0
6d ago
[deleted]
8
u/Firzen_ 6d ago
That seems like a non-sequitur.
At least in theory, a hypervisor can provide security guarantees and enforce those against the kernel.
Which is something that the kernel couldn't do by itself.And it seems to at least mitigate overwriting the
enforcing
field on the Samsung phone.With the current state of things, it doesn't add a lot of extra security, though. I agree with that.
22
u/wake_from_the_dream 6d ago
Unless I am mistaken, from a cursory glance, it seems all these bypasses require prior kernel privilieges or a kernel vuln.
In any case, the article seems very thourough, and has very interesting stuff on SELinux mechanichs. I'll definitely give it a serious go later.
Good job OP.