After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.

After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
A . Protecting
B . Permissive
C . Enforcing
D . Mandatory

View Answer

Answer: C

Explanation:

Reference: https://source.android.com/security/selinux/customize

SELinux (Security-Enhanced Linux) is a security module for Linux systems that provides mandatory access control (MAC) policies for processes and files. SELinux can operate in three modes: Enforcing: SELinux enforces the MAC policies and denies access based on rules.

Permissive: SELinux does not enforce the MAC policies but only logs actions that would have been

denied if running in enforcing mode.

Disabled: SELinux is turned off.

To ensure its custom Android devices are used exclusively for package tracking, the company must configure SELinux to run in enforcing mode. This mode will prevent any unauthorized actions or applications from running on the devices and protect them from potential threats or misuse.

Reference:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-introduction#sect-Security-Enhanced_Linux-Modes

https://source.android.com/security/selinux