Actually it's not, and it would break enough that they wouldn't be able to do that without complaints. See the entire permission system for another case.
Therein lies Google's problem, as once anything is usable in public it does get used/abused. There are certain VM behaviours in compatibility mode which are like this, where outright bugs have to be preserved in later versions for the benefit of apps which aren't going to receive timely updates.
The permission model in Android goes through the APIs. If you can bypass the API to go lower-level, then you're effectively giving up the security, and just waiting for some cool researcher (or attacker) to find ways to exploit them.
The above makes sense if you want to assume that you need /proc at least at some permission level. If you don't (which I think you don't), then it should simply be unmounted in the sandbox.
IPC is the standard way to get out of the sandbox, and should be used also for whatever features the APIs need /proc for.
I've seen /proc permissions from version to version. For example the available of /proc/last_kmsg changed at some point. In kitkat its only available to UID system and apps with android.permission.READ_LOGS[1]. Not sure exactly when this changed but this line wasn't present in 4.1.2.
reply