In regards to sandboxing so that I fully understand the layers on the android:
We have the Browser Sandbox (top level) that affects the browser - Contained as part of the code for the browser, finding a bug here is the start... We have the Application Sandbox that applies to the browser and determines what it can touch permissions wise, finding a bug here to escape permissions is the next step We have the Virtual Machine that all this runs on top of - finding a bug here escapes the virtual machine and will allow access to the kernel directly The kernel - Pwn? That sound correct? On Aug 27, 8:43 am, Eric Dorman <[email protected]> wrote: > The SDK looks good and the documentation you guys have put out about > this really helps myself who just wants to really just tell you guys > of the possible bugs or holes I see in the software itself. > > Anyways Thanks again Dianne!!! :D > > God Bless & Thanks, > Eric > > On Aug 27, 3:45 am, Dianne Hackborn <[email protected]> wrote: > > > Btw hopefully there's nothing too proprietary I need to worry about... > > pretty much everything discussed on these groups is all in the open source > > code, there is just a lot we haven't had time to really document about the > > implementation. (Most of our effort is on the SDK level docs.) > > > On Fri, Aug 27, 2010 at 12:44 AM, Dianne Hackborn > > <[email protected]>wrote: > > > > Thanks, I'm glad I can help. > > > > On Thu, Aug 26, 2010 at 9:47 PM, Duane Blanchard > > > <[email protected]>wrote: > > > >> Yes, thank you very much, Dianne, for this explanation. You've made > > >> several great posts, and I just wanted to reinforce that we do all > > >> appreciate your sharing a little insider knowledge with us. I don't > > >> think you're sharing anything that is truly proprietary, but it all > > >> seems hard to come by without your help. So, thanks. > > > >> D > > > >> -- > > >> You received this message because you are subscribed to the Google Groups > > >> "Android Security Discussions" group. > > >> To post to this group, send email to > > >> [email protected]. > > >> To unsubscribe from this group, send email to > > >> [email protected]<android-security-disc > > >> uss%[email protected]> > > >> . > > >> For more options, visit this group at > > >>http://groups.google.com/group/android-security-discuss?hl=en. > > > > -- > > > Dianne Hackborn > > > Android framework engineer > > > [email protected] > > > > Note: please don't send private questions to me, as I don't have time to > > > provide private support, and so won't reply to such e-mails. All such > > > questions should be posted on public forums, where I and others can see > > > and > > > answer them. > > > -- > > Dianne Hackborn > > Android framework engineer > > [email protected] > > > Note: please don't send private questions to me, as I don't have time to > > provide private support, and so won't reply to such e-mails. All such > > questions should be posted on public forums, where I and others can see and > > answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
