The Security Enhancements for Android (SE Android) feature
enhances device security. SE Android protects against malicious applications
through prevention of attempts to execute unauthorized or dangerous code on the
device. SE Android does the following:
- Can prevent privilege
escalation by processes
- Can prevent misuse and
limit damage if privileged process, such as root, is compromised
- Provides centralized,
enforced, analyzable policy
- Protects from undiscovered
The device contains a policy that specifies the data that an
application, process, or user can access. SE Android supports two modes:
Anything that violates the policy is logged. If the mode is enforcing,
the action is denied. No user nor administrator control exists over the policy
or the mode.
When you upgrade a Cisco DX650to Release
10.2(2), it remains in permissive mode because it must work with
existing field units. After a Cisco DX650 has
been factory reset, the mode switches automatically to enforcing mode.
remains in effect for the Cisco DX650 unless the device is downgraded to a firmware release below
10.2(2). Upon upgrade to Release 10.2(2) or later, the device returns to
permissive mode until factory reset is performed.
Cisco DX70 and
Cisco DX80 devices are always in enforcing mode from the factory. Cisco DX70
and Cisco DX80 devices cannot be placed in permissive mode.