associate Professor, > Department of Computer Science, > COMSATS Institute of Information Technology, > Park Road, Islamabad > Off +92-51-9049-5391 > Cell +92-332-9298-404 -- Nick Kralevich | Android Security | nnk@xxxxxxxxxx | 650.214.4037