18楼梦想改造家
unread,Jun 27, 2024, 6:20:30 AM (6 days ago) Jun 27Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Chromium-dev
Hi, I try to understand the security mechism in `|android|`.
I already have did 2 setup:
1. pass `|--no-sandbox|` in the chrome, to disable the sandbox.
2. I disable SELINUX by `|setenforce 0|`.
Then I attach the renderer process, use lldb to execute this expression.
``` c++
(lldb) expr (int)execve("/bin///sh", 0, 0)
(int) $0 = -1
(lldb) expr (int)execve("/bin/sh", 0, 0)
(int) $1 = -1
```
It still will be failed. But I already `|disable sandbox and SELINUX|`... I don't understand what happened... Is it possible run `|execve("/bin/sh", 0, 0)|` in android renderer process? Thanks.