In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "248349732906043956064980509565774782156", "283656740424355907390535518213267350112", "143758378226874456382843457310206284939", "68253136204695582412165319054757246568", "122172952947234953401504464214546525630", "195303676814766850257551404529581926429", "318667993667043690101703295441056620895" ] }, "id": "ASB-A-253043502-1d1ddbae", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/df252474fd06e6c32bdfc139cc4ae6652ff634b8", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java" }, "signature_type": "Line" }, { "digest": { "length": 9798.0, "function_hash": "19550475777279499778566048034414586681" }, "id": "ASB-A-253043502-667b51fc", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/df252474fd06e6c32bdfc139cc4ae6652ff634b8", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java", "function": "onCreate" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Permission/+/df252474fd06e6c32bdfc139cc4ae6652ff634b8" ], "spl": "2023-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 7160.0, "function_hash": "158329375275023421078547036698727559324" }, "id": "ASB-A-253043502-acddb0b8", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/5e297ab51388db5375093f7dc21d37bd59de827c", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "102272497511510792636288077474635019966", "73830320043416912536756213596268634802", "334814977310204735028133236293272434200", "214950123086942979686128144202008858930", "122172952947234953401504464214546525630", "195303676814766850257551404529581926429", "318667993667043690101703295441056620895" ] }, "id": "ASB-A-253043502-d8d58d54", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/5e297ab51388db5375093f7dc21d37bd59de827c", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Permission/+/5e297ab51388db5375093f7dc21d37bd59de827c" ], "spl": "2023-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 7185.0, "function_hash": "34104573745813964544688129800069138067" }, "id": "ASB-A-253043502-394b0a6c", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/8ba7136f816cd1b0182dc4c3a5cd70d023cad48e", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "102272497511510792636288077474635019966", "73830320043416912536756213596268634802", "334814977310204735028133236293272434200", "214950123086942979686128144202008858930", "122172952947234953401504464214546525630", "195303676814766850257551404529581926429", "318667993667043690101703295441056620895" ] }, "id": "ASB-A-253043502-548c2dd0", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/8ba7136f816cd1b0182dc4c3a5cd70d023cad48e", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Permission/+/8ba7136f816cd1b0182dc4c3a5cd70d023cad48e" ], "spl": "2023-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 8670.0, "function_hash": "42122007481256104765885868242226930324" }, "id": "ASB-A-253043502-8cc8d495", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/8a6f1f59d6cb5367f0c88980a75ddc227dba956a", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "248349732906043956064980509565774782156", "188298556496395972709875190714230932667", "232483192585281304532110593037372097532", "31072592749161546704343042741305513274", "122172952947234953401504464214546525630", "195303676814766850257551404529581926429", "318667993667043690101703295441056620895" ] }, "id": "ASB-A-253043502-b9e94b50", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/8a6f1f59d6cb5367f0c88980a75ddc227dba956a", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Permission/+/8a6f1f59d6cb5367f0c88980a75ddc227dba956a" ], "spl": "2023-08-01", "severity": "High", "types": [ "EoP" ] }