
Back in April of this year, signs were unsurprisingly pointed to the eventual arrival of Android Q on Chrome OS, but we’ve not heard much on this front in the ensuing weeks since that initial nugget of info was uncovered. Meanwhile, the Android team has been full steam ahead getting the final pieces in place for the initial roll out of Android 10 (no more desert names) on Pixel phones. With all the hype around Android 10, the slight marketing changes around the Android logo, and the excitement around some of the new features arriving in the platform, it is easy to forget that Chromebooks also stand to benefit from this latest upgrade as well.
We’re not sure exactly what parts of Android 10 that developers will be able to fully leverage on a Chromebook, but it is clear that work is underway to get it on board sooner than later. On September 4th, a new commit was added to the Chromium Repositories that quite clearly shows the migration to Android Q is fully underway.
sepolicy: add Q too.
BUG=b:80461815
TEST=emerge
For a tad bit of reference, SEPolicy is in reference to SELinux, which is part of what Google uses to securely bring the Android Framework to Chromebooks so that you can enjoy the entire Play Store experience on Chrome OS. SE stands for security-enhanced and the SEPolicy helps to define what parts can and cannot be accessed by the OS, down to the file level if need be. Check out this summary from Embedded & Distributed:
It is much fine-grained. It has lots of permissions defined for different type of resources. It is based on the principle of default denial. We need to write rules explicitly state what a process, or a type of process (called domain in SELinux), are allowed to do. That means even root processes are contained. A malicious process belongs to no domain actually end up can do nothing at all. This is a great enhancement to the DAC based security module, and hence the name Security-Enhanced Linux, aka SELinux.
It is really a very fine-grained type system. Take a look at those different types of proc_xxx. Because of this fine-grained labeling, we can write accurate rules that will only allow a process to access a very narrow subset of resources, or even a single file, when that type labels only a single file.
I’ll be honest, there’s a lot about SELinux that I don’t have a firm grasp on, but I do understand enough about what is going on here to confidently say that if they are adding the SEPolicy for Andoid 10, we should be seeing signs of it in Chrome OS in the next update or two. As for what we hope to see from this latest update, my mind immediately goes to dark mode (we have reason to believe it is coming soon to Chrome OS, too), live captions, and the insanely-fast Google Assistant we saw back at I/O. Whether any of these new Android features actually come to Chrome OS via an Android update is still yet to be seen. After all, for Chromebooks, we really just leverage the Android Framework, so Chrome OS isn’t really that dependent on system-level changes to Android. As we learn more, we’ll keep you updated.
Join Chrome Unboxed Plus
Introducing Chrome Unboxed Plus – our revamped membership community. Join today at just $2 / month to get access to our private Discord, exclusive giveaways, AMAs, an ad-free website, ad-free podcast experience and more.
Plus Monthly
$2/mo. after 7-day free trial
Pay monthly to support our independent coverage and get access to exclusive benefits.
Plus Annual
$20/yr. after 7-day free trial
Pay yearly to support our independent coverage and get access to exclusive benefits.
Our newsletters are also a great way to get connected. Subscribe here!
Click here to learn more and for membership FAQ