While the POC requires su, the underlying flaw potentially works on any setuid binary on systems with AF_ALG enabled (provided there isn't something else preventing it).

[–] Pika@sh.itjust.works 3 points 3 days ago

In android this would very likely be the "mount" command, as if it has an external sd card reader or the ability to use a USB data transfer I expect it's using mount in order to do so.

[–] randamumaki@lemmy.blahaj.zone 3 points 3 days ago (1 children)

I'm not as smart as the people who make alternative android options. I was just hoping it would help them jailbreak more of goggle's bullshit so customers actually have a choice to go for an android OS which respects them and their privacy.

[–] not_IO@lemmy.blahaj.zone 19 points 3 days ago (2 children)

grapheneOS has already vented on social media that theu are not affected because of how they configured SELinux and that the headline is therefore not correct

https://grapheneos.social/@GrapheneOS/116491317711428490

[–] Scoopta@programming.dev 13 points 3 days ago (1 children)

SELinux breaks a lot of android root exploits, way back in the day even dirty cow didn't work. It would get you "root" but not actually the full perms because of SELinux. Really good testament to the added security of MAC, it's one of the reasons I run apparmor on my systems

[–] village604@adultswim.fan 2 points 3 days ago* (last edited 3 days ago)

I'll be happy if I never have to look at SELinux or fapolicy ever again. Especially fapolicy because the documentation is shit.

It's the one thing I don't miss about being a sysadmin.

[–] 30p87@feddit.org 2 points 3 days ago

Aww dang it

Well ok who tf cares I can literally just connect to adb over localhost with termux and do adb root