David Weinstein of viaForensics discovered a denial of service vulnerability in some Android devices that can be triggered by reading a file in /sys/kernel/debug: https://viaforensics.com/android-forensics/permission-android-app-reboots-galaxy-nexus.html
For example, "cat /sys/kernel/debug/ion/1" makes my Galaxy Nexus maguro running a recent AOSP master + SEAndroid reboot. Is there a good reason for the debugfs boolean in domain.te to be set to true by default? Is it used for crash reporting? Does it need to be readable by all apps? Setting it to false prevents this attack. Thanks, Mike -- Michael Peck The MITRE Corporation 410-272-5959
