Hey Tauren, It's sounds correct to me.
I wonder though with the Virtual Machine if it has multiple holes that could be found? I think you are correct as far as the VM with the sandboxing is concerned. God Bless, Eric On Aug 27, 11:32 am, Tauren <[email protected]> wrote: > So let me see if I understand this fully in regards to the android > platform: > > Browser Level Sandboxing - this is part of the implementation of any > application and will attempt to use code correctly while not > implementing bugs, pwning this gives you access to the browsers > permissions. > Application level Sandboxing - this is an implementation within the > virtual machine running everything and is an attempt to stop escapes > from the applications sandbox, contains permissions, finding a bug > gives you access to the virtual machine and extended permissions? > Virtual Machine Level - Escaping this gives you access to the kernel > Kernel level - Pwn? > > That sound correct? > > On Aug 27, 8:43 am, Eric Dorman <[email protected]> wrote: > > > > > The SDK looks good and the documentation you guys have put out about > > this really helps myself who just wants to really just tell you guys > > of the possible bugs or holes I see in the software itself. > > > Anyways Thanks again Dianne!!! :D > > > God Bless & Thanks, > > Eric > > > On Aug 27, 3:45 am, Dianne Hackborn <[email protected]> wrote: > > > > Btw hopefully there's nothing too proprietary I need to worry about... > > > pretty much everything discussed on these groups is all in the open > > > source > > > code, there is just a lot we haven't had time to really document about the > > > implementation. (Most of our effort is on the SDK level docs.) > > > > On Fri, Aug 27, 2010 at 12:44 AM, Dianne Hackborn > > > <[email protected]>wrote: > > > > > Thanks, I'm glad I can help. > > > > > On Thu, Aug 26, 2010 at 9:47 PM, Duane Blanchard > > > > <[email protected]>wrote: > > > > >> Yes, thank you very much, Dianne, for this explanation. You've made > > > >> several great posts, and I just wanted to reinforce that we do all > > > >> appreciate your sharing a little insider knowledge with us. I don't > > > >> think you're sharing anything that is truly proprietary, but it all > > > >> seems hard to come by without your help. So, thanks. > > > > >> D > > > > >> -- > > > >> You received this message because you are subscribed to the Google > > > >> Groups > > > >> "Android Security Discussions" group. > > > >> To post to this group, send email to > > > >> [email protected]. > > > >> To unsubscribe from this group, send email to > > > >> [email protected]<android-security-disc > > > >> uss%[email protected]> > > > >> . > > > >> For more options, visit this group at > > > >>http://groups.google.com/group/android-security-discuss?hl=en. > > > > > -- > > > > Dianne Hackborn > > > > Android framework engineer > > > > [email protected] > > > > > Note: please don't send private questions to me, as I don't have time to > > > > provide private support, and so won't reply to such e-mails. All such > > > > questions should be posted on public forums, where I and others can see > > > > and > > > > answer them. > > > > -- > > > Dianne Hackborn > > > Android framework engineer > > > [email protected] > > > > Note: please don't send private questions to me, as I don't have time to > > > provide private support, and so won't reply to such e-mails. All such > > > questions should be posted on public forums, where I and others can see > > > and > > > answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
