The Bridge - NSA developed SELINUX, part of Android (and more) baked in…
It's everywhere:
SELinux has been integrated into Linux distributions that have been evaluated against the Labeled Security Protection Profile. Information about validated products and products in evaluation can be found at http://niap-ccevs.org/.
And has access to everything:
The architecture provides fine-grained controls over many kernel abstractions and services that are not controlled by other systems. Some of the distinctive characteristics of the Security-enhanced Linux system are:
Clean Separation of Policy from Enforcement
Well-Defined Policy Interfaces
Independent of Specific Policies and Policy Languages
Independent of Specific Security Label Formats and Contents
Individual Labels and Controls for Kernel Objects and Services
Caching of Access Decisions for Efficiency
Support for Policy Changes
Controls over Process Initialization and Inheritance and Program Execution
Controls over File Systems, Directories, Files, and Open File Descriptions
Controls over Sockets, Messages, and Network Interfaces
Controls over Use of "Capabilities"