Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / frameworks / native / refs/tags/FP2-open-16.11.0
commit278b301d2c5a975153a03cb8edd0480f8c1e224f[log] [tgz]
authorTeow Wan Yee <wy.teow@hi-p.com>Mon Sep 19 17:20:36 2016 +0800
committerJeron Susan <jeron.susan@hi-p.com>Fri Sep 23 09:39:20 2016 +0800
treef0bf630f5b8de6f68f353e63f71d5bf33ba59bcb
parenta2fda5da004a14d0cb46268d85cfeb07100861c8 [diff]
FPII-2371 : Elevation of privilege vulnerability in ServiceManager
CVE-2016-3900 A-29431260

The ServiceManager determines whether the sender of a Binder transaction is
authorized to register a service. It looks up the sender’s SELinux context using getpidcon().
A race condition exists where getpidcon() could cause the wrong SELinux context to be used for a permission check.
The fix is designed to mitigate the exploitation path by adding a UID check
when registering a service.

Change-Id: Ie97cf3788ecc28a4a89484eb152a4deea07c2510
2 files changed
tree: f0bf630f5b8de6f68f353e63f71d5bf33ba59bcb
  1. build/
  2. cmds/
  3. data/
  4. include/
  5. libs/
  6. opengl/
  7. services/
  8. MODULE_LICENSE_APACHE2
  9. NOTICE