Something went wrong on our end
-
Stephen Smalley authoredProhibit all but a specific set of whitelisted domains from writing to /data/dalvik-cache. This is to prevent code injection into apps, zygote, or system_server. Inspired by: https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/ which depended on system UID apps having write access to /data/dalvik-cache (not allowed in AOSP policy but evidently in those device policies). Prevent this from recurring. Change-Id: I282c7bf998421d794883e432b091ad1dcf9da67e Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredProhibit all but a specific set of whitelisted domains from writing to /data/dalvik-cache. This is to prevent code injection into apps, zygote, or system_server. Inspired by: https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/ which depended on system UID apps having write access to /data/dalvik-cache (not allowed in AOSP policy but evidently in those device policies). Prevent this from recurring. Change-Id: I282c7bf998421d794883e432b091ad1dcf9da67e Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>