Looks like this kind of situation can also be called as a "Confused Deputy" attack ( http://en.wikipedia.org/wiki/Confused_deputy_problem - thanks Jeffrey Walton ). Does anyone know if Android 4.1 Jelly Bean is vulnerable to this kind of attack using a unprivileged application to access a Service with more privileges?
Em segunda-feira, 24 de setembro de 2012 20h44min56s UTC-3, Luander Ribeiro escreveu: > > Hi all, > This is my first post here, so I ask you to be kind with me :) > > My situation is the following: > -> I have one service that requires *no permission*, is *exported* and > has a proper *.aidl *file, so I am able to bind to that service without > problems. > One method of this service (let's call this method of *X*) access a > *content > provider* that is protected under a "*signatureOrSystem*" protection > level. And it has permission to access it. > > -> I also have another application that uses *no permission* at all, but > this application can bind to the service in question, since it requires no > permission. > The problem is, when I try to call the method *X* (that access the > protected provider) from the service it throws a *security exception*saying > that this application don't have permission to access the protected > provider. > > Please note: I am not accessing the content provider directly, I am using > the service of another application (that has permission to access this > content provider) to do it. > > My Android version is 4.1 Jelly Bean. I have never observed this security > exception in other Android versions. > My question is: *Is this a new feature of 4.1 Jelly Bean*? > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/3ehqnWtBX34J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
