FPII-2470 : [Part 1/4] Update: Elevation of privilege vulnerability in Zygote process CVE-2016-3911 A-30963384
High
An elevation of privilege in the Zygote process could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application.
Note: This is an update to CVE-2016-3911, which was released as part of the September 2016 Partner Security Bulletin.
Additional technical details:
A-30963384
The original fix targeted resource file descriptors. After further analysis, this issue affects all file descriptors leaked from Zygote to its children. A malicious process can modify the seek position of any of these file descriptors, and the seek location in all other processes could be affected.
The fix is designed to close the file descriptors and reopen them when the Zygote forks.
Change-Id: I712811dcc4eb5c51a4e1f551d4473a793c73e04c
diff --git a/zygote.te b/zygote.te
index adbea06..add3b9c 100644
--- a/zygote.te
+++ b/zygote.te
@@ -37,6 +37,13 @@
# Control cgroups.
allow zygote cgroup:dir create_dir_perms;
allow zygote self:capability sys_admin;
+# Allow zygote to stat the files that it opens. The zygote must
+# be able to inspect them so that it can reopen them on fork
+# if necessary: b/30963384
+# allow zygote pmsg_device:chr_file { getattr };
+allow zygote debugfs:dir search;
+allow zygote debugfs:file { getattr };
+
# Check validity of SELinux context before use.
selinux_check_context(zygote)
# Check SELinux permissions.