Android KeyStore Permission Bypass

The keystore binder service ("android.security.IKeystoreService") allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also unprivileged daemons such as "media.codec". A permission bypass vulnerability exists in the KeyStore service due to getpidcon.


MD5 | 6217b7e5a6f72a1a4284d0fb186f9daf


Related Posts

Comments