Techly NewsGet the app

Get the latest tech news

SELinux bypasses


This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation.

It inserts calls to hooks at critical points in the kernel code for modules to manage the security fields and to perform access control. As noted here, SELinux data structures are allocated from a memory pool that is later made read-only, making loading a new policy impossible. So if we manage to bypass the permission checks present by default in that syscall as we are doing by overwriting security_hook_heads.capable, then the hypervisor will happily update the bitmap and allow the privilege escalation.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of SELinux Bypasses

SELinux Bypasses

« One of humanity's best telescopes snapped a stunning image of deep space | Mashable
19th-century photography technique employed in novel data storage method »