PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage

Abstract: Android's filesystem access control is its foundation for system integrity. It combines mandatory (e.g., SELinux) and discretionary (e.g., Unix permissions) access control with other specialized access controls (e.g., Android permissions), aiming to protect Android/OEM services from third-party applications. However, OEMs often introduce vulnerabilities when they add market-differentiating features because they fail to correctly reconfigure this complex combination of policies. In this paper, we propose the PO… Show more