Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / refs/heads/fp2-sibon
commitd3349b3ccea1677027ae8d563982efdddd1fe95e[log] [tgz]
authorPeter Lee <peter.lee@hi-p.com>Fri Oct 14 15:50:09 2016 +0800
committerTeemu Hukkanen <teemu@fairphone.com>Fri Nov 04 11:07:23 2016 +0100
tree55252ef44dcce9852579b158fd7070a71529ed95
parentf54b97b2253ff56697dca92df4cd0cb0539586ad [diff]
FPII-2470 : [Part 1/4] Update: Elevation of privilege vulnerability in Zygote process CVE-2016-3911 A-30963384

High
An elevation of privilege in the Zygote process could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application.
Note: This is an update to CVE-2016-3911, which was released as part of the September 2016 Partner Security Bulletin.
Additional technical details:
A-30963384	
The original fix targeted resource file descriptors. After further analysis, this issue affects all file descriptors leaked from Zygote to its children. A malicious process can modify the seek position of any of these file descriptors, and the seek location in all other processes could be affected.
The fix is designed to close the file descriptors and reopen them when the Zygote forks.

Change-Id: I712811dcc4eb5c51a4e1f551d4473a793c73e04c
1 file changed
tree: 55252ef44dcce9852579b158fd7070a71529ed95
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dex2oat.te
  14. dhcp.te
  15. dnsmasq.te
  16. domain.te
  17. drmserver.te
  18. dumpstate.te
  19. file.te
  20. file_contexts
  21. fs_use
  22. genfs_contexts
  23. global_macros
  24. gpsd.te
  25. hci_attach.te
  26. healthd.te
  27. hostapd.te
  28. init.te
  29. init_shell.te
  30. initial_sid_contexts
  31. initial_sids
  32. inputflinger.te
  33. install_recovery.te
  34. installd.te
  35. isolated_app.te
  36. kernel.te
  37. keys.conf
  38. keystore.te
  39. lmkd.te
  40. logd.te
  41. mac_permissions.xml
  42. mdnsd.te
  43. mediaserver.te
  44. mls
  45. mls_macros
  46. mtp.te
  47. net.te
  48. netd.te
  49. nfc.te
  50. NOTICE
  51. platform_app.te
  52. policy_capabilities
  53. port_contexts
  54. ppp.te
  55. property.te
  56. property_contexts
  57. racoon.te
  58. radio.te
  59. README
  60. recovery.te
  61. rild.te
  62. roles
  63. runas.te
  64. sdcardd.te
  65. seapp_contexts
  66. security_classes
  67. selinux-network.sh
  68. service.te
  69. service_contexts
  70. servicemanager.te
  71. shared_relro.te
  72. shell.te
  73. su.te
  74. surfaceflinger.te
  75. system_app.te
  76. system_server.te
  77. te_macros
  78. tee.te
  79. ueventd.te
  80. unconfined.te
  81. uncrypt.te
  82. untrusted_app.te
  83. users
  84. vdc.te
  85. vold.te
  86. watchdogd.te
  87. wpa.te
  88. zygote.te