![]() ![]() The dec service became a HAL while still hosting both software and hardware codec implementations. In O, the services are “ treblized,” and further deprivileged that is, separated into individual sandboxes and converted into HALs. ![]() Only a couple of higher-level functionalities remained in mediaserver itself. Extractors are moved into server side, and put into a constrained sandbox. In N, we delivered a major security re-architect, where a number of lower-level media services are spun off into individual service processes with reduced privilege sandboxes.Prior to N, media services are all inside one monolithic mediaserver process, and the extractors run inside the client. #Android bluetooth stack androidThe following figure shows an overview of the evolution of media services layout in the recent Android releases. Due to the increased protection provided by the new mediaswcodec sandbox, these same vulnerabilities will receive a lower severity based on Android’s severity guidelines. In 2018, approximately 80% of the critical/high severity vulnerabilities in media components occurred in software codecs, meaning further isolating them is a big improvement. As Mark Brand of Project Zero points out in his Return To Libstagefright blog post, constrained sandboxes are not where an attacker wants to end up. This is a big step forward in our effort to improve security by isolating various media components into less privileged sandboxes. In Android Q, we moved software codecs out of the main mediacodec service into a constrained sandbox. Use-after-free (UAF), integer overflows, and out of bounds (OOB) reads/writes comprise 90% of vulnerabilities with OOB being the most common.Ī Constrained Sandbox for Software Codecs Most of Android’s vulnerabilities occur in the media and bluetooth components. Here’s a look at high severity vulnerabilities by component and cause from 2018: Mitigate: Assume vulnerabilities exist and actively defend against classes of vulnerabilities or common exploitation techniques.Architectural decomposition: breaking privileged processes into less privileged components and applying attack surface reduction.Attack surface reduction: reducing the number of entry/exit points (i.e. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |