SELinux is a security feature that was introduced in Android 4.3 and fully enforced in Android 5.0. Until this addition, Android security was based on Discretionary Access Control (DAC), which means applications can ask for permissions, and users can grant or deny those permissions. Thus, malware can create havoc on phones by gaining those permissions. But SE Android uses Mandatory Access Control (MAC), which ensures that applications work in isolated environments. Hence, even if a user installs a malware app, the malware cannot access the operating system and corrupt the device. SELinux is used to enforce MAC over all the processes, including the ones running with root privileges. In SELinux, anything that is not explicitly allowed is, by default, denied. SELinux can operate in one of the two global modes: Permissive mode, which logs the permission denials but does not enforce them; and Enforcing mode, which logs and also enforces the permission denials. More details about SELinux can be found at https://source.android.com/security/selinux/concepts.